Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: log + unwrap generic SSL context exceptions #405

Merged
merged 3 commits into from
Jan 26, 2021
Merged

Feat: log + unwrap generic SSL context exceptions #405

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9ae069b
Feat: log + unwrap generic SSL context exceptions
kares Jan 26, 2021
6c548cb
Refactor: also log causes at the ruby level
kares Jan 26, 2021
47e0172
Bump version + changelog entry
kares Jan 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion lib/logstash/inputs/beats.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ def new_ssl_handshake_provider(ssl_context_builder)
rescue java.lang.IllegalArgumentException => e
@logger.error("SSL configuration invalid", error_details(e))
raise LogStash::ConfigurationError, e
rescue java.security.GeneralSecurityException => e
rescue java.lang.Exception => e # java.security.GeneralSecurityException
@logger.error("SSL configuration failed", error_details(e, true))
raise e
end
Expand Down Expand Up @@ -254,6 +254,11 @@ def configuration_error(message)
def error_details(e, trace = false)
error_details = { :exception => e.class, :message => e.message }
error_details[:backtrace] = e.backtrace if trace || @logger.debug?
cause = e.cause
if cause && e != cause
error_details[:cause] = { :exception => cause.class, :message => cause.message }
error_details[:cause][:backtrace] = cause.backtrace if trace || @logger.debug?
end
error_details
end

Expand Down
20 changes: 18 additions & 2 deletions src/main/java/org/logstash/netty/SslContextBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import org.apache.logging.log4j.Logger;

import javax.crypto.Cipher;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocketFactory;
import java.io.File;
import java.io.FileInputStream;
Expand Down Expand Up @@ -141,7 +142,7 @@ public File getSslCertificateFile() {
return sslCertificateFile;
}

public SslContext buildContext() throws IOException, CertificateException {
public SslContext buildContext() throws Exception {
io.netty.handler.ssl.SslContextBuilder builder = io.netty.handler.ssl.SslContextBuilder.forServer(sslCertificateFile, sslKeyFile, passPhrase);

if (logger.isDebugEnabled()) {
Expand All @@ -167,7 +168,22 @@ public SslContext buildContext() throws IOException, CertificateException {
builder.clientAuth(ClientAuth.NONE);
}
builder.protocols(protocols);
return builder.build();

try {
return builder.build();
} catch (SSLException e) {
logger.debug("Failed to initialize SSL", e);
// unwrap generic wrapped exception from Netty's JdkSsl{Client|Server}Context
if ("failed to initialize the server-side SSL context".equals(e.getMessage()) ||
"failed to initialize the client-side SSL context".equals(e.getMessage())) {
// Netty catches Exception and simply wraps: throw new SSLException("...", e);
if (e.getCause() instanceof Exception) throw (Exception) e.getCause();
}
throw e;
} catch (Exception e) {
logger.debug("Failed to initialize SSL", e);
throw e;
}
}

private X509Certificate[] loadCertificateCollection(String[] certificates) throws IOException, CertificateException {
Expand Down