Akka流和TLS支持:捕获异常

时间:2018-11-07 20:04:17

标签: scala akka

我们有一个可以解决TCP连接并使用Akka Actors的应用程序。我们需要为Tcp连接添加TLS支持,因此我们使用Steam和BidiFlow来提供Akka TLS支持。

尽管我们可以正常工作,但我们仍面临诊断问题的问题,例如握手异常。使用-Djavax.net.debug=ssl,handshake,failure,我们可以在控制台中看到日志记录信息,但是实际上它是不可读的,并且客户端无法通过该日志识别问题。尝试在代码中尝试try / catches不起作用,而在调试中记录Akka则只能得到:

  

2018-11-07 16:31:13,607调试akka.stream.impl.io.TLSActor
  系统/ StreamSupervisor-1 /流0-1
  关闭输出

打开javax标志后,我们确实看到抛出了一些异常,但没有办法在代码中捕获它们,不仅用于调试目的,而且还用于在握手失败时关闭连接(显然,在握手失败后不会自动完成)握手失败)。

任何人都知道如何记录或捕获这些异常?

以下是用于管理创建TLSGraphs的代码:

object Tls {

  def getGraph(tlsConfig: TlsConfig, role: TLSRole):
  BidiFlow[ByteString, ByteString, ByteString, ByteString, NotUsed] = {
    val sslContext = createSslContext(tlsConfig)
    val firstSession = createFirstSession(sslContext, tlsConfig.clientAuth)
    createGraph(sslContext, firstSession, role)
  }

  private def createFirstSession(sslContext: SSLContext, clientAuth: Boolean): NegotiateNewSession = {
    val negotiatedSession = TLSProtocol.NegotiateNewSession
      .withProtocols("TLSv1.2")
      .withCipherSuites(
        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
      )
      .withParameters(sslContext.getDefaultSSLParameters)
      //.withClientAuth(TLSClientAuth.none)

    negotiatedSession
  }

  private def createSslContext(tlsConfig: TlsConfig): SSLContext = {
    val ksTrust = createKeyStore(tlsConfig.trustStoreType, tlsConfig.trustStoreFile, tlsConfig.trustStorePass)
    val trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)
    trustManagerFactory.init(ksTrust)

    val ksKeys = createKeyStore(tlsConfig.keyStoreType, tlsConfig.keyStoreFile, tlsConfig.keyStorePass)
    val keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm)
    keyManagerFactory.init(ksKeys, tlsConfig.keyStorePass.toCharArray)

    val sslContext = SSLContext.getInstance("TLSv1.2")
    sslContext.init(keyManagerFactory.getKeyManagers, trustManagerFactory.getTrustManagers, new SecureRandom)
    sslContext
  }

  private def createKeyStore(storeType: String, file: String, password: String): KeyStore = {
    val keyStore: KeyStore = KeyStore.getInstance(storeType)
    keyStore.load(new FileInputStream(file), password.toCharArray)
    keyStore
  }

  private def createGraph(
                           sslContext: SSLContext,
                           firstSession: NegotiateNewSession,
                           role: TLSRole)
  : BidiFlow[ByteString, ByteString, ByteString, ByteString, NotUsed] = {

    val tls: BidiFlow[TLSProtocol.SslTlsOutbound, ByteString, ByteString, TLSProtocol.SslTlsInbound, NotUsed] =
      TLS(sslContext, firstSession, role)

    val tlsSupport: BidiFlow[ByteString, TLSProtocol.SslTlsOutbound, TLSProtocol.SslTlsInbound, ByteString, NotUsed] =
      BidiFlow.fromFlows(
        Flow[ByteString].map(TLSProtocol.SendBytes),
        Flow[TLSProtocol.SslTlsInbound].map {
          case TLSProtocol.SessionBytes(_, bytes) => bytes
          case TLSProtocol.SessionTruncated =>
            throw ProcessingException("TLS session truncated")
          case _ =>
            throw ProcessingException("Unexpected type received from TLS pipeline")
        })

    tlsSupport.atop(tls)
  }
}

0 个答案:

没有答案