Respond 502 when target SSL untrusted

Response with status code 502 and message "Target SSL Untrusted" when attempting a target connection fails for what appears to be an SSL trust issue Fixes #307
cryostatio · Oct 23, 2020 · 8fe2746 · 8fe2746
1 parent ebd97e6
commit 8fe2746
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 4 deletions.
diff --git a/.../java/com/redhat/rhjmc/containerjfr/net/web/http/AbstractAuthenticatedRequestHandler.java b/.../java/com/redhat/rhjmc/containerjfr/net/web/http/AbstractAuthenticatedRequestHandler.java
@@ -42,11 +42,14 @@
 package com.redhat.rhjmc.containerjfr.net.web.http;
 
 import java.nio.charset.StandardCharsets;
+import java.rmi.ConnectIOException;
 import java.util.Base64;
 import java.util.concurrent.Future;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import org.apache.commons.lang3.exception.ExceptionUtils;
+
 import org.openjdk.jmc.rjmx.ConnectionException;
 
 import com.redhat.rhjmc.containerjfr.core.net.Credentials;
@@ -86,9 +89,13 @@ public void handle(RoutingContext ctx) {
             Throwable cause = e.getCause();
             if (cause instanceof SecurityException) {
                 ctx.response().putHeader(JMX_AUTHENTICATE_HEADER, "Basic");
-                throw new HttpStatusException(427, e);
+                throw new HttpStatusException(427, "JMX Authentication Failure", e);
+            }
+            Throwable rootCause = ExceptionUtils.getRootCause(e);
+            if (rootCause instanceof ConnectIOException) {
+                throw new HttpStatusException(502, "Target SSL Untrusted", e);
             }
-            throw new HttpStatusException(404, e);
+            throw new HttpStatusException(500, e);
         } catch (Exception e) {
             throw new HttpStatusException(500, e.getMessage(), e);
         }

diff --git a/...a/com/redhat/rhjmc/containerjfr/net/web/http/AbstractAuthenticatedRequestHandlerTest.java b/...a/com/redhat/rhjmc/containerjfr/net/web/http/AbstractAuthenticatedRequestHandlerTest.java
@@ -43,6 +43,7 @@
 
 import static org.mockito.Mockito.when;
 
+import java.rmi.ConnectIOException;
 import java.util.concurrent.CompletableFuture;
 
 import org.hamcrest.MatcherAssert;
@@ -124,13 +125,13 @@ void shouldPropagateIfHandlerThrowsHttpStatusException() {
         }
 
         @Test
-        void shouldThrow404IfConnectionFails() {
+        void shouldThrow500IfConnectionFails() {
             Exception expectedException = new ConnectionException("");
             handler = new ThrowingAuthenticatedHandler(auth, expectedException);
 
             HttpStatusException ex =
                     Assertions.assertThrows(HttpStatusException.class, () -> handler.handle(ctx));
-            MatcherAssert.assertThat(ex.getStatusCode(), Matchers.equalTo(404));
+            MatcherAssert.assertThat(ex.getStatusCode(), Matchers.equalTo(500));
         }
 
         @Test
@@ -148,6 +149,19 @@ void shouldThrow427IfConnectionFailsDueToTargetAuth() {
             Mockito.verify(resp).putHeader("X-JMX-Authenticate", "Basic");
         }
 
+        @Test
+        void shouldThrow502IfConnectionFailsDueToSslTrust() {
+            Exception cause = new ConnectIOException("SSL trust");
+            Exception expectedException = new ConnectionException("");
+            expectedException.initCause(cause);
+            handler = new ThrowingAuthenticatedHandler(auth, expectedException);
+
+            HttpStatusException ex =
+                    Assertions.assertThrows(HttpStatusException.class, () -> handler.handle(ctx));
+            MatcherAssert.assertThat(ex.getStatusCode(), Matchers.equalTo(502));
+            MatcherAssert.assertThat(ex.getPayload(), Matchers.equalTo("Target SSL Untrusted"));
+        }
+
         @Test
         void shouldThrow500IfHandlerThrowsUnexpectedly() {
             Exception expectedException = new NullPointerException();