Java Code Examples for javax.net.ssl.SSLException#getMessage()

The following examples show how to use javax.net.ssl.SSLException#getMessage() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SslHandler.java    From netty4.0.27Learn with Apache License 2.0 6 votes vote down vote up 
/**
 * Notify all the handshake futures about the failure during the handshake.
 */
private void setHandshakeFailure(ChannelHandlerContext ctx, Throwable cause) {
    // Release all resources such as internal buffers that SSLEngine
    // is managing.
    engine.closeOutbound();

    try {
        engine.closeInbound();
    } catch (SSLException e) {
        // only log in debug mode as it most likely harmless and latest chrome still trigger
        // this all the time.
        //
        // See https://github.com/netty/netty/issues/1340
        String msg = e.getMessage();
        if (msg == null || !msg.contains("possible truncation attack")) {
            logger.debug("{} SSLEngine.closeInbound() raised an exception.", ctx.channel(), e);
        }
    }
    notifyHandshakeFailure(cause);
    pendingUnencryptedWrites.removeAndFailAll(cause);
}
Example 2
Source File: SslHandler.java    From netty-4.1.22 with Apache License 2.0 5 votes vote down vote up 
/**
 * Notify all the handshake futures about the failure during the handshake.在握手过程中通知所有的握手失败。
 */
private void setHandshakeFailure(ChannelHandlerContext ctx, Throwable cause, boolean closeInbound,
                                 boolean notify, boolean alwaysFlushAndClose) {
    try {
        // Release all resources such as internal buffers that SSLEngine
        // is managing.
        engine.closeOutbound();

        if (closeInbound) {
            try {
                engine.closeInbound();
            } catch (SSLException e) {
                if (logger.isDebugEnabled()) {
                    // only log in debug mode as it most likely harmless and latest chrome still trigger
                    // this all the time.
                    //
                    // See https://github.com/netty/netty/issues/1340
                    String msg = e.getMessage();
                    if (msg == null || !msg.contains("possible truncation attack")) {
                        logger.debug("{} SSLEngine.closeInbound() raised an exception.", ctx.channel(), e);
                    }
                }
            }
        }
        if (handshakePromise.tryFailure(cause) || alwaysFlushAndClose) {
            SslUtils.handleHandshakeFailure(ctx, cause, notify);
        }
    } finally {
        // Ensure we remove and fail all pending writes in all cases and so release memory quickly.
        releaseAndFailAll(cause);
    }
}
Example 3
Source File: SSLExceptionMappingService.java    From cyberduck with GNU General Public License v3.0 5 votes vote down vote up 
/**
 * close_notify(0),
 * unexpected_message(10),
 * bad_record_mac(20),
 * decryption_failed_RESERVED(21),
 * record_overflow(22),
 * decompression_failure(30),
 * handshake_failure(40),
 * no_certificate_RESERVED(41),
 * bad_certificate(42),
 * unsupported_certificate(43),
 * certificate_revoked(44),
 * certificate_expired(45),
 * certificate_unknown(46),
 * illegal_parameter(47),
 * unknown_ca(48),
 * access_denied(49),
 * decode_error(50),
 * decrypt_error(51),
 * export_restriction_RESERVED(60),
 * protocol_version(70),
 * insufficient_security(71),
 * internal_error(80),
 * user_canceled(90),
 * no_renegotiation(100),
 * unsupported_extension(110),
 */
@Override
public BackgroundException map(final SSLException failure) {
    final StringBuilder buffer = new StringBuilder();
    for(Throwable cause : ExceptionUtils.getThrowableList(failure)) {
        if(cause instanceof SocketException) {
            // Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Broken pipe
            return new DefaultSocketExceptionMappingService().map((SocketException) cause);
        }
    }
    final String message = failure.getMessage();
    for(Alert alert : Alert.values()) {
        if(StringUtils.containsIgnoreCase(message, alert.name())) {
            this.append(buffer, alert.getDescription());
            break;
        }
    }
    if(failure instanceof SSLHandshakeException) {
        if(ExceptionUtils.getRootCause(failure) instanceof CertificateException) {
            log.warn(String.format("Ignore certificate failure %s and drop connection", failure.getMessage()));
            // Server certificate not accepted
            return new ConnectionCanceledException(failure);
        }
        if(ExceptionUtils.getRootCause(failure) instanceof EOFException) {
            // SSL peer shut down incorrectly
            return this.wrap(failure, buffer);
        }
        return new SSLNegotiateException(buffer.toString(), failure);
    }
    if(ExceptionUtils.getRootCause(failure) instanceof GeneralSecurityException) {
        this.append(buffer, ExceptionUtils.getRootCause(failure).getMessage());
        return new InteroperabilityException(buffer.toString(), failure);
    }
    this.append(buffer, message);
    return new InteroperabilityException(buffer.toString(), failure);
}
Example 4
Source File: VirtualHostBuilder.java    From armeria with Apache License 2.0 5 votes vote down vote up 
/**
 * Makes sure the specified {@link SslContext} is configured properly. If configured as client context or
 * key store password is not given to key store when {@link SslContext} was created using
 * {@link KeyManagerFactory}, the validation will fail and an {@link IllegalStateException} will be raised.
 */
private static SslContext validateSslContext(SslContext sslContext) {
    if (!sslContext.isServer()) {
        throw new IllegalArgumentException("sslContext: " + sslContext + " (expected: server context)");
    }

    SSLEngine serverEngine = null;
    SSLEngine clientEngine = null;

    try {
        serverEngine = sslContext.newEngine(ByteBufAllocator.DEFAULT);
        serverEngine.setUseClientMode(false);
        serverEngine.setNeedClientAuth(false);

        final SslContext sslContextClient =
                buildSslContext(SslContextBuilder::forClient, ImmutableList.of());
        clientEngine = sslContextClient.newEngine(ByteBufAllocator.DEFAULT);
        clientEngine.setUseClientMode(true);

        final ByteBuffer appBuf = ByteBuffer.allocate(clientEngine.getSession().getApplicationBufferSize());
        final ByteBuffer packetBuf = ByteBuffer.allocate(clientEngine.getSession().getPacketBufferSize());

        clientEngine.wrap(appBuf, packetBuf);
        appBuf.clear();
        packetBuf.flip();
        serverEngine.unwrap(packetBuf, appBuf);
    } catch (SSLException e) {
        throw new IllegalStateException("failed to validate SSL/TLS configuration: " + e.getMessage(), e);
    } finally {
        ReferenceCountUtil.release(serverEngine);
        ReferenceCountUtil.release(clientEngine);
    }

    return sslContext;
}
Example 5
Source File: SSLExceptionTest.java    From j2objc with Apache License 2.0 5 votes vote down vote up 
/**
 * Test for <code>SSLException(Throwable)</code> constructor
 * Assertion: constructs SSLException when <code>cause</code> is not
 * null
 */
public void testSSLException04() {
    SSLException sE = new SSLException(tCause);
    if (sE.getMessage() != null) {
        String toS = tCause.toString();
        String getM = sE.getMessage();
        assertTrue("getMessage() should contain ".concat(toS), (getM
                .indexOf(toS) != -1));
    }
    assertNotNull("getCause() must not return null", sE.getCause());
    assertEquals("getCause() must return ".concat(tCause.toString()), sE.getCause(), tCause);
}
Example 6
Source File: SSLExceptionTest.java    From j2objc with Apache License 2.0 5 votes vote down vote up 
/**
 * Test for <code>SSLException(String, Throwable)</code> constructor
 * Assertion: constructs SSLException when <code>cause</code> is not
 * null <code>msg</code> is null
 */
public void testSSLException07() {
    SSLException sE = new SSLException(null, tCause);
    if (sE.getMessage() != null) {
        String toS = tCause.toString();
        String getM = sE.getMessage();
        assertTrue("getMessage() must should ".concat(toS), (getM
                .indexOf(toS) != -1));
    }
    assertNotNull("getCause() must not return null", sE.getCause());
    assertEquals("getCause() must return ".concat(tCause.toString()), sE
            .getCause(), tCause);
}
Example 7
Source File: SslTest.java    From rest-utils with Apache License 2.0 5 votes vote down vote up 
@Test(expected = SocketException.class)
public void testHttpsWithAuthAndBadClientCert() throws Exception {
  Properties props = new Properties();
  String uri = "https://localhost:8080";
  props.put(RestConfig.LISTENERS_CONFIG, uri);
  configServerKeystore(props);
  configServerTruststore(props);
  enableSslClientAuth(props);
  TestRestConfig config = new TestRestConfig(props);
  SslTestApplication app = new SslTestApplication(config);
  try {
    app.start();

    // create a new client cert that isn't in the server's trust store.
    File untrustedClient = File.createTempFile("SslTest-client-keystore", ".jks");
    Map<String, X509Certificate> certs = new HashMap<>();
    createKeystoreWithCert(untrustedClient, "client", certs);
    try {
      makeGetRequest(uri + "/test",
              untrustedClient.getAbsolutePath(), SSL_PASSWORD, SSL_PASSWORD);
    } catch (SSLException she) { // handle a transient failure.
      throw new SocketException(she.getMessage());
    }
  } finally {
    app.stop();
  }
}