Examples of javax.net.ssl.SSLPeerUnverifiedException

javax.net.ssl.SSLPeerUnverifiedException

    /*
     * @see javax.net.ssl.SSLSession#getPeerCertificateChain()
     */
    public X509Certificate[] getPeerCertificateChain()
            throws SSLPeerUnverifiedException {
      throw new SSLPeerUnverifiedException("test exception");
    }

View Full Code Here

    /*
     * @see javax.net.ssl.SSLSession#getPeerCertificates()
     */
    public Certificate[] getPeerCertificates()
            throws SSLPeerUnverifiedException {
      throw new SSLPeerUnverifiedException("test exception");
    }

View Full Code Here

                                           + "server hostname: " + hostname);
        }
        
        X509Certificate[] certs = session.getPeerCertificateChain();
        if (certs == null || certs.length == 0) 
            throw new SSLPeerUnverifiedException("No server certificates found!");
        
        //get the servers DN in its string representation
        String dn = certs[0].getSubjectDN().getName();


        //might be useful to print out all certificates we receive from the
        //server, in case one has to debug a problem with the installed certs.
        if (LOG.isDebugEnabled()) {
            LOG.debug("Server certificate chain:");
            for (int i = 0; i < certs.length; i++) {
                LOG.debug("X509Certificate[" + i + "]=" + certs[i]);
            }
        }
        //get the common name from the first cert
        String cn = getCN(dn);
        if (hostname.equalsIgnoreCase(cn)) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Target hostname valid: " + cn);
            }
        } else {
            throw new SSLPeerUnverifiedException(
                "HTTPS hostname invalid: expected '" + hostname + "', received '" + cn + "'");
        }
    }

View Full Code Here

            }
            if (!this.hostnameVerifier.verify(hostname, session)) {
                final Certificate[] certs = session.getPeerCertificates();
                final X509Certificate x509 = (X509Certificate) certs[0];
                final X500Principal x500Principal = x509.getSubjectX500Principal();
                throw new SSLPeerUnverifiedException("Host name '" + hostname + "' does not match " +
                        "the certificate subject provided by the peer (" + x500Principal.toString() + ")");
            }
            // verifyHostName() didn't blowup - good!
        } catch (final IOException iox) {
            // close the socket before re-throwing the exception

View Full Code Here

            }
            if (!this.hostnameVerifier.verify(hostname, session)) {
                final Certificate[] certs = session.getPeerCertificates();
                final X509Certificate x509 = (X509Certificate) certs[0];
                final X500Principal x500Principal = x509.getSubjectX500Principal();
                throw new SSLPeerUnverifiedException("Host name '" + hostname + "' does not match " +
                        "the certificate subject provided by the peer (" + x500Principal.toString() + ")");
            }
            // verifyHostName() didn't blowup - good!
        } catch (final IOException iox) {
            // close the socket before re-throwing the exception

View Full Code Here


  public void verifyHostname(String hostname, SSLSession session) throws SSLPeerUnverifiedException {


    X509Certificate[] peerCerts = (X509Certificate[]) session.getPeerCertificates();
    if (peerCerts == null || peerCerts.length == 0) {
      throw new SSLPeerUnverifiedException("No peer certificates");
    }


    // Extract the common name
    X509Certificate serverCert = peerCerts[0];
    LdapName DN;
    try {
      DN = new LdapName(serverCert.getSubjectX500Principal().getName(X500Principal.RFC2253));
    }
    catch (InvalidNameException e) {
      throw new SSLPeerUnverifiedException("Invalid name in certificate");
    }


    String CN = null;
    Iterator<Rdn> it = DN.getRdns().iterator();
    while (it.hasNext()) {
      Rdn rdn = it.next();
      if ("CN".equals(rdn.getType())) {
        // Multiple AVAs are not treated
        CN = (String) rdn.getValue();
        break;
      }
    }


    if (CN == null) {
      throw new SSLPeerUnverifiedException("Common name not found");
    }
    else if (CN.startsWith("*")) {


      // We have a wildcard
      if (hostname.endsWith(CN.substring(1))) {
        // Avoid IndexOutOfBoundsException because hostname already ends with CN
        if (!(hostname.substring(0, hostname.length() - CN.length() + 1).contains("."))) {
          throw new SSLPeerUnverifiedException("The hostname " + hostname + " could not be verified");
        }
      }
      else {
        throw new SSLPeerUnverifiedException("The hostname " + hostname + " could not be verified");
      }


    }
    else {
      if (!CN.equals(hostname)) {
        throw new SSLPeerUnverifiedException("The hostname " + hostname + " could not be verified");
      }
    }
  }

View Full Code Here


        if (debug) {
            System.out.println("StartTLS: Completed handshake");
        }


        SSLPeerUnverifiedException verifExcep = null;
        try {
            if (verify(hostname, sslSession)) {
                isClosed = false;
                return sslSession;
            }
        } catch (SSLPeerUnverifiedException e) {
            // Save to return the cause
            verifExcep = e;
        }
        if ((verifier != null) &&
                verifier.verify(hostname, sslSession)) {
            isClosed = false;
            return sslSession;
        }


        // Verification failed
        close();
        sslSession.invalidate();
        if (verifExcep == null) {
            verifExcep = new SSLPeerUnverifiedException(
                        "hostname of the server '" + hostname +
                        "' does not match the hostname in the " +
                        "server's certificate.");
        }
        throw verifExcep;

View Full Code Here

            HostnameChecker checker = HostnameChecker.getInstance(
                                                HostnameChecker.TYPE_LDAP);
            Principal principal = getPeerPrincipal(session);
            if (principal instanceof KerberosPrincipal) {
                if (!checker.match(hostname, (KerberosPrincipal) principal)) {
                    throw new SSLPeerUnverifiedException(
                        "hostname of the kerberos principal:" + principal +
                        " does not match the hostname:" + hostname);
                }
            } else {


                // get the subject's certificate
                certs = session.getPeerCertificates();
                X509Certificate peerCert;
                if (certs[0] instanceof java.security.cert.X509Certificate) {
                    peerCert = (java.security.cert.X509Certificate) certs[0];
                } else {
                    throw new SSLPeerUnverifiedException(
                            "Received a non X509Certificate from the server");
                }
                checker.match(hostname, peerCert);
            }


            // no exception means verification passed
            return true;
        } catch (SSLPeerUnverifiedException e) {


            /*
             * The application may enable an anonymous SSL cipher suite, and
             * hostname verification is not done for anonymous ciphers
             */
            String cipher = session.getCipherSuite();
            if (cipher != null && (cipher.indexOf("_anon_") != -1)) {
                return true;
            }
            throw e;
        } catch (CertificateException e) {


            /*
             * Pass up the cause of the failure
             */
            throw(SSLPeerUnverifiedException)
                new SSLPeerUnverifiedException("hostname of the server '" +
                                hostname +
                                "' does not match the hostname in the " +
                                "server's certificate.").initCause(e);
        }
    }

View Full Code Here

     * @see javax.net.ssl.SSLSession.getPeerCertificateChain()
     */
    public javax.security.cert.X509Certificate[] getPeerCertificateChain()
            throws SSLPeerUnverifiedException {
        if (peerCertificates == null) {
            throw new SSLPeerUnverifiedException("No peer certificate");
        }
        javax.security.cert.X509Certificate[] certs = new javax.security.cert.X509Certificate[peerCertificates.length];
        for (int i = 0; i < certs.length; i++) {
            try {
                certs[i] = javax.security.cert.X509Certificate

View Full Code Here

     * @see javax.net.ssl.SSLSession.getPeerCertificates()
     */
    public Certificate[] getPeerCertificates()
            throws SSLPeerUnverifiedException {
        if (peerCertificates == null) {
            throw new SSLPeerUnverifiedException("No peer certificate");
        }
        return peerCertificates;
    }

View Full Code Here

0 1 2 3 4 5 6

TOP

Related Classes of javax.net.ssl.SSLPeerUnverifiedException

com.google.dataconnector.client.SdcConnectionTest

com.impossibl.postgres.protocol.v30.ProtocolFactoryImpl

com.sun.jndi.ldap.ext.StartTlsResponseImpl

gnu.javax.net.ssl.provider.SSLSocket

io.undertow.security.impl.ClientCertAuthenticationMechanism

io.undertow.server.ConnectionSSLSessionInfo

org.apache.activemq.transport.tcp.StubSSLSession

org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory

org.apache.harmony.xnet.provider.jsse.SSLSessionImpl

org.apache.harmony.xnet.tests.javax.net.ssl.MySSLSession

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.