drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From parthchandra <...@git.apache.org>
Subject [GitHub] drill pull request #950: DRILL-5431: SSL Support
Date Mon, 25 Sep 2017 17:26:31 GMT
Github user parthchandra commented on a diff in the pull request:

    https://github.com/apache/drill/pull/950#discussion_r140605580
  
    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java
---
    @@ -70,22 +78,80 @@
       private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(UserServer.class);
       private static final String SERVER_NAME = "Apache Drill Server";
     
    +  private final BootStrapContext bootStrapContext;
    +  private final BufferAllocator allocator;
       private final UserConnectionConfig config;
    +  private final SSLConfig sslConfig;
    +  private Channel sslChannel;
       private final UserWorker userWorker;
     
       public UserServer(BootStrapContext context, BufferAllocator allocator, EventLoopGroup
eventLoopGroup,
                         UserWorker worker) throws DrillbitStartupException {
         super(UserRpcConfig.getMapping(context.getConfig(), context.getExecutor()),
             allocator.getAsByteBufAllocator(),
             eventLoopGroup);
    +    this.bootStrapContext = context;
    +    this.allocator = allocator;
         this.config = new UserConnectionConfig(allocator, context, new UserServerRequestHandler(worker));
    +    this.sslChannel = null;
    +    try {
    +      this.sslConfig = new SSLConfigBuilder()
    +          .config(bootStrapContext.getConfig())
    +          .mode(SSLFactory.Mode.SERVER)
    +          .initializeSSLContext(true)
    +          .validateKeyStore(true)
    +          .build();
    +    } catch (DrillException e) {
    +      throw new DrillbitStartupException(e.getMessage(), e.getCause());
    +    }
         this.userWorker = worker;
     
         // Initialize Singleton instance of UserRpcMetrics.
         ((UserRpcMetrics)UserRpcMetrics.getInstance()).initialize(config.isEncryptionEnabled(),
allocator);
       }
     
       @Override
    +  protected void setupSSL(ChannelPipeline pipe) {
    +    if (sslConfig.isUserSslEnabled()) {
    +
    +      SSLEngine sslEngine = sslConfig.createSSLEngine(allocator, null, 0);
    +      sslEngine.setUseClientMode(false);
    +
    +      // No need for client side authentication (HTTPS like behaviour)
    +      sslEngine.setNeedClientAuth(false);
    +
    +      try {
    +        sslEngine.setEnableSessionCreation(true);
    +      } catch (Exception e) {
    +        // Openssl implementation may throw this.
    +        logger.debug("Session creation not enabled. Exception: {}", e.getMessage());
    +      }
    --- End diff --
    
    Fail to see why that would be better, but sure 


---

Mime
View raw message