List of usage examples for javax.net.ssl SSLException SSLException
public SSLException(Throwable cause)
From source file:org.apache.chemistry.opencmis.client.bindings.spi.http.AbstractApacheClientHttpInvoker.java
/** * Verifies a hostname with the given verifier. */// ww w .java 2 s .c o m protected void verify(HostnameVerifier verifier, String host, SSLSocket sslSocket) throws IOException { try { if (verifier instanceof X509HostnameVerifier) { ((X509HostnameVerifier) verifier).verify(host, sslSocket); } else { if (!verifier.verify(host, sslSocket.getSession())) { throw new SSLException("Hostname in certificate didn't match: <" + host + ">"); } } } catch (IOException ioe) { closeSocket(sslSocket); throw ioe; } }
From source file:com.kenai.redminenb.repository.RedmineRepository.java
static PoolingClientConnectionManager createConnectionManager() throws SSLInitializationException { SSLSocketFactory socketFactory = SSLSocketFactory.getSystemSocketFactory(); socketFactory.setHostnameVerifier(new X509HostnameVerifier() { @Override//from ww w . j a v a 2 s .c om public void verify(String string, SSLSocket ssls) throws IOException { if (!HttpsURLConnection.getDefaultHostnameVerifier().verify(string, ssls.getSession())) { throw new SSLException("Hostname did not verify"); } } @Override public void verify(String string, X509Certificate xc) throws SSLException { throw new SSLException("Check not implemented yet"); } @Override public void verify(String string, String[] strings, String[] strings1) throws SSLException { throw new SSLException("Check not implemented yet"); } @Override public boolean verify(String string, SSLSession ssls) { return HttpsURLConnection.getDefaultHostnameVerifier().verify(string, ssls); } }); PoolingClientConnectionManager connectionManager = RedmineManagerFactory .createConnectionManager(Integer.MAX_VALUE, socketFactory); return connectionManager; }
From source file:org.apache.hadoop.ipc.RpcSSLEngineAbstr.java
@Override public boolean doHandshake() throws IOException { LOG.debug("Starting TLS handshake with peer " + getRemoteHost()); SSLEngineResult result;//from www . j a v a 2s. com SSLEngineResult.HandshakeStatus handshakeStatus; ByteBuffer serverAppBuffer = ByteBuffer.allocate(sslEngine.getSession().getApplicationBufferSize()); ByteBuffer clientAppBuffer = ByteBuffer.allocate(sslEngine.getSession().getApplicationBufferSize()); serverNetBuffer.clear(); clientNetBuffer.clear(); TimeWatch timer = TimeWatch.start(); handshakeStatus = sslEngine.getHandshakeStatus(); while (handshakeStatus != SSLEngineResult.HandshakeStatus.FINISHED && handshakeStatus != SSLEngineResult.HandshakeStatus.NOT_HANDSHAKING) { if (timer.elapsedIn(TimeUnit.MILLISECONDS) > handshakeTimeoutMS) { if (LOG.isWarnEnabled()) { String remoteHost = getRemoteHost(); LOG.warn("Connection with " + remoteHost + " has been handshaking for too long. Closing the " + "connection!"); } throw new SSLException("TLS handshake time-out. Handshaking for more than " + handshakeTimeoutMS + " milliseconds!"); } switch (handshakeStatus) { case NEED_UNWRAP: int inBytes = socketChannel.read(clientNetBuffer); if (inBytes > 0) { timer.reset(); } else if (inBytes < 0) { if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { return false; } try { sslEngine.closeInbound(); } catch (SSLException ex) { LOG.warn(ex, ex); throw ex; } sslEngine.closeOutbound(); handshakeStatus = sslEngine.getHandshakeStatus(); break; } clientNetBuffer.flip(); try { result = sslEngine.unwrap(clientNetBuffer, clientAppBuffer); clientNetBuffer.compact(); handshakeStatus = result.getHandshakeStatus(); } catch (SSLException ex) { LOG.warn(ex, ex); sslEngine.closeOutbound(); throw ex; } switch (result.getStatus()) { case OK: break; case BUFFER_OVERFLOW: // clientAppBuffer is not large enough clientAppBuffer = enlargeApplicationBuffer(clientAppBuffer); break; case BUFFER_UNDERFLOW: // Not enough input data to unwrap or the input buffer is too small clientNetBuffer = handleBufferUnderflow(clientNetBuffer); break; case CLOSED: if (sslEngine.isOutboundDone()) { return false; } else { sslEngine.closeOutbound(); handshakeStatus = sslEngine.getHandshakeStatus(); break; } default: throw new IllegalStateException("Invalid SSL status: " + result.getStatus()); } break; case NEED_WRAP: serverNetBuffer.clear(); try { result = sslEngine.wrap(serverAppBuffer, serverNetBuffer); handshakeStatus = result.getHandshakeStatus(); } catch (SSLException ex) { LOG.warn(ex, ex); sslEngine.closeOutbound(); throw ex; } switch (result.getStatus()) { case OK: serverNetBuffer.flip(); while (serverNetBuffer.hasRemaining()) { socketChannel.write(serverNetBuffer); } timer.reset(); break; case BUFFER_OVERFLOW: serverNetBuffer = enlargePacketBuffer(serverNetBuffer); break; case BUFFER_UNDERFLOW: throw new SSLException("Buffer overflow occurred after a wrap."); case CLOSED: try { serverNetBuffer.flip(); while (serverNetBuffer.hasRemaining()) { socketChannel.write(serverNetBuffer); } timer.reset(); clientNetBuffer.clear(); } catch (Exception ex) { LOG.warn(ex, ex); throw ex; } break; default: throw new IllegalStateException("Invalid SSL status: " + result.getStatus()); } break; case NEED_TASK: Runnable task; while ((task = sslEngine.getDelegatedTask()) != null) { exec.execute(task); } handshakeStatus = sslEngine.getHandshakeStatus(); break; case FINISHED: break; case NOT_HANDSHAKING: break; default: throw new IllegalStateException("Invalid SSL status: " + handshakeStatus); } } return true; }
From source file:org.apache.hadoop.ipc.ServerRpcSSLEngineImpl.java
@Override public int write(WritableByteChannel channel, ByteBuffer buffer) throws IOException { serverAppBuffer.clear();/*ww w.java 2s . c o m*/ if (serverAppBuffer.capacity() < buffer.capacity()) { LOG.debug("ServerAppBuffer capacity: " + serverAppBuffer.capacity() + " Buffer size: " + buffer.capacity()); serverAppBuffer = ByteBuffer.allocate(Math.min(buffer.capacity(), MAX_BUFFER_SIZE)); } serverAppBuffer.put(buffer); serverAppBuffer.flip(); int bytesWritten = 0; while (serverAppBuffer.hasRemaining()) { serverNetBuffer.clear(); SSLEngineResult result = sslEngine.wrap(serverAppBuffer, serverNetBuffer); switch (result.getStatus()) { case OK: serverNetBuffer.flip(); while (serverNetBuffer.hasRemaining()) { bytesWritten += channel.write(serverNetBuffer); } //return bytesWritten; break; case BUFFER_OVERFLOW: serverNetBuffer = enlargePacketBuffer(serverNetBuffer); break; case BUFFER_UNDERFLOW: throw new SSLException("Buffer underflow should not happen after wrap"); case CLOSED: sslEngine.closeOutbound(); doHandshake(); return -1; default: throw new IllegalStateException("Invalid SSL state: " + result.getStatus()); } } return bytesWritten; }
From source file:org.apache.http.HC4.conn.ssl.AbstractVerifier.java
public final void verify(final String host, final String[] cns, final String[] subjectAlts, final boolean strictWithSubDomains) throws SSLException { final String cn = cns != null && cns.length > 0 ? cns[0] : null; final List<String> subjectAltList = subjectAlts != null && subjectAlts.length > 0 ? Arrays.asList(subjectAlts) : null;/*from w ww . j a va 2 s.c o m*/ final String normalizedHost = InetAddressUtils.isIPv6Address(host) ? DefaultHostnameVerifier.normaliseAddress(host.toLowerCase(Locale.ROOT)) : host; if (subjectAltList != null) { for (String subjectAlt : subjectAltList) { final String normalizedAltSubject = InetAddressUtils.isIPv6Address(subjectAlt) ? DefaultHostnameVerifier.normaliseAddress(subjectAlt) : subjectAlt; if (matchIdentity(normalizedHost, normalizedAltSubject, strictWithSubDomains)) { return; } } throw new SSLException("Certificate for <" + host + "> doesn't match any " + "of the subject alternative names: " + subjectAltList); } else if (cn != null) { final String normalizedCN = InetAddressUtils.isIPv6Address(cn) ? DefaultHostnameVerifier.normaliseAddress(cn) : cn; if (matchIdentity(normalizedHost, normalizedCN, strictWithSubDomains)) { return; } throw new SSLException("Certificate for <" + host + "> doesn't match " + "common name of the certificate subject: " + cn); } else { throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } }
From source file:org.apache.synapse.transport.nhttp.HttpCoreNIOSSLSender.java
private SSLSetupHandler createSSLSetupHandler(final String hostnameVerifier, final CertificateVerificationConfig cvConfig) throws AxisFault { return new SSLSetupHandler() { public void initalize(SSLEngine sslengine) { }/*from ww w . j a v a 2 s. c o m*/ public void verify(IOSession ioSession, SSLSession session) throws SSLException { SocketAddress remoteAddress = ioSession.getRemoteAddress(); String address; if (remoteAddress instanceof InetSocketAddress) { address = ((InetSocketAddress) remoteAddress).getHostName(); } else { address = remoteAddress.toString(); } boolean valid = false; //Do HostName verification. if (hostnameVerifier != null) { if ("Strict".equals(hostnameVerifier)) { valid = HostnameVerifier.STRICT.verify(address, session); } else if ("AllowAll".equals(hostnameVerifier)) { valid = HostnameVerifier.ALLOW_ALL.verify(address, session); } else if ("DefaultAndLocalhost".equals(hostnameVerifier)) { valid = HostnameVerifier.DEFAULT_AND_LOCALHOST.verify(address, session); } } else { valid = HostnameVerifier.DEFAULT.verify(address, session); } if (!valid) { throw new SSLException("Host name verification failed for host : " + address); } if (cvConfig != null) { try { ocspCrl.verifyRevocationStatus(session.getPeerCertificateChain(), cvConfig.getCacheSize(), cvConfig.getCacheDuration()); } catch (CertificateVerificationException e) { throw new SSLException("Certificate chain validation failed for host : " + address, e); } } } }; }