Package javax.net.ssl

Examples of javax.net.ssl.SSLException

971
972
973
974
975
976
977
978
979
980
981
            // Renegotiate.
            handshake();
        } else {
            // Raise an exception.
            fireExceptionCaught(
                    ctx, new SSLException(
                            "renegotiation attempted by peer; " +
                            "closing the connection"));

            // Close the connection to stop renegotiation.
            Channels.close(ctx, succeededFuture(ctx.getChannel()));
View Full Code Here
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
                    }
                }
            }
            if (names.isEmpty()) {
                String msg = "Certificate for " + hosts[0] + " doesn't contain CN or DNS subjectAlt";
                throw new SSLException(msg);
            }

            // StringBuilder for building the error message.
            buf = new StringBuilder();

            boolean match = false;
        out:
            for (Iterator<String> it = names.iterator(); it.hasNext();) {
                // Don't trim the CN, though!
                String cn = it.next();
                cn = cn.toLowerCase();
                // Store CN in StringBuilder in case we need to report an error.
                buf.append(" <");
                buf.append(cn);
                buf.append('>');
                if (it.hasNext()) {
                    buf.append(" OR");
                }

                // The CN better have at least two dots if it wants wildcard
                // action.  It also can't be [*.co.uk] or [*.co.jp] or
                // [*.org.uk], etc...
                boolean doWildcard = cn.startsWith("*.")
                    && cn.lastIndexOf('.') >= 0
                    && !isIP4Address(cn)
                    && acceptableCountryWildcard(cn);

                for (int i = 0; i < hosts.length; i++) {
                    final String hostName = hosts[i].trim().toLowerCase();
                    if (doWildcard) {
                        match = hostName.endsWith(cn.substring(1));
                        if (match && strictWithSubDomains) {
                            // If we're in strict mode, then [*.foo.com] is not
                            // allowed to match [a.b.foo.com]
                            match = countDots(hostName) == countDots(cn);
                        }
                    } else {
                        match = hostName.equals(cn);
                    }
                    if (match) {
                        break out;
                    }
                }
            }
            if (!match) {
                throw new SSLException("hostname in certificate didn't match: " + hostnames + " !=" + buf);
            }
        }
View Full Code Here
398
399
400
401
402
403
404
405
406
407
408
                        case FINISHED: {
                            handshaking = false;
                            break;
                        }
                        default: {
                            throw new SSLException("TODO");
                        }
                    }
                }
            } catch (SSLException | InterruptedException |
                    ExecutionException e) {
View Full Code Here
418
419
420
421
422
423
424
425
426
427
428
429
430
431
            handshakeStatus = result.getHandshakeStatus();
            resultStatus = result.getStatus();

            if (resultStatus != Status.OK &&
                    (wrap || resultStatus != Status.BUFFER_UNDERFLOW)) {
                throw new SSLException("TODO");
            }
            if (wrap && result.bytesConsumed() != 0) {
                throw new SSLException("TODO");
            }
            if (!wrap && result.bytesProduced() != 0) {
                throw new SSLException("TODO");
            }
        }
View Full Code Here
365
366
367
368
369
370
371
372
373
374
375
            if ( result.getStatus() == SSLEngineResult.Status.OK ) {
                if ( result.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK ) {
                    doTasks();
                }
            } else {
                throw new SSLException( "SSLEngine error during encrypt: "
                        + result.getStatus() +
                        " src: " + src + "outNetBuffer: " + outNetBuffer);
            }
        }
View Full Code Here
397
398
399
400
401
402
403
404
405
406
        // message, so that's what we'll do here.
        outNetBuffer.clear();
        SSLEngineResult result = sslEngine.wrap( hsBB, outNetBuffer );
        if( result.getStatus() != SSLEngineResult.Status.CLOSED )
        {
            throw new SSLException( "Improper close state: " + result );
        }
        outNetBuffer.flip();
        return true;
    }
View Full Code Here
438
439
440
441
442
443
444
445
446
447
448
    {
        if( status != SSLEngineResult.Status.OK &&
            status != SSLEngineResult.Status.CLOSED &&
            status != SSLEngineResult.Status.BUFFER_UNDERFLOW )
        {
            throw new SSLException( "SSLEngine error during decrypt: " +
                                    status +
                                    " inNetBuffer: " + inNetBuffer + "appBuffer: " + appBuffer);
        }
       
        return status;
View Full Code Here
575
576
577
578
579
580
581
582
583
584
585
586
587
                {
                    handshake( nextFilter );
                }
                catch( SSLException ssle )
                {
                    SSLException newSSLE = new SSLHandshakeException(
                            "Initial SSL handshake failed." );
                    newSSLE.initCause( ssle );
                    throw newSSLE;
                }
                if( getOutNetBuffer().hasRemaining() )
                {
                    if( SessionLog.isDebugEnabled( session ) )
View Full Code Here
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
            }
        }

        if(names.isEmpty()) {
            final String msg = "Certificate for <" + host + "> doesn't contain CN or DNS subjectAlt";
            throw new SSLException(msg);
        }

        // StringBuilder for building the error message.
        final StringBuilder buf = new StringBuilder();

        // We're can be case-insensitive when comparing the host we used to
        // establish the socket to the hostname in the certificate.
        final String hostName = host.trim().toLowerCase(Locale.US);
        boolean match = false;
        for(final Iterator<String> it = names.iterator(); it.hasNext();) {
            // Don't trim the CN, though!
            String cn = it.next();
            cn = cn.toLowerCase(Locale.US);
            // Store CN in StringBuilder in case we need to report an error.
            buf.append(" <");
            buf.append(cn);
            buf.append('>');
            if(it.hasNext()) {
                buf.append(" OR");
            }

            // The CN better have at least two dots if it wants wildcard
            // action.  It also can't be [*.co.uk] or [*.co.jp] or
            // [*.org.uk], etc...
            final String parts[] = cn.split("\\.");
            final boolean doWildcard = parts.length >= 3 &&
                                 parts[0].endsWith("*") &&
                                 acceptableCountryWildcard(cn) &&
                                 !isIPAddress(host);

            if(doWildcard) {
                final String firstpart = parts[0];
                if (firstpart.length() > 1) { // e.g. server*
                    final String prefix = firstpart.substring(0, firstpart.length() - 1); // e.g. server
                    final String suffix = cn.substring(firstpart.length()); // skip wildcard part from cn
                    final String hostSuffix = hostName.substring(prefix.length()); // skip wildcard part from host
                    match = hostName.startsWith(prefix) && hostSuffix.endsWith(suffix);
                } else {
                    match = hostName.endsWith(cn.substring(1));
                }
                if(match && strictWithSubDomains) {
                    // If we're in strict mode, then [*.foo.com] is not
                    // allowed to match [a.b.foo.com]
                    match = countDots(hostName) == countDots(cn);
                }
            } else {
                match = hostName.equals(cn);
            }
            if(match) {
                break;
            }
        }
        if(!match) {
            throw new SSLException("hostname in certificate didn't match: <" + host + "> !=" + buf);
        }
    }
View Full Code Here
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
            }
        }

        if(names.isEmpty()) {
            String msg = "Certificate for <" + host + "> doesn't contain CN or DNS subjectAlt";
            throw new SSLException(msg);
        }

        // StringBuilder for building the error message.
        StringBuilder buf = new StringBuilder();

        // We're can be case-insensitive when comparing the host we used to
        // establish the socket to the hostname in the certificate.
        String hostName = host.trim().toLowerCase(Locale.US);
        boolean match = false;
        for(Iterator<String> it = names.iterator(); it.hasNext();) {
            // Don't trim the CN, though!
            String cn = it.next();
            cn = cn.toLowerCase(Locale.US);
            // Store CN in StringBuilder in case we need to report an error.
            buf.append(" <");
            buf.append(cn);
            buf.append('>');
            if(it.hasNext()) {
                buf.append(" OR");
            }

            // The CN better have at least two dots if it wants wildcard
            // action.  It also can't be [*.co.uk] or [*.co.jp] or
            // [*.org.uk], etc...
            String parts[] = cn.split("\\.");
            boolean doWildcard = parts.length >= 3 &&
                                 parts[0].endsWith("*") &&
                                 acceptableCountryWildcard(cn) &&
                                 !isIPAddress(host);

            if(doWildcard) {
                String firstpart = parts[0];
                if (firstpart.length() > 1) { // e.g. server*
                    String prefix = firstpart.substring(0, firstpart.length() - 1); // e.g. server
                    String suffix = cn.substring(firstpart.length()); // skip wildcard part from cn
                    String hostSuffix = hostName.substring(prefix.length()); // skip wildcard part from host
                    match = hostName.startsWith(prefix) && hostSuffix.endsWith(suffix);
                } else {
                    match = hostName.endsWith(cn.substring(1));
                }
                if(match && strictWithSubDomains) {
                    // If we're in strict mode, then [*.foo.com] is not
                    // allowed to match [a.b.foo.com]
                    match = countDots(hostName) == countDots(cn);
                }
            } else {
                match = hostName.equals(cn);
            }
            if(match) {
                break;
            }
        }
        if(!match) {
            throw new SSLException("hostname in certificate didn't match: <" + host + "> !=" + buf);
        }
    }
View Full Code Here
TOP

Related Classes of javax.net.ssl.SSLException

  • ch.unifr.nio.framework.transform.SSLInputForwarder
  • com.dropbox.core.http.SSLConfig
  • com.dtolabs.rundeck.jetty.jaas.HostnameVerifyingTrustManagerTest
  • com.ensifera.animosity.craftirc.libs.org.jibble.pircbot.TrustingSSLSocketFactory
  • com.facebook.presto.jdbc.internal.netty.handler.ssl.SslHandler
  • com.findwise.utils.http.SelectiveHostnameVerifierTest
  • com.impossibl.postgres.protocol.v30.ProtocolFactoryImpl
  • com.pusher.client.connection.websocket.WebSocketClientWrapper
  • com.subgraph.orchid.sockets.sslengine.SSLEngineManager
  • gnu.javax.net.ssl.provider.SSLSocket
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.