diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-01-18 15:46:42 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-01-18 15:53:55 +0100 |
commit | c9a0fa7f4d60494dc5bd12ab1420172e5cc76f17 (patch) | |
tree | f43ea28007474c27f774e6d85a2ae258e481d61f /jdisc_http_service/src/main/java/com/yahoo/jdisc/http | |
parent | ac973890ba77c0014c2256f4c515a9d675c78b66 (diff) |
Add SSL handshake failure to connection log
Diffstat (limited to 'jdisc_http_service/src/main/java/com/yahoo/jdisc/http')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java index e7930334681..9a846399f5f 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/JettyConnectionLogger.java @@ -20,6 +20,7 @@ import javax.net.ssl.ExtendedSSLSession; import javax.net.ssl.SNIHostName; import javax.net.ssl.SNIServerName; import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; import javax.net.ssl.StandardConstants; @@ -157,9 +158,10 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List @Override public void handshakeFailed(Event event, Throwable failure) { SSLEngine sslEngine = event.getSSLEngine(); - handleListenerInvocation("SslHandshakeListener", "handshakeFailed", "sslEngine=%h", List.of(sslEngine), () -> { - sslToConnectionInfo.remove(sslEngine); - // TODO Store details on failed ssl handshake + handleListenerInvocation("SslHandshakeListener", "handshakeFailed", "sslEngine=%h,failure=%s", List.of(sslEngine, failure), () -> { + log.log(Level.FINE, failure, failure::toString); + ConnectionInfo info = sslToConnectionInfo.remove(sslEngine); + info.setSslHandshakeFailure((SSLHandshakeException)failure); }); } // @@ -215,6 +217,9 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List private Date sslPeerNotBefore; private Date sslPeerNotAfter; private List<SNIServerName> sslSniServerNames; + private String sslHandshakeFailureException; + private String sslHandshakeFailureMessage; + private String sslHandshakeFailureType; private ConnectionInfo(UUID uuid, long createdAt, InetSocketAddress localAddress, InetSocketAddress peerAddress) { this.uuid = uuid; @@ -263,6 +268,15 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List return this; } + synchronized ConnectionInfo setSslHandshakeFailure(SSLHandshakeException exception) { + this.sslHandshakeFailureException = exception.getClass().getName(); + this.sslHandshakeFailureMessage = exception.getMessage(); + this.sslHandshakeFailureType = SslHandshakeFailure.fromSslHandshakeException(exception) + .map(SslHandshakeFailure::failureType) + .orElse("UNKNOWN"); + return this; + } + synchronized ConnectionLogEntry toLogEntry() { ConnectionLogEntry.Builder builder = ConnectionLogEntry.builder(uuid, Instant.ofEpochMilli(createdAt)); if (httpBytesReceived >= 0) { @@ -302,6 +316,11 @@ class JettyConnectionLogger extends AbstractLifeCycle implements Connection.List .withSslPeerNotAfter(sslPeerNotAfter.toInstant()) .withSslPeerNotBefore(sslPeerNotBefore.toInstant()); } + if (sslHandshakeFailureException != null && sslHandshakeFailureMessage != null && sslHandshakeFailureType != null) { + builder.withSslHandshakeFailureException(sslHandshakeFailureException) + .withSslHandshakeFailureMessage(sslHandshakeFailureMessage) + .withSslHandshakeFailureType(sslHandshakeFailureType); + } return builder.build(); } |