@Override public RingHandler error(SelectionKey key, int status, String message, Object data, Throwable e) { log.error("Error: " + message + " '" + data + "'", e); HttpProtocolHandler.errorResponse(config, key, 500, message); return this; } }
private void setup() { setupKeyStore(); setupTrustStore(); try { context = SSLContext.getInstance("TLS"); context.init(keyManagers, trustManagers, null); } catch (Exception e) { log.error("Cannot initialize TLS context", e); } }
private void setupKeyStore() { String keyStorePath = props.getProperty("keystore"); if (keyStorePath != null) { File keyStoreFile = new File(keyStorePath); if (!keyStoreFile.exists()) { log.error("Cannot initialize TLS: file " + keyStorePath + " is missing."); return; } String keyStorePass = props.getProperty("keystore.pass", "changeit"); InputStream is = null; try { KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); is = new FileInputStream(keyStoreFile); keystore.load(is, keyStorePass.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keystore, keyStorePass.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keystore); keyManagers = kmf.getKeyManagers(); trustManagers = tmf.getTrustManagers(); } catch (Exception e) { log.error("Cannot load TLS key file: " + keyStorePath, e); } finally { NetkitUtil.close(is); } } }
log.error("Cannot initialize TLS for client : file " + trustStorePath + " is missing. Service will not start."); return; localTS.load(is, trustStorePass.toCharArray()); } catch (IOException e) { log.error("Cannot load trust store file " + trustStoreFile, e); return; } finally { log.error("Cannot initialize TLS: either default or local trust manager is null."); return; log.error("Trust store did not configure properly", e);
protected void connect(SelectionKey key) { NetCtx atta = NetCtx.fromKey(key); NetRequest req = (NetRequest)atta.getInput(); try { boolean connected = atta.getChannel().finishConnect(); if (connected) { // TODO key.interestOps(OP_WRITE|OP_READ); // TODO if TLS enabled, begin handshake here ... req.sendRequest(key, this); } } catch (IOException e) { // TODO notify client that connection failed, or retry log.error("Cannot finish connect for " + req, e); } }
break; case BUFFER_OVERFLOW: log.error("at sslEncode(), BUFFER_OVERFLOW should not happen"); clientClose(key); tctx.setSslState(ERROR); break; case BUFFER_UNDERFLOW: log.error("at sslEncode(), BUFFER_UNDERFLOW should not happen"); clientClose(key); tctx.setSslState(ERROR); break; default: log.error("at sslEncode(), illegal status:" + result.getStatus()); clientClose(key); tctx.setSslState(ERROR); log.error("at sslEncode()", e); clientClose(key); tctx.setSslState(ERROR);
protected void accept(SelectionKey key) { ServerSocketChannel ch = (ServerSocketChannel) key.channel(); SocketChannel s; try { while ((s = ch.accept()) != null) { long t0 = evtAccepts.time(); s.configureBlocking(false); NetCtx atta = ctxFactory.create(s, null,this); s.register(selector, OP_READ, atta); log.traceNio(key, "accept()", "AFTER"); if (sslContext != null) { TlsContext tctx = new TlsContext(); tctx.setSslEngine(sslContext.createSSLEngine()); tctx.getSslEngine().setUseClientMode(false); tctx.getSslEngine().beginHandshake(); tctx.setSslState(HANDSHAKE); atta.setTlsContext(tctx); log.traceNio(key, "accept()", "SSL"); } evtAccepts.call(t0); } } catch (Exception e) { // eg: too many open files. do not quit log.error("accept incoming request", e); evtAccepts.error(); } }
break; case BUFFER_OVERFLOW: log.error("at sslDataRead: BUFFER_OVERFLOW should not happen"); clientClose(key); tctx.setSslState(ERROR); break; default: log.error("illegal state: " + result.getStatus()); clientClose(key); tctx.setSslState(ERROR); log.error("at sslDataRead(): key=" + key + ", sslState=" + tctx.getSslState(), e); clientClose(key);
handshakeStatus = result.getHandshakeStatus(); } catch (SSLException e) { log.error("at sslHandshake / unwrap", e); engine.closeOutbound(); handshakeStatus = engine.getHandshakeStatus(); return; } catch (IOException e) { log.error("at sslHandshake", e); clientClose(key); tctx.setSslState(ERROR); log.error("SSL engine unexpectedly closed."); clientClose(key); tctx.setSslState(ERROR); log.error("sslHandshake: illegal state"); clientClose(key); handshakeStatus = result.getHandshakeStatus(); } catch (IOException e) { log.error("at sslHandshake, wrap() failed", e); engine.closeOutbound(); handshakeStatus = engine.getHandshakeStatus(); break; case BUFFER_UNDERFLOW: log.error("at sslHandshake, BUFFER_UNDERFLOW or BUFFER_OVERFLOW should not happen at write"); clientClose(key);
log.error("http server loop error, should not happen", e); evtLoops.error(t0);
output.finish(key); } catch (Exception e) { log.error("Error handling request: " + req, e); output.error(key, 500, "internal error", req, e);