Merge pull request #24 from FusionAuth/degroff/client-handshake-exception

Try and debug log more client exceptions

Author: robotdan

README.md

@@ -12,20 +12,20 @@ To add this library to your project, you can include this dependency in your Mav
 <dependency>
   <groupId>io.fusionauth</groupId>
   <artifactId>java-http</artifactId>
-  <version>0.3.3</version>
+  <version>0.3.4</version>
 </dependency>
 ```
 
 If you are using Gradle, you can add this to your build file:
 
 ```groovy
-implementation 'io.fusionauth:java-http:0.3.3'
+implementation 'io.fusionauth:java-http:0.3.4'
 ```
 
 If you are using Savant, you can add this to your build file:
 
 ```groovy
-dependency(id: "io.fusionauth:java-http:0.3.3")
+dependency(id: "io.fusionauth:java-http:0.3.4")
 ```
 
 ## Examples Usages:

build.savant

@@ -17,7 +17,7 @@ jackson5Version = "3.0.1"
  restifyVersion = "4.2.1"
 testngVersion = "7.8.0"
 
-project(group: "io.fusionauth", name: "java-http", version: "0.3.3", licenses: ["ApacheV2_0"]) {
+project(group: "io.fusionauth", name: "java-http", version: "0.3.4", licenses: ["ApacheV2_0"]) {
   workflow {
     fetch {
       // Dependency resolution order:

pom.xml

@@ -2,7 +2,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>io.fusionauth</groupId>
   <artifactId>java-http</artifactId>
-  <version>0.3.3</version>
+  <version>0.3.4</version>
   <packaging>jar</packaging>
 
   <name>Java HTTP library (client and server)</name>
@@ -178,4 +178,4 @@
       </build>
     </profile>
   </profiles>
-</project>
+</project>

src/main/java/io/fusionauth/http/ClientSSLHandshakeException.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2024, FusionAuth, All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+package io.fusionauth.http;
+
+import javax.net.ssl.SSLException;
+
+import io.fusionauth.http.server.HTTPS11Processor.HTTPSState;
+
+/**
+ * An SSLException that is most likely caused by the client.
+ *
+ * @author Daniel DeGroff
+ */
+public class ClientSSLHandshakeException extends SSLException {
+  public ClientSSLHandshakeException(HTTPSState state, SSLException e) {
+    super("An SSLException was thrown during a TLS handshake. HTTP processor state [" + state + "]", e);
+  }
+}

src/main/java/io/fusionauth/http/server/HTTPS11Processor.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, FusionAuth, All Rights Reserved
+ * Copyright (c) 2022-2024, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@
 import java.nio.channels.SelectionKey;
 import java.security.GeneralSecurityException;
 
+import io.fusionauth.http.ClientSSLHandshakeException;
 import io.fusionauth.http.ParseException;
 import io.fusionauth.http.log.Logger;
 import io.fusionauth.http.security.SecurityTools;
@@ -161,7 +162,11 @@ public ProcessorState read(ByteBuffer buffer) throws IOException {
     }
 
     if (state == HTTPSState.HandshakeRead || state == HTTPSState.HandshakeWrite) {
-      state = handshake();
+      try {
+        state = handshake();
+      } catch (SSLException e) {
+        throw new ClientSSLHandshakeException(state, e);
+      }
 
       if (handshakeData.hasRemaining()) {
         // This shouldn't happen, but let's resize just in case
@@ -271,7 +276,11 @@ public ByteBuffer[] writeBuffers() throws IOException {
     }
 
     if (state == HTTPSState.HandshakeRead || state == HTTPSState.HandshakeWrite) {
-      state = handshake();
+      try {
+        state = handshake();
+      } catch (SSLException e) {
+        throw new ClientSSLHandshakeException(state, e);
+      }
     } else {
       encrypt();
     }

src/main/java/io/fusionauth/http/server/HTTPServerThread.java

@@ -15,7 +15,6 @@
  */
 package io.fusionauth.http.server;
 
-import javax.net.ssl.SSLHandshakeException;
 import java.io.Closeable;
 import java.io.IOException;
 import java.net.InetSocketAddress;
@@ -31,6 +30,7 @@
 import java.util.Map;
 
 import io.fusionauth.http.ClientAbortException;
+import io.fusionauth.http.ClientSSLHandshakeException;
 import io.fusionauth.http.ParseException;
 import io.fusionauth.http.log.Logger;
 import io.fusionauth.http.util.ThreadPool;
@@ -171,8 +171,8 @@ public void run() {
         }
 
         cancelAndCloseKey(key);
-      } catch (ClientAbortException | SSLHandshakeException e) {
-        // A client abort exception or SSLHandshakeException are common and should not be error logged.
+      } catch (ClientAbortException | ClientSSLHandshakeException e) {
+        // A client abort exception or client handshake exception are common and should not be error logged.
         logger.debug("A client related exception was thrown during processing", e);
         cancelAndCloseKey(key);
       } catch (Throwable t) {