Example 6 with SSLProtocolException
use of javax.net.ssl.SSLProtocolException in project intellij-community by JetBrains.
the class SSLExceptionParserTest method testRealLifeCase.
@Test
public void testRealLifeCase() throws Exception {
final String original = "handshake alert: unrecognized_name";
final SSLProtocolException exception = new SSLProtocolException(original);
final SSLProtocolExceptionParser parser = new SSLProtocolExceptionParser(exception.getMessage());
parser.parse();
final String message = parser.getParsedMessage();
System.out.println(message);
Assert.assertNotSame(original, message);
}
Also used :
SSLProtocolException(javax.net.ssl.SSLProtocolException)
SSLProtocolExceptionParser(org.jetbrains.idea.svn.networking.SSLProtocolExceptionParser)
Test(org.junit.Test)
Example 7 with SSLProtocolException
use of javax.net.ssl.SSLProtocolException in project intellij-community by JetBrains.
the class SvnKitDebugLogger method handleSpecificSSLExceptions.
private void handleSpecificSSLExceptions(Throwable th) {
final long time = System.currentTimeMillis();
if ((time - myPreviousTime) <= ourErrorNotificationInterval) {
return;
}
if (th instanceof SSLHandshakeException) {
// not trusted certificate exception is not the problem, just part of normal behaviour
if (th.getCause() instanceof SVNSSLUtil.CertificateNotTrustedException) {
myLog.info(th);
return;
}
myPreviousTime = time;
String info = SSLExceptionsHelper.getAddInfo();
info = info == null ? "" : " (" + info + ") ";
if (th.getCause() instanceof CertificateException) {
PopupUtil.showBalloonForActiveFrame("Subversion: " + info + th.getCause().getMessage(), MessageType.ERROR);
} else {
final String postMessage = "\nPlease check Subversion SSL settings (Settings | Version Control | Subversion | Network)\n" + "Maybe you should specify SSL protocol manually - SSLv3 or TLSv1";
PopupUtil.showBalloonForActiveFrame("Subversion: " + info + th.getMessage() + postMessage, MessageType.ERROR);
}
} else if (th instanceof SSLProtocolException) {
final String message = th.getMessage();
if (!StringUtil.isEmptyOrSpaces(message)) {
myPreviousTime = time;
String info = SSLExceptionsHelper.getAddInfo();
info = info == null ? "" : " (" + info + ") ";
final SSLProtocolExceptionParser parser = new SSLProtocolExceptionParser(message);
parser.parse();
final String errMessage = "Subversion: " + info + parser.getParsedMessage();
PopupUtil.showBalloonForActiveFrame(errMessage, MessageType.ERROR);
}
}
}
Also used :
SSLProtocolException(javax.net.ssl.SSLProtocolException)
SSLProtocolExceptionParser(org.jetbrains.idea.svn.networking.SSLProtocolExceptionParser)
CertificateException(java.security.cert.CertificateException)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
Example 8 with SSLProtocolException
use of javax.net.ssl.SSLProtocolException in project robovm by robovm.
the class SSLRecordProtocol method unwrap.
/**
* Retrieves the fragment field of TLSCiphertext, and than
* depending on the established Connection State
* decrypts and decompresses it. The following structure is expected
* on the input at the moment of the call:
*
* struct {
* ContentType type;
* ProtocolVersion version;
* uint16 length;
* select (CipherSpec.cipher_type) {
* case stream: GenericStreamCipher;
* case block: GenericBlockCipher;
* } fragment;
* } TLSCiphertext;
*
* (as specified by RFC 2246, TLS v1 Protocol specification)
*
* In addition this method can recognize SSLv2 hello message which
* are often used to establish the SSL/TLS session.
*
* @throws IOException if some io errors have been occurred
* @throws EndOfSourceException if underlying input stream
* has ran out of data.
* @throws EndOfBufferException if there was not enough data
* to build complete ssl packet.
* @return the type of unwrapped message.
*/
protected int unwrap() throws IOException {
if (logger != null) {
logger.println("SSLRecordProtocol.unwrap: BEGIN [");
}
int type = in.readUint8();
if ((type < ContentType.CHANGE_CIPHER_SPEC) || (type > ContentType.APPLICATION_DATA)) {
if (logger != null) {
logger.println("Non v3.1 message type:" + type);
}
if (type >= 0x80) {
// it is probably SSL v2 client_hello message
// (see SSL v2 spec at:
// http://wp.netscape.com/eng/security/SSL_2.html)
int length = (type & 0x7f) << 8 | in.read();
byte[] fragment = in.read(length);
handshakeProtocol.unwrapSSLv2(fragment);
if (logger != null) {
logger.println("SSLRecordProtocol:unwrap ] END, SSLv2 type");
}
return ContentType.HANDSHAKE;
}
throw new AlertException(AlertProtocol.UNEXPECTED_MESSAGE, new SSLProtocolException("Unexpected message type has been received: " + type));
}
if (logger != null) {
logger.println("Got the message of type: " + type);
}
if (version != null) {
if ((in.read() != version[0]) || (in.read() != version[1])) {
throw new AlertException(AlertProtocol.UNEXPECTED_MESSAGE, new SSLProtocolException("Unexpected message type has been received: " + type));
}
} else {
// just skip the version number
in.skip(2);
}
int length = in.readUint16();
if (logger != null) {
logger.println("TLSCiphertext.fragment[" + length + "]: ...");
}
if (length > MAX_CIPHERED_DATA_LENGTH) {
throw new AlertException(AlertProtocol.RECORD_OVERFLOW, new SSLProtocolException("Received message is too big."));
}
byte[] fragment = in.read(length);
if (logger != null) {
logger.print(fragment);
}
if (activeReadState != null) {
fragment = activeReadState.decrypt((byte) type, fragment);
if (logger != null) {
logger.println("TLSPlaintext.fragment:");
logger.print(fragment);
}
}
if (fragment.length > MAX_DATA_LENGTH) {
throw new AlertException(AlertProtocol.DECOMPRESSION_FAILURE, new SSLProtocolException("Decompressed plain data is too big."));
}
switch(type) {
case ContentType.CHANGE_CIPHER_SPEC:
// notify handshake protocol:
handshakeProtocol.receiveChangeCipherSpec();
setSession(handshakeProtocol.getSession());
// change cipher spec message has been received, so:
if (logger != null) {
logger.println("activeReadState = pendingConnectionState");
}
activeReadState = pendingConnectionState;
break;
case ContentType.ALERT:
alert(fragment[0], fragment[1]);
break;
case ContentType.HANDSHAKE:
handshakeProtocol.unwrap(fragment);
break;
case ContentType.APPLICATION_DATA:
if (logger != null) {
logger.println("TLSCiphertext.unwrap: APP DATA[" + length + "]:");
logger.println(new String(fragment));
}
appData.append(fragment);
break;
default:
throw new AlertException(AlertProtocol.UNEXPECTED_MESSAGE, new SSLProtocolException("Unexpected message type has been received: " + type));
}
if (logger != null) {
logger.println("SSLRecordProtocol:unwrap ] END, type: " + type);
}
return type;
}
Also used :
SSLProtocolException(javax.net.ssl.SSLProtocolException)
Example 9 with SSLProtocolException
use of javax.net.ssl.SSLProtocolException in project robovm by robovm.
the class ConnectionStateSSLv3 method decrypt.
/**
* Retrieves the fragment of the Plaintext structure of
* the specified type from the provided data.
* @throws AlertException if alert was occured.
*/
@Override
protected byte[] decrypt(byte type, byte[] fragment, int offset, int len) {
// plain data of the Generic[Stream|Block]Cipher structure
byte[] data = decCipher.update(fragment, offset, len);
// the 'content' part of the structure
byte[] content;
if (block_size != 0) {
// check padding
int padding_length = data[data.length - 1] & 0xFF;
for (int i = 0; i < padding_length; i++) {
if ((data[data.length - 2 - i] & 0xFF) != padding_length) {
throw new AlertException(AlertProtocol.DECRYPTION_FAILED, new SSLProtocolException("Received message has bad padding"));
}
}
content = new byte[data.length - hash_size - padding_length - 1];
} else {
content = new byte[data.length - hash_size];
}
byte[] mac_value;
mac_material_part[0] = type;
mac_material_part[1] = (byte) ((0x00FF00 & content.length) >> 8);
mac_material_part[2] = (byte) (0x0000FF & content.length);
messageDigest.update(mac_read_secret);
messageDigest.update(pad_1);
messageDigest.update(read_seq_num);
messageDigest.update(mac_material_part);
messageDigest.update(data, 0, content.length);
mac_value = messageDigest.digest();
messageDigest.update(mac_read_secret);
messageDigest.update(pad_2);
messageDigest.update(mac_value);
mac_value = messageDigest.digest();
if (logger != null) {
logger.println("Decrypted:");
logger.print(data);
//logger.println("MAC Material:");
//logger.print(read_seq_num);
//logger.print(mac_material_header);
//logger.print(data, 0, content.length);
logger.println("Expected mac value:");
logger.print(mac_value);
}
// checking the mac value
for (int i = 0; i < hash_size; i++) {
if (mac_value[i] != data[i + content.length]) {
throw new AlertException(AlertProtocol.BAD_RECORD_MAC, new SSLProtocolException("Bad record MAC"));
}
}
System.arraycopy(data, 0, content, 0, content.length);
incSequenceNumber(read_seq_num);
return content;
}
Also used :
SSLProtocolException(javax.net.ssl.SSLProtocolException)
Example 10 with SSLProtocolException
use of javax.net.ssl.SSLProtocolException in project robovm by robovm.
the class ConnectionStateTLS method decrypt.
/**
* Retrieves the fragment of the Plaintext structure of
* the specified type from the provided data representing
* the Generic[Stream|Block]Cipher structure.
* @throws AlertException if alert was occurred.
*/
@Override
protected byte[] decrypt(byte type, byte[] fragment, int offset, int len) {
// plain data of the Generic[Stream|Block]Cipher structure
byte[] data = decCipher.update(fragment, offset, len);
// the 'content' part of the structure
byte[] content;
if (block_size != 0) {
// check padding
int padding_length = data[data.length - 1] & 0xFF;
for (int i = 0; i < padding_length; i++) {
if ((data[data.length - 2 - i] & 0xFF) != padding_length) {
throw new AlertException(AlertProtocol.DECRYPTION_FAILED, new SSLProtocolException("Received message has bad padding"));
}
}
content = new byte[data.length - hash_size - padding_length - 1];
} else {
content = new byte[data.length - hash_size];
}
mac_material_header[0] = type;
mac_material_header[3] = (byte) ((0x00FF00 & content.length) >> 8);
mac_material_header[4] = (byte) (0x0000FF & content.length);
decMac.update(read_seq_num);
decMac.update(mac_material_header);
// mac.update(fragment);
decMac.update(data, 0, content.length);
byte[] mac_value = decMac.doFinal();
if (logger != null) {
logger.println("Decrypted:");
logger.print(data);
//logger.println("MAC Material:");
//logger.print(read_seq_num);
//logger.print(mac_material_header);
//logger.print(data, 0, content.length);
logger.println("Expected mac value:");
logger.print(mac_value);
}
// checking the mac value
for (int i = 0; i < hash_size; i++) {
if (mac_value[i] != data[i + content.length]) {
throw new AlertException(AlertProtocol.BAD_RECORD_MAC, new SSLProtocolException("Bad record MAC"));
}
}
System.arraycopy(data, 0, content, 0, content.length);
incSequenceNumber(read_seq_num);
return content;
}
Also used :
SSLProtocolException(javax.net.ssl.SSLProtocolException)
Aggregations
SSLProtocolException (javax.net.ssl.SSLProtocolException)16
SSLHandshakeException (javax.net.ssl.SSLHandshakeException)5
CertificateException (java.security.cert.CertificateException)3
Test (org.junit.Test)3
IOException (java.io.IOException)2
SecureRandom (java.security.SecureRandom)2
CertificateEncodingException (java.security.cert.CertificateEncodingException)2
X509Certificate (java.security.cert.X509Certificate)2
HashSet (java.util.HashSet)2
X509TrustManager (javax.net.ssl.X509TrustManager)2
MockResponse (okhttp3.mockwebserver.MockResponse)2
SSLProtocolExceptionParser (org.jetbrains.idea.svn.networking.SSLProtocolExceptionParser)2
HttpsURLConnection (javax.net.ssl.HttpsURLConnection)1
SingleInetAddressDns (okhttp3.internal.SingleInetAddressDns)1
RecordedRequest (okhttp3.mockwebserver.RecordedRequest)1
