Skip to content

JAVA-5949 preserve connection pool on backpressure errors when establishing connections #1900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nhachicha wants to merge 33 commits into
base: backpressure
Choose a base branch
from
Open

JAVA-5949 preserve connection pool on backpressure errors when establishing connections #1900

Show file tree
Hide file tree
Changes from 31 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
21abfe2
Fixes JAVA-5949 prevent connection churn on backpressure errors when …
nhachicha Dec 11, 2025
339297b
Remove handshake and update submodule including new tests
nhachicha Dec 15, 2025
2e44072
Update spec test; fix test runner
nhachicha Jan 20, 2026
4cff1b2
Add prose test
nhachicha Jan 26, 2026
0a93dd7
Increasing the timeout termination
nhachicha Jan 27, 2026
b1f4ba0
- Revert spec timeout
nhachicha Jan 27, 2026
1b1558d
Update exception checks
nhachicha Jan 27, 2026
fcdfa23
Increase timeout for operations to complete
nhachicha Jan 27, 2026
d423093
Simplifying conditions check
nhachicha Jan 28, 2026
bce97d4
Apply backpressure labels in CMAP layer; align SDAM with spec
nhachicha Apr 22, 2026
41b2773
Align Prose Test with Spec
nhachicha Apr 23, 2026
508d741
Test runner needs to add the SystemOverloadedError label for the pre-…
nhachicha Apr 23, 2026
c5e68fc
- Re-enable JAVA-5949-skipped SDAM/backpressure tests
nhachicha Apr 23, 2026
71c91f0
Deferred fixes to https://jira.mongodb.org/browse/JAVA-5664 to anothe…
nhachicha Apr 23, 2026
6afa1a8
Add DNS-lookup regression test for backpressure pool invalidation
nhachicha Apr 23, 2026
4938439
Addressing Claude-Code review feedback
nhachicha Apr 27, 2026
98add54
Update driver-sync/src/test/functional/com/mongodb/client/ServerDisco…
nhachicha Apr 27, 2026
9ce8dde
Add `maxAdaptiveRetries` API (#1944)
stIncMale Apr 20, 2026
a2b0e3c
Add support for server selection's deprioritized servers (#1860)
vbabanin Apr 21, 2026
135749d
Implement prose backpressure tests (#1946)
stIncMale Apr 22, 2026
dd8d662
Add `enableOverloadRetargeting` API (#1943)
vbabanin Apr 23, 2026
4923f03
Merge branch 'backpressure' into nh/backpressure/preserve_connection_…
nhachicha Apr 27, 2026
328e95f
Update driver-sync/src/test/functional/com/mongodb/client/unified/Eve…
nhachicha Apr 27, 2026
5a62b5c
Fixing DNS test
nhachicha Apr 27, 2026
4d3eaea
Adding more unit tests for the backpressure labels
nhachicha Apr 27, 2026
b24f7ec
Update driver-core/src/main/com/mongodb/internal/connection/Backpress…
nhachicha Apr 30, 2026
819810e
Update driver-core/src/main/com/mongodb/internal/connection/DefaultSd…
nhachicha Apr 30, 2026
d42bab5
PR - feedback
nhachicha Apr 30, 2026
a5720b8
Potential fix for pull request finding
nhachicha May 1, 2026
75a5ea4
Update driver-core/src/main/com/mongodb/internal/connection/Backpress…
nhachicha May 1, 2026
7f74b9b
- Replace the dedicated DNS test with a generic one.
nhachicha May 1, 2026
4938412
Update driver-core/src/test/unit/com/mongodb/internal/connection/Defa…
nhachicha May 5, 2026
0050ab1
Simplifying TLS error detection
nhachicha May 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
108 changes: 108 additions & 0 deletions driver-core/src/main/com/mongodb/internal/connection/BackpressureErrorLabeler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
/*
* Copyright 2008-present MongoDB, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.mongodb.internal.connection;

import com.mongodb.MongoException;
import com.mongodb.MongoSocketException;

import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import java.net.UnknownHostException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.util.Locale;

/**
* Attaches {@link MongoException#SYSTEM_OVERLOADED_ERROR_LABEL} and
* {@link MongoException#RETRYABLE_ERROR_LABEL} to network errors encountered during connection
* establishment or the hello message, per the CMAP specification.
*
* <p>This is topology-agnostic: it must be invoked from the connection-establishment path so that
* both default SDAM and load-balanced modes are covered.
*/
final class BackpressureErrorLabeler {

private BackpressureErrorLabeler() {
}

static void applyLabelsIfEligible(final Throwable t) {
if (!(t instanceof MongoSocketException)) {
return;
}
MongoSocketException socketException = (MongoSocketException) t;
if (isDnsLookupFailure(socketException)) {
return;
}
if (isTlsConfigurationError(socketException)) {
return;
}
// TODO-BACKPRESSURE Nabil - SOCKS5 Revisit alongside JAVA-5205 (SOCKS5 in async) so both sync and
// async proxy error surfaces can be handled together — likely via a dedicated internal
// exception thrown from the proxy code path.
socketException.addLabel(MongoException.SYSTEM_OVERLOADED_ERROR_LABEL);
socketException.addLabel(MongoException.RETRYABLE_ERROR_LABEL);
}

private static boolean isDnsLookupFailure(final MongoSocketException t) {
Throwable cause = t.getCause();
while (cause != null) {
if (cause instanceof UnknownHostException) {
return true;
}
cause = cause.getCause();
}
return false;
}

private static boolean isTlsConfigurationError(final MongoSocketException t) {
Throwable cause = t.getCause();
while (cause != null) {
if (cause instanceof CertificateException
|| cause instanceof CertPathBuilderException
|| cause instanceof CertPathValidatorException
|| cause instanceof SSLPeerUnverifiedException
|| cause instanceof SSLProtocolException) {
return true;
}
if (cause instanceof SSLHandshakeException) {
String message = cause.getMessage();
if (message != null) {
String lowerMessage = message.toLowerCase(Locale.ROOT);
if (lowerMessage.contains("certificate")
|| lowerMessage.contains("verify")
|| lowerMessage.contains("trust")
|| lowerMessage.contains("hostname")
Copy link
Copy Markdown
Member

@vbabanin vbabanin May 5, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What scenario produces an SSLHandshakeException with "trust", "hostname", or "pkix" in the message which is not covered by ? I couldn’t find these strings in the OpenJDK JSSE provider sources - are they coming from a different provider or JDK version?

Copy link
Copy Markdown
Collaborator Author

@nhachicha nhachicha May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw some SO messages with these: ex1 & ex2 and ex3 but you can argue these are coming from the cause getMessage, which makes these checks empirical. I'm leaning towards keeping only the received fatal alert

|| lowerMessage.contains("protocol")
|| lowerMessage.contains("cipher")
// PKIX path building/validation failures surface as SSLHandshakeException
// when the underlying CertPath* cause is not in the chain.
|| lowerMessage.contains("pkix")
// Any "Received fatal alert: X" from OpenJDK's JSSE provider means the
// server actively answered with a TLS protocol error — not an overload
// signal. Catches all 25 RFC handshake alert descriptions in one rule.
|| lowerMessage.contains("received fatal alert")) {
return true;
}
}
}
cause = cause.getCause();
}
return false;
Comment on lines +74 to +91
Copy link
Copy Markdown
Member

@vbabanin vbabanin Apr 29, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dug into isTlsConfigurationError and the TLS exception landscape across JDK versions and providers. Sharing what I found below and what we discussed over the call.

Current TLS config error gaps

The keyword list (certificate, verify, trust, hostname, protocol, cipher, handshake_failure) catches 12 of the 25 RFC-defined TLS alert descriptions but misses these config errors.

Alert JDK exception message Labeled?
unknown_ca(48) "Received fatal alert: unknown_ca" Yes -- false postive
access_denied(49) "Received fatal alert: access_denied" Yes -- *false positive *
insufficient_security(71) "Received fatal alert: insufficient_security" Yes -- false positive
unrecognized_name(112) "Received fatal alert: unrecognized_name" Yes -- false positive

BouncyCastle's JSSE provider is currently unhandled: it produces TlsFatalAlertReceived (extends IOException, not SSLException), however, there is no good way to catch those.

How FIN, RST, and TLS alerts surface across providers and transports

Full exception chains (42 test cases)

FIN (graceful close during TLS handshake):

Transport Provider Exception chain
SocketStream JDK MongoSocketWriteException -> SSLHandshakeException("Remote host terminated the handshake") -> EOFException("SSL peer shut down incorrectly")
NettyStream JDK MongoSocketWriteException -> ClosedChannelException
TlsChannelStream JDK MongoSocketWriteException -> ClosedChannelException
SocketStream BC MongoSocketWriteException -> TlsFatalAlert("handshake_failure(40)")
NettyStream BC MongoSocketWriteException -> ClosedChannelException
TlsChannelStream BC MongoSocketWriteException -> ClosedChannelException

RST (abrupt reset during TLS handshake):

Transport Provider Exception chain
SocketStream JDK MongoSocketWriteException -> SocketException("Connection reset")
NettyStream JDK MongoSocketWriteException -> SslClosedEngineException("SSLEngine closed already")
TlsChannelStream JDK MongoSocketWriteException -> SocketException("Connection reset")
SocketStream BC MongoSocketWriteException -> SocketException("Connection reset")
NettyStream BC MongoSocketWriteException -> SslClosedEngineException("SSLEngine closed already")
TlsChannelStream BC MongoSocketWriteException -> SocketException("Connection reset")

TLS alert example -- unknown_ca(48):

Transport Provider Exception chain
SocketStream JDK MongoSocketWriteException -> SSLHandshakeException("Received fatal alert: unknown_ca")
NettyStream JDK MongoSocketWriteException -> SSLHandshakeException("Received fatal alert: unknown_ca")
TlsChannelStream JDK MongoSocketWriteException -> SSLHandshakeException("Received fatal alert: unknown_ca")
SocketStream BC MongoSocketWriteException -> TlsFatalAlertReceived("unknown_ca(48)")
NettyStream BC MongoSocketWriteException -> SSLException -> TlsFatalAlertReceived("unknown_ca(48)")
TlsChannelStream BC MongoSocketWriteException -> SSLException -> TlsFatalAlertReceived("unknown_ca(48)")

Key observation: FIN/RST get labeled correctly today because they don't match any exclusion check . A TLS alert from the server means it actively responded, so it wasn't shedding load.
Assumption: A rate limiter drops the TCP connection (FIN/RST) before or during a TLS exchange.

Two approaches

Both are heuristic-based -- perfect classification isn't possible since exception types and messages are provider implementation details.

A. Improved blocklist (current approach): Label by default, exclude what we can identify as not-overload.
Failure mode: unrecognized config errors stay labeled (pool preserved, unnecessary retries).

it should be better for unknown providers - if we can't classify an error, pool is preserved, which is the safer default under load.

B. Allowlist: Only label recognized I/O patterns (EOFException, SocketException("Connection reset"), ClosedChannelException).

Failure mode: unrecognized I/O errors are not labeled (pool cleared unnecessarily). This is the pre-backpressure behavior. For example, BC represents FIN as TlsFatalAlert("handshake_failure(40)") - the allowlist misses it, pool gets cleared.

TL;DR / Suggestion:

As we discussed over the call, the blocklist (Approach A) matches the CMAP spec's direction ("the pool MUST add the error labels" as default, with exclusions carved out).

However, we could check for all RFC alert description strings, so we can improve the heuristic.

All 25 handshake-only TLS alert descriptions from OpenJDK's Alert.java (RFC 8446/5246)

These are the alert codes with handshakeOnly=true in OpenJDK. When received from a peer, they produce SSLHandshakeException("Received fatal alert: <description>"). All are definitively config/protocol errors, not I/O:

Code Description string Currently caught by keywords?
40 handshake_failure Yes (handshake_failure)
41 no_certificate Yes (certificate)
42 bad_certificate Yes (certificate)
43 unsupported_certificate Yes (certificate)
44 certificate_revoked Yes (certificate)
45 certificate_expired Yes (certificate)
46 certificate_unknown Yes (certificate)
47 illegal_parameter No
48 unknown_ca No
49 access_denied No
50 decode_error No
51 decrypt_error No
60 export_restriction No
70 protocol_version Yes (protocol)
71 insufficient_security No
100 no_renegotiation No
109 missing_extension No
110 unsupported_extension No
111 certificate_unobtainable Yes (certificate)
112 unrecognized_name No
113 bad_certificate_status_response Yes (certificate)
114 bad_certificate_hash_value Yes (certificate)
115 unknown_psk_identity No
116 certificate_required Yes (certificate)
120 no_application_protocol No

We should keep the existing type checks (CertificateException, CertPathBuilderException, CertPathValidatorException, SSLPeerUnverifiedException, SSLProtocolException) - they handle local validation failures correctly on both providers (and should on others).

P.S Claude was used to examine JSSE providers and create a table of RFC messages used in OpenJDK's provider.

Copy link
Copy Markdown
Collaborator Author

@nhachicha nhachicha Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Refactored for option A

}
}
3 changes: 3 additions & 0 deletions ...er-core/src/main/com/mongodb/internal/connection/DefaultSdamServerDescriptionManager.java
View file
Open in desktop
Copy link
Copy Markdown
Member

@stIncMale stIncMale Mar 28, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[this comment is left on a file, but has nothing to do with the file; this is done so that we could reply to the comment; commenting on a PR does not allow replies - horrendous GitHub functionality]

The current PR seemingly depends on #1856 (see the description of the current PR). We need to decide what to do with that.

P.S. I originally left my thoughts in the description of this PR, but I don't know if that's what we are going to do.

Copy link
Copy Markdown
Collaborator Author

@nhachicha nhachicha Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We no longer depend on this PR see #1900 (comment)

Copy link
Copy Markdown
Member

@stIncMale stIncMale Mar 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[this comment is left on a file, but has nothing to do with the file; this is done so that we could reply to the comment; commenting on a PR does not allow replies - horrendous GitHub functionality]

@nhachicha

  • Could you please confirm that all the specification changes listed in the "Specification changes" part of the description of the current PR have been addressed in the PR?
  • If they have been addressed, let's update the description correspondingly.

Copy link
Copy Markdown
Collaborator Author

@nhachicha nhachicha Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Description updated. All specs are implemented

Copy link
Copy Markdown
Member

@stIncMale stIncMale Mar 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[this comment is left on a file, but has nothing to do with the file; this is done so that we could reply to the comment; commenting on a PR does not allow replies - horrendous GitHub functionality]

JAVA-5949 has an old comment, which instructs to re-enable some tests that were previously disabled when we updated the testing/resources/specifications submodule in main. Those tests were not enabled. Let's enable them and make sure they pass.

Copy link
Copy Markdown
Collaborator Author

@nhachicha nhachicha Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR no longer depends on #1856. Spec PR mongodb/specifications#1880 rewrote the backpressure-network-*-fail.yml tests to wait on serverDescriptionChangedEvent instead of serverHeartbeatSucceededEvent.

Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,9 @@ private void handleException(final SdamIssue sdamIssue, final boolean beforeHand
serverMonitor.connect();
} else if (sdamIssue.relatedToNetworkNotTimeout()
|| (beforeHandshake && (sdamIssue.relatedToNetworkTimeout() || sdamIssue.relatedToAuth()))) {
if (sdamIssue.hasSystemOverloadedLabel()) {
return;
}
updateDescription(sdamIssue.serverDescription());
connectionPool.invalidate(sdamIssue.exception().orElse(null));
serverMonitor.cancelCurrentCheck();
Comment thread
nhachicha marked this conversation as resolved.
Expand Down
8 changes: 8 additions & 0 deletions driver-core/src/main/com/mongodb/internal/connection/InternalStreamConnection.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,9 +230,11 @@ public void open(final OperationContext originalOperationContext) {
isTrue("Open already called", stream == null);
stream = streamFactory.create(serverId.getAddress());
OperationContext operationContext = originalOperationContext;
boolean beforeHandshake = true;
try {
stream.open(operationContext);
InternalConnectionInitializationDescription initializationDescription = connectionInitializer.startHandshake(this, operationContext);
beforeHandshake = false;

operationContext = operationContext.withOverride(TimeoutContext::withNewlyStartedMaintenanceTimeout);
initAfterHandshakeStart(initializationDescription);
Expand All @@ -241,6 +243,9 @@ public void open(final OperationContext originalOperationContext) {
initAfterHandshakeFinish(initializationDescription);
} catch (Throwable t) {
close();
if (beforeHandshake) {
BackpressureErrorLabeler.applyLabelsIfEligible(t);
}
if (t instanceof MongoException) {
throw (MongoException) t;
} else {
Expand All @@ -263,6 +268,7 @@ public void completed(@Nullable final Void aVoid) {
(initialResult, initialException) -> {
if (initialException != null) {
close();
BackpressureErrorLabeler.applyLabelsIfEligible(initialException);
callback.onResult(null, initialException);
} else {
assertNotNull(initialResult);
Expand All @@ -278,11 +284,13 @@ public void completed(@Nullable final Void aVoid) {
@Override
public void failed(final Throwable t) {
close();
BackpressureErrorLabeler.applyLabelsIfEligible(t);
callback.onResult(null, t);
}
});
} catch (Throwable t) {
close();
BackpressureErrorLabeler.applyLabelsIfEligible(t);
callback.onResult(null, t);
}
}
Expand Down
6 changes: 6 additions & 0 deletions driver-core/src/main/com/mongodb/internal/connection/SdamServerDescriptionManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
package com.mongodb.internal.connection;

import com.mongodb.MongoCommandException;
import com.mongodb.MongoException;
import com.mongodb.MongoNodeIsRecoveringException;
import com.mongodb.MongoNotPrimaryException;
import com.mongodb.MongoSecurityException;
Expand Down Expand Up @@ -162,6 +163,11 @@ boolean relatedToWriteConcern() {
return exception instanceof MongoWriteConcernWithResponseException;
}

boolean hasSystemOverloadedLabel() {
return exception instanceof MongoException
&& ((MongoException) exception).hasErrorLabel(MongoException.SYSTEM_OVERLOADED_ERROR_LABEL);
}

private static boolean stale(@Nullable final Throwable t, final ServerDescription currentServerDescription) {
return TopologyVersionHelper.topologyVersion(t)
.map(candidateTopologyVersion -> TopologyVersionHelper.newerOrEqual(
Expand Down
1 change: 1 addition & 0 deletions ...c/test/unit/com/mongodb/internal/connection/AbstractServerDiscoveryAndMonitoringTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ protected void applyApplicationError(final BsonDocument applicationError) {

switch (when) {
case "beforeHandshakeCompletes":
BackpressureErrorLabeler.applyLabelsIfEligible(exception);
server.sdamServerDescriptionManager().handleExceptionBeforeHandshake(
SdamIssue.of(exception, new SdamIssue.Context(server.serverId(), errorGeneration, maxWireVersion)));
break;
Expand Down
183 changes: 183 additions & 0 deletions driver-core/src/test/unit/com/mongodb/internal/connection/BackpressureErrorLabelerTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,183 @@
/*
* Copyright 2008-present MongoDB, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package com.mongodb.internal.connection;

import com.mongodb.MongoCredential;
import com.mongodb.MongoException;
import com.mongodb.MongoSecurityException;
import com.mongodb.MongoSocketException;
import com.mongodb.MongoSocketOpenException;
import com.mongodb.MongoSocketReadTimeoutException;
import com.mongodb.ServerAddress;
import org.junit.jupiter.api.Named;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.junit.jupiter.params.provider.ValueSource;

import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLProtocolException;
import java.io.EOFException;
import java.io.IOException;
import java.net.UnknownHostException;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.util.stream.Stream;

import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;

class BackpressureErrorLabelerTest {

private static final ServerAddress ADDRESS = new ServerAddress();
Comment thread
vbabanin marked this conversation as resolved.

static Stream<Named<MongoSocketException>> networkErrorShouldBeLabeled() {
return Stream.of(
named(new MongoSocketException("boom", ADDRESS)),
named(new MongoSocketReadTimeoutException("slow", ADDRESS, new IOException("read timed out"))),
named(new MongoSocketOpenException("open failed", ADDRESS, new IOException("connection refused"))),
// FIN-during-handshake: server closed the TCP connection while the client was mid-handshake
// (no protocol-level alert). I/O failure → must be labeled per CMAP "I/O error during TLS handshake".
named(new MongoSocketException("tls", ADDRESS, initCause(
new SSLHandshakeException("Remote host terminated the handshake"),
new EOFException("SSL peer shut down incorrectly"))))
);
}

@ParameterizedTest
@MethodSource
void networkErrorShouldBeLabeled(final MongoSocketException e) {
BackpressureErrorLabeler.applyLabelsIfEligible(e);
assertHasBackpressureLabels(e);
}

static Stream<Named<MongoSocketException>> dnsFailureShouldNotBeLabeled() {
return Stream.of(
named(new MongoSocketException("lookup failed", ADDRESS, new UnknownHostException("nope"))),
named(new MongoSocketException("wrap", ADDRESS, new IOException("wrap", new UnknownHostException("nope"))))
);
}

@ParameterizedTest
@MethodSource
void dnsFailureShouldNotBeLabeled(final MongoSocketException e) {
BackpressureErrorLabeler.applyLabelsIfEligible(e);
assertLacksBackpressureLabels(e);
}

static Stream<Named<Throwable>> localTlsConfigErrorShouldNotBeLabeled() {
return Stream.of(
named(new CertificateException("bad cert")),
named(new CertPathBuilderException("path build failed")),
named(new CertPathValidatorException("validation failed")),
named(new SSLPeerUnverifiedException("peer not verified")),
named(new SSLProtocolException("protocol error")),
named(new SSLHandshakeException("PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: "
+ "unable to find valid certification path to requested target"))
);
}

@ParameterizedTest
@MethodSource
void localTlsConfigErrorShouldNotBeLabeled(final Throwable cause) {
MongoSocketException e = new MongoSocketException("tls", ADDRESS, cause);
BackpressureErrorLabeler.applyLabelsIfEligible(e);
assertLacksBackpressureLabels(e);
}

/**
* "Received fatal alert: <description>" means the peer actively answered with a TLS protocol
* error — definitively a config/protocol issue, not an overload signal. Covers all 25
* handshake-only RFC alert descriptions emitted by OpenJDK's JSSE provider.
*/
@ParameterizedTest(name = "Received fatal alert: {0}")
@ValueSource(strings = {
"handshake_failure",
"no_certificate",
"bad_certificate",
"unsupported_certificate",
"certificate_revoked",
"certificate_expired",
"certificate_unknown",
"illegal_parameter",
"unknown_ca",
"access_denied",
"decode_error",
"decrypt_error",
"export_restriction",
"protocol_version",
"insufficient_security",
"no_renegotiation",
"missing_extension",
"unsupported_extension",
"certificate_unobtainable",
"unrecognized_name",
"bad_certificate_status_response",
"bad_certificate_hash_value",
"unknown_psk_identity",
"certificate_required",
"no_application_protocol"
})
void receivedTlsAlertShouldNotBeLabeled(final String alertDescription) {
SSLHandshakeException tls = new SSLHandshakeException("Received fatal alert: " + alertDescription);
MongoSocketException e = new MongoSocketException("tls", ADDRESS, tls);
BackpressureErrorLabeler.applyLabelsIfEligible(e);
assertLacksBackpressureLabels(e);
}

static Stream<Named<Throwable>> nonSocketErrorShouldNotBeLabeled() {
return Stream.of(
named(new MongoSecurityException(
MongoCredential.createCredential("user", "db", "pwd".toCharArray()), "auth failed")),
named(new MongoException(42, "some command error")),
named(new IOException("raw"))
);
}

@ParameterizedTest
@MethodSource
void nonSocketErrorShouldNotBeLabeled(final Throwable e) {
BackpressureErrorLabeler.applyLabelsIfEligible(e);
if (e instanceof MongoException) {
assertLacksBackpressureLabels((MongoException) e);
}
}

private static <T extends Throwable> Named<T> named(final T e) {
return Named.of(e.getClass().getSimpleName(), e);
}

private static <T extends Throwable> T initCause(final T exception, final Throwable cause) {
exception.initCause(cause);
return exception;
}

private static void assertHasBackpressureLabels(final MongoException e) {
assertTrue(e.hasErrorLabel(MongoException.SYSTEM_OVERLOADED_ERROR_LABEL),
"expected SystemOverloadedError label");
assertTrue(e.hasErrorLabel(MongoException.RETRYABLE_ERROR_LABEL),
"expected RetryableError label");
}

private static void assertLacksBackpressureLabels(final MongoException e) {
assertFalse(e.hasErrorLabel(MongoException.SYSTEM_OVERLOADED_ERROR_LABEL),
"unexpected SystemOverloadedError label");
assertFalse(e.hasErrorLabel(MongoException.RETRYABLE_ERROR_LABEL),
"unexpected RetryableError label");
}
}
Loading