Skip to content
Permalink
Browse files
  • Loading branch information
elecharny committed Dec 27, 2018
2 parents ac9529e + 9dce02b commit e7e204999b31e8ef3908d83d2dd7ef8e36375a9a
Show file tree
Hide file tree
Showing 7 changed files with 352 additions and 71 deletions.
@@ -104,7 +104,6 @@
import org.apache.directory.api.ldap.model.message.ExtendedRequest;
import org.apache.directory.api.ldap.model.message.ExtendedResponse;
import org.apache.directory.api.ldap.model.message.IntermediateResponse;
import org.apache.directory.api.ldap.model.message.IntermediateResponseImpl;
import org.apache.directory.api.ldap.model.message.LdapResult;
import org.apache.directory.api.ldap.model.message.Message;
import org.apache.directory.api.ldap.model.message.ModifyDnRequest;
@@ -2632,7 +2631,6 @@ public void messageReceived( IoSession session, Object message ) throws Exceptio

ExtendedFuture extendedFuture = ( ExtendedFuture ) responseFuture;

// remove the listener from the listener map
if ( LOG.isDebugEnabled() )
{
if ( extendedResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS )
@@ -2656,29 +2654,25 @@ public void messageReceived( IoSession session, Object message ) throws Exceptio
break;

case INTERMEDIATE_RESPONSE:
IntermediateResponse intermediateResponse;
IntermediateResponse intermediateResponse = ( IntermediateResponse ) response;

// Store the response into the future
if ( responseFuture instanceof SearchFuture )
{
intermediateResponse = new IntermediateResponseImpl( messageId );
addControls( intermediateResponse, response );
( ( SearchFuture ) responseFuture ).set( intermediateResponse );
}
else if ( responseFuture instanceof ExtendedFuture )
{
intermediateResponse = new IntermediateResponseImpl( messageId );
addControls( intermediateResponse, response );
( ( ExtendedFuture ) responseFuture ).set( intermediateResponse );
}
else
{
// currently we only support IR for search and extended operations
throw new UnsupportedOperationException( I18n.err( I18n.ERR_04111_UNKNOWN_RESPONSE_FUTURE_TYPE,
throw new UnsupportedOperationException( I18n.err( I18n.ERR_04111_UNKNOWN_RESPONSE_FUTURE_TYPE,
responseFuture.getClass().getName() ) );
}

intermediateResponse.setResponseName( ( ( IntermediateResponse ) response ).getResponseName() );
intermediateResponse.setResponseValue( ( ( IntermediateResponse ) response ).getResponseValue() );
// Do not remove the future from the map, that's done when receiving search result done

break;

@@ -1,3 +1,22 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.api.ldap.extras;


@@ -20,14 +20,6 @@
package org.apache.directory.api.ldap.model.exception;


import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;

import org.apache.commons.lang3.exception.ExceptionUtils;


/**
* A LdapTlsException is thrown if the SSL/TLS handshake failed.
*
@@ -37,8 +29,7 @@ public class LdapTlsHandshakeException extends LdapException
{
private static final long serialVersionUID = 1L;

private Throwable rootCause;
private String reasonPhrase;
private LdapTlsHandshakeFailCause failCause;


/**
@@ -50,36 +41,13 @@ public class LdapTlsHandshakeException extends LdapException
public LdapTlsHandshakeException( String message, Throwable cause )
{
super( message, cause );
classify();
this.failCause = LdapTlsHandshakeExceptionClassifier.classify( cause, null );
}


private void classify()
public LdapTlsHandshakeFailCause getFailCause()
{
rootCause = ExceptionUtils.getRootCause( getCause() );

if ( rootCause instanceof CertificateExpiredException )
{
this.reasonPhrase = "Certificate expired";
}
else if ( rootCause instanceof CertificateNotYetValidException )
{
this.reasonPhrase = "Certificate not yet valid";
}
else if ( rootCause instanceof CertPathBuilderException )
{
this.reasonPhrase = "Failed to build certification path";
}
else if ( rootCause instanceof CertPathValidatorException )
{
CertPathValidatorException cpve = ( CertPathValidatorException ) rootCause;
cpve.getReason();
this.reasonPhrase = "Failed to verify certification path";
}
else
{
this.reasonPhrase = "Unspecified";
}
return failCause;
}


@@ -88,7 +56,8 @@ public String getMessage()
{
String message = super.getMessage();

message += ", reason: " + reasonPhrase;
message += ", reason: " + failCause.getReasonPhrase();
Throwable rootCause = failCause.getRootCause();
if ( rootCause != null && rootCause != this )
{
message += ": " + rootCause.getMessage();
@@ -97,15 +66,4 @@ public String getMessage()
return message;
}


public String getReasonPhrase()
{
return reasonPhrase;
}


public Throwable getRootCause()
{
return rootCause;
}
}
@@ -0,0 +1,96 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.api.ldap.model.exception;


import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;

import javax.security.auth.x500.X500Principal;

import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.directory.api.ldap.model.exception.LdapTlsHandshakeFailCause.LdapApiReason;


public final class LdapTlsHandshakeExceptionClassifier
{
private LdapTlsHandshakeExceptionClassifier()
{
}

public static LdapTlsHandshakeFailCause classify( Throwable cause )
{
return classify( cause, null );
}


public static LdapTlsHandshakeFailCause classify( Throwable cause, X509Certificate certificate )
{
LdapTlsHandshakeFailCause failCause = new LdapTlsHandshakeFailCause();
failCause.setCause( cause );

Throwable rootCause = ExceptionUtils.getRootCause( cause );
failCause.setRootCause( rootCause );

if ( rootCause instanceof CertificateExpiredException )
{
failCause.setReason( BasicReason.EXPIRED );
failCause.setReasonPhrase( "Certificate expired" );
}
else if ( rootCause instanceof CertificateNotYetValidException )
{
failCause.setReason( BasicReason.NOT_YET_VALID );
failCause.setReasonPhrase( "Certificate not yet valid" );
}
else if ( rootCause instanceof CertPathBuilderException )
{
failCause.setReason( LdapApiReason.NO_VALID_CERTIFICATION_PATH );
failCause.setReasonPhrase( "Failed to build certification path" );
if ( certificate != null )
{
X500Principal issuerX500Principal = certificate.getIssuerX500Principal();
X500Principal subjectX500Principal = certificate.getSubjectX500Principal();
if ( issuerX500Principal.equals( subjectX500Principal ) )
{
failCause.setReason( LdapApiReason.SELF_SIGNED );
failCause.setReasonPhrase( "Self signed certificate" );
}
}
}
else if ( rootCause instanceof CertPathValidatorException )
{
CertPathValidatorException cpve = ( CertPathValidatorException ) rootCause;
failCause.setReason( cpve.getReason() );
failCause.setReasonPhrase( "Failed to verify certification path" );
}
else
{
failCause.setReason( BasicReason.UNSPECIFIED );
failCause.setReasonPhrase( "Unspecified" );
}

return failCause;
}

}
@@ -0,0 +1,120 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.api.ldap.model.exception;


import java.security.cert.CertPathValidatorException.BasicReason;
import java.security.cert.CertPathValidatorException.Reason;


public class LdapTlsHandshakeFailCause
{
private Throwable cause;
private Throwable rootCause;
private Reason reason;
private String reasonPhrase;


public LdapTlsHandshakeFailCause()
{
}


public LdapTlsHandshakeFailCause( Throwable cause, Throwable rootCause, Reason reason, String reasonPhrase )
{
this.cause = cause;
this.rootCause = rootCause;
this.reason = reason;
this.reasonPhrase = reasonPhrase;
}


public Throwable getCause()
{
return cause;
}


public void setCause( Throwable cause )
{
this.cause = cause;
}


public Throwable getRootCause()
{
return rootCause;
}


public void setRootCause( Throwable rootCause )
{
this.rootCause = rootCause;
}


public Reason getReason()
{
return reason;
}


public void setReason( Reason reason )
{
this.reason = reason;
}


public String getReasonPhrase()
{
return reasonPhrase;
}


public void setReasonPhrase( String reasonPhrase )
{
this.reasonPhrase = reasonPhrase;
}

/**
* Additional reasons.
*
* @see BasicReason
*
*/
public enum LdapApiReason implements Reason
{
NO_VALID_CERTIFICATION_PATH,
SELF_SIGNED,
HOST_NAME_VERIFICATION_FAILED,
}


public String getMessage()
{
String message = reasonPhrase;
if ( rootCause != null && rootCause != cause )
{
message += ": " + rootCause.getMessage();
}
return message;
}

}

0 comments on commit e7e2049

Please sign in to comment.