Java Code Examples for javax.net.ssl.SSLProtocolException

The following examples show how to use javax.net.ssl.SSLProtocolException. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: openjsse   Source File: KeyShareExtension.java    License: GNU General Public License v2.0 6 votes vote down vote up
private SHKeyShareSpec(ByteBuffer buffer) throws IOException {
    // struct {
    //      KeyShareEntry server_share;
    // } KeyShareServerHello;
    if (buffer.remaining() < 5) {       // 5: minimal server_share
        throw new SSLProtocolException(
            "Invalid key_share extension: " +
            "insufficient data (length=" + buffer.remaining() + ")");
    }

    int namedGroupId = Record.getInt16(buffer);
    byte[] keyExchange = Record.getBytes16(buffer);

    if (buffer.hasRemaining()) {
        throw new SSLProtocolException(
            "Invalid key_share extension: unknown extra data");
    }

    this.serverShare = new KeyShareEntry(namedGroupId, keyExchange);
}
 
Example 2
private SupportedGroupsSpec(ByteBuffer m) throws IOException  {
    if (m.remaining() < 2) {      // 2: the length of the list
        throw new SSLProtocolException(
            "Invalid supported_groups extension: insufficient data");
    }

    byte[] ngs = Record.getBytes16(m);
    if (m.hasRemaining()) {
        throw new SSLProtocolException(
            "Invalid supported_groups extension: unknown extra data");
    }

    if ((ngs == null) || (ngs.length == 0) || (ngs.length % 2 != 0)) {
        throw new SSLProtocolException(
            "Invalid supported_groups extension: incomplete data");
    }

    int[] ids = new int[ngs.length / 2];
    for (int i = 0, j = 0; i < ngs.length;) {
        ids[j++] = ((ngs[i++] & 0xFF) << 8) | (ngs[i++] & 0xFF);
    }

    this.namedGroupsIds = ids;
}
 
Example 3
SignatureSchemesSpec(ByteBuffer buffer) throws IOException {
    if (buffer.remaining() < 2) {      // 2: the length of the list
        throw new SSLProtocolException(
            "Invalid signature_algorithms: insufficient data");
    }

    byte[] algs = Record.getBytes16(buffer);
    if (buffer.hasRemaining()) {
        throw new SSLProtocolException(
            "Invalid signature_algorithms: unknown extra data");
    }

    if (algs == null || algs.length == 0 || (algs.length & 0x01) != 0) {
        throw new SSLProtocolException(
            "Invalid signature_algorithms: incomplete data");
    }

    int[] schemes = new int[algs.length / 2];
    for (int i = 0, j = 0; i < algs.length;) {
        byte hash = algs[i++];
        byte sign = algs[i++];
        schemes[j++] = ((hash & 0xFF) << 8) | (sign & 0xFF);
    }

    this.signatureSchemes = schemes;
}
 
Example 4
CertificateAuthoritiesSpec(ByteBuffer buffer) throws IOException {
    if (buffer.remaining() < 2) {      // 2: the length of the list
        throw new SSLProtocolException(
            "Invalid signature_algorithms: insufficient data");
    }
    // read number of certificate authorities
    int caLength = Record.getInt16(buffer);
    if (buffer.remaining() != caLength) {
        throw new SSLProtocolException(
                "Invalid certificate_authorities: incorrect data size");
    }
    ArrayList<X500Principal> dnList = new ArrayList<X500Principal>();
    while(buffer.remaining()>0) {
        byte dn[] = Record.getBytes16(buffer);
        X500Principal ca = new X500Principal(dn);
        dnList.add(ca);
    }
    this.authorities = dnList.toArray(new X500Principal[dnList.size()]);
}
 
Example 5
Source Project: openjsse   Source File: CertStatusExtension.java    License: GNU General Public License v2.0 6 votes vote down vote up
private CertStatusResponseSpec(ByteBuffer buffer) throws IOException {
    if (buffer.remaining() < 2) {
        throw new SSLProtocolException(
            "Invalid status_request extension: insufficient data");
    }

    // Get the status type (1 byte) and response data (vector)
    byte type = (byte)Record.getInt8(buffer);
    byte[] respData = Record.getBytes24(buffer);

    // Create the CertStatusResponse based on the type
    if (type == CertStatusRequestType.OCSP.id) {
        this.statusResponse = new OCSPStatusResponse(type, respData);
    } else {
        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
            SSLLogger.info(
                "Unknown certificate status response " +
                "(status type: " + type + ")");
        }

        this.statusResponse = new CertStatusResponse(type, respData);
    }
}
 
Example 6
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);

    algorithmsLen = s.getInt16();
    if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    algorithms = new ArrayList<SignatureAndHashAlgorithm>();
    int remains = algorithmsLen;
    int sequence = 0;
    while (remains > 1) {   // needs at least two bytes
        int hash = s.getInt8();         // hash algorithm
        int signature = s.getInt8();    // signature algorithm

        SignatureAndHashAlgorithm algorithm =
            SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
        algorithms.add(algorithm);
        remains -= 2;  // one byte for hash, one byte for signature
    }

    if (remains != 0) {
        throw new SSLProtocolException("Invalid server_name extension");
    }
}
 
Example 7
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);

    algorithmsLen = s.getInt16();
    if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    algorithms = new ArrayList<SignatureAndHashAlgorithm>();
    int remains = algorithmsLen;
    int sequence = 0;
    while (remains > 1) {   // needs at least two bytes
        int hash = s.getInt8();         // hash algorithm
        int signature = s.getInt8();    // signature algorithm

        SignatureAndHashAlgorithm algorithm =
            SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
        algorithms.add(algorithm);
        remains -= 2;  // one byte for hash, one byte for signature
    }

    if (remains != 0) {
        throw new SSLProtocolException("Invalid server_name extension");
    }
}
 
Example 8
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);

    algorithmsLen = s.getInt16();
    if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    algorithms = new ArrayList<SignatureAndHashAlgorithm>();
    int remains = algorithmsLen;
    int sequence = 0;
    while (remains > 1) {   // needs at least two bytes
        int hash = s.getInt8();         // hash algorithm
        int signature = s.getInt8();    // signature algorithm

        SignatureAndHashAlgorithm algorithm =
            SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
        algorithms.add(algorithm);
        remains -= 2;  // one byte for hash, one byte for signature
    }

    if (remains != 0) {
        throw new SSLProtocolException("Invalid server_name extension");
    }
}
 
Example 9
RenegotiationInfoExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_RENEGOTIATION_INFO);

    // check the extension length
    if (len < 1) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    int renegoInfoDataLen = s.getInt8();
    if (renegoInfoDataLen + 1 != len) {  // + 1 = the byte we just read
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    renegotiated_connection = new byte[renegoInfoDataLen];
    if (renegoInfoDataLen != 0) {
        s.read(renegotiated_connection, 0, renegoInfoDataLen);
    }
}
 
Example 10
EllipticPointFormatsExtension(HandshakeInStream s, int len)
        throws IOException {
    super(ExtensionType.EXT_EC_POINT_FORMATS);
    formats = s.getBytes8();
    // RFC 4492 says uncompressed points must always be supported.
    // Check just to make sure.
    boolean uncompressed = false;
    for (int format : formats) {
        if (format == FMT_UNCOMPRESSED) {
            uncompressed = true;
            break;
        }
    }
    if (uncompressed == false) {
        throw new SSLProtocolException
            ("Peer does not support uncompressed points");
    }
}
 
Example 11
RenegotiationInfoExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_RENEGOTIATION_INFO);

    // check the extension length
    if (len < 1) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    int renegoInfoDataLen = s.getInt8();
    if (renegoInfoDataLen + 1 != len) {  // + 1 = the byte we just read
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    renegotiated_connection = new byte[renegoInfoDataLen];
    if (renegoInfoDataLen != 0) {
        s.read(renegotiated_connection, 0, renegoInfoDataLen);
    }
}
 
Example 12
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);

    algorithmsLen = s.getInt16();
    if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    algorithms = new ArrayList<SignatureAndHashAlgorithm>();
    int remains = algorithmsLen;
    int sequence = 0;
    while (remains > 1) {   // needs at least two bytes
        int hash = s.getInt8();         // hash algorithm
        int signature = s.getInt8();    // signature algorithm

        SignatureAndHashAlgorithm algorithm =
            SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
        algorithms.add(algorithm);
        remains -= 2;  // one byte for hash, one byte for signature
    }

    if (remains != 0) {
        throw new SSLProtocolException("Invalid server_name extension");
    }
}
 
Example 13
RenegotiationInfoExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_RENEGOTIATION_INFO);

    // check the extension length
    if (len < 1) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    int renegoInfoDataLen = s.getInt8();
    if (renegoInfoDataLen + 1 != len) {  // + 1 = the byte we just read
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    renegotiated_connection = new byte[renegoInfoDataLen];
    if (renegoInfoDataLen != 0) {
        s.read(renegotiated_connection, 0, renegoInfoDataLen);
    }
}
 
Example 14
SupportedEllipticPointFormatsExtension(HandshakeInStream s, int len)
        throws IOException {
    super(ExtensionType.EXT_EC_POINT_FORMATS);
    formats = s.getBytes8();
    // RFC 4492 says uncompressed points must always be supported.
    // Check just to make sure.
    boolean uncompressed = false;
    for (int format : formats) {
        if (format == FMT_UNCOMPRESSED) {
            uncompressed = true;
            break;
        }
    }
    if (uncompressed == false) {
        throw new SSLProtocolException
            ("Peer does not support uncompressed points");
    }
}
 
Example 15
EllipticPointFormatsExtension(HandshakeInStream s, int len)
        throws IOException {
    super(ExtensionType.EXT_EC_POINT_FORMATS);
    formats = s.getBytes8();
    // RFC 4492 says uncompressed points must always be supported.
    // Check just to make sure.
    boolean uncompressed = false;
    for (int format : formats) {
        if (format == FMT_UNCOMPRESSED) {
            uncompressed = true;
            break;
        }
    }
    if (uncompressed == false) {
        throw new SSLProtocolException
            ("Peer does not support uncompressed points");
    }
}
 
Example 16
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);

    algorithmsLen = s.getInt16();
    if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    algorithms = new ArrayList<SignatureAndHashAlgorithm>();
    int remains = algorithmsLen;
    int sequence = 0;
    while (remains > 1) {   // needs at least two bytes
        int hash = s.getInt8();         // hash algorithm
        int signature = s.getInt8();    // signature algorithm

        SignatureAndHashAlgorithm algorithm =
            SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
        algorithms.add(algorithm);
        remains -= 2;  // one byte for hash, one byte for signature
    }

    if (remains != 0) {
        throw new SSLProtocolException("Invalid server_name extension");
    }
}
 
Example 17
RenegotiationInfoExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_RENEGOTIATION_INFO);

    // check the extension length
    if (len < 1) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    int renegoInfoDataLen = s.getInt8();
    if (renegoInfoDataLen + 1 != len) {  // + 1 = the byte we just read
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    renegotiated_connection = new byte[renegoInfoDataLen];
    if (renegoInfoDataLen != 0) {
        s.read(renegotiated_connection, 0, renegoInfoDataLen);
    }
}
 
Example 18
EllipticPointFormatsExtension(HandshakeInStream s, int len)
        throws IOException {
    super(ExtensionType.EXT_EC_POINT_FORMATS);
    formats = s.getBytes8();
    // RFC 4492 says uncompressed points must always be supported.
    // Check just to make sure.
    boolean uncompressed = false;
    for (int format : formats) {
        if (format == FMT_UNCOMPRESSED) {
            uncompressed = true;
            break;
        }
    }
    if (uncompressed == false) {
        throw new SSLProtocolException
            ("Peer does not support uncompressed points");
    }
}
 
Example 19
SignatureAlgorithmsExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_SIGNATURE_ALGORITHMS);

    algorithmsLen = s.getInt16();
    if (algorithmsLen == 0 || algorithmsLen + 2 != len) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    algorithms = new ArrayList<SignatureAndHashAlgorithm>();
    int remains = algorithmsLen;
    int sequence = 0;
    while (remains > 1) {   // needs at least two bytes
        int hash = s.getInt8();         // hash algorithm
        int signature = s.getInt8();    // signature algorithm

        SignatureAndHashAlgorithm algorithm =
            SignatureAndHashAlgorithm.valueOf(hash, signature, ++sequence);
        algorithms.add(algorithm);
        remains -= 2;  // one byte for hash, one byte for signature
    }

    if (remains != 0) {
        throw new SSLProtocolException("Invalid server_name extension");
    }
}
 
Example 20
RenegotiationInfoExtension(HandshakeInStream s, int len)
            throws IOException {
    super(ExtensionType.EXT_RENEGOTIATION_INFO);

    // check the extension length
    if (len < 1) {
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    int renegoInfoDataLen = s.getInt8();
    if (renegoInfoDataLen + 1 != len) {  // + 1 = the byte we just read
        throw new SSLProtocolException("Invalid " + type + " extension");
    }

    renegotiated_connection = new byte[renegoInfoDataLen];
    if (renegoInfoDataLen != 0) {
        s.read(renegotiated_connection, 0, renegoInfoDataLen);
    }
}
 
Example 21
Source Project: Bytecoder   Source File: KeyShareExtension.java    License: Apache License 2.0 6 votes vote down vote up
private SHKeyShareSpec(ByteBuffer buffer) throws IOException {
    // struct {
    //      KeyShareEntry server_share;
    // } KeyShareServerHello;
    if (buffer.remaining() < 5) {       // 5: minimal server_share
        throw new SSLProtocolException(
            "Invalid key_share extension: " +
            "insufficient data (length=" + buffer.remaining() + ")");
    }

    int namedGroupId = Record.getInt16(buffer);
    byte[] keyExchange = Record.getBytes16(buffer);

    if (buffer.hasRemaining()) {
        throw new SSLProtocolException(
            "Invalid key_share extension: unknown extra data");
    }

    this.serverShare = new KeyShareEntry(namedGroupId, keyExchange);
}
 
Example 22
Source Project: Bytecoder   Source File: CertStatusExtension.java    License: Apache License 2.0 6 votes vote down vote up
private CertStatusResponseSpec(ByteBuffer buffer) throws IOException {
    if (buffer.remaining() < 2) {
        throw new SSLProtocolException(
            "Invalid status_request extension: insufficient data");
    }

    // Get the status type (1 byte) and response data (vector)
    byte type = (byte)Record.getInt8(buffer);
    byte[] respData = Record.getBytes24(buffer);

    // Create the CertStatusResponse based on the type
    if (type == CertStatusRequestType.OCSP.id) {
        this.statusResponse = new OCSPStatusResponse(type, respData);
    } else {
        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
            SSLLogger.info(
                "Unknown certificate status response " +
                "(status type: " + type + ")");
        }

        this.statusResponse = new CertStatusResponse(type, respData);
    }
}
 
Example 23
Source Project: Bytecoder   Source File: SupportedGroupsExtension.java    License: Apache License 2.0 6 votes vote down vote up
private SupportedGroupsSpec(ByteBuffer m) throws IOException  {
    if (m.remaining() < 2) {      // 2: the length of the list
        throw new SSLProtocolException(
            "Invalid supported_groups extension: insufficient data");
    }

    byte[] ngs = Record.getBytes16(m);
    if (m.hasRemaining()) {
        throw new SSLProtocolException(
            "Invalid supported_groups extension: unknown extra data");
    }

    if ((ngs == null) || (ngs.length == 0) || (ngs.length % 2 != 0)) {
        throw new SSLProtocolException(
            "Invalid supported_groups extension: incomplete data");
    }

    int[] ids = new int[ngs.length / 2];
    for (int i = 0, j = 0; i < ngs.length;) {
        ids[j++] = ((ngs[i++] & 0xFF) << 8) | (ngs[i++] & 0xFF);
    }

    this.namedGroupsIds = ids;
}
 
Example 24
Source Project: Bytecoder   Source File: SignatureAlgorithmsExtension.java    License: Apache License 2.0 6 votes vote down vote up
SignatureSchemesSpec(ByteBuffer buffer) throws IOException {
    if (buffer.remaining() < 2) {      // 2: the length of the list
        throw new SSLProtocolException(
            "Invalid signature_algorithms: insufficient data");
    }

    byte[] algs = Record.getBytes16(buffer);
    if (buffer.hasRemaining()) {
        throw new SSLProtocolException(
            "Invalid signature_algorithms: unknown extra data");
    }

    if (algs == null || algs.length == 0 || (algs.length & 0x01) != 0) {
        throw new SSLProtocolException(
            "Invalid signature_algorithms: incomplete data");
    }

    int[] schemes = new int[algs.length / 2];
    for (int i = 0, j = 0; i < algs.length;) {
        byte hash = algs[i++];
        byte sign = algs[i++];
        schemes[j++] = ((hash & 0xFF) << 8) | (sign & 0xFF);
    }

    this.signatureSchemes = schemes;
}
 
Example 25
Source Project: openjsse   Source File: AlpnExtension.java    License: GNU General Public License v2.0 5 votes vote down vote up
private AlpnSpec(ByteBuffer buffer) throws IOException {
    // ProtocolName protocol_name_list<2..2^16-1>, RFC 7301.
    if (buffer.remaining() < 2) {
        throw new SSLProtocolException(
            "Invalid application_layer_protocol_negotiation: " +
            "insufficient data (length=" + buffer.remaining() + ")");
    }

    int listLen = Record.getInt16(buffer);
    if (listLen < 2 || listLen != buffer.remaining()) {
        throw new SSLProtocolException(
            "Invalid application_layer_protocol_negotiation: " +
            "incorrect list length (length=" + listLen + ")");
    }

    List<String> protocolNames = new LinkedList<>();
    while (buffer.hasRemaining()) {
        // opaque ProtocolName<1..2^8-1>, RFC 7301.
        byte[] bytes = Record.getBytes8(buffer);
        if (bytes.length == 0) {
            throw new SSLProtocolException(
                "Invalid application_layer_protocol_negotiation " +
                "extension: empty application protocol name");
        }

        String appProtocol = new String(bytes, StandardCharsets.UTF_8);
        protocolNames.add(appProtocol);
    }

    this.applicationProtocols =
            Collections.unmodifiableList(protocolNames);
}
 
Example 26
Source Project: openjsse   Source File: CookieExtension.java    License: GNU General Public License v2.0 5 votes vote down vote up
private CookieSpec(ByteBuffer m) throws IOException {
    // opaque cookie<1..2^16-1>;
    if (m.remaining() < 3) {
        throw new SSLProtocolException(
            "Invalid cookie extension: insufficient data");
    }

    this.cookie = Record.getBytes16(m);
}
 
Example 27
Source Project: openjsse   Source File: SessionId.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks the length of the session ID to make sure it sits within
 * the range called out in the specification
 */
void checkLength(int protocolVersion) throws SSLProtocolException {
    // As of today all versions of TLS have a 32-byte maximum length.
    // In the future we can do more here to support protocol versions
    // that may have longer max lengths.
    if (sessionId.length > MAX_LENGTH) {
        throw new SSLProtocolException("Invalid session ID length (" +
                sessionId.length + " bytes)");
    }
}
 
Example 28
Source Project: Bytecoder   Source File: CertStatusExtension.java    License: Apache License 2.0 5 votes vote down vote up
private CertStatusRequestSpec(ByteBuffer buffer) throws IOException {
    // Is it a empty extension_data?
    if (buffer.remaining() == 0) {
        // server response
        this.statusRequest = null;
        return;
    }

    if (buffer.remaining() < 1) {
        throw new SSLProtocolException(
            "Invalid status_request extension: insufficient data");
    }

    byte statusType = (byte)Record.getInt8(buffer);
    byte[] encoded = new byte[buffer.remaining()];
    if (encoded.length != 0) {
        buffer.get(encoded);
    }
    if (statusType == CertStatusRequestType.OCSP.id) {
        this.statusRequest = new OCSPStatusRequest(statusType, encoded);
    } else {
        if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
            SSLLogger.info(
                "Unknown certificate status request " +
                "(status type: " + statusType + ")");
        }

        this.statusRequest = new CertStatusRequest(statusType, encoded);
    }
}
 
Example 29
Source Project: openjsse   Source File: KeyShareExtension.java    License: GNU General Public License v2.0 5 votes vote down vote up
private HRRKeyShareSpec(ByteBuffer buffer) throws IOException {
    // struct {
    //     NamedGroup selected_group;
    // } KeyShareHelloRetryRequest;
    if (buffer.remaining() != 2) {
        throw new SSLProtocolException(
            "Invalid key_share extension: " +
            "improper data (length=" + buffer.remaining() + ")");
    }

    this.selectedGroup = Record.getInt16(buffer);
}
 
Example 30
PskKeyExchangeModesSpec(ByteBuffer m) throws IOException {
    if (m.remaining() < 2) {
        throw new SSLProtocolException(
            "Invalid psk_key_exchange_modes extension: " +
            "insufficient data");
    }

    this.modes = Record.getBytes8(m);
}