Example 86 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project Bytecoder by mirkosertic.
the class SecureKey method getPeerCertificateChain.
/**
* Return the cert chain presented by the peer in the
* javax.security.cert format.
* Note: This method can be used only when using certificate-based
* cipher suites; using it with non-certificate-based cipher suites,
* such as Kerberos, will throw an SSLPeerUnverifiedException.
*
* @return array of peer X.509 certs, with the peer's own cert
* first in the chain, and with the "root" CA last.
*
* @deprecated This method returns the deprecated
* {@code javax.security.cert.X509Certificate} type.
* Use {@code getPeerCertificates()} instead.
*/
@Override
@Deprecated
public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
//
if (ClientKeyExchangeService.find(cipherSuite.keyExchange.name) != null) {
throw new SSLPeerUnverifiedException("no certificates expected" + " for " + cipherSuite.keyExchange + " cipher suites");
}
if (peerCerts == null) {
throw new SSLPeerUnverifiedException("peer not authenticated");
}
javax.security.cert.X509Certificate[] certs;
certs = new javax.security.cert.X509Certificate[peerCerts.length];
for (int i = 0; i < peerCerts.length; i++) {
byte[] der = null;
try {
der = peerCerts[i].getEncoded();
certs[i] = javax.security.cert.X509Certificate.getInstance(der);
} catch (CertificateEncodingException e) {
throw new SSLPeerUnverifiedException(e.getMessage());
} catch (javax.security.cert.CertificateException e) {
throw new SSLPeerUnverifiedException(e.getMessage());
}
}
return certs;
}
Also used :
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
Example 87 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project android_packages_apps_Dialer by LineageOS.
the class MailTransport method verifyHostname.
/**
* Lightweight version of SSLCertificateSocketFactory.verifyHostname, which provides this service
* but is not in the public API.
*
* <p>Verify the hostname of the certificate used by the other end of a connected socket. It is
* harmless to call this method redundantly if the hostname has already been verified.
*
* <p>Wildcard certificates are allowed to verify any matching hostname, so "foo.bar.example.com"
* is verified if the peer has a certificate for "*.example.com".
*
* @param socket An SSL socket which has been connected to a server
* @param hostname The expected hostname of the remote server
* @throws IOException if something goes wrong handshaking with the server
* @throws SSLPeerUnverifiedException if the server cannot prove its identity
*/
private void verifyHostname(Socket socket, String hostname) throws IOException {
// The code at the start of OpenSSLSocketImpl.startHandshake()
// ensures that the call is idempotent, so we can safely call it.
SSLSocket ssl = (SSLSocket) socket;
ssl.startHandshake();
SSLSession session = ssl.getSession();
if (session == null) {
mImapHelper.handleEvent(OmtpEvents.DATA_CANNOT_ESTABLISH_SSL_SESSION);
throw new SSLException("Cannot verify SSL socket without session");
}
// CN & alts is beyond the scope of this patch.
if (!HOSTNAME_VERIFIER.verify(hostname, session)) {
mImapHelper.handleEvent(OmtpEvents.DATA_SSL_INVALID_HOST_NAME);
throw new SSLPeerUnverifiedException("Certificate hostname not useable for server: " + session.getPeerPrincipal());
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
SSLException(javax.net.ssl.SSLException)
Example 88 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project XPrivacy by M66B.
the class Util method bug.
public static void bug(XHook hook, Throwable ex) {
if (ex instanceof InvocationTargetException) {
InvocationTargetException exex = (InvocationTargetException) ex;
if (exex.getTargetException() != null)
ex = exex.getTargetException();
}
int priority;
if (ex instanceof ActivityShare.AbortException)
priority = Log.WARN;
else if (ex instanceof ActivityShare.ServerException)
priority = Log.WARN;
else if (ex instanceof ConnectTimeoutException)
priority = Log.WARN;
else if (ex instanceof FileNotFoundException)
priority = Log.WARN;
else if (ex instanceof HttpHostConnectException)
priority = Log.WARN;
else if (ex instanceof NameNotFoundException)
priority = Log.WARN;
else if (ex instanceof NoClassDefFoundError)
priority = Log.WARN;
else if (ex instanceof OutOfMemoryError)
priority = Log.WARN;
else if (ex instanceof RuntimeException)
priority = Log.WARN;
else if (ex instanceof SecurityException)
priority = Log.WARN;
else if (ex instanceof SocketTimeoutException)
priority = Log.WARN;
else if (ex instanceof SSLPeerUnverifiedException)
priority = Log.WARN;
else if (ex instanceof StackOverflowError)
priority = Log.WARN;
else if (ex instanceof TransactionTooLargeException)
priority = Log.WARN;
else if (ex instanceof UnknownHostException)
priority = Log.WARN;
else if (ex instanceof UnsatisfiedLinkError)
priority = Log.WARN;
else
priority = Log.ERROR;
boolean xprivacy = false;
for (StackTraceElement frame : ex.getStackTrace()) if (frame.getClassName() != null && frame.getClassName().startsWith("biz.bokhorst.xprivacy")) {
xprivacy = true;
break;
}
if (!xprivacy)
priority = Log.WARN;
log(hook, priority, ex.toString() + " uid=" + Process.myUid() + "\n" + Log.getStackTraceString(ex));
}
Also used :
UnknownHostException(java.net.UnknownHostException)
NameNotFoundException(android.content.pm.PackageManager.NameNotFoundException)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
FileNotFoundException(java.io.FileNotFoundException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
SuppressLint(android.annotation.SuppressLint)
RuntimeException(java.lang.RuntimeException)
SocketTimeoutException(java.net.SocketTimeoutException)
HttpHostConnectException(org.apache.http.conn.HttpHostConnectException)
TransactionTooLargeException(android.os.TransactionTooLargeException)
StackOverflowError(java.lang.StackOverflowError)
ConnectTimeoutException(org.apache.http.conn.ConnectTimeoutException)
Example 89 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project Conversations by siacs.
the class XmppConnection method upgradeSocketToTls.
private SSLSocket upgradeSocketToTls(final Socket socket) throws IOException {
final SSLSocketFactory sslSocketFactory;
try {
sslSocketFactory = getSSLSocketFactory();
} catch (final NoSuchAlgorithmException | KeyManagementException e) {
throw new StateChangingException(Account.State.TLS_ERROR);
}
final InetAddress address = socket.getInetAddress();
final SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(socket, address.getHostAddress(), socket.getPort(), true);
SSLSocketHelper.setSecurity(sslSocket);
SSLSocketHelper.setHostname(sslSocket, IDN.toASCII(account.getServer()));
SSLSocketHelper.setApplicationProtocol(sslSocket, "xmpp-client");
final XmppDomainVerifier xmppDomainVerifier = new XmppDomainVerifier();
try {
if (!xmppDomainVerifier.verify(account.getServer(), this.verifiedHostname, sslSocket.getSession())) {
Log.d(Config.LOGTAG, account.getJid().asBareJid() + ": TLS certificate domain verification failed");
FileBackend.close(sslSocket);
throw new StateChangingException(Account.State.TLS_ERROR_DOMAIN);
}
} catch (final SSLPeerUnverifiedException e) {
FileBackend.close(sslSocket);
throw new StateChangingException(Account.State.TLS_ERROR);
}
return sslSocket;
}
Also used :
XmppDomainVerifier(eu.siacs.conversations.crypto.XmppDomainVerifier)
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
InetAddress(java.net.InetAddress)
KeyManagementException(java.security.KeyManagementException)
Example 90 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project j2objc by google.
the class SSLPeerUnverifiedExceptionTest method test_Constructor01.
/**
* Test for <code>SSLPeerUnverifiedException(String)</code> constructor Assertion:
* constructs SSLPeerUnverifiedException with detail message msg. Parameter
* <code>msg</code> is not null.
*/
public void test_Constructor01() {
SSLPeerUnverifiedException sslE;
for (int i = 0; i < msgs.length; i++) {
sslE = new SSLPeerUnverifiedException(msgs[i]);
assertEquals("getMessage() must return: ".concat(msgs[i]), sslE.getMessage(), msgs[i]);
assertNull("getCause() must return null", sslE.getCause());
}
}
Also used :
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
Aggregations
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)112
X509Certificate (java.security.cert.X509Certificate)40
Certificate (java.security.cert.Certificate)39
SSLSession (javax.net.ssl.SSLSession)27
SSLSocket (javax.net.ssl.SSLSocket)23
IOException (java.io.IOException)21
SSLException (javax.net.ssl.SSLException)15
CertificateException (java.security.cert.CertificateException)14
X509Certificate (javax.security.cert.X509Certificate)12
Principal (java.security.Principal)11
Test (org.junit.jupiter.api.Test)11
SSLHandshakeException (javax.net.ssl.SSLHandshakeException)10
InetSocketAddress (java.net.InetSocketAddress)8
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)8
Test (org.junit.Test)8
UnknownHostException (java.net.UnknownHostException)7
CertificateEncodingException (java.security.cert.CertificateEncodingException)6
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)6
SSLProtocolException (javax.net.ssl.SSLProtocolException)6
MockResponse (mockwebserver3.MockResponse)6
