Example 96 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project grpc-java by grpc.
the class Http2OkHttpTest method wrongHostNameFailHostnameVerification.
@Test
public void wrongHostNameFailHostnameVerification() throws Exception {
int port = ((InetSocketAddress) getListenAddress()).getPort();
ManagedChannel channel = createChannelBuilderPreCredentialsApi().overrideAuthority(GrpcUtil.authorityFromHostAndPort(BAD_HOSTNAME, port)).build();
TestServiceGrpc.TestServiceBlockingStub blockingStub = TestServiceGrpc.newBlockingStub(channel);
Throwable actualThrown = null;
try {
blockingStub.emptyCall(Empty.getDefaultInstance());
} catch (Throwable t) {
actualThrown = t;
}
assertNotNull("The rpc should have been failed due to hostname verification", actualThrown);
Throwable cause = Throwables.getRootCause(actualThrown);
assertTrue("Failed by unexpected exception: " + cause, cause instanceof SSLPeerUnverifiedException);
channel.shutdown();
}
Also used :
InetSocketAddress(java.net.InetSocketAddress)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
ManagedChannel(io.grpc.ManagedChannel)
Test(org.junit.Test)
Example 97 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project grpc-java by grpc.
the class AbstractInteropTest method assertX500SubjectDn.
/**
* Helper for asserting TLS info in SSLSession {@link io.grpc.ServerCall#getAttributes()}
*/
protected void assertX500SubjectDn(String tlsInfo) {
TestServiceGrpc.TestServiceBlockingStub stub = blockingStub.withDeadlineAfter(5, TimeUnit.SECONDS);
stub.unaryCall(SimpleRequest.getDefaultInstance());
List<Certificate> certificates;
SSLSession sslSession = serverCallCapture.get().getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION);
try {
certificates = Arrays.asList(sslSession.getPeerCertificates());
} catch (SSLPeerUnverifiedException e) {
// Should never happen
throw new AssertionError(e);
}
X509Certificate x509cert = (X509Certificate) certificates.get(0);
assertEquals(1, certificates.size());
assertEquals(tlsInfo, x509cert.getSubjectDN().toString());
}
Also used :
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 98 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project scheduling by ow2-proactive.
the class AbstractCommand method execute.
protected HttpResponseWrapper execute(HttpUriRequest request, ApplicationContext currentContext) {
String sessionId = currentContext.getSessionId();
if (sessionId != null) {
request.setHeader("sessionid", sessionId);
}
CommonHttpClientBuilder httpClientBuilder = new HttpClientBuilder().useSystemProperties();
try {
if ("https".equals(request.getURI().getScheme()) && currentContext.canInsecureAccess()) {
httpClientBuilder.insecure(true);
}
HttpResponse response = httpClientBuilder.build().execute(request);
return new HttpResponseWrapper(response);
} catch (SSLPeerUnverifiedException sslException) {
throw new CLIException(CLIException.REASON_OTHER, "SSL error. Perhaps HTTPS certificate could not be validated, " + "you can try with -k or insecure() for insecure SSL connection.", sslException);
} catch (Exception e) {
throw new CLIException(CLIException.REASON_OTHER, e.getMessage(), e);
} finally {
((HttpRequestBase) request).releaseConnection();
}
}
Also used :
HttpResponseWrapper(org.ow2.proactive_grid_cloud_portal.cli.utils.HttpResponseWrapper)
HttpRequestBase(org.apache.http.client.methods.HttpRequestBase)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
HttpResponse(org.apache.http.HttpResponse)
CLIException(org.ow2.proactive_grid_cloud_portal.cli.CLIException)
Throwables.getStackTraceAsString(com.google.common.base.Throwables.getStackTraceAsString)
CommonHttpClientBuilder(org.ow2.proactive.http.CommonHttpClientBuilder)
HttpClientBuilder(org.ow2.proactive.http.HttpClientBuilder)
IOException(java.io.IOException)
CLIException(org.ow2.proactive_grid_cloud_portal.cli.CLIException)
NotConnectedRestException(org.ow2.proactive_grid_cloud_portal.scheduler.exception.NotConnectedRestException)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
CommonHttpClientBuilder(org.ow2.proactive.http.CommonHttpClientBuilder)
Example 99 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project undertow by undertow-io.
the class SslClientCertAttribute method readAttribute.
@Override
public String readAttribute(HttpServerExchange exchange) {
SSLSessionInfo ssl = exchange.getConnection().getSslSessionInfo();
if (ssl == null) {
return null;
}
Certificate[] certificates;
try {
certificates = ssl.getPeerCertificates();
if (certificates.length > 0) {
return Certificates.toPem(certificates[0]);
}
return null;
} catch (SSLPeerUnverifiedException | CertificateEncodingException | RenegotiationRequiredException e) {
return null;
}
}
Also used :
SSLSessionInfo(io.undertow.server.SSLSessionInfo)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
Certificate(java.security.cert.Certificate)
RenegotiationRequiredException(io.undertow.server.RenegotiationRequiredException)
Example 100 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project undertow by undertow-io.
the class ClientCertAuthenticationMechanism method authenticate.
public AuthenticationMechanismOutcome authenticate(final HttpServerExchange exchange, final SecurityContext securityContext) {
SSLSessionInfo sslSession = exchange.getConnection().getSslSessionInfo();
if (sslSession != null) {
try {
Certificate[] clientCerts = getPeerCertificates(exchange, sslSession, securityContext);
if (clientCerts[0] instanceof X509Certificate) {
Credential credential = new X509CertificateCredential((X509Certificate) clientCerts[0]);
IdentityManager idm = getIdentityManager(securityContext);
Account account = idm.verify(credential);
if (account != null) {
securityContext.authenticationComplete(account, name, false);
return AuthenticationMechanismOutcome.AUTHENTICATED;
}
}
} catch (SSLPeerUnverifiedException e) {
// No action - this mechanism can not attempt authentication without peer certificates so allow it to drop out
// to NOT_ATTEMPTED.
}
}
return AuthenticationMechanismOutcome.NOT_ATTEMPTED;
}
Also used :
Account(io.undertow.security.idm.Account)
Credential(io.undertow.security.idm.Credential)
X509CertificateCredential(io.undertow.security.idm.X509CertificateCredential)
IdentityManager(io.undertow.security.idm.IdentityManager)
SSLSessionInfo(io.undertow.server.SSLSessionInfo)
X509CertificateCredential(io.undertow.security.idm.X509CertificateCredential)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
X509Certificate(java.security.cert.X509Certificate)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)112
X509Certificate (java.security.cert.X509Certificate)40
Certificate (java.security.cert.Certificate)39
SSLSession (javax.net.ssl.SSLSession)27
SSLSocket (javax.net.ssl.SSLSocket)23
IOException (java.io.IOException)21
SSLException (javax.net.ssl.SSLException)15
CertificateException (java.security.cert.CertificateException)14
X509Certificate (javax.security.cert.X509Certificate)12
Principal (java.security.Principal)11
Test (org.junit.jupiter.api.Test)11
SSLHandshakeException (javax.net.ssl.SSLHandshakeException)10
InetSocketAddress (java.net.InetSocketAddress)8
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)8
Test (org.junit.Test)8
UnknownHostException (java.net.UnknownHostException)7
CertificateEncodingException (java.security.cert.CertificateEncodingException)6
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)6
SSLProtocolException (javax.net.ssl.SSLProtocolException)6
MockResponse (mockwebserver3.MockResponse)6
