1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.api.ldap.model.exception;
21
22
23 import java.security.cert.CertPathBuilderException;
24 import java.security.cert.CertPathValidatorException;
25 import java.security.cert.CertPathValidatorException.BasicReason;
26 import java.security.cert.CertificateExpiredException;
27 import java.security.cert.CertificateNotYetValidException;
28 import java.security.cert.X509Certificate;
29
30 import javax.security.auth.x500.X500Principal;
31
32 import org.apache.commons.lang3.exception.ExceptionUtils;
33 import org.apache.directory.api.ldap.model.exception.LdapTlsHandshakeFailCause.LdapApiReason;
34
35
36 public final class LdapTlsHandshakeExceptionClassifier
37 {
38 private LdapTlsHandshakeExceptionClassifier()
39 {
40 }
41
42 public static LdapTlsHandshakeFailCause classify( Throwable cause )
43 {
44 return classify( cause, null );
45 }
46
47
48 public static LdapTlsHandshakeFailCause classify( Throwable cause, X509Certificate certificate )
49 {
50 LdapTlsHandshakeFailCause failCause = new LdapTlsHandshakeFailCause();
51 failCause.setCause( cause );
52
53 Throwable rootCause = ExceptionUtils.getRootCause( cause );
54 failCause.setRootCause( rootCause );
55
56 if ( rootCause instanceof CertificateExpiredException )
57 {
58 failCause.setReason( BasicReason.EXPIRED );
59 failCause.setReasonPhrase( "Certificate expired" );
60 }
61 else if ( rootCause instanceof CertificateNotYetValidException )
62 {
63 failCause.setReason( BasicReason.NOT_YET_VALID );
64 failCause.setReasonPhrase( "Certificate not yet valid" );
65 }
66 else if ( rootCause instanceof CertPathBuilderException )
67 {
68 failCause.setReason( LdapApiReason.NO_VALID_CERTIFICATION_PATH );
69 failCause.setReasonPhrase( "Failed to build certification path" );
70 if ( certificate != null )
71 {
72 X500Principal issuerX500Principal = certificate.getIssuerX500Principal();
73 X500Principal subjectX500Principal = certificate.getSubjectX500Principal();
74 if ( issuerX500Principal.equals( subjectX500Principal ) )
75 {
76 failCause.setReason( LdapApiReason.SELF_SIGNED );
77 failCause.setReasonPhrase( "Self signed certificate" );
78 }
79 }
80 }
81 else if ( rootCause instanceof CertPathValidatorException )
82 {
83 CertPathValidatorException cpve = ( CertPathValidatorException ) rootCause;
84 failCause.setReason( cpve.getReason() );
85 failCause.setReasonPhrase( "Failed to verify certification path" );
86 }
87 else
88 {
89 failCause.setReason( BasicReason.UNSPECIFIED );
90 String failMessage = "Undefined";
91
92 if ( cause != null )
93 {
94 failMessage += ", " + cause.getClass().getSimpleName();
95 }
96
97 failCause.setReasonPhrase( failMessage );
98 }
99
100 return failCause;
101 }
102 }