001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * https://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 * 019 */ 020package org.apache.directory.api.ldap.model.exception; 021 022 023import java.security.cert.CertPathBuilderException; 024import java.security.cert.CertPathValidatorException; 025import java.security.cert.CertPathValidatorException.BasicReason; 026import java.security.cert.CertificateExpiredException; 027import java.security.cert.CertificateNotYetValidException; 028import java.security.cert.X509Certificate; 029 030import javax.security.auth.x500.X500Principal; 031 032import org.apache.commons.lang3.exception.ExceptionUtils; 033import org.apache.directory.api.ldap.model.exception.LdapTlsHandshakeFailCause.LdapApiReason; 034 035 036public final class LdapTlsHandshakeExceptionClassifier 037{ 038 private LdapTlsHandshakeExceptionClassifier() 039 { 040 } 041 042 public static LdapTlsHandshakeFailCause classify( Throwable cause ) 043 { 044 return classify( cause, null ); 045 } 046 047 048 public static LdapTlsHandshakeFailCause classify( Throwable cause, X509Certificate certificate ) 049 { 050 LdapTlsHandshakeFailCause failCause = new LdapTlsHandshakeFailCause(); 051 failCause.setCause( cause ); 052 053 Throwable rootCause = ExceptionUtils.getRootCause( cause ); 054 failCause.setRootCause( rootCause ); 055 056 if ( rootCause instanceof CertificateExpiredException ) 057 { 058 failCause.setReason( BasicReason.EXPIRED ); 059 failCause.setReasonPhrase( "Certificate expired" ); 060 } 061 else if ( rootCause instanceof CertificateNotYetValidException ) 062 { 063 failCause.setReason( BasicReason.NOT_YET_VALID ); 064 failCause.setReasonPhrase( "Certificate not yet valid" ); 065 } 066 else if ( rootCause instanceof CertPathBuilderException ) 067 { 068 failCause.setReason( LdapApiReason.NO_VALID_CERTIFICATION_PATH ); 069 failCause.setReasonPhrase( "Failed to build certification path" ); 070 if ( certificate != null ) 071 { 072 X500Principal issuerX500Principal = certificate.getIssuerX500Principal(); 073 X500Principal subjectX500Principal = certificate.getSubjectX500Principal(); 074 if ( issuerX500Principal.equals( subjectX500Principal ) ) 075 { 076 failCause.setReason( LdapApiReason.SELF_SIGNED ); 077 failCause.setReasonPhrase( "Self signed certificate" ); 078 } 079 } 080 } 081 else if ( rootCause instanceof CertPathValidatorException ) 082 { 083 CertPathValidatorException cpve = ( CertPathValidatorException ) rootCause; 084 failCause.setReason( cpve.getReason() ); 085 failCause.setReasonPhrase( "Failed to verify certification path" ); 086 } 087 else 088 { 089 failCause.setReason( BasicReason.UNSPECIFIED ); 090 failCause.setReasonPhrase( "Unspecified" ); 091 } 092 093 return failCause; 094 } 095 096}