From 9a1344c3aed4a14ca85ddbf339d0bbbbda7aaae5 Mon Sep 17 00:00:00 2001
From: norman <norman@apache.org>
Date: Wed, 4 Jul 2012 08:26:18 +0200
Subject: [PATCH] Throw a special SSLException if a non SSL/TLS record was
 detected. See #437

---
 .../handler/ssl/NotSslRecordException.java    | 35 +++++++++++++++
 .../jboss/netty/handler/ssl/SslHandler.java   |  2 +-
 .../netty/handler/ssl/SslHandlerTest.java     | 43 +++++++++++++++++++
 3 files changed, 79 insertions(+), 1 deletion(-)
 create mode 100644 src/main/java/org/jboss/netty/handler/ssl/NotSslRecordException.java
 create mode 100644 src/test/java/org/jboss/netty/handler/ssl/SslHandlerTest.java

diff --git a/src/main/java/org/jboss/netty/handler/ssl/NotSslRecordException.java b/src/main/java/org/jboss/netty/handler/ssl/NotSslRecordException.java
new file mode 100644
index 0000000000..933af228be
--- /dev/null
+++ b/src/main/java/org/jboss/netty/handler/ssl/NotSslRecordException.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2012 The Netty Project
+ *
+ * The Netty Project licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ssl;
+
+import javax.net.ssl.SSLException;
+
+/**
+ * Special {@link SSLException} which will get thrown if a packet is
+ * received that not looks like a TLS/SSL record. A user can check for
+ * this {@link NotSslRecordException} and so detect if one peer tries to
+ * use secure and the other plain connection.
+ *
+ *
+ */
+public class NotSslRecordException extends SSLException {
+
+    private static final long serialVersionUID = -4316784434770656841L;
+
+    public NotSslRecordException(String reason) {
+        super(reason);
+    }
+}
diff --git a/src/main/java/org/jboss/netty/handler/ssl/SslHandler.java b/src/main/java/org/jboss/netty/handler/ssl/SslHandler.java
index a5c59f84db..03689b58fe 100644
--- a/src/main/java/org/jboss/netty/handler/ssl/SslHandler.java
+++ b/src/main/java/org/jboss/netty/handler/ssl/SslHandler.java
@@ -635,7 +635,7 @@ public class SslHandler extends FrameDecoder
 
                 if (!sslv2) {
                     // Bad data - discard the buffer and raise an exception.
-                    SSLException e = new SSLException(
+                    NotSslRecordException e = new NotSslRecordException(
                             "not an SSL/TLS record: " + ChannelBuffers.hexDump(buffer));
                     buffer.skipBytes(buffer.readableBytes());
                     throw e;
diff --git a/src/test/java/org/jboss/netty/handler/ssl/SslHandlerTest.java b/src/test/java/org/jboss/netty/handler/ssl/SslHandlerTest.java
new file mode 100644
index 0000000000..84e581c54c
--- /dev/null
+++ b/src/test/java/org/jboss/netty/handler/ssl/SslHandlerTest.java
@@ -0,0 +1,43 @@
+ /*
+ * The Netty Project licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.jboss.netty.handler.ssl;
+
+import java.util.Random;
+
+import org.jboss.netty.buffer.ChannelBuffer;
+import org.jboss.netty.buffer.ChannelBuffers;
+import org.jboss.netty.example.securechat.SecureChatSslContextFactory;
+import org.jboss.netty.handler.codec.embedder.CodecEmbedderException;
+import org.jboss.netty.handler.codec.embedder.DecoderEmbedder;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class SslHandlerTest {
+
+    private final Random random = new Random();
+    
+    @Test
+    public void testDetectNonSslRecord() {
+        byte[] data = new byte[1024];
+        random.nextBytes(data);
+        
+        DecoderEmbedder<ChannelBuffer> em = new DecoderEmbedder<ChannelBuffer>(new SslHandler(SecureChatSslContextFactory.getServerContext().createSSLEngine()));
+        try {
+            em.offer(ChannelBuffers.wrappedBuffer(data));
+            Assert.fail();
+        } catch (CodecEmbedderException e) {
+            Assert.assertTrue(e.getCause() instanceof NotSslRecordException);
+        }
+    }
+}