drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sohami <...@git.apache.org>
Subject [GitHub] drill pull request #950: DRILL-5431: SSL Support
Date Fri, 22 Sep 2017 03:46:52 GMT
Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/950#discussion_r140397986
  
    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java
---
    @@ -70,22 +78,80 @@
       private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(UserServer.class);
       private static final String SERVER_NAME = "Apache Drill Server";
     
    +  private final BootStrapContext bootStrapContext;
    +  private final BufferAllocator allocator;
       private final UserConnectionConfig config;
    +  private final SSLConfig sslConfig;
    +  private Channel sslChannel;
       private final UserWorker userWorker;
     
       public UserServer(BootStrapContext context, BufferAllocator allocator, EventLoopGroup
eventLoopGroup,
                         UserWorker worker) throws DrillbitStartupException {
         super(UserRpcConfig.getMapping(context.getConfig(), context.getExecutor()),
             allocator.getAsByteBufAllocator(),
             eventLoopGroup);
    +    this.bootStrapContext = context;
    +    this.allocator = allocator;
         this.config = new UserConnectionConfig(allocator, context, new UserServerRequestHandler(worker));
    +    this.sslChannel = null;
    +    try {
    +      this.sslConfig = new SSLConfigBuilder()
    +          .config(bootStrapContext.getConfig())
    +          .mode(SSLFactory.Mode.SERVER)
    +          .initializeSSLContext(true)
    +          .validateKeyStore(true)
    +          .build();
    +    } catch (DrillException e) {
    +      throw new DrillbitStartupException(e.getMessage(), e.getCause());
    +    }
         this.userWorker = worker;
     
         // Initialize Singleton instance of UserRpcMetrics.
         ((UserRpcMetrics)UserRpcMetrics.getInstance()).initialize(config.isEncryptionEnabled(),
allocator);
       }
     
       @Override
    +  protected void setupSSL(ChannelPipeline pipe) {
    +    if (sslConfig.isUserSslEnabled()) {
    +
    +      SSLEngine sslEngine = sslConfig.createSSLEngine(allocator, null, 0);
    +      sslEngine.setUseClientMode(false);
    +
    +      // No need for client side authentication (HTTPS like behaviour)
    +      sslEngine.setNeedClientAuth(false);
    +
    +      // set Security property jdk.certpath.disabledAlgorithms  to disable specific ssl
algorithms
    +      sslEngine.setEnabledProtocols(sslEngine.getEnabledProtocols());
    +
    +      // set Security property jdk.tls.disabledAlgorithms to disable specific cipher
suites
    +      sslEngine.setEnabledCipherSuites(sslEngine.getEnabledCipherSuites());
    +      sslEngine.setEnableSessionCreation(true);
    +
    --- End diff --
    
    All these setup of sslEngine can be moved to `SSLConfigServer:createSSLEngine(..)` and
same thing for client side setupSSL which can be moved to `SSLConfigClient::createSSLEngine(..)`


---

Mime
View raw message