private void handleSslException(SSLException e) throws CertificateValidationException, SSLException { if (e.getCause() instanceof CertificateException) { throw new CertificateValidationException(e.getMessage(), e); } else { throw e; } }
private String errorMessageForCertificateException(CertificateValidationException e) { switch (e.getReason()) { case Expired: return getString(R.string.client_certificate_expired, e.getAlias(), e.getMessage()); case MissingCapability: return getString(R.string.auth_external_error); case RetrievalFailure: return getString(R.string.client_certificate_retrieval_failure, e.getAlias()); case UseMessage: return e.getMessage(); case Unknown: default: return ""; } }
if (ex.getCause() != null) { if (ex.getCause().getCause() != null) { exMessage = ex.getCause().getCause().getMessage(); exMessage = ex.getCause().getMessage(); exMessage = ex.getMessage(); final X509Certificate[] chain = ex.getCertChain();
@Test public void open_authExternalWithoutAuthExternalCapability_shouldThrow() throws Exception { settings.setAuthType(AuthType.EXTERNAL); MockImapServer server = new MockImapServer(); preAuthenticationDialog(server, "AUTH=PLAIN"); ImapConnection imapConnection = startServerAndCreateImapConnection(server); try { imapConnection.open(); fail("Expected exception"); } catch (CertificateValidationException e) { assertEquals(Reason.MissingCapability, e.getReason()); } server.verifyConnectionClosed(); server.verifyInteractionCompleted(); }
@Test public void open_withStartTlsButWithoutStartTlsCapability_shouldThrow() throws Exception { settings.setConnectionSecurity(ConnectionSecurity.STARTTLS_REQUIRED); MockImapServer server = new MockImapServer(); preAuthenticationDialog(server); ImapConnection imapConnection = startServerAndCreateImapConnection(server); try { imapConnection.open(); fail("Expected exception"); } catch (CertificateValidationException e) { //FIXME: CertificateValidationException seems wrong assertEquals("STARTTLS connection security not available", e.getMessage()); } server.verifyConnectionClosed(); server.verifyInteractionCompleted(); }
private void scanForCause() { Throwable throwable = getCause();
private void handleCertificateValidationException(CertificateValidationException cve) { Timber.e(cve, "Error while testing settings"); X509Certificate[] chain = cve.getCertChain(); // Avoid NullPointerException in acceptKeyDialog() if (chain != null) { acceptKeyDialog( R.string.account_setup_failed_dlg_certificate_message_fmt, cve); } else { showErrorDialog( R.string.account_setup_failed_dlg_server_message_fmt, errorMessageForCertificateException(cve)); } }
@Test public void open_withoutAuthExternalExtension_shouldThrow() throws Exception { MockSmtpServer server = new MockSmtpServer(); server.output("220 localhost Simple Mail Transfer Service Ready"); server.expect("EHLO [127.0.0.1]"); server.output("250-localhost Hello client.localhost"); server.output("250 AUTH"); server.expect("QUIT"); server.output("221 BYE"); SmtpTransport transport = startServerAndCreateSmtpTransport(server, AuthType.EXTERNAL, ConnectionSecurity.NONE); try { transport.open(); fail("Exception expected"); } catch (CertificateValidationException e) { assertEquals(CertificateValidationException.Reason.MissingCapability, e.getReason()); } server.verifyConnectionClosed(); server.verifyInteractionCompleted(); }
@Test public void open_authExternalWithAuthenticationFailure_shouldThrow() throws Exception { settings.setAuthType(AuthType.EXTERNAL); MockImapServer server = new MockImapServer(); preAuthenticationDialog(server, "AUTH=EXTERNAL"); server.expect("2 AUTHENTICATE EXTERNAL " + ByteString.encodeUtf8(USERNAME).base64()); server.output("2 NO Bad certificate"); ImapConnection imapConnection = startServerAndCreateImapConnection(server); try { imapConnection.open(); fail("Expected exception"); } catch (CertificateValidationException e) { //FIXME: improve exception message assertThat(e.getMessage(), containsString("Bad certificate")); } server.verifyConnectionClosed(); server.verifyInteractionCompleted(); }
/** * @param alias Must not be null nor empty * @throws MessagingException * Indicates an error in retrieving the certificate for the alias * (likely because the alias is invalid or the certificate was deleted) */ public KeyChainKeyManager(Context context, String alias) throws MessagingException { mAlias = alias; try { mChain = fetchCertificateChain(context, alias); mPrivateKey = fetchPrivateKey(context, alias); } catch (KeyChainException e) { // The certificate was possibly deleted. Notify user of error. throw new CertificateValidationException(e.getMessage(), RetrievalFailure, alias); } catch (InterruptedException e) { throw new CertificateValidationException(e.getMessage(), RetrievalFailure, alias); } }
@Test public void open_withAuthTypeExternalAndNoCapability_throwsCVE() throws IOException, MessagingException { settings.setAuthType(AuthType.EXTERNAL); MockPop3Server server = new MockPop3Server(); server.output("+OK POP3 server greeting"); server.expect("AUTH"); server.output("+OK Listing of supported mechanisms follows"); server.output("PLAIN"); server.output("CRAM-MD5"); server.output("."); server.expect("CAPA"); server.output("+OK Listing of supported mechanisms follows"); server.output("PLAIN"); server.output("CRAM-MD5"); server.output("EXTERNAL"); server.output("."); try { startServerAndCreateOpenConnection(server); fail("CVE expected"); } catch (CertificateValidationException e) { assertEquals(Reason.MissingCapability, e.getReason()); } server.verifyConnectionStillOpen(); server.verifyInteractionCompleted(); }
@Test public void open_withAuthTypeExternalAndCapability_withRejection_throwsCVE() throws IOException, MessagingException { settings.setAuthType(AuthType.EXTERNAL); MockPop3Server server = new MockPop3Server(); server.output("+OK POP3 server greeting"); server.expect("AUTH"); server.output("+OK Listing of supported mechanisms follows"); server.output("PLAIN"); server.output("CRAM-MD5"); server.output("EXTERNAL"); server.output("."); server.expect("CAPA"); server.output("+OK Listing of supported mechanisms follows"); server.output("PLAIN"); server.output("CRAM-MD5"); server.output("EXTERNAL"); server.output("."); server.expect("AUTH EXTERNAL dXNlcg=="); server.output("-ERR Invalid certificate"); try { startServerAndCreateOpenConnection(server); fail("CVE expected"); } catch (CertificateValidationException e) { assertEquals("POP3 client certificate authentication failed: -ERR Invalid certificate", e.getMessage()); } server.verifyInteractionCompleted(); }
private void upgradeToTls() throws IOException, MessagingException, GeneralSecurityException { if (!hasCapability(Capabilities.STARTTLS)) { /* * This exception triggers a "Certificate error" * notification that takes the user to the incoming * server settings for review. This might be needed if * the account was configured with an obsolete * "STARTTLS (if available)" setting. */ throw new CertificateValidationException("STARTTLS connection security not available"); } startTLS(); }
private X509Certificate[] fetchCertificateChain(Context context, String alias) throws KeyChainException, InterruptedException, MessagingException { X509Certificate[] chain = KeyChain.getCertificateChain(context, alias); if (chain == null || chain.length == 0) { throw new MessagingException("No certificate chain found for: " + alias); } try { for (X509Certificate certificate : chain) { certificate.checkValidity(); } } catch (CertificateException e) { throw new CertificateValidationException(e.getMessage(), Reason.Expired, alias); } return chain; }
private void performStartTlsUpgrade(TrustedSocketFactory trustedSocketFactory, String host, int port, String clientCertificateAlias) throws MessagingException, NoSuchAlgorithmException, KeyManagementException, IOException { if (capabilities.stls) { executeSimpleCommand(STLS_COMMAND); socket = trustedSocketFactory.createSocket( socket, host, port, clientCertificateAlias); socket.setSoTimeout(RemoteStore.SOCKET_READ_TIMEOUT); in = new BufferedInputStream(socket.getInputStream(), 1024); out = new BufferedOutputStream(socket.getOutputStream(), 512); if (!isOpen()) { throw new MessagingException("Unable to connect socket"); } capabilities = getCapabilities(); } else { throw new CertificateValidationException( "STARTTLS connection security not available"); } }
private void authExternal() throws MessagingException { try { executeSimpleCommand( String.format("AUTH EXTERNAL %s", Base64.encode(settings.getUsername())), false); } catch (Pop3ErrorResponse e) { /* * Provide notification to the user of a problem authenticating * using client certificates. We don't use an * AuthenticationFailedException because that would trigger a * "Username or password incorrect" notification in * AccountSetupCheckSettings. */ throw new CertificateValidationException( "POP3 client certificate authentication failed: " + e.getMessage(), e); } }
private List<ImapResponse> saslAuthExternal() throws IOException, MessagingException { try { String command = Commands.AUTHENTICATE_EXTERNAL + " " + Base64.encode(settings.getUsername()); return executeSimpleCommand(command, false); } catch (NegativeImapResponseException e) { /* * Provide notification to the user of a problem authenticating * using client certificates. We don't use an * AuthenticationFailedException because that would trigger a * "Username or password incorrect" notification in * AccountSetupCheckSettings. */ throw new CertificateValidationException(e.getMessage()); } }
throw new CertificateValidationException(e.getMessage(), e); } catch (IOException ioe) { Timber.e(ioe, "IOException during initial connection");
@Test public void sendPendingMessagesSynchronous_withCertificateFailure_shouldNotify() throws MessagingException { setupAccountWithMessageToSend(); doThrow(new CertificateValidationException("Test")).when(backend).sendMessage(localMessageToSend1); controller.sendPendingMessagesSynchronous(account); verify(notificationController).showCertificateErrorNotification(account, false); }
throw new CertificateValidationException( "STARTTLS connection security not available"); throw new CertificateValidationException(MissingCapability); } catch (SSLException e) { close(); throw new CertificateValidationException(e.getMessage(), e); } catch (GeneralSecurityException gse) { close();