<fix>(build): update build for secure issues.

WeBankBlockchain · Feb 28, 2024 · c19ebfa · c19ebfa
1 parent 2a9ea8a
commit c19ebfa
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 20 deletions.
diff --git a/build.gradle b/build.gradle
@@ -139,6 +139,7 @@ dependencies {
  constraints {
  compile group: 'io.netty', name: 'netty-all', version: '4.1.77.Final'
  compile 'io.netty:netty-codec-haproxy:4.1.89.Final'
+ compile 'io.netty:netty-codec-http2:4.1.100.Final'
  compile group: 'org.fisco-bcos', name: 'tcnative', version: '2.0.51.0'
  }
 
@@ -149,7 +150,9 @@ dependencies {
  compile 'com.google.code.gson:gson:2.8.9'
  compile 'org.apache.commons:commons-lang3:3.11'
  compile 'com.fasterxml.jackson.core:jackson-databind:2.14.2' // must not lower than 2.11.0 to support abi translate
- compile 'org.springframework.boot:spring-boot-starter-actuator:2.7.18'
+ compile ('org.springframework.boot:spring-boot-starter-actuator:2.7.18'){
+ exclude group: 'org.yaml', module: 'snakeyaml'
+ }
  compile 'org.springframework.boot:spring-boot-configuration-processor:2.7.18'
  compile 'org.springframework.boot:spring-boot-starter-log4j2:2.7.18'
  compile 'org.springframework:spring-core:5.3.32'
@@ -166,6 +169,8 @@ dependencies {
  // Use JUnit test framework
  testImplementation 'junit:junit:4.13.2'
  testImplementation 'org.springframework.boot:spring-boot-starter-test:2.7.18'
+ testImplementation 'net.minidev:json-smart:2.4.9'
+ testImplementation 'com.jayway.jsonpath:json-path:2.9.0'
 }
 
 sourceSets {

diff --git a/src/main/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandler.java b/src/main/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandler.java
@@ -8,7 +8,6 @@
 import io.netty.handler.ssl.SslHandshakeCompletionEvent;
 import io.netty.handler.timeout.IdleStateEvent;
 import io.netty.util.AttributeKey;
-import javax.net.ssl.SSLPeerUnverifiedException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -59,14 +58,16 @@ public void userEventTriggered(ChannelHandlerContext ctx, Object evt) {
  logger.info(" handshake success, host: {}, ctx: {}", node, hashCode);
  try {
  getChannelHandlerCallBack().onConnect(ctx, getConnectToServer());
- } catch (SSLPeerUnverifiedException e1) {
+ } catch (Exception e1) {
  logger.warn(
  " handshake on connect exception, disconnect, host: {}, ctx: {}, cause: {}",
  node,
  hashCode,
  e1.getCause());
  ctx.disconnect();
  ctx.close();
+ throw new RuntimeException(
+ "SSLPeerUnverifiedException, handshake on connect exception", e1);
  }
  } else {
  logger.warn(

diff --git a/...ain/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandlerCallBack.java b/...ain/java/com/webank/wecross/network/p2p/netty/channel/handler/ChannelHandlerCallBack.java
@@ -61,16 +61,20 @@ private String bytesToHex(byte[] hashInBytes) {
  return sb.toString();
  }
 
- private PublicKey fetchCertificate(ChannelHandlerContext ctx)
- throws SSLPeerUnverifiedException {
+ private PublicKey fetchCertificate(ChannelHandlerContext ctx) throws Exception {
  SslHandler sslhandler = ctx.channel().pipeline().get(SslHandler.class);
-
- Certificate[] certs = sslhandler.engine().getSession().getPeerCertificates();
+ Certificate[] certs;
+ try {
+ certs = sslhandler.engine().getSession().getPeerCertificates();
+ } catch (SSLPeerUnverifiedException e) {
+ logger.error("fetchCertificate error", e);
+ throw new Exception("fetchCertificate error", e);
+ }
  logger.info(
  " ctx: {}, Certificate length: {}, pipeline sslHandlers: {}",
  Objects.hashCode(ctx),
  certs.length,
- String.valueOf(ctx.channel().pipeline().names()));
+ ctx.channel().pipeline().names());
 
  Certificate cert = certs[0];
  PublicKey publicKey = cert.getPublicKey();
@@ -91,8 +95,7 @@ private PublicKey fetchCertificate(ChannelHandlerContext ctx)
  * @return
  * @throws SSLPeerUnverifiedException
  */
- public Node channelContext2Node(ChannelHandlerContext context)
- throws SSLPeerUnverifiedException {
+ public Node channelContext2Node(ChannelHandlerContext context) throws Exception {
  if (null == context) {
  return null;
  }
@@ -105,8 +108,7 @@ public Node channelContext2Node(ChannelHandlerContext context)
  return new Node(nodeID, host, port);
  }
 
- public void onConnect(ChannelHandlerContext ctx, boolean connectToServer)
- throws SSLPeerUnverifiedException {
+ public void onConnect(ChannelHandlerContext ctx, boolean connectToServer) throws Exception {
  Node node = channelContext2Node(ctx);
  int hashCode = System.identityHashCode(ctx);
 
@@ -127,15 +129,9 @@ public void onConnect(ChannelHandlerContext ctx, boolean connectToServer)
  callBack.onConnect(ctx, node);
  } else {
  try {
- threadPool.execute(
- new Runnable() {
- @Override
- public void run() {
- callBack.onConnect(ctx, node);
- }
- });
+ threadPool.execute(() -> callBack.onConnect(ctx, node));
  } catch (TaskRejectedException e) {
- logger.warn(" TaskRejectedException: {} ", e);
+ logger.warn(" TaskRejectedException: ", e);
  callBack.onConnect(ctx, node);
  }
  }