org.elasticsearch.xpack.core.security.transport.SSLExceptionHelper Maven / Gradle / Ivy
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
package org.elasticsearch.xpack.core.security.transport;
import io.netty.handler.codec.DecoderException;
import io.netty.handler.ssl.NotSslRecordException;
import org.elasticsearch.common.regex.Regex;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
public class SSLExceptionHelper {
private SSLExceptionHelper() {
}
public static boolean isNotSslRecordException(Throwable e) {
return e instanceof DecoderException &&
e.getCause() instanceof NotSslRecordException;
}
public static boolean isCloseDuringHandshakeException(Throwable e) {
return isCloseDuringHandshakeSSLException(e)
|| isCloseDuringHandshakeSSLException(e.getCause());
}
private static boolean isCloseDuringHandshakeSSLException(Throwable e) {
return e instanceof SSLException
&& e.getCause() == null
&& "Received close_notify during handshake".equals(e.getMessage());
}
public static boolean isReceivedCertificateUnknownException(Throwable e) {
return e instanceof DecoderException
&& e.getCause() instanceof SSLException
&& "Received fatal alert: certificate_unknown".equals(e.getCause().getMessage());
}
public static boolean isInsufficientBufferRemainingException(Throwable e) {
return e instanceof DecoderException
&& e.getCause() instanceof SSLHandshakeException
&& Regex.simpleMatch("Insufficient buffer remaining for AEAD cipher fragment*", e.getCause().getMessage());
}
}