Examples with SSLPeerUnverifiedException javax.net.ssl.SSLPeerUnverifiedException used on opensource projects

Example 56 with SSLPeerUnverifiedException

use of javax.net.ssl.SSLPeerUnverifiedException in project android_frameworks_base by ResurrectionRemix.

the class SSLCertificateSocketFactory method verifyHostname.

/**
     * Verify the hostname of the certificate used by the other end of a
     * connected socket.  You MUST call this if you did not supply a hostname
     * to {@link #createSocket()}.  It is harmless to call this method
     * redundantly if the hostname has already been verified.
     *
     * <p>Wildcard certificates are allowed to verify any matching hostname,
     * so "foo.bar.example.com" is verified if the peer has a certificate
     * for "*.example.com".
     *
     * @param socket An SSL socket which has been connected to a server
     * @param hostname The expected hostname of the remote server
     * @throws IOException if something goes wrong handshaking with the server
     * @throws SSLPeerUnverifiedException if the server cannot prove its identity
     *
     * @hide
     */
public static void verifyHostname(Socket socket, String hostname) throws IOException {
    if (!(socket instanceof SSLSocket)) {
        throw new IllegalArgumentException("Attempt to verify non-SSL socket");
    }
    if (!isSslCheckRelaxed()) {
        // The code at the start of OpenSSLSocketImpl.startHandshake()
        // ensures that the call is idempotent, so we can safely call it.
        SSLSocket ssl = (SSLSocket) socket;
        ssl.startHandshake();
        SSLSession session = ssl.getSession();
        if (session == null) {
            throw new SSLException("Cannot verify SSL socket without session");
        }
        if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
            throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
        }
    }
}

Example 57 with SSLPeerUnverifiedException

use of javax.net.ssl.SSLPeerUnverifiedException in project android_frameworks_base by crdroidandroid.

the class SSLCertificateSocketFactory method verifyHostname.

/**
     * Verify the hostname of the certificate used by the other end of a
     * connected socket.  You MUST call this if you did not supply a hostname
     * to {@link #createSocket()}.  It is harmless to call this method
     * redundantly if the hostname has already been verified.
     *
     * <p>Wildcard certificates are allowed to verify any matching hostname,
     * so "foo.bar.example.com" is verified if the peer has a certificate
     * for "*.example.com".
     *
     * @param socket An SSL socket which has been connected to a server
     * @param hostname The expected hostname of the remote server
     * @throws IOException if something goes wrong handshaking with the server
     * @throws SSLPeerUnverifiedException if the server cannot prove its identity
     *
     * @hide
     */
public static void verifyHostname(Socket socket, String hostname) throws IOException {
    if (!(socket instanceof SSLSocket)) {
        throw new IllegalArgumentException("Attempt to verify non-SSL socket");
    }
    if (!isSslCheckRelaxed()) {
        // The code at the start of OpenSSLSocketImpl.startHandshake()
        // ensures that the call is idempotent, so we can safely call it.
        SSLSocket ssl = (SSLSocket) socket;
        ssl.startHandshake();
        SSLSession session = ssl.getSession();
        if (session == null) {
            throw new SSLException("Cannot verify SSL socket without session");
        }
        if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
            throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
        }
    }
}

Example 58 with SSLPeerUnverifiedException

use of javax.net.ssl.SSLPeerUnverifiedException in project aware-client by denzilferreira.

the class SSLManager method retrieveRemoteCertificate.

/**
 * Downloads the certificate directly from the URL, instead of a public folder.
 * @param url
 * @return
 */
public static X509Certificate retrieveRemoteCertificate(URL url) {
    try {
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        // 5 seconds to connect
        conn.setConnectTimeout(5000);
        // 10 seconds to acknowledge the response
        conn.setReadTimeout(10000);
        long now = System.currentTimeMillis();
        while (conn.getResponseCode() != HttpsURLConnection.HTTP_OK || now - System.currentTimeMillis() <= 5000) {
        // noop - wait up to 5 seconds to retrieve the certificate
        }
        // retrieve the N-length signing chain for the server certificates
        // certs[0] is the server's certificate
        // certs[1] - certs[N-1] are the intermediate authorities that signed the cert
        // certs[N] is the root certificate authority of the chain
        Certificate[] certs = conn.getServerCertificates();
        if (certs.length > 0 && certs[0] instanceof X509Certificate) {
            // certs[0] is an X.509 certificate, return its "notAfter" date
            return ((X509Certificate) certs[0]);
        }
        // connection is not HTTPS or server is not signed with an X.509 certificate, return null
        return null;
    } catch (SSLPeerUnverifiedException spue) {
        // connection to server is not verified, unable to get certificates
        Log.d(Aware.TAG, "Certificates: " + spue.getMessage());
        return null;
    } catch (IllegalStateException ise) {
        // shouldn't get here -- indicates attempt to get certificates before
        // connection is established
        Log.d(Aware.TAG, "Certificates: " + ise.getMessage());
        return null;
    } catch (IOException ioe) {
        // error connecting to URL -- this must be caught last since
        // other exceptions are subclasses of IOException
        Log.d(Aware.TAG, "Certificates: " + ioe.getMessage());
        return null;
    }
}

Example 59 with SSLPeerUnverifiedException

use of javax.net.ssl.SSLPeerUnverifiedException in project scheduling by ow2-proactive.

the class AbstractCommand method execute.

protected HttpResponseWrapper execute(HttpUriRequest request, ApplicationContext currentContext) {
    String sessionId = currentContext.getSessionId();
    if (sessionId != null) {
        request.setHeader("sessionid", sessionId);
    }
    CommonHttpClientBuilder httpClientBuilder = new HttpClientBuilder().useSystemProperties();
    try {
        if ("https".equals(request.getURI().getScheme()) && currentContext.canInsecureAccess()) {
            httpClientBuilder.insecure(true);
        }
        HttpResponse response = httpClientBuilder.build().execute(request);
        return new HttpResponseWrapper(response);
    } catch (SSLPeerUnverifiedException sslException) {
        throw new CLIException(CLIException.REASON_OTHER, "SSL error. Perhaps HTTPS certificate could not be validated, " + "you can try with -k or insecure() for insecure SSL connection.", sslException);
    } catch (Exception e) {
        throw new CLIException(CLIException.REASON_OTHER, e.getMessage(), e);
    } finally {
        ((HttpRequestBase) request).releaseConnection();
    }
}