[geode] branch develop updated: GEODE-7917: change thrown exception type for SSL to IOException (#4858)

Mon, 06 Apr 2020 11:39:26 -0700 

This is an automated email from the ASF dual-hosted git repository.

mivanac pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode.git


The following commit(s) were added to refs/heads/develop by this push:
     new 552cdea  GEODE-7917: change thrown exception type for SSL to 
IOException (#4858)
552cdea is described below

commit 552cdead5664c0b004094a136d9c419983ff38a9
Author: Mario Ivanac <[email protected]>
AuthorDate: Mon Apr 6 20:38:28 2020 +0200

    GEODE-7917: change thrown exception type for SSL to IOException (#4858)
    
    * GEODE-7917: Change exception type to IOException when caused by 
EOFException
    
    * GEODE-7917: added test
    
    * GEODE-7917: update after comments
---
 .../tcpserver/TCPClientSSLIntegrationTest.java     | 49 ++++++++++++++++++++++
 .../distributed/internal/tcpserver/TcpClient.java  |  8 ++++
 2 files changed, 57 insertions(+)

diff --git 
a/geode-core/src/integrationTest/java/org/apache/geode/distributed/internal/tcpserver/TCPClientSSLIntegrationTest.java
 
b/geode-core/src/integrationTest/java/org/apache/geode/distributed/internal/tcpserver/TCPClientSSLIntegrationTest.java
index ece03ca..8ab0a8e 100644
--- 
a/geode-core/src/integrationTest/java/org/apache/geode/distributed/internal/tcpserver/TCPClientSSLIntegrationTest.java
+++ 
b/geode-core/src/integrationTest/java/org/apache/geode/distributed/internal/tcpserver/TCPClientSSLIntegrationTest.java
@@ -18,8 +18,10 @@ import static 
org.apache.geode.security.SecurableCommunicationChannels.LOCATOR;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.Mockito.when;
 
+import java.io.EOFException;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.security.GeneralSecurityException;
@@ -77,6 +79,25 @@ public class TCPClientSSLIntegrationTest {
     SocketCreatorFactory.close();
   }
 
+  private void startServerWithCertificate()
+      throws GeneralSecurityException, IOException {
+
+    CertificateMaterial serverCertificate = new CertificateBuilder()
+        .commonName("tcp-server")
+        .issuedBy(ca)
+        .sanDnsName(InetAddress.getLocalHost().getHostName())
+        .generate();
+
+    CertStores serverStore = CertStores.locatorStore();
+    serverStore.withCertificate("server", serverCertificate);
+    serverStore.trust("ca", ca);
+
+    Properties serverProperties = serverStore
+        .propertiesWith(LOCATOR, true, true);
+
+    startTcpServer(serverProperties);
+  }
+
   private void startServerAndClient(CertificateMaterial serverCertificate,
       CertificateMaterial clientCertificate, boolean enableHostNameValidation)
       throws GeneralSecurityException, IOException {
@@ -216,4 +237,32 @@ public class TCPClientSSLIntegrationTest {
             + localhost.getHostName() + " found.");
   }
 
+  @Test
+  public void clientFailsToConnectIfRemotePeerShutdowns() throws Exception, 
SSLHandshakeException {
+
+    startServerWithCertificate();
+
+    SocketCreator socketCreator = Mockito.mock(SocketCreator.class);
+    ClusterSocketCreator ssc = Mockito.mock(ClusterSocketCreator.class);
+
+    Exception eofexc = new EOFException("SSL peer shut down incorrectly");
+    Exception sslexc = new SSLHandshakeException("Remote host terminated the 
handshake");
+    sslexc.initCause(eofexc);
+
+    when(socketCreator.forCluster())
+        .thenReturn(ssc);
+    when(ssc.connect(any(), anyInt(), any(), any()))
+        .thenThrow(sslexc);
+
+    client = new TcpClient(socketCreator,
+        InternalDataSerializer.getDSFIDSerializer().getObjectSerializer(),
+        InternalDataSerializer.getDSFIDSerializer().getObjectDeserializer(),
+        TcpSocketFactory.DEFAULT);
+
+    assertThatExceptionOfType(IOException.class)
+        .isThrownBy(() -> client.requestToServer(new 
HostAndPort(localhost.getHostName(), port),
+            Boolean.valueOf(false), 5 * 1000))
+        .withCauseInstanceOf(SSLHandshakeException.class)
+        .withStackTraceContaining("Remote host terminated the handshake");
+  }
 }
diff --git 
a/geode-tcp-server/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
 
b/geode-tcp-server/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
index 64cbb2f..b5e8d91 100644
--- 
a/geode-tcp-server/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
+++ 
b/geode-tcp-server/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
@@ -29,6 +29,7 @@ import java.util.function.LongSupplier;
 import java.util.function.Supplier;
 
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLHandshakeException;
 
 import org.apache.logging.log4j.Logger;
 
@@ -255,6 +256,13 @@ public class TcpClient {
     try {
       sock = socketCreator.forCluster().connect(addr, timeout, null, 
socketFactory);
       sock.setSoTimeout(timeout);
+    } catch (SSLHandshakeException e) {
+      if ((e.getCause() instanceof EOFException)
+          && (e.getCause().getMessage().contains("SSL peer shut down 
incorrectly"))) {
+        throw new IOException("Remote host terminated the handshake", e);
+      } else {
+        throw new IllegalStateException("Unable to form SSL connection", e);
+      }
     } catch (SSLException e) {
       throw new IllegalStateException("Unable to form SSL connection", e);
     }

Reply via email to