Permalink
Browse files

fix: Do not swallow security exceptions

There are two cases where the driver currently swallows security
exceptions. The first is in MD5Digest and the second is in
SingleCertValidatingFactory. In both cases the code will result in
partially initialized objects being used which will result in follow up
exceptions later on. These will be hard to track down since the
original exception was swallowed.

Wrap and propagate security exceptions instead of swallowing them.

closes #471
  • Loading branch information...
marschall authored and vlsi committed Dec 29, 2015
1 parent 2d5e7fa commit beab720eb08430ec67d42adc927519701c879944
@@ -225,11 +225,8 @@ public SingleCertValidatingFactory(String sslFactoryArg) throws GeneralSecurityE

public SingleCertTrustManager(InputStream in) throws IOException, GeneralSecurityException {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
try {
// Note: KeyStore requires it be loaded even if you don't load anything into it:
ks.load(null);
} catch (Exception e) {
}
// Note: KeyStore requires it be loaded even if you don't load anything into it:
ks.load(null);
CertificateFactory cf = CertificateFactory.getInstance("X509");
cert = (X509Certificate) cf.generateCertificate(in);
ks.setCertificateEntry(UUID.randomUUID().toString(), cert);
@@ -15,6 +15,7 @@
*/

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

public class MD5Digest {
private MD5Digest() {
@@ -50,8 +51,8 @@ private MD5Digest() {
hex_digest[0] = (byte) 'm';
hex_digest[1] = (byte) 'd';
hex_digest[2] = (byte) '5';
} catch (Exception e) {
; // "MessageDigest failure; " + e
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException("Unable to encode password with MD5", e);
}

return hex_digest;

0 comments on commit beab720

Please sign in to comment.