This is an automated email from the ASF dual-hosted git repository. mivanac pushed a commit to branch develop in repository https://gitbox.apache.org/repos/asf/geode.git
The following commit(s) were added to refs/heads/develop by this push: new 552cdea GEODE-7917: change thrown exception type for SSL to IOException (#4858) 552cdea is described below commit 552cdead5664c0b004094a136d9c419983ff38a9 Author: Mario Ivanac <48509724+miva...@users.noreply.github.com> AuthorDate: Mon Apr 6 20:38:28 2020 +0200 GEODE-7917: change thrown exception type for SSL to IOException (#4858) * GEODE-7917: Change exception type to IOException when caused by EOFException * GEODE-7917: added test * GEODE-7917: update after comments --- .../tcpserver/TCPClientSSLIntegrationTest.java | 49 ++++++++++++++++++++++ .../distributed/internal/tcpserver/TcpClient.java | 8 ++++ 2 files changed, 57 insertions(+) diff --git a/geode-core/src/integrationTest/java/org/apache/geode/distributed/internal/tcpserver/TCPClientSSLIntegrationTest.java b/geode-core/src/integrationTest/java/org/apache/geode/distributed/internal/tcpserver/TCPClientSSLIntegrationTest.java index ece03ca..8ab0a8e 100644 --- a/geode-core/src/integrationTest/java/org/apache/geode/distributed/internal/tcpserver/TCPClientSSLIntegrationTest.java +++ b/geode-core/src/integrationTest/java/org/apache/geode/distributed/internal/tcpserver/TCPClientSSLIntegrationTest.java @@ -18,8 +18,10 @@ import static org.apache.geode.security.SecurableCommunicationChannels.LOCATOR; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyInt; import static org.mockito.Mockito.when; +import java.io.EOFException; import java.io.IOException; import java.net.InetAddress; import java.security.GeneralSecurityException; @@ -77,6 +79,25 @@ public class TCPClientSSLIntegrationTest { SocketCreatorFactory.close(); } + private void startServerWithCertificate() + throws GeneralSecurityException, IOException { + + CertificateMaterial serverCertificate = new CertificateBuilder() + .commonName("tcp-server") + .issuedBy(ca) + .sanDnsName(InetAddress.getLocalHost().getHostName()) + .generate(); + + CertStores serverStore = CertStores.locatorStore(); + serverStore.withCertificate("server", serverCertificate); + serverStore.trust("ca", ca); + + Properties serverProperties = serverStore + .propertiesWith(LOCATOR, true, true); + + startTcpServer(serverProperties); + } + private void startServerAndClient(CertificateMaterial serverCertificate, CertificateMaterial clientCertificate, boolean enableHostNameValidation) throws GeneralSecurityException, IOException { @@ -216,4 +237,32 @@ public class TCPClientSSLIntegrationTest { + localhost.getHostName() + " found."); } + @Test + public void clientFailsToConnectIfRemotePeerShutdowns() throws Exception, SSLHandshakeException { + + startServerWithCertificate(); + + SocketCreator socketCreator = Mockito.mock(SocketCreator.class); + ClusterSocketCreator ssc = Mockito.mock(ClusterSocketCreator.class); + + Exception eofexc = new EOFException("SSL peer shut down incorrectly"); + Exception sslexc = new SSLHandshakeException("Remote host terminated the handshake"); + sslexc.initCause(eofexc); + + when(socketCreator.forCluster()) + .thenReturn(ssc); + when(ssc.connect(any(), anyInt(), any(), any())) + .thenThrow(sslexc); + + client = new TcpClient(socketCreator, + InternalDataSerializer.getDSFIDSerializer().getObjectSerializer(), + InternalDataSerializer.getDSFIDSerializer().getObjectDeserializer(), + TcpSocketFactory.DEFAULT); + + assertThatExceptionOfType(IOException.class) + .isThrownBy(() -> client.requestToServer(new HostAndPort(localhost.getHostName(), port), + Boolean.valueOf(false), 5 * 1000)) + .withCauseInstanceOf(SSLHandshakeException.class) + .withStackTraceContaining("Remote host terminated the handshake"); + } } diff --git a/geode-tcp-server/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java b/geode-tcp-server/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java index 64cbb2f..b5e8d91 100644 --- a/geode-tcp-server/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java +++ b/geode-tcp-server/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java @@ -29,6 +29,7 @@ import java.util.function.LongSupplier; import java.util.function.Supplier; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLHandshakeException; import org.apache.logging.log4j.Logger; @@ -255,6 +256,13 @@ public class TcpClient { try { sock = socketCreator.forCluster().connect(addr, timeout, null, socketFactory); sock.setSoTimeout(timeout); + } catch (SSLHandshakeException e) { + if ((e.getCause() instanceof EOFException) + && (e.getCause().getMessage().contains("SSL peer shut down incorrectly"))) { + throw new IOException("Remote host terminated the handshake", e); + } else { + throw new IllegalStateException("Unable to form SSL connection", e); + } } catch (SSLException e) { throw new IllegalStateException("Unable to form SSL connection", e); }