Move check to TcpDiscoverySpi

apache · Jul 15, 2024 · d922e3a · d922e3a
1 parent 38ae037
commit d922e3a
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 26 deletions.
diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
@@ -1457,16 +1457,13 @@ else if (U.millisSinceNanos(joinStartNanos) > spi.joinTimeout)
             joinReqSent = false;
 
             boolean openSock = false;
-            boolean writeSock = false;
 
             Socket sock = null;
 
             try {
                 long tsNanos = System.nanoTime();
 
-                sock = spi.createSocket();
-
-                spi.openSocket(sock, addr, timeoutHelper);
+                sock = spi.openSocket(addr, timeoutHelper);
 
                 openSock = true;
 
@@ -1475,8 +1472,6 @@ else if (U.millisSinceNanos(joinStartNanos) > spi.joinTimeout)
                 // Handshake.
                 spi.writeToSocket(sock, req, timeoutHelper.nextTimeoutChunk(spi.getSocketTimeout()));
 
-                writeSock = true;
-
                 TcpDiscoveryHandshakeResponse res = spi.readMessage(sock, null, timeoutHelper.nextTimeoutChunk(
                     ackTimeout0));
 
@@ -1584,23 +1579,6 @@ else if (U.millisSinceNanos(joinStartNanos) > spi.joinTimeout)
                     break;
                 }
 
-                // Connection might fail on writing open header or a message to the socket.
-                // It usually happens due to a recipient closes the connection on SSL handshake.
-                // Check it by reading an error from the socket input stream.
-                if (spi.sslEnable && !writeSock && X.hasCause(e, SocketException.class)) {
-                    try {
-                        spi.readReceipt(sock, ackTimeout0);
-                    }
-                    catch (SSLException sslEx) {
-                        throw new IgniteException("Unable to establish secure connection. " +
-                            "SSL handshake failed [rmtAddr=" + addr + ", errMsg=\"" + sslEx.getMessage() + "\"]", sslEx);
-                    }
-                    catch (Exception other) {
-                        if (log.isDebugEnabled())
-                            log.error("Failed check SSL handshake error", other);
-                    }
-                }
-
                 if (spi.failureDetectionTimeoutEnabled() && timeoutHelper.checkFailureTimeoutReached(e))
                     break;
 

diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
@@ -1659,6 +1659,31 @@ protected Socket openSocket(Socket sock, InetSocketAddress remAddr, IgniteSpiOpe
         }
     }
 
+    /**
+     * Writing to a socket might fail due to a broken connection. It might happen due to a recipient has closed the connection
+     * before, on SSL handshake, and doesn't accept new messages. In a such case it's possible to check the original error
+     * by reading the socket input stream.
+     *
+     * @param sock Socket to check.
+     * @param writeErr Error on writing a message to the socket.
+     * @param timeout Timeout on receiving the response.
+     * @return {@code SSLException} in case of SSL error, or {@code null} otherwise.
+     */
+    private @Nullable SSLException checkSslException(Socket sock, Exception writeErr, long timeout) {
+        try {
+            if (sslEnable && X.hasCause(writeErr, SocketException.class))
+                readReceipt(sock, timeout);
+        }
+        catch (SSLException sslErr) {
+            return sslErr;
+        }
+        catch (Exception err) {
+            // Skip.
+        }
+
+        return null;
+    }
+
     /**
      * Creates socket binding it to a local host address. This operation is not blocking.
      *
@@ -1716,7 +1741,9 @@ protected void writeToSocket(Socket sock, TcpDiscoveryAbstractMessage msg, byte[
             out.flush();
         }
         catch (IOException e) {
-            err = e;
+            SSLException sslEx = checkSslException(sock, e, timeout);
+
+            err = sslEx == null ? e : sslEx;
         }
         finally {
             boolean cancelled = obj.cancel();
@@ -1824,7 +1851,9 @@ protected void writeToSocket(Socket sock,
             U.marshal(marshaller(), msg, out);
         }
         catch (IgniteCheckedException e) {
-            err = e;
+            SSLException sslEx = checkSslException(sock, e, timeout);
+
+            err = sslEx == null ? e : new IgniteCheckedException(sslEx);
         }
         finally {
             boolean cancelled = obj.cancel();
@@ -1869,7 +1898,9 @@ protected void writeToSocket(TcpDiscoveryAbstractMessage msg, Socket sock, int r
             out.flush();
         }
         catch (IOException e) {
-            err = e;
+            SSLException sslEx = checkSslException(sock, e, timeout);
+
+            err = sslEx == null ? e : sslEx;
         }
         finally {
             boolean cancelled = obj.cancel();