From 4f5bd7a4b476fe2d32a2591689d01afc8f87403b Mon Sep 17 00:00:00 2001 From: kyonRay Date: Tue, 27 Feb 2024 22:50:45 +0800 Subject: [PATCH] (build): update build for secure issues. --- build.gradle | 6 +++- .../netty/channel/handler/ChannelHandler.java | 5 ++-- .../handler/ChannelHandlerCallBack.java | 30 ++++++++----------- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/build.gradle b/build.gradle index 08dbbc3cd..ea5a92f8d 100644 --- a/build.gradle +++ b/build.gradle @@ -149,7 +149,9 @@ dependencies { compile 'com.google.code.gson:gson:2.8.9' compile 'org.apache.commons:commons-lang3:3.11' compile 'com.fasterxml.jackson.core:jackson-databind:2.14.2' // must not lower than 2.11.0 to support abi translate - compile 'org.springframework.boot:spring-boot-starter-actuator:2.7.18' + compile ('org.springframework.boot:spring-boot-starter-actuator:2.7.18'){ + exclude group: 'org.yaml', module: 'snakeyaml' + } compile 'org.springframework.boot:spring-boot-configuration-processor:2.7.18' compile 'org.springframework.boot:spring-boot-starter-log4j2:2.7.18' compile 'org.springframework:spring-core:5.3.32' @@ -166,6 +168,8 @@ dependencies { // Use JUnit test framework testImplementation 'junit:junit:4.13.2' testImplementation 'org.springframework.boot:spring-boot-starter-test:2.7.18' + testImplementation 'net.minidev:json-smart:2.4.9' + testImplementation 'com.jayway.jsonpath:json-path:2.9.0' } sourceSets { diff --git a/src/main/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandler.java b/src/main/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandler.java index 3b5393898..63d24a3a8 100644 --- a/src/main/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandler.java +++ b/src/main/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandler.java @@ -8,7 +8,6 @@ import io.netty.handler.ssl.SslHandshakeCompletionEvent; import io.netty.handler.timeout.IdleStateEvent; import io.netty.util.AttributeKey; -import javax.net.ssl.SSLPeerUnverifiedException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -59,7 +58,7 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt) { logger.info(" handshake success, host: {}, ctx: {}", node, hashCode); try { getChannelHandlerCallBack().onConnect(ctx, getConnectToServer()); - } catch (SSLPeerUnverifiedException e1) { + } catch (Exception e1) { logger.warn( " handshake on connect exception, disconnect, host: {}, ctx: {}, cause: {}", node, @@ -67,6 +66,8 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt) { e1.getCause()); ctx.disconnect(); ctx.close(); + throw new RuntimeException( + "SSLPeerUnverifiedException, handshake on connect exception", e1); } } else { logger.warn( diff --git a/src/main/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandlerCallBack.java b/src/main/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandlerCallBack.java index 8a01439fd..7839a0c23 100644 --- a/src/main/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandlerCallBack.java +++ b/src/main/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandlerCallBack.java @@ -61,16 +61,20 @@ private String bytesToHex(byte[] hashInBytes) { return sb.toString(); } - private PublicKey fetchCertificate(ChannelHandlerContext ctx) - throws SSLPeerUnverifiedException { + private PublicKey fetchCertificate(ChannelHandlerContext ctx) throws Exception { SslHandler sslhandler = ctx.channel().pipeline().get(SslHandler.class); - - Certificate[] certs = sslhandler.engine().getSession().getPeerCertificates(); + Certificate[] certs; + try { + certs = sslhandler.engine().getSession().getPeerCertificates(); + } catch (SSLPeerUnverifiedException e) { + logger.error("fetchCertificate error", e); + throw new Exception("fetchCertificate error", e); + } logger.info( " ctx: {}, Certificate length: {}, pipeline sslHandlers: {}", Objects.hashCode(ctx), certs.length, - String.valueOf(ctx.channel().pipeline().names())); + ctx.channel().pipeline().names()); Certificate cert = certs[0]; PublicKey publicKey = cert.getPublicKey(); @@ -91,8 +95,7 @@ private PublicKey fetchCertificate(ChannelHandlerContext ctx) * @return * @throws SSLPeerUnverifiedException */ - public Node channelContext2Node(ChannelHandlerContext context) - throws SSLPeerUnverifiedException { + public Node channelContext2Node(ChannelHandlerContext context) throws Exception { if (null == context) { return null; } @@ -105,8 +108,7 @@ public Node channelContext2Node(ChannelHandlerContext context) return new Node(nodeID, host, port); } - public void onConnect(ChannelHandlerContext ctx, boolean connectToServer) - throws SSLPeerUnverifiedException { + public void onConnect(ChannelHandlerContext ctx, boolean connectToServer) throws Exception { Node node = channelContext2Node(ctx); int hashCode = System.identityHashCode(ctx); @@ -127,15 +129,9 @@ public void onConnect(ChannelHandlerContext ctx, boolean connectToServer) callBack.onConnect(ctx, node); } else { try { - threadPool.execute( - new Runnable() { - @Override - public void run() { - callBack.onConnect(ctx, node); - } - }); + threadPool.execute(() -> callBack.onConnect(ctx, node)); } catch (TaskRejectedException e) { - logger.warn(" TaskRejectedException: {} ", e); + logger.warn(" TaskRejectedException: ", e); callBack.onConnect(ctx, node); } }