Java Code Examples for javax.net.ssl.SSLException#getMessage()
The following examples show how to use
javax.net.ssl.SSLException#getMessage() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SslHandler.java From netty4.0.27Learn with Apache License 2.0 | 6 votes |
/** * Notify all the handshake futures about the failure during the handshake. */ private void setHandshakeFailure(ChannelHandlerContext ctx, Throwable cause) { // Release all resources such as internal buffers that SSLEngine // is managing. engine.closeOutbound(); try { engine.closeInbound(); } catch (SSLException e) { // only log in debug mode as it most likely harmless and latest chrome still trigger // this all the time. // // See https://github.com/netty/netty/issues/1340 String msg = e.getMessage(); if (msg == null || !msg.contains("possible truncation attack")) { logger.debug("{} SSLEngine.closeInbound() raised an exception.", ctx.channel(), e); } } notifyHandshakeFailure(cause); pendingUnencryptedWrites.removeAndFailAll(cause); }
Example 2
Source File: SslHandler.java From netty-4.1.22 with Apache License 2.0 | 5 votes |
/** * Notify all the handshake futures about the failure during the handshake.在握手过程中通知所有的握手失败。 */ private void setHandshakeFailure(ChannelHandlerContext ctx, Throwable cause, boolean closeInbound, boolean notify, boolean alwaysFlushAndClose) { try { // Release all resources such as internal buffers that SSLEngine // is managing. engine.closeOutbound(); if (closeInbound) { try { engine.closeInbound(); } catch (SSLException e) { if (logger.isDebugEnabled()) { // only log in debug mode as it most likely harmless and latest chrome still trigger // this all the time. // // See https://github.com/netty/netty/issues/1340 String msg = e.getMessage(); if (msg == null || !msg.contains("possible truncation attack")) { logger.debug("{} SSLEngine.closeInbound() raised an exception.", ctx.channel(), e); } } } } if (handshakePromise.tryFailure(cause) || alwaysFlushAndClose) { SslUtils.handleHandshakeFailure(ctx, cause, notify); } } finally { // Ensure we remove and fail all pending writes in all cases and so release memory quickly. releaseAndFailAll(cause); } }
Example 3
Source File: SSLExceptionMappingService.java From cyberduck with GNU General Public License v3.0 | 5 votes |
/** * close_notify(0), * unexpected_message(10), * bad_record_mac(20), * decryption_failed_RESERVED(21), * record_overflow(22), * decompression_failure(30), * handshake_failure(40), * no_certificate_RESERVED(41), * bad_certificate(42), * unsupported_certificate(43), * certificate_revoked(44), * certificate_expired(45), * certificate_unknown(46), * illegal_parameter(47), * unknown_ca(48), * access_denied(49), * decode_error(50), * decrypt_error(51), * export_restriction_RESERVED(60), * protocol_version(70), * insufficient_security(71), * internal_error(80), * user_canceled(90), * no_renegotiation(100), * unsupported_extension(110), */ @Override public BackgroundException map(final SSLException failure) { final StringBuilder buffer = new StringBuilder(); for(Throwable cause : ExceptionUtils.getThrowableList(failure)) { if(cause instanceof SocketException) { // Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Broken pipe return new DefaultSocketExceptionMappingService().map((SocketException) cause); } } final String message = failure.getMessage(); for(Alert alert : Alert.values()) { if(StringUtils.containsIgnoreCase(message, alert.name())) { this.append(buffer, alert.getDescription()); break; } } if(failure instanceof SSLHandshakeException) { if(ExceptionUtils.getRootCause(failure) instanceof CertificateException) { log.warn(String.format("Ignore certificate failure %s and drop connection", failure.getMessage())); // Server certificate not accepted return new ConnectionCanceledException(failure); } if(ExceptionUtils.getRootCause(failure) instanceof EOFException) { // SSL peer shut down incorrectly return this.wrap(failure, buffer); } return new SSLNegotiateException(buffer.toString(), failure); } if(ExceptionUtils.getRootCause(failure) instanceof GeneralSecurityException) { this.append(buffer, ExceptionUtils.getRootCause(failure).getMessage()); return new InteroperabilityException(buffer.toString(), failure); } this.append(buffer, message); return new InteroperabilityException(buffer.toString(), failure); }
Example 4
Source File: VirtualHostBuilder.java From armeria with Apache License 2.0 | 5 votes |
/** * Makes sure the specified {@link SslContext} is configured properly. If configured as client context or * key store password is not given to key store when {@link SslContext} was created using * {@link KeyManagerFactory}, the validation will fail and an {@link IllegalStateException} will be raised. */ private static SslContext validateSslContext(SslContext sslContext) { if (!sslContext.isServer()) { throw new IllegalArgumentException("sslContext: " + sslContext + " (expected: server context)"); } SSLEngine serverEngine = null; SSLEngine clientEngine = null; try { serverEngine = sslContext.newEngine(ByteBufAllocator.DEFAULT); serverEngine.setUseClientMode(false); serverEngine.setNeedClientAuth(false); final SslContext sslContextClient = buildSslContext(SslContextBuilder::forClient, ImmutableList.of()); clientEngine = sslContextClient.newEngine(ByteBufAllocator.DEFAULT); clientEngine.setUseClientMode(true); final ByteBuffer appBuf = ByteBuffer.allocate(clientEngine.getSession().getApplicationBufferSize()); final ByteBuffer packetBuf = ByteBuffer.allocate(clientEngine.getSession().getPacketBufferSize()); clientEngine.wrap(appBuf, packetBuf); appBuf.clear(); packetBuf.flip(); serverEngine.unwrap(packetBuf, appBuf); } catch (SSLException e) { throw new IllegalStateException("failed to validate SSL/TLS configuration: " + e.getMessage(), e); } finally { ReferenceCountUtil.release(serverEngine); ReferenceCountUtil.release(clientEngine); } return sslContext; }
Example 5
Source File: SSLExceptionTest.java From j2objc with Apache License 2.0 | 5 votes |
/** * Test for <code>SSLException(Throwable)</code> constructor * Assertion: constructs SSLException when <code>cause</code> is not * null */ public void testSSLException04() { SSLException sE = new SSLException(tCause); if (sE.getMessage() != null) { String toS = tCause.toString(); String getM = sE.getMessage(); assertTrue("getMessage() should contain ".concat(toS), (getM .indexOf(toS) != -1)); } assertNotNull("getCause() must not return null", sE.getCause()); assertEquals("getCause() must return ".concat(tCause.toString()), sE.getCause(), tCause); }
Example 6
Source File: SSLExceptionTest.java From j2objc with Apache License 2.0 | 5 votes |
/** * Test for <code>SSLException(String, Throwable)</code> constructor * Assertion: constructs SSLException when <code>cause</code> is not * null <code>msg</code> is null */ public void testSSLException07() { SSLException sE = new SSLException(null, tCause); if (sE.getMessage() != null) { String toS = tCause.toString(); String getM = sE.getMessage(); assertTrue("getMessage() must should ".concat(toS), (getM .indexOf(toS) != -1)); } assertNotNull("getCause() must not return null", sE.getCause()); assertEquals("getCause() must return ".concat(tCause.toString()), sE .getCause(), tCause); }
Example 7
Source File: SslTest.java From rest-utils with Apache License 2.0 | 5 votes |
@Test(expected = SocketException.class) public void testHttpsWithAuthAndBadClientCert() throws Exception { Properties props = new Properties(); String uri = "https://localhost:8080"; props.put(RestConfig.LISTENERS_CONFIG, uri); configServerKeystore(props); configServerTruststore(props); enableSslClientAuth(props); TestRestConfig config = new TestRestConfig(props); SslTestApplication app = new SslTestApplication(config); try { app.start(); // create a new client cert that isn't in the server's trust store. File untrustedClient = File.createTempFile("SslTest-client-keystore", ".jks"); Map<String, X509Certificate> certs = new HashMap<>(); createKeystoreWithCert(untrustedClient, "client", certs); try { makeGetRequest(uri + "/test", untrustedClient.getAbsolutePath(), SSL_PASSWORD, SSL_PASSWORD); } catch (SSLException she) { // handle a transient failure. throw new SocketException(she.getMessage()); } } finally { app.stop(); } }