List of usage examples for javax.net.ssl SSLException SSLException
public SSLException(Throwable cause)
From source file:ie.aib.nbp.aibssl.AibHostVerifier.java
@Override public void verify(String host, X509Certificate cert) throws SSLException { throw new SSLException("Hostname verification 1 not implemented"); }
From source file:ie.aib.nbp.aibssl.AibHostVerifier.java
@Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { throw new SSLException("Hostname verification 2 not implemented"); }
From source file:com.kenai.redminenb.repository.RedmineManagerFactoryHelper.java
public static HttpClient getTransportConfig() { /**// w ww .j ava 2s . c om * Implement a minimal hostname verifier. This is needed to be able to use * hosts with certificates, that don't match the used hostname (VServer). * * This is implemented by first trying the "Browser compatible" hostname * verifier and if that fails, fall back to the default java hostname * verifier. * * If the default case the hostname verifier in java always rejects, but * for netbeans the "SSL Certificate Exception" module is available that * catches this and turns a failure into a request to the GUI user. */ X509HostnameVerifier hostnameverified = new X509HostnameVerifier() { @Override public void verify(String string, SSLSocket ssls) throws IOException { if (SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER.verify(string, ssls.getSession())) { return; } if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(string, ssls.getSession())) { throw new SSLException("Hostname did not verify"); } } @Override public void verify(String string, X509Certificate xc) throws SSLException { throw new SSLException("Check not implemented yet"); } @Override public void verify(String string, String[] strings, String[] strings1) throws SSLException { throw new SSLException("Check not implemented yet"); } @Override public boolean verify(String string, SSLSession ssls) { if (SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER.verify(string, ssls)) { return true; } return HttpsURLConnection.getDefaultHostnameVerifier().verify(string, ssls); } }; try { SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(SSLContext.getDefault(), hostnameverified); HttpClient hc = HttpClientBuilder.create() .setRoutePlanner(new SystemDefaultRoutePlanner(ProxySelector.getDefault())) .setSSLSocketFactory(scsf).build(); return hc; } catch (NoSuchAlgorithmException ex) { throw new RuntimeException(ex); } }
From source file:org.eclipse.aether.transport.http.X509HostnameVerifierAdapter.java
public void verify(String host, SSLSocket socket) throws IOException { if (!verify(host, socket.getSession())) { throw new SSLException("<" + host + "> does not pass hostname verification"); }//from w ww . j av a 2 s .c o m }
From source file:com.dtolabs.rundeck.jetty.jaas.HostnameVerifyingTrustManagerTest.java
@Test public void testCheckServerTrustedFailsVerification() throws Exception { X509Certificate certificate = Mockito.mock(X509Certificate.class); X509Certificate[] chain = { certificate }; String authType = "type"; String host = "host"; SSLException root = new SSLException("Invalid"); Mockito.doThrow(root).when(verifier).check(Mockito.eq(host), Mockito.same(certificate)); HostnameVerifyingSSLSocketFactory.setTargetHost(host); try {/*from www. j a va2 s . c o m*/ trustManager.checkServerTrusted(chain, authType); Assert.fail("Expected hostname verification to fail."); } catch (CertificateException e) { Assert.assertSame("Expected validation exception to be thrown as root cause.", root, e.getCause()); } Mockito.verifyZeroInteractions(realTrustManager); }
From source file:it.jnrpe.server.CBindingThread.java
/** * Returns the SSL factory to be used to create the Server Socket * @throws KeyStoreException /*from ww w . j a v a 2 s.com*/ * @throws IOException * @throws FileNotFoundException * @throws CertificateException * @throws UnrecoverableKeyException * @throws KeyManagementException * * @see it.intesa.fi2.client.network.ISSLObjectsFactory#getSSLSocketFactory(String, String, String) */ public SSLServerSocketFactory getSSLSocketFactory(String sKeyStoreFile, String sKeyStorePwd, String sKeyStoreType) throws KeyStoreException, CertificateException, FileNotFoundException, IOException, UnrecoverableKeyException, KeyManagementException { if (sKeyStoreFile == null) throw new KeyStoreException("KEYSTORE HAS NOT BEEN SPECIFIED"); if (this.getClass().getClassLoader().getResourceAsStream(sKeyStoreFile) == null) throw new KeyStoreException("COULD NOT FIND KEYSTORE '" + sKeyStoreFile + "'"); if (sKeyStorePwd == null) throw new KeyStoreException("KEYSTORE PASSWORD HAS NOT BEEN SPECIFIED"); SSLContext ctx; KeyManagerFactory kmf; try { ctx = SSLContext.getInstance("SSLv3"); kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); //KeyStore ks = getKeystore(sKeyStoreFile, sKeyStorePwd, sKeyStoreType); KeyStore ks = KeyStore.getInstance(sKeyStoreType); ks.load(this.getClass().getClassLoader().getResourceAsStream(sKeyStoreFile), sKeyStorePwd.toCharArray()); char[] passphrase = sKeyStorePwd.toCharArray(); kmf.init(ks, passphrase); ctx.init(kmf.getKeyManagers(), null, new java.security.SecureRandom()); } catch (NoSuchAlgorithmException e) { throw new SSLException("Unable to initialize SSLSocketFactory.\n" + e.getMessage()); } return ctx.getServerSocketFactory(); }
From source file:com.newrelic.agent.deps.org.apache.http.conn.ssl.DefaultHostnameVerifier.java
static void matchIPAddress(final String host, final List<String> subjectAlts) throws SSLException { for (int i = 0; i < subjectAlts.size(); i++) { final String subjectAlt = subjectAlts.get(i); if (host.equals(subjectAlt)) { return; }// w w w .j av a 2 s . c om } throw new SSLException("Certificate for <" + host + "> doesn't match any " + "of the subject alternative names: " + subjectAlts); }
From source file:org.eclipse.mylyn.commons.repositories.http.tests.CommonHttpClientTest.java
@Test(expected = SSLException.class) public void testCertificateAuthenticationCertificateReset() throws Exception { if (CommonTestUtil.isCertificateAuthBroken() || CommonTestUtil.isBehindProxy()) { // bug 369805 System.err.println(/*from w w w . j a va2s . c o m*/ "Skipped CommonHttpClientTest.testCertificateAuthenticationCertificateReset due to incompatible JVM"); throw new SSLException(""); // skip test } if (!CommonTestUtil.hasCertificateCredentials()) { System.err.println( "Skipped CommonHttpClientTest.testCertificateAuthenticationCertificate() due to missing credentials"); throw new SSLException(""); // skip test } RepositoryLocation location = new RepositoryLocation(); location.setUrl("https://mylyn.org/secure/index.txt"); location.setCredentials(AuthenticationType.CERTIFICATE, CommonTestUtil.getCertificateCredentials()); HttpGet request = new HttpGet(location.getUrl()); CommonHttpClient client = new CommonHttpClient(location); // work-around for bug 369805 Scheme oldScheme = setUpDefaultFactory(client); try { try { HttpResponse response = client.execute(request, null); try { assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode()); } finally { HttpUtil.release(request, response, null); } } catch (SSLException e) { throw new IllegalStateException("Unexpected exception", e); } location.setCredentials(AuthenticationType.CERTIFICATE, null); // the request should now fail request = new HttpGet(location.getUrl()); HttpResponse response = client.execute(request, null); HttpUtil.release(request, response, null); } finally { tearDownDefaultFactory(client, oldScheme); } }
From source file:com.newrelic.agent.deps.org.apache.http.conn.ssl.DefaultHostnameVerifier.java
public final void verify(final String host, final X509Certificate cert) throws SSLException { final boolean ipv4 = InetAddressUtils.isIPv4Address(host); final boolean ipv6 = InetAddressUtils.isIPv6Address(host); final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; final List<String> subjectAlts = extractSubjectAlts(cert, subjectType); if (subjectAlts != null && !subjectAlts.isEmpty()) { if (ipv4) { matchIPAddress(host, subjectAlts); } else if (ipv6) { matchIPv6Address(host, subjectAlts); } else {/*ww w.java 2s.c o m*/ matchDNSName(host, subjectAlts, this.publicSuffixMatcher); } } else { // CN matching has been deprecated by rfc2818 and can be used // as fallback only when no subjectAlts are available final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); if (cn == null) { throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } matchCN(host, cn, this.publicSuffixMatcher); } }
From source file:com.newrelic.agent.deps.org.apache.http.conn.ssl.DefaultHostnameVerifier.java
static void matchIPv6Address(final String host, final List<String> subjectAlts) throws SSLException { final String normalisedHost = normaliseAddress(host); for (int i = 0; i < subjectAlts.size(); i++) { final String subjectAlt = subjectAlts.get(i); final String normalizedSubjectAlt = normaliseAddress(subjectAlt); if (normalisedHost.equals(normalizedSubjectAlt)) { return; }// www . ja va 2 s . c om } throw new SSLException("Certificate for <" + host + "> doesn't match any " + "of the subject alternative names: " + subjectAlts); }