diff --git a/src/main/java/org/elasticsearch/http/netty/VisibleNettyHttpServerTransport.java b/src/main/java/org/elasticsearch/http/netty/VisibleNettyHttpServerTransport.java new file mode 100644 index 00000000000..f8424ede6fe --- /dev/null +++ b/src/main/java/org/elasticsearch/http/netty/VisibleNettyHttpServerTransport.java @@ -0,0 +1,31 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.http.netty; + +import org.elasticsearch.common.netty.channel.ChannelHandlerContext; +import org.elasticsearch.common.netty.channel.ExceptionEvent; +import org.elasticsearch.common.network.NetworkService; +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.util.BigArrays; + +/** + * Makes the exceptionCaught method of {@link org.elasticsearch.http.netty.NettyHttpServerTransport} visible + * to overriding classes. + * + * TODO: Fix core to make methods protected instead of package private and remove this class + */ +public class VisibleNettyHttpServerTransport extends NettyHttpServerTransport { + + public VisibleNettyHttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays) { + super(settings, networkService, bigArrays); + } + + @Override + protected void exceptionCaught(ChannelHandlerContext ctx, ExceptionEvent e) throws Exception { + super.exceptionCaught(ctx, e); + } + +} diff --git a/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java b/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java index 7512982c6e9..fe2452f39cb 100644 --- a/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java +++ b/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java @@ -6,13 +6,17 @@ package org.elasticsearch.shield.transport.netty; import org.elasticsearch.common.inject.Inject; +import org.elasticsearch.common.netty.channel.ChannelHandlerContext; import org.elasticsearch.common.netty.channel.ChannelPipeline; import org.elasticsearch.common.netty.channel.ChannelPipelineFactory; +import org.elasticsearch.common.netty.channel.ExceptionEvent; +import org.elasticsearch.common.netty.handler.ssl.NotSslRecordException; import org.elasticsearch.common.netty.handler.ssl.SslHandler; import org.elasticsearch.common.network.NetworkService; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.http.netty.NettyHttpServerTransport; +import org.elasticsearch.http.netty.VisibleNettyHttpServerTransport; import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.shield.transport.filter.IPFilter; @@ -21,7 +25,7 @@ import javax.net.ssl.SSLEngine; /** * */ -public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport { +public class ShieldNettyHttpServerTransport extends VisibleNettyHttpServerTransport { private final IPFilter ipFilter; private final ServerSSLService sslService; @@ -36,6 +40,20 @@ public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport { this.sslService = sslService; } + @Override + protected void exceptionCaught(ChannelHandlerContext ctx, ExceptionEvent e) throws Exception { + if (e.getCause() instanceof NotSslRecordException) { + if (logger.isTraceEnabled()) { + logger.trace("received plaintext http traffic on a https channel, closing connection {}", e.getCause(), ctx.getChannel()); + } else { + logger.warn("received plaintext http traffic on a https channel, closing connection {}", ctx.getChannel()); + } + ctx.getChannel().close(); + } else { + super.exceptionCaught(ctx, e); + } + } + @Override public ChannelPipelineFactory configureServerChannelPipelineFactory() { return new HttpSslChannelPipelineFactory(this);