Example 21 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project nifi by apache.
the class WebUtils method createClientHelper.
/**
* A helper method for creating clients. The client will be created using
* the given configuration and security context. Additionally, the client
* will be automatically configured for JSON serialization/deserialization.
*
* @param config client configuration
* @param ctx security context, which may be null for non-secure client
* creation
* @return a Client instance
*/
private static Client createClientHelper(final ClientConfig config, final SSLContext ctx) {
ClientBuilder clientBuilder = ClientBuilder.newBuilder();
if (config != null) {
clientBuilder = clientBuilder.withConfig(config);
}
if (ctx != null) {
// custom hostname verifier that checks subject alternative names against the hostname of the URI
final HostnameVerifier hostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(final String hostname, final SSLSession ssls) {
try {
for (final Certificate peerCertificate : ssls.getPeerCertificates()) {
if (peerCertificate instanceof X509Certificate) {
final X509Certificate x509Cert = (X509Certificate) peerCertificate;
final List<String> subjectAltNames = CertificateUtils.getSubjectAlternativeNames(x509Cert);
if (subjectAltNames.contains(hostname.toLowerCase())) {
return true;
}
}
}
} catch (final SSLPeerUnverifiedException | CertificateParsingException ex) {
logger.warn("Hostname Verification encountered exception verifying hostname due to: " + ex, ex);
}
return false;
}
};
clientBuilder = clientBuilder.sslContext(ctx).hostnameVerifier(hostnameVerifier);
}
clientBuilder = clientBuilder.register(ObjectMapperResolver.class).register(JacksonJaxbJsonProvider.class);
return clientBuilder.build();
}
Also used :
CertificateParsingException(java.security.cert.CertificateParsingException)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
JacksonJaxbJsonProvider(org.glassfish.jersey.jackson.internal.jackson.jaxrs.json.JacksonJaxbJsonProvider)
X509Certificate(java.security.cert.X509Certificate)
ClientBuilder(javax.ws.rs.client.ClientBuilder)
HostnameVerifier(javax.net.ssl.HostnameVerifier)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 22 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project jdk8u_jdk by JetBrains.
the class SecureKey method getPeerCertificateChain.
/**
* Return the cert chain presented by the peer in the
* javax.security.cert format.
* Note: This method can be used only when using certificate-based
* cipher suites; using it with non-certificate-based cipher suites,
* such as Kerberos, will throw an SSLPeerUnverifiedException.
*
* @return array of peer X.509 certs, with the peer's own cert
* first in the chain, and with the "root" CA last.
*/
@Override
public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {
//
if ((cipherSuite.keyExchange == K_KRB5) || (cipherSuite.keyExchange == K_KRB5_EXPORT)) {
throw new SSLPeerUnverifiedException("no certificates expected" + " for Kerberos cipher suites");
}
if (peerCerts == null) {
throw new SSLPeerUnverifiedException("peer not authenticated");
}
javax.security.cert.X509Certificate[] certs;
certs = new javax.security.cert.X509Certificate[peerCerts.length];
for (int i = 0; i < peerCerts.length; i++) {
byte[] der = null;
try {
der = peerCerts[i].getEncoded();
certs[i] = javax.security.cert.X509Certificate.getInstance(der);
} catch (CertificateEncodingException e) {
throw new SSLPeerUnverifiedException(e.getMessage());
} catch (javax.security.cert.CertificateException e) {
throw new SSLPeerUnverifiedException(e.getMessage());
}
}
return certs;
}
Also used :
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
Example 23 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project Gargoyle by callakrsos.
the class GoogleTrend method print_https_cert.
private void print_https_cert(HttpsURLConnection con) {
if (con != null) {
try {
System.out.println("Response Code : " + con.getResponseCode());
System.out.println("Cipher Suite : " + con.getCipherSuite());
System.out.println("\n");
Certificate[] certs = con.getServerCertificates();
for (Certificate cert : certs) {
System.out.println("Cert Type : " + cert.getType());
System.out.println("Cert Hash Code : " + cert.hashCode());
System.out.println("Cert Public Key Algorithm : " + cert.getPublicKey().getAlgorithm());
System.out.println("Cert Public Key Format : " + cert.getPublicKey().getFormat());
System.out.println("\n");
}
} catch (SSLPeerUnverifiedException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
Also used :
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 24 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project android_frameworks_base by AOSPA.
the class SSLCertificateSocketFactory method verifyHostname.
/**
* Verify the hostname of the certificate used by the other end of a
* connected socket. You MUST call this if you did not supply a hostname
* to {@link #createSocket()}. It is harmless to call this method
* redundantly if the hostname has already been verified.
*
* <p>Wildcard certificates are allowed to verify any matching hostname,
* so "foo.bar.example.com" is verified if the peer has a certificate
* for "*.example.com".
*
* @param socket An SSL socket which has been connected to a server
* @param hostname The expected hostname of the remote server
* @throws IOException if something goes wrong handshaking with the server
* @throws SSLPeerUnverifiedException if the server cannot prove its identity
*
* @hide
*/
public static void verifyHostname(Socket socket, String hostname) throws IOException {
if (!(socket instanceof SSLSocket)) {
throw new IllegalArgumentException("Attempt to verify non-SSL socket");
}
if (!isSslCheckRelaxed()) {
// The code at the start of OpenSSLSocketImpl.startHandshake()
// ensures that the call is idempotent, so we can safely call it.
SSLSocket ssl = (SSLSocket) socket;
ssl.startHandshake();
SSLSession session = ssl.getSession();
if (session == null) {
throw new SSLException("Cannot verify SSL socket without session");
}
if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
}
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
SSLException(javax.net.ssl.SSLException)
Example 25 with SSLPeerUnverifiedException
use of javax.net.ssl.SSLPeerUnverifiedException in project android_frameworks_base by DirtyUnicorns.
the class SSLCertificateSocketFactory method verifyHostname.
/**
* Verify the hostname of the certificate used by the other end of a
* connected socket. You MUST call this if you did not supply a hostname
* to {@link #createSocket()}. It is harmless to call this method
* redundantly if the hostname has already been verified.
*
* <p>Wildcard certificates are allowed to verify any matching hostname,
* so "foo.bar.example.com" is verified if the peer has a certificate
* for "*.example.com".
*
* @param socket An SSL socket which has been connected to a server
* @param hostname The expected hostname of the remote server
* @throws IOException if something goes wrong handshaking with the server
* @throws SSLPeerUnverifiedException if the server cannot prove its identity
*
* @hide
*/
public static void verifyHostname(Socket socket, String hostname) throws IOException {
if (!(socket instanceof SSLSocket)) {
throw new IllegalArgumentException("Attempt to verify non-SSL socket");
}
if (!isSslCheckRelaxed()) {
// The code at the start of OpenSSLSocketImpl.startHandshake()
// ensures that the call is idempotent, so we can safely call it.
SSLSocket ssl = (SSLSocket) socket;
ssl.startHandshake();
SSLSession session = ssl.getSession();
if (session == null) {
throw new SSLException("Cannot verify SSL socket without session");
}
if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session)) {
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + hostname);
}
}
}
Also used :
SSLSocket(javax.net.ssl.SSLSocket)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SSLSession(javax.net.ssl.SSLSession)
SSLException(javax.net.ssl.SSLException)
Aggregations
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)109
X509Certificate (java.security.cert.X509Certificate)40
Certificate (java.security.cert.Certificate)39
SSLSession (javax.net.ssl.SSLSession)27
SSLSocket (javax.net.ssl.SSLSocket)23
IOException (java.io.IOException)18
CertificateException (java.security.cert.CertificateException)14
SSLException (javax.net.ssl.SSLException)14
X509Certificate (javax.security.cert.X509Certificate)12
Principal (java.security.Principal)11
Test (org.junit.jupiter.api.Test)11
Test (org.junit.Test)8
InetSocketAddress (java.net.InetSocketAddress)7
SSLHandshakeException (javax.net.ssl.SSLHandshakeException)7
SSLSocketFactory (javax.net.ssl.SSLSocketFactory)7
CertificateEncodingException (java.security.cert.CertificateEncodingException)6
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)6
MockResponse (mockwebserver3.MockResponse)6
Request (okhttp3.Request)6
UnknownHostException (java.net.UnknownHostException)5
