iaik.security.ssl
Class SSLException

java.lang.Object
  extended by java.lang.Throwable
      extended by java.lang.Exception
          extended by java.io.IOException
              extended by iaik.security.ssl.SSLException
All Implemented Interfaces:
java.io.Serializable
Direct Known Subclasses:
SSLCertificateException

public class SSLException
extends java.io.IOException

Signals that an SSL exception of some sort has occurred.

See Also:
Serialized Form

Field Summary
static int ALERT_ACCESS_DENIED
          TLS protocol Alert description "ACCESS_DENIED" (49).
static int ALERT_BAD_CERTIFICATE
          SSL/TLS protocol Alert description "BAD_CERTIFICATE" (42).
static int ALERT_BAD_CERTIFICATE_HASH_VALUE
          TLS protocol extensions Alert description "BAD_CERTIFICATE_HASH_VALUE" (114).
static int ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
          TLS protocol extensions Alert description "BAD_CERTIFICATE_STATUS_RESPONSE" (113).
static int ALERT_BAD_RECORD_MAC
          SSL/TLS protocol Alert description "BAD_RECORD_MAC" (20).
static int ALERT_CERTIFICATE_EXPIRED
          SSL/TLS protocol Alert description "CERTIFICATE_EXPIRED" (45).
static int ALERT_CERTIFICATE_REVOKED
          SSL/TLS protocol Alert description "CERTIFICATE_REVOKED" (44).
static int ALERT_CERTIFICATE_UNKNOWN
          SSL/TLS protocol Alert description "CERTIFICATE_UNKNOWN" (46).
static int ALERT_CERTIFICATE_UNOBTAINABLE
          TLS protocol extensions Alert description "CERTIFICATE_UNOBTAINABLE" (111).
static int ALERT_CLOSE_NOTIFY
          SSL/TLS protocol Alert description "CLOSE_NOTIFY" (0).
static int ALERT_DECODE_ERROR
          TLS protocol Alert description "DECODE_ERROR" (50).
static int ALERT_DECOMPRESSION_FAILURE
          SSL/TLS protocol Alert description "DECOMPRESSION_FAILURE" (30).
static int ALERT_DECRYPT_ERROR
          TLS protocol Alert description "DECRYPT_ERROR" (51).
static int ALERT_DECRYPTION_FAILED
          TLS protocol Alert description "DECRYPTION_FAILED" (21).
static int ALERT_EXPORT_RESTRICTION
          TLS protocol Alert description "EXPORT_RESTRICTION" (60).
static int ALERT_HANDSHAKE_FAILURE
          SSL/TLS protocol Alert description "HANDSHAKE_FAILURE" (40).
static int ALERT_ILLEGAL_PARAMETER
          SSL/TLS protocol Alert description "ILLEGAL_PARAMETER" (47).
static int ALERT_INSUFFICIENT_SECURITY
          TLS protocol Alert description "INSUFFICIENT_SECURITY" (71).
static int ALERT_INTERNAL_ERROR
          TLS protocol Alert description "INTERNAL_ERROR" (80).
static int ALERT_LEVEL_FATAL
          Alert level FATAL (2).
static int ALERT_LEVEL_WARNING
          Alert level WARNING (1).
static int ALERT_NO_CERTIFICATE
          SSL protocol Alert description "NO_CERTIFICATE" (41).
static int ALERT_NO_RENEGOTIATION
          TLS protocol Alert description "NO_RENEGOTIATION" (100).
static int ALERT_PROTOCOL_VERSION
          TLS protocol Alert description "PROTOCOL_VERSION" (70).
static int ALERT_RECORD_OVERFLOW
          TLS protocol Alert description "RECORD_OVERFLOW" (22).
static int ALERT_UNEXPECTED_MESSAGE
          SSL/TLS protocol Alert description "UNEXPECTED_MESSAGE" (10).
static int ALERT_UNKNOWN_CA
          TLS protocol Alert description "UNKNOWN_CA" (48).
static int ALERT_UNKNOWN_PSK_IDENTITY
          TLS-PSK (RFC 4279) protocol Alert description "UNKNOWN_PSK_IDENTITY" (115).
static int ALERT_UNRECOGNIZED_NAME
          TLS protocol extensions Alert description "UNRECOGNIZED_NAME" (112).
static int ALERT_UNSUPPORTED_CERTIFICATE
          SSL/TLS protocol Alert description "UNSUPPORTED_CERTIFICATE" (43).
static int ALERT_UNSUPPORTED_EXTENSION
          TLS protocol extensions Alert description "UNSUPPORTED_EXTENSION" (110).
static int ALERT_USER_CANCELED
          TLS protocol Alert description "USER_CANCELED" (90).
static int ALERT_V2_BAD_CERTIFICATE
          SSLv2 protocol Alert description "BAD_CERTIFICATE" (4).
static int ALERT_V2_NO_CERTIFICATE
          SSLv2 protocol Alert description "NO_CERTIFICATE" (2).
static int ALERT_V2_NO_CIPHER
          SSLv2 protocol Alert description "NO_CIPHER" (1).
static int ALERT_V2_UNDEFINED_ERROR
          SSLv2 protocol Alert description "UNDEFINED_ERROR" (0).
static int ALERT_V2_UNSUPPORTED_CERTIFICATE_TYPE
          SSLv2 protocol Alert description "UNSUPPORTED_CERTIFICATE_TYPE" (6).
 
Constructor Summary
SSLException(java.lang.String string)
          Constructs an SSLException with the given message.
 
Method Summary
 boolean alertFromPeer()
          Checks whether this exception has been thrown because of an alert received from the peer.
 int getAlertDescription()
          Returns the alert description, if assigned to this exception.
 int getAlertLevel()
          Returns the alert level, if assigned to this exception.
 
Methods inherited from class java.lang.Throwable
fillInStackTrace, getCause, getLocalizedMessage, getMessage, getStackTrace, initCause, printStackTrace, printStackTrace, printStackTrace, setStackTrace, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

ALERT_LEVEL_WARNING

public static final int ALERT_LEVEL_WARNING
Alert level WARNING (1).

See Also:
Constant Field Values

ALERT_LEVEL_FATAL

public static final int ALERT_LEVEL_FATAL
Alert level FATAL (2). Causes an immediate termination of the connection.

See Also:
Constant Field Values

ALERT_CLOSE_NOTIFY

public static final int ALERT_CLOSE_NOTIFY
SSL/TLS protocol Alert description "CLOSE_NOTIFY" (0). Alert level: warning. Will be sent to notify the peer that the SSL/TLS session will be closed.

See Also:
Constant Field Values

ALERT_UNEXPECTED_MESSAGE

public static final int ALERT_UNEXPECTED_MESSAGE
SSL/TLS protocol Alert description "UNEXPECTED_MESSAGE" (10). Alert level: fatal. Indicates that an unexpected message has been received.

See Also:
Constant Field Values

ALERT_BAD_RECORD_MAC

public static final int ALERT_BAD_RECORD_MAC
SSL/TLS protocol Alert description "BAD_RECORD_MAC" (20). Alert level: fatal. Indicates that a message with an incorrect MAC has been received.

See Also:
Constant Field Values

ALERT_DECRYPTION_FAILED

public static final int ALERT_DECRYPTION_FAILED
TLS protocol Alert description "DECRYPTION_FAILED" (21). Alert level: fatal. Indicates a decryption (e.g. bad padding) error.

See Also:
Constant Field Values

ALERT_RECORD_OVERFLOW

public static final int ALERT_RECORD_OVERFLOW
TLS protocol Alert description "RECORD_OVERFLOW" (22). Alert level: fatal. Indicates that a record has been received that contains more bytes than allowed.

See Also:
Constant Field Values

ALERT_DECOMPRESSION_FAILURE

public static final int ALERT_DECOMPRESSION_FAILURE
SSL/TLS protocol Alert description "DECOMPRESSION_FAILURE" (30). Alert level: fatal. Indicates that an error when decompressing a compressed record.

See Also:
Constant Field Values

ALERT_HANDSHAKE_FAILURE

public static final int ALERT_HANDSHAKE_FAILURE
SSL/TLS protocol Alert description "HANDSHAKE_FAILURE" (40). Alert level: fatal. Indicates a handshake failure.

See Also:
Constant Field Values

ALERT_NO_CERTIFICATE

public static final int ALERT_NO_CERTIFICATE
SSL protocol Alert description "NO_CERTIFICATE" (41). Alert level: warning. Sent by an SSL client to indicate that he does not have a proper certificate to fullfill a certificate request from the server. This alert description is no more used by TLS (here a client sends an empty certificate message if he does not have a proper certificate).

See Also:
Constant Field Values

ALERT_BAD_CERTIFICATE

public static final int ALERT_BAD_CERTIFICATE
SSL/TLS protocol Alert description "BAD_CERTIFICATE" (42). Indicates that there is something wrong with the certificate received from the peer (e.g. the signature of the certificate is invalid).

See Also:
Constant Field Values

ALERT_UNSUPPORTED_CERTIFICATE

public static final int ALERT_UNSUPPORTED_CERTIFICATE
SSL/TLS protocol Alert description "UNSUPPORTED_CERTIFICATE" (43). Indicates that the certificate type is not supported.

See Also:
Constant Field Values

ALERT_CERTIFICATE_REVOKED

public static final int ALERT_CERTIFICATE_REVOKED
SSL/TLS protocol Alert description "CERTIFICATE_REVOKED" (44). Indicates that the certificate is revoked.

See Also:
Constant Field Values

ALERT_CERTIFICATE_EXPIRED

public static final int ALERT_CERTIFICATE_EXPIRED
SSL/TLS protocol Alert description "CERTIFICATE_EXPIRED" (45). Indicates that the certificate has already expired or is currently not valid.

See Also:
Constant Field Values

ALERT_CERTIFICATE_UNKNOWN

public static final int ALERT_CERTIFICATE_UNKNOWN
SSL/TLS protocol Alert description "CERTIFICATE_UNKNOWN" (46). Indicates some other problem that has been occured when processing a certificate.

See Also:
Constant Field Values

ALERT_ILLEGAL_PARAMETER

public static final int ALERT_ILLEGAL_PARAMETER
SSL/TLS protocol Alert description "ILLEGAL_PARAMETER" (47). Alert level: fatal. Indicates that a handshake message contains an illegal field.

See Also:
Constant Field Values

ALERT_UNKNOWN_CA

public static final int ALERT_UNKNOWN_CA
TLS protocol Alert description "UNKNOWN_CA" (48). Alert level: fatal. Indicates that the certificate (chain) received from the peer does not lead to a trusted ca.

See Also:
Constant Field Values

ALERT_ACCESS_DENIED

public static final int ALERT_ACCESS_DENIED
TLS protocol Alert description "ACCESS_DENIED" (49). Alert level: fatal. The certificate is valid, but acces is denied.

See Also:
Constant Field Values

ALERT_DECODE_ERROR

public static final int ALERT_DECODE_ERROR
TLS protocol Alert description "DECODE_ERROR" (50). Alert level: fatal. Indicates a problem when trying to decode a message.

See Also:
Constant Field Values

ALERT_DECRYPT_ERROR

public static final int ALERT_DECRYPT_ERROR
TLS protocol Alert description "DECRYPT_ERROR" (51). Alert level: fatal. Indicates a cryptographic problem when processing a handshake message (e.g.: a keyexchange message cannot be decrypted, a signature cannot be verified, the Finished message cannot be validated).

See Also:
Constant Field Values

ALERT_EXPORT_RESTRICTION

public static final int ALERT_EXPORT_RESTRICTION
TLS protocol Alert description "EXPORT_RESTRICTION" (60). Alert level: fatal. Indicates a violation of export restrictions.

See Also:
Constant Field Values

ALERT_PROTOCOL_VERSION

public static final int ALERT_PROTOCOL_VERSION
TLS protocol Alert description "PROTOCOL_VERSION" (70). Alert level: fatal. Indicates that the protocol version suggested by the client is not supported.

See Also:
Constant Field Values

ALERT_INSUFFICIENT_SECURITY

public static final int ALERT_INSUFFICIENT_SECURITY
TLS protocol Alert description "INSUFFICIENT_SECURITY" (71). Alert level: fatal. Indicates that the server does not agree with the security level of the cipher suites suggested by the client.

See Also:
Constant Field Values

ALERT_INTERNAL_ERROR

public static final int ALERT_INTERNAL_ERROR
TLS protocol Alert description "INTERNAL_ERROR" (80). Alert level: fatal. Indicates some internal (not protocol related) error.

See Also:
Constant Field Values

ALERT_USER_CANCELED

public static final int ALERT_USER_CANCELED
TLS protocol Alert description "USER_CANCELED" (90). Alert level: warning. Indicates that the handshake has been canceled because of some (maybe user related) reason.

See Also:
Constant Field Values

ALERT_NO_RENEGOTIATION

public static final int ALERT_NO_RENEGOTIATION
TLS protocol Alert description "NO_RENEGOTIATION" (100). Alert level: fatal. Indicates that a renegotiation request received from the peer is denied.

See Also:
Constant Field Values

ALERT_UNSUPPORTED_EXTENSION

public static final int ALERT_UNSUPPORTED_EXTENSION
TLS protocol extensions Alert description "UNSUPPORTED_EXTENSION" (110). Alert level: fatal. Sent by the client if the ServerHello does contain an extension that the client did not requested in his ClientHello.

See Also:
Constant Field Values

ALERT_CERTIFICATE_UNOBTAINABLE

public static final int ALERT_CERTIFICATE_UNOBTAINABLE
TLS protocol extensions Alert description "CERTIFICATE_UNOBTAINABLE" (111). Alert level: maybe fatal. Sent by the server to indicate that he cannot obtain a certificate from the URL the client has sent within a ClientCertificateURL extension.

See Also:
Constant Field Values

ALERT_UNRECOGNIZED_NAME

public static final int ALERT_UNRECOGNIZED_NAME
TLS protocol extensions Alert description "UNRECOGNIZED_NAME" (112). Alert level: maybe fatal. Sent by the server if he does not recognize a server name included in the ServerNameList extension received from the client.

See Also:
Constant Field Values

ALERT_BAD_CERTIFICATE_STATUS_RESPONSE

public static final int ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
TLS protocol extensions Alert description "BAD_CERTIFICATE_STATUS_RESPONSE" (113). Alert level: fatal. Sent by the client if he gets an invalid ceritificate status response after having sent a CertificateStatusRequest extension.

See Also:
Constant Field Values

ALERT_BAD_CERTIFICATE_HASH_VALUE

public static final int ALERT_BAD_CERTIFICATE_HASH_VALUE
TLS protocol extensions Alert description "BAD_CERTIFICATE_HASH_VALUE" (114). Alert level: fatal. Sent by the server if a certificate hash value does not match to the corresponding value received within a ClientCertificateURL extension message.

See Also:
Constant Field Values

ALERT_UNKNOWN_PSK_IDENTITY

public static final int ALERT_UNKNOWN_PSK_IDENTITY
TLS-PSK (RFC 4279) protocol Alert description "UNKNOWN_PSK_IDENTITY" (115). Indicates that the server does not recognize the PSK identity sent by the client.

See Also:
Constant Field Values

ALERT_V2_UNDEFINED_ERROR

public static final int ALERT_V2_UNDEFINED_ERROR
SSLv2 protocol Alert description "UNDEFINED_ERROR" (0). Indicates some undefined general problem.

See Also:
Constant Field Values

ALERT_V2_NO_CIPHER

public static final int ALERT_V2_NO_CIPHER
SSLv2 protocol Alert description "NO_CIPHER" (1). Indicates that the requested cipher is not supported.

See Also:
Constant Field Values

ALERT_V2_NO_CERTIFICATE

public static final int ALERT_V2_NO_CERTIFICATE
SSLv2 protocol Alert description "NO_CERTIFICATE" (2). Sent by the client to indicate that he does not have a proper certificate to fullfill a certificate request from the server.

See Also:
Constant Field Values

ALERT_V2_BAD_CERTIFICATE

public static final int ALERT_V2_BAD_CERTIFICATE
SSLv2 protocol Alert description "BAD_CERTIFICATE" (4). Indicates that there is something wrong with the certificate received from the peer (e.g. the signature of the certificate is invalid).

See Also:
Constant Field Values

ALERT_V2_UNSUPPORTED_CERTIFICATE_TYPE

public static final int ALERT_V2_UNSUPPORTED_CERTIFICATE_TYPE
SSLv2 protocol Alert description "UNSUPPORTED_CERTIFICATE_TYPE" (6). Indicates that the certificate type is not supported.

See Also:
Constant Field Values
Constructor Detail

SSLException

public SSLException(java.lang.String string)
Constructs an SSLException with the given message.

Parameters:
string - the exception message
Method Detail

getAlertDescription

public int getAlertDescription()
Returns the alert description, if assigned to this exception. If this exception has been caused by an alert message received from the peer, this method may be used to query for the SSL/TLS protocol specific alert description (e.g. ALERT_BAD_CERTIFICATE, ALERT_HANDSHAKE_FAILURE of the alert message received from the peer:
 ...
 try {
   ...
 } catch (SSLException ex) {
   if (ex.alertFromPeer()) {
     int alertDescription = ex.getAlertDescription();
   }
 }
 
If the exception has NOT been caused by an alert received from the peer, the alert description (if set) returned by this method will indicate the description that will be sent within an alert message to the peer.

Returns:
the alert description, or -1 if no alert description has been assigned to this SSLException

getAlertLevel

public int getAlertLevel()
Returns the alert level, if assigned to this exception. If this exception has been caused by an alert message received from the peer, this method may be used to query for the SSL/TLS protocol specific alert level (ALERT_LEVEL_WARNING or ALERT_LEVEL_FATAL of the alert message received from the peer:
 ...
 try {
   ...
 } catch (SSLException ex) {
   if (ex.alertFromPeer()) {
     int alertLevel = ex.getAlertLevel();
   }
 }
 
If the exception has NOT been caused by an alert received from the peer, the alert level (if set) returned by this method will indicate the level that will be sent within an alert message to the peer.

However, although an alert may have WARNING or FATAL level, an SSLException typically may be thrown only if a FATAL alert has been received or has to be sent.

Returns:
the alert level, or -1 if no alert level has been assigned to this SSLException

alertFromPeer

public boolean alertFromPeer()
Checks whether this exception has been thrown because of an alert received from the peer.

Returns:
true if this exception is caused by an Alert received from the peer; false if an Alert is sent to the peer indicating some problem

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

iSaSiLk 5.104, (c) 2002 IAIK, (c) 2003 - 2015 SIC