zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anmolnar <...@git.apache.org>
Subject [GitHub] zookeeper pull request #184: ZOOKEEPER-236: SSL Support for Atomic Broadcast...
Date Thu, 14 Jun 2018 20:54:33 GMT
Github user anmolnar commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/184#discussion_r195567746
  
    --- Diff: src/java/main/org/apache/zookeeper/server/quorum/UnifiedServerSocket.java ---
    @@ -0,0 +1,79 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +
    +package org.apache.zookeeper.server.quorum;
    +
    +import org.apache.zookeeper.common.X509Exception;
    +import org.apache.zookeeper.common.X509Util;
    +import org.jboss.netty.buffer.ChannelBuffers;
    +import org.jboss.netty.handler.ssl.SslHandler;
    +import org.slf4j.Logger;
    +import org.slf4j.LoggerFactory;
    +
    +import javax.net.ssl.SSLSocket;
    +import java.io.IOException;
    +import java.net.ServerSocket;
    +import java.net.Socket;
    +import java.net.SocketException;
    +
    +public class UnifiedServerSocket extends ServerSocket {
    --- End diff --
    
    I'm struggling to get this right, so really curious about your implementation. The SSL
side works fine, I can create the special socket combined with the InputStream as suggested
to channel back already consumed data, but how can I do the same with non-SSL socket?
    
    Modified `UnifiedServerSocket` like this:
    ```java
            final Socket normalSocket = new Socket();
            implAccept(normalSocket);
    
            byte[] litmus = new byte[5];
            int bytesRead = normalSocket.getInputStream().read(litmus, 0, 5);
    
            if (bytesRead == 5 && SslHandler.isEncrypted(ChannelBuffers.wrappedBuffer(litmus)))
{
                LOG.info(getInetAddress() + " attempting to connect over ssl");
                SSLSocket sslSocket;
                try {
                    sslSocket = x509Util.createSSLSocket(normalSocket, new ByteArrayInputStream(litmus));
                } catch (X509Exception e) {
                    throw new IOException("failed to create SSL context", e);
                }
                sslSocket.setUseClientMode(false);
                return sslSocket;
            } else {
                LOG.info(getInetAddress() + " attempting to connect without ssl");
                return normalSocket;
            }
    ```
    Last return statement lacks of channeling back the litmus, hence it cannot be read on
server side.


---

Mime
View raw message