bbe2e4d224
Motivation: In OpenSslCertificateException we should ensure we try to load netty-tcnative before trying to use any class from it as otherwise it may throw an error due missing linking of the native libs. Modifications: - Ensure we call OpenSsl.isAvailable() before we try to use netty-tcnative for validation - Add testcase. Result: No more errors causing by not loading native libs before trying to use these.
82 lines
3.0 KiB
Java
82 lines
3.0 KiB
Java
/*
|
|
* Copyright 2016 The Netty Project
|
|
*
|
|
* The Netty Project licenses this file to you under the Apache License,
|
|
* version 2.0 (the "License"); you may not use this file except in compliance
|
|
* with the License. You may obtain a copy of the License at:
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
* License for the specific language governing permissions and limitations
|
|
* under the License.
|
|
*/
|
|
package io.netty.handler.ssl;
|
|
|
|
import io.netty.internal.tcnative.CertificateVerifier;
|
|
|
|
import java.security.cert.CertificateException;
|
|
|
|
/**
|
|
* A special {@link CertificateException} which allows to specify which error code is included in the
|
|
* SSL Record. This only work when {@link SslProvider#OPENSSL} or {@link SslProvider#OPENSSL_REFCNT} is used.
|
|
*/
|
|
public final class OpenSslCertificateException extends CertificateException {
|
|
private static final long serialVersionUID = 5542675253797129798L;
|
|
|
|
private final int errorCode;
|
|
|
|
/**
|
|
* Construct a new exception with the
|
|
* <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a>.
|
|
*/
|
|
public OpenSslCertificateException(int errorCode) {
|
|
this((String) null, errorCode);
|
|
}
|
|
|
|
/**
|
|
* Construct a new exception with the msg and
|
|
* <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a> .
|
|
*/
|
|
public OpenSslCertificateException(String msg, int errorCode) {
|
|
super(msg);
|
|
this.errorCode = checkErrorCode(errorCode);
|
|
}
|
|
|
|
/**
|
|
* Construct a new exception with the msg, cause and
|
|
* <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a> .
|
|
*/
|
|
public OpenSslCertificateException(String message, Throwable cause, int errorCode) {
|
|
super(message, cause);
|
|
this.errorCode = checkErrorCode(errorCode);
|
|
}
|
|
|
|
/**
|
|
* Construct a new exception with the cause and
|
|
* <a href="https://www.openssl.org/docs/manmaster/apps/verify.html">error code</a> .
|
|
*/
|
|
public OpenSslCertificateException(Throwable cause, int errorCode) {
|
|
this(null, cause, errorCode);
|
|
}
|
|
|
|
/**
|
|
* Return the <a href="https://www.openssl.org/docs/man1.0.2/apps/verify.html">error code</a> to use.
|
|
*/
|
|
public int errorCode() {
|
|
return errorCode;
|
|
}
|
|
|
|
private static int checkErrorCode(int errorCode) {
|
|
// Call OpenSsl.isAvailable() to ensure we try to load the native lib as CertificateVerifier.isValid(...)
|
|
// will depend on it. If loading fails we will just skip the validation.
|
|
if (OpenSsl.isAvailable() && !CertificateVerifier.isValid(errorCode)) {
|
|
throw new IllegalArgumentException("errorCode '" + errorCode +
|
|
"' invalid, see https://www.openssl.org/docs/man1.0.2/apps/verify.html.");
|
|
}
|
|
return errorCode;
|
|
}
|
|
}
|