zookeeper-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [zookeeper] hanm commented on a change in pull request #944: ZOOKEEPER-3388: Allow client port to support plaintext and encrypted …
Date Tue, 04 Jun 2019 03:19:07 GMT
hanm commented on a change in pull request #944: ZOOKEEPER-3388: Allow client port to support
plaintext and encrypted …
URL: https://github.com/apache/zookeeper/pull/944#discussion_r290111854
 
 

 ##########
 File path: zookeeper-server/src/main/java/org/apache/zookeeper/server/NettyServerCnxnFactory.java
 ##########
 @@ -315,37 +428,47 @@ protected void initChannel(SocketChannel ch) throws Exception {
         this.bootstrap.validate();
     }
 
-    private synchronized void initSSL(ChannelPipeline p)
-            throws X509Exception, KeyManagementException, NoSuchAlgorithmException {
+    private synchronized void initSSL(ChannelPipeline p, boolean supportPlaintext)
+            throws X509Exception, KeyManagementException, NoSuchAlgorithmException, SSLException
{
         String authProviderProp = System.getProperty(x509Util.getSslAuthProviderProperty());
-        SSLContext sslContext;
         if (authProviderProp == null) {
-            sslContext = x509Util.getDefaultSSLContext();
+            SSLContextAndOptions sslContextAndOptions = x509Util.getDefaultSSLContextAndOptions();
+            SslContext nettySslContext = sslContextAndOptions.createNettyJdkSslContext(
+                        sslContextAndOptions.getSSLContext(), false);
+
+            if (supportPlaintext) {
+                p.addLast("ssl", new DualModeSslHandler(nettySslContext));
+                LOG.debug("dual mode Java SSL handler added for channel: {}", p.channel());
+            } else {
+                p.addLast("ssl", nettySslContext.newHandler(p.channel().alloc()));
+                LOG.debug("Java SSL handler added for channel: {}", p.channel());
+            }
         } else {
-            sslContext = SSLContext.getInstance("TLSv1");
+            SSLContext sslContext = SSLContext.getInstance(ClientX509Util.DEFAULT_PROTOCOL);
             X509AuthenticationProvider authProvider =
-                    (X509AuthenticationProvider)ProviderRegistry.getProvider(
+                    (X509AuthenticationProvider) ProviderRegistry.getProvider(
                             System.getProperty(x509Util.getSslAuthProviderProperty(), "x509"));
 
-            if (authProvider == null)
-            {
+            if (authProvider == null) {
                 LOG.error("Auth provider not found: {}", authProviderProp);
                 throw new SSLContextException(
                         "Could not create SSLContext with specified auth provider: " +
-                        authProviderProp);
+                                authProviderProp);
             }
 
-            sslContext.init(new X509KeyManager[] { authProvider.getKeyManager() },
-                            new X509TrustManager[] { authProvider.getTrustManager() },
-                            null);
+            sslContext.init(new X509KeyManager[]{authProvider.getKeyManager()},
+                    new X509TrustManager[]{authProvider.getTrustManager()},
+                    null);
+            SslContext nettySslContext = x509Util.getDefaultSSLContextAndOptions()
+                    .createNettyJdkSslContext(sslContext,false);
+            if (supportPlaintext) {
 
 Review comment:
   This looks like a duplicate of previous `if (supportPlaintext)` on L439, we can unify them
to avoid code duplication.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message