Example 46 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project undertow by undertow-io.
the class SslClientCertAttribute method readAttribute.
@Override
public String readAttribute(HttpServerExchange exchange) {
SSLSessionInfo ssl = exchange.getConnection().getSslSessionInfo();
if (ssl == null) {
return null;
}
X509Certificate[] certificates;
try {
certificates = ssl.getPeerCertificateChain();
if (certificates.length > 0) {
return Certificates.toPem(certificates[0]);
}
return null;
} catch (SSLPeerUnverifiedException e) {
return null;
} catch (CertificateEncodingException e) {
return null;
} catch (RenegotiationRequiredException e) {
return null;
}
}
Also used :
SSLSessionInfo(io.undertow.server.SSLSessionInfo)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
CertificateEncodingException(javax.security.cert.CertificateEncodingException)
X509Certificate(javax.security.cert.X509Certificate)
RenegotiationRequiredException(io.undertow.server.RenegotiationRequiredException)
Example 47 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project undertow by undertow-io.
the class ClientCertAuthenticationMechanism method authenticate.
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
if (sslSession != null) {
try {
Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
if (clientCerts[0] instanceof X509Certificate) {
Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);
IdentityManager idm = getIdentityManager(securityContext);
Account account = idm.verify(credential);
if (account != null) {
securityContext.authenticationComplete(account, name, false);
return AuthenticationMechanismOutcome.AUTHENTICATED;
}
}
} catch (SSLPeerUnverifiedException e) {
// No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
// to NOT_ATTEMPTED.
}
}
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
Also used :
Account(io.undertow.security.idm.Account)
Credential(io.undertow.security.idm.Credential)
X509CertificateCredential(io.undertow.security.idm.X509CertificateCredential)
IdentityManager(io.undertow.security.idm.IdentityManager)
SSLSessionInfo(io.undertow.server.SSLSessionInfo)
X509CertificateCredential(io.undertow.security.idm.X509CertificateCredential)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 48 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project XobotOS by xamarin.
the class OpenSSLSessionImpl method createPeerCertificateChain.
/**
* Provide a value to initialize the volatile peerCertificateChain
* field based on the native SSL_SESSION
*/
private javax.security.cert.X509Certificate[] createPeerCertificateChain() throws SSLPeerUnverifiedException {
try {
javax.security.cert.X509Certificate[] chain = new javax.security.cert.X509Certificate[peerCertificates.length];
for (int i = 0; i < peerCertificates.length; i++) {
byte[] encoded = peerCertificates[i].getEncoded();
chain[i] = javax.security.cert.X509Certificate.getInstance(encoded);
}
return chain;
} catch (CertificateEncodingException e) {
SSLPeerUnverifiedException exception = new SSLPeerUnverifiedException(e.getMessage());
exception.initCause(exception);
throw exception;
} catch (CertificateException e) {
SSLPeerUnverifiedException exception = new SSLPeerUnverifiedException(e.getMessage());
exception.initCause(exception);
throw exception;
}
}
Also used :
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertificateException(javax.security.cert.CertificateException)
X509Certificate(java.security.cert.X509Certificate)
Example 49 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project Asqatasun by Asqatasun.
the class DownloaderImpl method download.
private String download(String url) {
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpget = new HttpGet(url);
httpclient.getParams().setParameter("http.socket.timeout", Integer.valueOf(10000));
httpclient.getParams().setParameter("http.connection.timeout", Integer.valueOf(10000));
// Create a response handler
ResponseHandler<String> responseHandler = new BasicResponseHandler();
String responseBody;
try {
responseBody = httpclient.execute(httpget, responseHandler);
} catch (HttpResponseException ex) {
LOGGER.warn(ex.getMessage() + " " + url);
return "";
} catch (UnknownHostException ex) {
LOGGER.warn(ex.getMessage() + " " + url);
return "";
} catch (SSLPeerUnverifiedException ex) {
LOGGER.warn(ex.getMessage() + " " + url);
return "";
} catch (IOException ex) {
LOGGER.warn(ex.getMessage() + " " + url);
return "";
}
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
return responseBody;
}
Also used :
UnknownHostException(java.net.UnknownHostException)
DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient)
HttpClient(org.apache.http.client.HttpClient)
HttpGet(org.apache.http.client.methods.HttpGet)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
BasicResponseHandler(org.apache.http.impl.client.BasicResponseHandler)
HttpResponseException(org.apache.http.client.HttpResponseException)
IOException(java.io.IOException)
DefaultHttpClient(org.apache.http.impl.client.DefaultHttpClient)
Example 50 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project jdk8u_jdk by JetBrains.
the class StartTlsResponseImpl method verify.
/*
* Verifies that the hostname in the server's certificate matches the
* hostname of the server.
* The server's first certificate is examined. If it has a subjectAltName
* that contains a dNSName then that is used as the server's hostname.
* The server's hostname may contain a wildcard for its left-most name part.
* Otherwise, if the certificate has no subjectAltName then the value of
* the common name attribute of the subject name is used.
*
* @param hostname The hostname of the server.
* @param session the SSLSession used on the connection to host.
* @return true if the hostname is verified, false otherwise.
*/
private boolean verify(String hostname, SSLSession session) throws SSLPeerUnverifiedException {
java.security.cert.Certificate[] certs = null;
// if IPv6 strip off the "[]"
if (hostname != null && hostname.startsWith("[") && hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
try {
HostnameChecker checker = HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP);
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
Principal principal = getPeerPrincipal(session);
if (!HostnameChecker.match(hostname, principal)) {
throw new SSLPeerUnverifiedException("hostname of the kerberos principal:" + principal + " does not match the hostname:" + hostname);
}
} else {
// X.509
// get the subject's certificate
certs = session.getPeerCertificates();
X509Certificate peerCert;
if (certs[0] instanceof java.security.cert.X509Certificate) {
peerCert = (java.security.cert.X509Certificate) certs[0];
} else {
throw new SSLPeerUnverifiedException("Received a non X509Certificate from the server");
}
checker.match(hostname, peerCert);
}
// no exception means verification passed
return true;
} catch (SSLPeerUnverifiedException e) {
/*
* The application may enable an anonymous SSL cipher suite, and
* hostname verification is not done for anonymous ciphers
*/
String cipher = session.getCipherSuite();
if (cipher != null && (cipher.indexOf("_anon_") != -1)) {
return true;
}
throw e;
} catch (CertificateException e) {
/*
* Pass up the cause of the failure
*/
throw (SSLPeerUnverifiedException) new SSLPeerUnverifiedException("hostname of the server '" + hostname + "' does not match the hostname in the " + "server's certificate.").initCause(e);
}
}
Also used :
HostnameChecker(sun.security.util.HostnameChecker)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
CertificateException(java.security.cert.CertificateException)
Principal(java.security.Principal)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)54
X509Certificate (java.security.cert.X509Certificate)17
Certificate (java.security.cert.Certificate)16
SSLSocket (javax.net.ssl.SSLSocket)14
SSLSession (javax.net.ssl.SSLSession)12
SSLException (javax.net.ssl.SSLException)10
Test (org.junit.Test)10
IOException (java.io.IOException)7
Principal (java.security.Principal)6
X509Certificate (javax.security.cert.X509Certificate)6
CertificateException (java.security.cert.CertificateException)5
SSLHandshakeException (javax.net.ssl.SSLHandshakeException)4
ByteArrayInputStream (java.io.ByteArrayInputStream)3
URL (java.net.URL)3
Request (okhttp3.Request)3
PooledByteBuffer (io.undertow.connector.PooledByteBuffer)2
SSLSessionInfo (io.undertow.server.SSLSessionInfo)2
SocketTimeoutException (java.net.SocketTimeoutException)2
UnknownHostException (java.net.UnknownHostException)2
ByteBuffer (java.nio.ByteBuffer)2
