diff options
Diffstat (limited to 'src/main/java/org/openslx/thrifthelper/TBinaryProtocolSafe.java')
-rw-r--r-- | src/main/java/org/openslx/thrifthelper/TBinaryProtocolSafe.java | 99 |
1 files changed, 82 insertions, 17 deletions
diff --git a/src/main/java/org/openslx/thrifthelper/TBinaryProtocolSafe.java b/src/main/java/org/openslx/thrifthelper/TBinaryProtocolSafe.java index 86a2306..ca2bb2c 100644 --- a/src/main/java/org/openslx/thrifthelper/TBinaryProtocolSafe.java +++ b/src/main/java/org/openslx/thrifthelper/TBinaryProtocolSafe.java @@ -1,15 +1,26 @@ package org.openslx.thrifthelper; -import java.io.UnsupportedEncodingException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.SocketAddress; +import java.net.SocketException; import java.nio.ByteBuffer; +import java.nio.charset.StandardCharsets; +import javax.net.ssl.SSLException; + +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; import org.apache.thrift.TException; import org.apache.thrift.protocol.TBinaryProtocol; import org.apache.thrift.protocol.TMessage; import org.apache.thrift.protocol.TProtocol; import org.apache.thrift.protocol.TProtocolException; import org.apache.thrift.protocol.TProtocolFactory; +import org.apache.thrift.transport.TSocket; import org.apache.thrift.transport.TTransport; +import org.apache.thrift.transport.TTransportException; +import org.apache.thrift.transport.layered.TLayeredTransport; /** * Binary protocol implementation for thrift. @@ -18,13 +29,20 @@ import org.apache.thrift.transport.TTransport; */ public class TBinaryProtocolSafe extends TBinaryProtocol { + + private final static Logger LOGGER = LogManager.getLogger( ThriftHandler.class ); + /** * Factory */ - @SuppressWarnings( "serial" ) public static class Factory implements TProtocolFactory { + /** + * Version for serialization. + */ + private static final long serialVersionUID = 6896537370338823740L; + protected boolean strictRead_ = false; protected boolean strictWrite_ = true; @@ -57,24 +75,53 @@ public class TBinaryProtocolSafe extends TBinaryProtocol public TBinaryProtocolSafe(TTransport trans, boolean strictRead, boolean strictWrite) { - super( trans ); - strictRead_ = strictRead; - strictWrite_ = strictWrite; + super( trans, maxLen, maxLen, strictRead, strictWrite ); } - /** + /* * Reading methods. */ + @Override public TMessage readMessageBegin() throws TException { - int size = readI32(); + int size; + try { + size = readI32(); + } catch ( TTransportException e ) { + // Do this to suppress certain SSL handshake errors that result from port scanning and service probing + if ( e.getCause() instanceof SSLException ) { + String m = e.getCause().getMessage(); + // We still want SSL errors that help diagnosing more specific SSL errors that relate to actual + // SSL handshake attempts, like incompatible TLS versions or ciphers. + if ( !m.contains( "Remote host terminated the handshake" ) + && !m.contains( "Unsupported or unrecognized SSL message" ) ) { + LOGGER.warn( getIp() + m ); + } + // Fake an END_OF_FILE exception, as the logException() method in the server class will + // ignore there. Let's hope it will stay ignored in the future. + throw new TTransportException( TTransportException.END_OF_FILE ); + } else if ( e.getCause() instanceof SocketException + && ( e.getCause().getMessage().contains( " timed out" ) + || e.getCause().getMessage().contains( "Connection reset" ) + || e.getCause().getMessage().contains( "Connection or inbound" ) ) ) { + // Faaaake + throw new TTransportException( TTransportException.END_OF_FILE ); + } else if ( e.getMessage().contains( "larger than max length" ) || e.getMessage().contains( "Read a negative frame size" ) ) { + // Also fake, since this one prints a whole stack trace compared to the other + // message by AbstractNonblockingServer + LOGGER.debug( e.getMessage(), e ); + throw new TTransportException( TTransportException.END_OF_FILE ); + } + throw e; + } if ( size > maxLen ) - throw new TProtocolException( TProtocolException.SIZE_LIMIT, "Payload too big." ); + throw new TProtocolException( TProtocolException.SIZE_LIMIT, getIp() + "Payload too big." ); if ( size < 0 ) { int version = size & VERSION_MASK; if ( version != VERSION_1 ) { - throw new TProtocolException( TProtocolException.BAD_VERSION, "Bad version in readMessageBegin" ); + LOGGER.warn( getIp() + "Bad version (" + version + ") in readMessageBegin" ); + throw new TTransportException( TTransportException.END_OF_FILE ); } return new TMessage( readString(), (byte) ( size & 0x000000ff ), readI32() ); } else { @@ -85,24 +132,43 @@ public class TBinaryProtocolSafe extends TBinaryProtocol } } + private String getIp() + { + TTransport t = trans_; + while ( t instanceof TLayeredTransport ) { + t = ( (TLayeredTransport)t ).getInnerTransport(); + } + InetAddress ia = null; + if ( t instanceof TSocket ) { + SocketAddress sa = ( (TSocket)t ).getSocket().getRemoteSocketAddress(); + if ( sa != null && ( sa instanceof InetSocketAddress ) ) + ia = ( (InetSocketAddress)sa ).getAddress(); + if ( ia == null ) + ia = ( (TSocket)t ).getSocket().getInetAddress(); + } else { + LOGGER.debug( "getIp(" + t.getClass().getSimpleName() + ")" ); + } + if ( ia == null ) + return ""; + return ia.getHostAddress() + ": "; + } + + @Override public String readString() throws TException { int size = readI32(); if ( size > maxLen ) throw new TProtocolException( TProtocolException.SIZE_LIMIT, "Payload too big." ); if ( trans_.getBytesRemainingInBuffer() >= size ) { - try { - String s = new String( trans_.getBuffer(), trans_.getBufferPosition(), size, "UTF-8" ); - trans_.consumeBuffer( size ); - return s; - } catch ( UnsupportedEncodingException e ) { - throw new TException( "JVM DOES NOT SUPPORT UTF-8" ); - } + String s = new String( trans_.getBuffer(), trans_.getBufferPosition(), size, StandardCharsets.UTF_8 ); + trans_.consumeBuffer( size ); + return s; } return readStringBody( size ); } + @Override public ByteBuffer readBinary() throws TException { int size = readI32(); @@ -120,4 +186,3 @@ public class TBinaryProtocolSafe extends TBinaryProtocol } } - |