Examples with SSLPeerUnverifiedException javax.net.ssl.SSLPeerUnverifiedException used on opensource projects

Example 26 with SSLPeerUnverifiedException

use of javax.net.ssl.SSLPeerUnverifiedException in project geode by apache.

the class SocketCreator method configureServerSSLSocket.

/**
   * Will be a server socket... this one simply registers the listeners.
   */
public void configureServerSSLSocket(Socket socket) throws IOException {
    if (socket instanceof SSLSocket) {
        SSLSocket sslSocket = (SSLSocket) socket;
        try {
            sslSocket.startHandshake();
            SSLSession session = sslSocket.getSession();
            Certificate[] peer = session.getPeerCertificates();
            if (logger.isDebugEnabled()) {
                logger.debug(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_CONNECTION_FROM_PEER_0, ((X509Certificate) peer[0]).getSubjectDN()));
            }
        } catch (SSLPeerUnverifiedException ex) {
            if (this.sslConfig.isRequireAuth()) {
                logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER_0_1, new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }), ex);
                throw ex;
            }
        } catch (SSLException ex) {
            logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1, new Object[] { socket.getInetAddress(), Integer.valueOf(socket.getPort()) }), ex);
            throw ex;
        }
    }
}

Example 27 with SSLPeerUnverifiedException

use of javax.net.ssl.SSLPeerUnverifiedException in project aware-client by denzilferreira.

the class SSLManager method getRemoteCertificateExpiration.

/**
 * Based on https://www.experts-exchange.com/questions/27668989/Getting-SSL-Certificate-expiry-date.html
 * Improved to wait 5 seconds for the connection
 * @param url
 * @return
 */
public static Date getRemoteCertificateExpiration(URL url) {
    try {
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        // 5 seconds to connect
        conn.setConnectTimeout(5000);
        // 10 seconds to acknowledge the response
        conn.setReadTimeout(10000);
        long now = System.currentTimeMillis();
        while (conn.getResponseCode() != HttpsURLConnection.HTTP_OK || now - System.currentTimeMillis() <= 5000) {
        // noop - wait up to 5 seconds to retrieve the certificate
        }
        // retrieve the N-length signing chain for the server certificates
        // certs[0] is the server's certificate
        // certs[1] - certs[N-1] are the intermediate authorities that signed the cert
        // certs[N] is the root certificate authority of the chain
        Certificate[] certs = conn.getServerCertificates();
        if (certs.length > 0 && certs[0] instanceof X509Certificate) {
            // certs[0] is an X.509 certificate, return its "notAfter" date
            return ((X509Certificate) certs[0]).getNotAfter();
        }
        // connection is not HTTPS or server is not signed with an X.509 certificate, return null
        return null;
    } catch (SSLPeerUnverifiedException spue) {
        // connection to server is not verified, unable to get certificates
        Log.d(Aware.TAG, "Certificates: " + spue.getMessage());
        return null;
    } catch (IllegalStateException ise) {
        // shouldn't get here -- indicates attempt to get certificates before
        // connection is established
        Log.d(Aware.TAG, "Certificates: " + ise.getMessage());
        return null;
    } catch (IOException ioe) {
        // error connecting to URL -- this must be caught last since
        // other exceptions are subclasses of IOException
        Log.d(Aware.TAG, "Certificates: " + ioe.getMessage());
        return null;
    }
}

Example 28 with SSLPeerUnverifiedException

use of javax.net.ssl.SSLPeerUnverifiedException in project keycloak by keycloak.

the class VertxClientCertificateLookup method getCertificateChain.

@Override
public X509Certificate[] getCertificateChain(HttpRequest httpRequest) {
    Instance<RoutingContext> instances = CDI.current().select(RoutingContext.class);
    if (instances.isResolvable()) {
        RoutingContext context = instances.get();
        try {
            SSLSession sslSession = context.request().sslSession();
            if (sslSession == null) {
                return null;
            }
            X509Certificate[] certificates = (X509Certificate[]) sslSession.getPeerCertificates();
            if (logger.isTraceEnabled() && certificates != null) {
                for (X509Certificate cert : certificates) {
                    logger.tracef("Certificate's SubjectDN => \"%s\"", cert.getSubjectDN().getName());
                }
            }
            return certificates;
        } catch (SSLPeerUnverifiedException ignore) {
        // client not authenticated
        }
    }
    return null;
}

Example 29 with SSLPeerUnverifiedException

use of javax.net.ssl.SSLPeerUnverifiedException in project keystore-explorer by kaikramer.

the class RetrieveSslInfosHandshakeListener method handshakeCompleted.

@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
    SSLSession session = event.getSession();
    sslConnectionInfos.setPeerHost(session.getPeerHost());
    sslConnectionInfos.setPeerPort(session.getPeerPort());
    sslConnectionInfos.setProtocol(session.getProtocol());
    sslConnectionInfos.setCipherSuite(session.getCipherSuite());
    Certificate[] locChain = session.getLocalCertificates();
    if (locChain != null) {
        X509Certificate[] clientCertificates = Arrays.copyOf(locChain, locChain.length, X509Certificate[].class);
        sslConnectionInfos.setClientCertificates(clientCertificates);
    }
    try {
        Certificate[] chain = session.getPeerCertificates();
        if (chain != null) {
            X509Certificate[] serverCertificates = Arrays.copyOf(chain, chain.length, X509Certificate[].class);
            sslConnectionInfos.setServerCertificates(serverCertificates);
        }
    } catch (SSLPeerUnverifiedException e) {
    // do nothing
    }
}

Example 30 with SSLPeerUnverifiedException

use of javax.net.ssl.SSLPeerUnverifiedException in project ratpack by ratpack.

the class NettyHandlerAdapter method userEventTriggered.

@Override
public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {
    if (evt instanceof IdleStateEvent) {
        ConnectionClosureReason.setIdle(ctx.channel());
        ctx.close();
    }
    if (evt instanceof SslHandshakeCompletionEvent && ((SslHandshakeCompletionEvent) evt).isSuccess()) {
        SSLEngine engine = ctx.pipeline().get(SslHandler.class).engine();
        if (engine.getWantClientAuth() || engine.getNeedClientAuth()) {
            try {
                X509Certificate clientCert = engine.getSession().getPeerCertificateChain()[0];
                ctx.channel().attr(CLIENT_CERT_KEY).set(clientCert);
            } catch (SSLPeerUnverifiedException ignore) {
            // ignore - there is no way to avoid this exception that I can determine
            }
        }
    }
    super.userEventTriggered(ctx, evt);
}