[GitHub] drill pull request #950: DRILL-5431: SSL Support

Thu, 21 Sep 2017 20:47:23 -0700 

Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/950#discussion_r140399380
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserServer.java ---
    @@ -70,22 +78,80 @@
       private static final org.slf4j.Logger logger = 
org.slf4j.LoggerFactory.getLogger(UserServer.class);
       private static final String SERVER_NAME = "Apache Drill Server";
     
    +  private final BootStrapContext bootStrapContext;
    +  private final BufferAllocator allocator;
       private final UserConnectionConfig config;
    +  private final SSLConfig sslConfig;
    +  private Channel sslChannel;
       private final UserWorker userWorker;
     
       public UserServer(BootStrapContext context, BufferAllocator allocator, 
EventLoopGroup eventLoopGroup,
                         UserWorker worker) throws DrillbitStartupException {
         super(UserRpcConfig.getMapping(context.getConfig(), 
context.getExecutor()),
             allocator.getAsByteBufAllocator(),
             eventLoopGroup);
    +    this.bootStrapContext = context;
    +    this.allocator = allocator;
         this.config = new UserConnectionConfig(allocator, context, new 
UserServerRequestHandler(worker));
    +    this.sslChannel = null;
    +    try {
    +      this.sslConfig = new SSLConfigBuilder()
    +          .config(bootStrapContext.getConfig())
    +          .mode(SSLFactory.Mode.SERVER)
    +          .initializeSSLContext(true)
    +          .validateKeyStore(true)
    +          .build();
    +    } catch (DrillException e) {
    +      throw new DrillbitStartupException(e.getMessage(), e.getCause());
    +    }
         this.userWorker = worker;
     
         // Initialize Singleton instance of UserRpcMetrics.
         
((UserRpcMetrics)UserRpcMetrics.getInstance()).initialize(config.isEncryptionEnabled(),
 allocator);
       }
     
       @Override
    +  protected void setupSSL(ChannelPipeline pipe) {
    +    if (sslConfig.isUserSslEnabled()) {
    +
    +      SSLEngine sslEngine = sslConfig.createSSLEngine(allocator, null, 0);
    +      sslEngine.setUseClientMode(false);
    +
    +      // No need for client side authentication (HTTPS like behaviour)
    +      sslEngine.setNeedClientAuth(false);
    +
    +      try {
    +        sslEngine.setEnableSessionCreation(true);
    +      } catch (Exception e) {
    +        // Openssl implementation may throw this.
    +        logger.debug("Session creation not enabled. Exception: {}", 
e.getMessage());
    +      }
    --- End diff --
    
    All these setup of sslEngine can be moved to 
SSLConfigServer:createSSLEngine(..) and same thing for client side setupSSL 
which can be moved to SSLConfigClient::createSSLEngine(..)


---

Reply via email to