Source code

001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    https://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.api.ldap.model.exception;
021
022
023import java.security.cert.CertPathBuilderException;
024import java.security.cert.CertPathValidatorException;
025import java.security.cert.CertPathValidatorException.BasicReason;
026import java.security.cert.CertificateExpiredException;
027import java.security.cert.CertificateNotYetValidException;
028import java.security.cert.X509Certificate;
029
030import javax.security.auth.x500.X500Principal;
031
032import org.apache.commons.lang3.exception.ExceptionUtils;
033import org.apache.directory.api.ldap.model.exception.LdapTlsHandshakeFailCause.LdapApiReason;
034
035
036public final class LdapTlsHandshakeExceptionClassifier
037{
038    private LdapTlsHandshakeExceptionClassifier()
039    {
040    }
041
042    public static LdapTlsHandshakeFailCause classify( Throwable cause )
043    {
044        return classify( cause, null );
045    }
046
047
048    public static LdapTlsHandshakeFailCause classify( Throwable cause, X509Certificate certificate )
049    {
050        LdapTlsHandshakeFailCause failCause = new LdapTlsHandshakeFailCause();
051        failCause.setCause( cause );
052
053        Throwable rootCause = ExceptionUtils.getRootCause( cause );
054        failCause.setRootCause( rootCause );
055
056        if ( rootCause instanceof CertificateExpiredException )
057        {
058            failCause.setReason( BasicReason.EXPIRED );
059            failCause.setReasonPhrase( "Certificate expired" );
060        }
061        else if ( rootCause instanceof CertificateNotYetValidException )
062        {
063            failCause.setReason( BasicReason.NOT_YET_VALID );
064            failCause.setReasonPhrase( "Certificate not yet valid" );
065        }
066        else if ( rootCause instanceof CertPathBuilderException )
067        {
068            failCause.setReason( LdapApiReason.NO_VALID_CERTIFICATION_PATH );
069            failCause.setReasonPhrase( "Failed to build certification path" );
070            if ( certificate != null )
071            {
072                X500Principal issuerX500Principal = certificate.getIssuerX500Principal();
073                X500Principal subjectX500Principal = certificate.getSubjectX500Principal();
074                if ( issuerX500Principal.equals( subjectX500Principal ) )
075                {
076                    failCause.setReason( LdapApiReason.SELF_SIGNED );
077                    failCause.setReasonPhrase( "Self signed certificate" );
078                }
079            }
080        }
081        else if ( rootCause instanceof CertPathValidatorException )
082        {
083            CertPathValidatorException cpve = ( CertPathValidatorException ) rootCause;
084            failCause.setReason( cpve.getReason() );
085            failCause.setReasonPhrase( "Failed to verify certification path" );
086        }
087        else
088        {
089            failCause.setReason( BasicReason.UNSPECIFIED );
090            failCause.setReasonPhrase( "Unspecified" );
091        }
092
093        return failCause;
094    }
095
096}