Refine search
@Override public void handle(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals) throws Exception { final ReferenceCountedOpenSslEngine engine = engineMap.get(ssl); try { final Set<String> keyTypesSet = supportedClientKeyTypes(keyTypeBytes); final String[] keyTypes = keyTypesSet.toArray(new String[0]); final X500Principal[] issuers; if (asn1DerEncodedPrincipals == null) { issuers = null; } else { issuers = new X500Principal[asn1DerEncodedPrincipals.length]; for (int i = 0; i < asn1DerEncodedPrincipals.length; i++) { issuers[i] = new X500Principal(asn1DerEncodedPrincipals[i]); } } keyManagerHolder.setKeyMaterialClientSide(engine, keyTypes, issuers); } catch (Throwable cause) { logger.debug("request of key failed", cause); SSLHandshakeException e = new SSLHandshakeException("General OpenSslEngine problem"); e.initCause(cause); engine.handshakeException = e; } }
private void testConnection(URL url) throws IOException { try { URLConnection connection = (URLConnection) ProxyConfiguration.open(url); if(connection instanceof HttpURLConnection) { int responseCode = ((HttpURLConnection)connection).getResponseCode(); if(HttpURLConnection.HTTP_OK != responseCode) { throw new HttpRetryException("Invalid response code (" + responseCode + ") from URL: " + url, responseCode); } } else { try (InputStream is = connection.getInputStream()) { IOUtils.copy(is, new NullOutputStream()); } } } catch (SSLHandshakeException e) { if (e.getMessage().contains("PKIX path building failed")) // fix up this crappy error message from JDK throw new IOException("Failed to validate the SSL certificate of "+url,e); } } }
/** * Converts the given exception to a {@link SSLHandshakeException}, if it isn't already. */ static SSLHandshakeException toSSLHandshakeException(Throwable e) { if (e instanceof SSLHandshakeException) { return (SSLHandshakeException) e; } return (SSLHandshakeException) new SSLHandshakeException(e.getMessage()).initCause(e); }
@Override public final SSLHandshakeException noContextForSslConnection() { final SSLHandshakeException result = new SSLHandshakeException(String.format(getLoggingLocale(), noContextForSslConnection$str())); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } private static final String sslClosed = "ELY04007: SSL channel is closed";
final ByteBuffer appDataOut = ByteBuffer.wrap(emptyMessage); final ByteBuffer outboundBuffer = streamOutManager.prepareForWrite(engine.getSession().getApplicationBufferSize()); if (wrapHelloResult.getStatus() == Status.BUFFER_OVERFLOW) { streamOutManager.prepareForWrite(engine.getSession().getApplicationBufferSize()); continue; if (wrapHelloResult.getStatus() != Status.OK) { throw new SSLHandshakeException("Could not generate SSL Handshake information: SSLEngineResult: " + wrapHelloResult.toString()); case NEED_UNWRAP: { final ByteBuffer readableDataIn = streamInManager.prepareForRead(0); final ByteBuffer appData = appDataManager.prepareForWrite(engine.getSession().getApplicationBufferSize()); throw new SSLHandshakeException("Reached End-of-File marker while performing handshake"); } else if (handshakeResponseResult.getStatus() == Status.CLOSED) {
private SSLException shutdownWithError(String operation, int sslError, int error) { String errorString = SSL.getErrorString(error); if (logger.isDebugEnabled()) { logger.debug("{} failed with {}: OpenSSL error: {} {}", operation, sslError, error, errorString); } // There was an internal error -- shutdown shutdown(); if (handshakeState == HandshakeState.FINISHED) { return new SSLException(errorString); } return new SSLHandshakeException(errorString); }
throws IOException, InterruptedException { if (peerNetData.capacity() < engine.getSession().getPacketBufferSize()) { if (logger.isDebugEnabled()) { logger.debug("Allocating new buffer for SSL handshake"); Buffers.acquireReceiveBuffer(engine.getSession().getPacketBufferSize(), stats); } else { this.handshakeBuffer = peerNetData; engineResult = engine.unwrap(handshakeBuffer, peerAppData); handshakeBuffer.compact(); status = engineResult.getHandshakeStatus(); if (engineResult.getStatus() == BUFFER_OVERFLOW) { peerAppData = expandWriteBuffer(TRACKED_RECEIVER, peerAppData, peerAppData.capacity() * 2, status = engineResult.getHandshakeStatus(); throw new SSLHandshakeException("SSL Handshake terminated with status " + status);
throw new SSLHandshakeException("SSL session not available"); this.log.debug(" negotiated protocol: " + session.getProtocol()); this.log.debug(" negotiated cipher suite: " + session.getCipherSuite()); final Certificate[] certs = session.getPeerCertificates(); final X509Certificate x509 = (X509Certificate) certs[0]; final X500Principal peer = x509.getSubjectX500Principal(); this.log.debug(" peer principal: " + peer.toString()); final Collection<List<?>> altNames1 = x509.getSubjectAlternativeNames(); if (altNames1 != null) { this.log.debug(" issuer principal: " + issuer.toString()); final Collection<List<?>> altNames2 = x509.getIssuerAlternativeNames(); if (altNames2 != null) { final X500Principal x500Principal = x509.getSubjectX500Principal(); throw new SSLPeerUnverifiedException("Host name '" + hostname + "' does not match " + "the certificate subject provided by the peer (" + x500Principal.toString() + ")");
} catch (javax.net.ssl.SSLException ex) { if ("Inbound closed before receiving peer's close_notify: possible truncation attack?".equals( ex.getMessage() ) ) { throw new SSLHandshakeException( "The peer closed the connection while performing a TLS handshake." ); incomingNetBB.compact(); initialHSStatus = result.getHandshakeStatus(); switch (result.getStatus()) { throw new IOException("Received" + result.getStatus() + "during initial handshaking");
if (result.getStatus() != SSLEngineResult.Status.CLOSED) { throw new SSLHandshakeException( "Error closing SSL session. Status=" + result.getStatus());
UserError.Log.d(TAG, "\tProtocol : " + sslSession.getProtocol()); UserError.Log.d(TAG, "\tCipher suite : " + sslSession.getCipherSuite()); UserError.Log.e(TAG, "SSL ERROR: " + e.toString()); return; } catch (Exception e) {
private SSLEngineResult sslReadErrorResult(int error, int stackError, int bytesConsumed, int bytesProduced) throws SSLException { // Check if we have a pending handshakeException and if so see if we need to consume all pending data from the // BIO first or can just shutdown and throw it now. // This is needed so we ensure close_notify etc is correctly send to the remote peer. // See https://github.com/netty/netty/issues/3900 if (SSL.bioLengthNonApplication(networkBIO) > 0) { if (handshakeException == null && handshakeState != HandshakeState.FINISHED) { // we seems to have data left that needs to be transferred and so the user needs // call wrap(...). Store the error so we can pick it up later. handshakeException = new SSLHandshakeException(SSL.getErrorString(stackError)); } // We need to clear all errors so we not pick up anything that was left on the stack on the next // operation. Note that shutdownWithError(...) will cleanup the stack as well so its only needed here. SSL.clearError(); return new SSLEngineResult(OK, NEED_WRAP, bytesConsumed, bytesProduced); } throw shutdownWithError("SSL_read", error, stackError); }
sslEngine.getSession().invalidate(); if (e.toString().toLowerCase().contains("insecure renegotiation")) { if (LOGGER.isLoggable(Level.SEVERE)) { LOGGER.severe("Secure SSL/TLS renegotiation is not "
@Override protected void noSelectedMatchFound(String protocol) throws Exception { throw new SSLHandshakeException("No compatible protocols found"); } }
final SSLSession session = ((SSLSocket)mySocket).getSession(); if (session != null) { myRepository.getDebugLog().logFine(SVNLogType.NETWORK, "Connected to " + myRepository.getLocation() + " using " + session.getProtocol()); myLogSSLParams = false; myRepository.getDebugLog().logFine(SVNLogType.NETWORK, ssl); close(); if (ssl.getCause() instanceof SVNSSLUtil.CertificateNotTrustedException || ssl.getCause() instanceof SVNSSLUtil.CertificateDoesNotConformConstraints) { SVNErrorManager.cancel(ssl.getCause().getMessage(), SVNLogType.NETWORK); SVNErrorMessage sslErr = SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "SSL handshake failed: ''{0}''", new Object[] { ssl.getMessage() }, SVNErrorMessage.TYPE_ERROR, ssl); if (keyManager != null && keyManager.isInitialized()) { keyManager.acknowledgeAndClearAuthentication(sslErr); } else { sslErr = SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, "SSL handshake failed: ''{0}''", new Object[] { ssl.getMessage() }, SVNErrorMessage.TYPE_ERROR, ssl); SVNErrorManager.error(sslErr, SVNLogType.NETWORK);
// Open SSLSocket directly to gmail.com SocketFactory sf = SSLSocketFactory.getDefault(); SSLSocket socket = (SSLSocket) sf.createSocket("gmail.com", 443); HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier(); SSLSession s = socket.getSession(); // Verify that the certicate hostname is for mail.google.com // This is due to lack of SNI support in the current SSLSocket. if (!hv.verify("mail.google.com", s)) { throw new SSLHandshakeException("Expected mail.google.com, " "found " + s.getPeerPrincipal()); } // At this point SSLSocket performed certificate verificaiton and // we have performed hostname verification, so it is safe to proceed. // ... use socket ... socket.close();
myRepository.getDebugLog().logFine(SVNLogType.NETWORK, ssl); close(); if (ssl.getCause() instanceof SVNSSLUtil.CertificateNotTrustedException) { SVNErrorManager.cancel(ssl.getCause().getMessage(), SVNLogType.NETWORK); SVNErrorMessage sslErr = SVNErrorMessage.create(SVNErrorCode.RA_NOT_AUTHORIZED, "SSL handshake failed: ''{0}''", new Object[] { ssl.getMessage() }, SVNErrorMessage.TYPE_ERROR, ssl); if (keyManager != null) { keyManager.acknowledgeAndClearAuthentication(sslErr);
"establilshed and threw error '%s'", newDevicesUrl, ex.getCause().toString())); stop = true; continue;
final ByteBuffer appDataBuffer = appDataManager.prepareForWrite(engine.getSession().getApplicationBufferSize()); unwrapResponse = engine.unwrap(streamInBuffer, appDataBuffer); logger.trace("{} When reading data, (handshake={}) Unwrap response: {}", this, handshaking, unwrapResponse); switch (unwrapResponse.getStatus()) { case BUFFER_OVERFLOW: throw new SSLHandshakeException("Buffer Overflow, which is not allowed to happen from an unwrap"); case BUFFER_UNDERFLOW: { final ByteBuffer writableInBuffer = streamInManager.prepareForWrite(engine.getSession().getPacketBufferSize()); final int bytesRead = readData(writableInBuffer); if (bytesRead < 0) {
private SSLException shutdownWithError(String operation, String err) { if (logger.isDebugEnabled()) { logger.debug("{} failed: OpenSSL error: {}", operation, err); } // There was an internal error -- shutdown shutdown(); if (handshakeState == HandshakeState.FINISHED) { return new SSLException(err); } return new SSLHandshakeException(err); }