javax.net.ssl.SSLException: SSLEngine closed already SSLEngine closed already in webclient (Springboot)
Asked Answered
B

1

7

I am using webclient in springboot application to call a external restful webservice. getting this exception intermittently.

javax.net.ssl.SSLException: SSLEngine closed already SSLEngine closed already

I see below warning in logs before getting this exception.

javax.net.ssl.SSLException:
   at io.netty.handler.ssl.SslHandler.wrap (SslHandler.java854)
   at io.netty.handler.ssl.SslHandler.wrapAndFlush (SslHandler.java811)
   at io.netty.handler.ssl.SslHandler.flush (SslHandler.java792)
   at io.netty.channel.AbstractChannelHandlerContext.invokeFlush0 (AbstractChannelHandlerContext.java750)
   at io.netty.channel.AbstractChannelHandlerContext.invokeFlush (AbstractChannelHandlerContext.java742)
   at io.netty.channel.AbstractChannelHandlerContext.flush (AbstractChannelHandlerContext.java728)
   at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.flush (CombinedChannelDuplexHandler.java531)
   at io.netty.channel.ChannelOutboundHandlerAdapter.flush (ChannelOutboundHandlerAdapter.java125)
   at io.netty.channel.CombinedChannelDuplexHandler.flush (CombinedChannelDuplexHandler.java356)
   at io.netty.channel.AbstractChannelHandlerContext.invokeFlush0 (AbstractChannelHandlerContext.java750)
   at io.netty.channel.AbstractChannelHandlerContext.invokeWriteAndFlush (AbstractChannelHandlerContext.java765)
   at io.netty.channel.AbstractChannelHandlerContext.write (AbstractChannelHandlerContext.java790)
   at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush (AbstractChannelHandlerContext.java758)
   at io.netty.channel.AbstractChannelHandlerContext.writeAndFlush (AbstractChannelHandlerContext.java808)
   at io.netty.channel.DefaultChannelPipeline.writeAndFlush (DefaultChannelPipeline.java1025)
   at io.netty.channel.AbstractChannel.writeAndFlush (AbstractChannel.java294)
   at reactor.netty.http.HttpOperations.lambda$send$0 (HttpOperations.java123)
   at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext (MonoFlatMap.java118)
   at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onNext (FluxMapFuseable.java121)
   at reactor.core.publisher.FluxContextStart$ContextStartSubscriber.onNext (FluxContextStart.java96)
   at reactor.core.publisher.Operators$ScalarSubscription.request (Operators.java2344)
   at reactor.core.publisher.FluxContextStart$ContextStartSubscriber.request (FluxContextStart.java125)
   at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.request (FluxMapFuseable.java162)
   at reactor.core.publisher.MonoFlatMap$FlatMapMain.onSubscribe (MonoFlatMap.java103)
   at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onSubscribe (FluxMapFuseable.java90)
   at reactor.core.publisher.FluxContextStart$ContextStartSubscriber.onSubscribe (FluxContextStart.java90)
   at reactor.core.publisher.MonoJust.subscribe (MonoJust.java54)
   at reactor.core.publisher.Mono.subscribe (Mono.java4213)
   at reactor.core.publisher.FluxConcatIterable$ConcatIterableSubscriber.onComplete (FluxConcatIterable.java146)
   at reactor.core.publisher.FluxConcatIterable.subscribe (FluxConcatIterable.java60)
   at reactor.core.publisher.MonoFromFluxOperator.subscribe (MonoFromFluxOperator.java81)
   at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext (MonoFlatMap.java150)
   at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onNext (FluxSwitchIfEmpty.java67)
   at reactor.core.publisher.Operators$MonoSubscriber.complete (Operators.java1782)
   at reactor.core.publisher.MonoSingle$SingleSubscriber.onComplete (MonoSingle.java171)
   at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onComplete (FluxMapFuseable.java144)
   at reactor.core.publisher.FluxJust$WeakScalarSubscription.request (FluxJust.java101)
   at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.request (FluxMapFuseable.java162)
   at reactor.core.publisher.MonoSingle$SingleSubscriber.request (MonoSingle.java94)
   at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.set (Operators.java2152)
   at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onSubscribe (Operators.java2026)
   at reactor.core.publisher.MonoSingle$SingleSubscriber.onSubscribe (MonoSingle.java114)
   at reactor.core.publisher.FluxMapFuseable$MapFuseableSubscriber.onSubscribe (FluxMapFuseable.java90)
   at reactor.core.publisher.FluxJust.subscribe (FluxJust.java70)
   at reactor.core.publisher.InternalMonoOperator.subscribe (InternalMonoOperator.java64)
   at reactor.core.publisher.MonoDefer.subscribe (MonoDefer.java52)
   at reactor.netty.http.client.HttpClientConnect$HttpIOHandlerObserver.onStateChange (HttpClientConnect.java442)
   at reactor.netty.ReactorNetty$CompositeConnectionObserver.onStateChange (ReactorNetty.java518)
   at reactor.netty.resources.PooledConnectionProvider$DisposableAcquire.run (PooledConnectionProvider.java633)
   at io.netty.util.concurrent.AbstractEventExecutor.safeExecute (AbstractEventExecutor.java164)
   at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks (SingleThreadEventExecutor.java472)
   at io.netty.channel.nio.NioEventLoop.run (NioEventLoop.java500)
   at io.netty.util.concurrent.SingleThreadEventExecutor$4.run (SingleThreadEventExecutor.java989)
   at io.netty.util.internal.ThreadExecutorMap$2.run (ThreadExecutorMap.java74)
   at io.netty.util.concurrent.FastThreadLocalRunnable.run (FastThreadLocalRunnable.java30)
   at java.lang.Thread.run (Thread.java748)

here is full stack trace :

reactor.core.Exceptions$ReactiveException:
       at reactor.core.Exceptions.propagate (Exceptions.java393)
       at reactor.core.publisher.BlockingSingleSubscriber.blockingGet (BlockingSingleSubscriber.java97)
       at reactor.core.publisher.Mono.block (Mono.java1680)
       at .service.CustomWebClient.callTarget (CustomWebClient.java48)
       at .service.MessageServiceImpl.sendMessageToTargetGetAcknowledgement (MessageServiceImpl.java101)
       at .service.MessageServiceImpl.transferMessagesFromSourceToTarget (MessageServiceImpl.java53)
       at .controller.MessageController.processMessageFromSourceThread3 (MessageController.java71)
       at .controller.MessageController$$FastClassBySpringCGLIB$$c25da1d1.invoke (<generated>)
       at org.springframework.cglib.proxy.MethodProxy.invoke (MethodProxy.java218)
       at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint (CglibAopProxy.java771)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed (ReflectiveMethodInvocation.java163)
       at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed (CglibAopProxy.java749)
       at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction (TransactionAspectSupport.java367)
       at org.springframework.transaction.interceptor.TransactionInterceptor.invoke (TransactionInterceptor.java118)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed (ReflectiveMethodInvocation.java186)
       at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed (CglibAopProxy.java749)
       at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept (CglibAopProxy.java691)
       at .controller.MessageController$$EnhancerBySpringCGLIB$$7a54eddc.processMessageFromSourceThread3 (<generated>)
       at sun.reflect.GeneratedMethodAccessor63.invoke
       at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java43)
       at java.lang.reflect.Method.invoke (Method.java498)
       at org.springframework.scheduling.support.ScheduledMethodRunnable.run (ScheduledMethodRunnable.java84)
       at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run (DelegatingErrorHandlingRunnable.java54)
       at java.util.concurrent.Executors$RunnableAdapter.call (Executors.java511)
       at java.util.concurrent.FutureTask.runAndReset (FutureTask.java308)
       at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301 (ScheduledThreadPoolExecutor.java180)
       at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run (ScheduledThreadPoolExecutor.java294)
       at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java1149)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java624)
       at java.lang.Thread.run (Thread.java748)
    Inner exception javax.net.ssl.SSLException handled at reactor.core.Exceptions.propagate:
       at io.netty.handler.ssl.SslHandler.wrap (SslHandler.java854)

here is MessageServiceImpl.java

package service;
import org.hibernate.exception.SQLGrammarException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.dao.InvalidDataAccessResourceUsageException;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;


@Service
public class MessageServiceImpl implements MessageService {

  private static final Logger LOGGER = LoggerFactory.getLogger(MessageServiceImpl.class);

  @Autowired
  private MessageRepository repository;

  @Value("${TARGET_ENDPOINT}")
  private String baseEndPoint;

  @Autowired
  private CustomWebClient webClient;

  
  public Message transferMessagesFromSourceToTarget()
       {

    Message message = new Message();
    try {

      message = getMessageFromSource();
      //some code....   
      
      sendAcknowledgementToSource(message);
      //some code....
     

    } catch (HttpServerErrorException | HttpClientErrorException e) {
      //somecode

    } catch (InvalidDataAccessResourceUsageException | SQLGrammarException  e) {
      //somecode
    }

    return message;

  }

 
  private Message getMessageFromSource() {
    return repository.getSourceMessageFromStroredProcedureCall();
  }

  
  private Message sendMessageToTargetGetAcknowledgement(Message message) {
    
    ResponseEntity<String> response = null;
    
    response = webClient.callTarget(baseEndPoint+ message.getHostURL(),message);
   
    message.setHttpStatus(response.getStatusCodeValue());
    
    return message;
  }

}

here is CustomWebClient component class

package service;

import XYZ.model.Message;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

/
@Component
public class CustomWebClient {

  private final WebClient webClient;

  /**
   * Constructor to autowire WebClient instance
   * @param webClient webclient instance
   */
  @Autowired
  public CustomWebClient(WebClient webClient){
    this.webClient = webClient;
  }

  
  public ResponseEntity<String> callTarget(String baseEndPoint, Message message) {
    String response = webClient.post().uri(baseEndPoint)
        .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_XML_VALUE)
        .body(BodyInserters.fromValue(message.getMessage()))
        .retrieve()
        .onStatus(HttpStatus::is5xxServerError, serverError ->
            Mono.error(new HttpServerErrorException(serverError.statusCode())))
        .onStatus(HttpStatus::is4xxClientError, clientError ->
            Mono.error(new HttpClientErrorException(clientError.statusCode())))
        .bodyToMono(String.class).block();
    return new ResponseEntity<>(response, HttpStatus.OK);
  }
}

In below configuration I am adding trust store in SSLContext.

package xyz.conf;

import static java.nio.charset.StandardCharsets.US_ASCII;

import xyz.constants.Constants;
import xyz.service.ResourceReader;
import io.netty.channel.ChannelOption;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.timeout.ReadTimeoutHandler;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.x500.X500Principal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.netty.http.client.HttpClient;

/**
 * Webclient configuration
 */
@Configuration
public class WebClientConfig {

  private String user;

  private String pass;

  private ResourceReader resourceReader;

  /**
   * Constructor to autowire ResourceReader
   * @param resourceReader ResourceReader object
   */
  @Autowired
  public WebClientConfig(ResourceReader resourceReader) {
    this.resourceReader = resourceReader;
  }

  @Value("${USER}")
  public void setuser(String user) {
    this.user = user;
  }

  @Value("${PASSWD}")
  public void setpass(String pass) {
    this.pass = pass;
  }

  private static final Logger LOGGER = LoggerFactory.getLogger(WebClientConfig.class);

  @Bean
  WebClient getWebClient () throws IOException, KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException {
    LOGGER.info("WebClient configuration started.");
    TrustManagerFactory trustManagerFactory =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyStore trustStore = getTrustStore(resourceReader.readTrustStoreConfig());

    trustManagerFactory.init(trustStore);
    SSLContext context = SSLContext.getInstance("TLSv1.2");
    context.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());

    SslContext sslContext = SslContextBuilder
        .forClient()
        .trustManager(trustManagerFactory)
        .build();

    HttpClient httpClient = HttpClient.create().secure( t -> t.sslContext(sslContext) );
    httpClient = httpClient.tcpConfiguration(tcpClient -> tcpClient.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 30000));
    httpClient = httpClient.responseTimeout(Duration.ofMillis(30000));

    LOGGER.info("WebClient configured successfully..");
    ReactorClientHttpConnector reactorClientHttpConnector = new ReactorClientHttpConnector(httpClient);
    return WebClient.builder().clientConnector(reactorClientHttpConnector)
        .defaultHeaders(header -> header.setBasicAuth(user, pass))
        .build();

  }

  private KeyStore getTrustStore(String certificateChainPem)
      throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {

    KeyStore keyStore = null;
    keyStore = KeyStore.getInstance("JKS");
    keyStore.load(null, null);

    List<X509Certificate> certificates = readCertificateChain(certificateChainPem);
    for (X509Certificate certificate : certificates) {
      X500Principal principal = certificate.getSubjectX500Principal();
      keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate);
    }

    return keyStore;
  }

  private List<X509Certificate> readCertificateChain(String certificateChainPem)
      throws CertificateException {
    List<X509Certificate> certificates = new ArrayList<>();

    Matcher matcher = Constants.CERT_PATTERN.matcher(certificateChainPem);
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");

    int start = 0;
    while (matcher.find(start)) {
      byte[] buffer = base64Decode(matcher.group(1));
      certificates.add((X509Certificate) certificateFactory
          .generateCertificate(new ByteArrayInputStream(buffer)));
      start = matcher.end();
    }

    return certificates;
  }

  private byte[] base64Decode(String base64) {
    return java.util.Base64.getMimeDecoder().decode(base64.getBytes(US_ASCII));
  }    

}

Below is application property file

logging.level.org.springframework=INFO

TARGET_ENDPOINT=XYZ
USER=XYZ
PASSWD=XYZ

#maxidle timeout for netty pool
reactor.netty.pool.maxIdleTime=3000

I have already tried to fix this via solution given in below link but it did not work. https://github.com/reactor/reactor-netty/issues/782

Here are version details :-

Springboot version : 2.3.3.RELEASE

Bryson answered 12/3, 2021 at 11:38 Comment(10)
what is the SB version?Efrenefron
@VioletaGeorgieva I have updated my post with SB version.Bryson
Is it possible to try the latest 2.3.x version?Efrenefron
@VioletaGeorgieva Hi , Tried with SP version 2.3.9.RELEASE but no luck :(Bryson
Hi @Bryson @VioletaGeorgieva, did you manage to solve your issue? I am seeing the same issue with spring boot 2.4.1 and it's using reactor-netty-http 1.0.2.Lyophilize
If you see this with the latest releases, create an issue in Reactor Netty with a reproducible example.Efrenefron
did you solve the problem?Astraddle
Do we have a resolution?Potentate
Adding a comment for my reference, i am seeing the same issue with spring boot 2.4.12 and it's using reactor-netty-http-1.0.12. Rebooting the server solved the issue.Lyophilize
@Bryson Were you able to solve the issue?Gob
L
0

I saw the same issue with spring boot 2.4.12 and reactor-netty-http-1.0.12. Rebooting the server solved the issue.

My take is that SSLEngine closed already could be due to not 1 specific issue, but on a per use-case basis. The easiest & simplest, but of course not the best solution, is to reboot the server. Alternatively, you can upgrade to the latest reactor-netty-http jar(provided it is compatible with your framework, it should) and hope that the issue has been resolved ;-). The best, would be to raise a GitHub issue to the reactor-netty team and send them the stack-trace.

Lyophilize answered 22/4, 2022 at 4:31 Comment(1)
Were you guys able to figure this out?Gob

© 2022 - 2024 — McMap. All rights reserved.