> On May 22, 2015, 12:14 a.m., Michael Herstine wrote: > > clients/src/main/java/org/apache/kafka/common/security/auth/PrincipalBuilder.java, > > line 44 > > <https://reviews.apache.org/r/33620/diff/8/?file=966813#file966813line44> > > > > I'm trying to imagine implementing `buildPrincipal` in such a way as to > > make a Principal from information found in the peer's certifcate: how could > > I obtain that? I don't see (immediately) a way to navigate from either the > > `TransportLayer` or the `Authenticator` to the current `SSLSession`...
The reason I added bothe TransportLayer and Authenticator to the buildPrincipal to give user option to use one or both of them to construct a principal. It depends on the which TransportLayer or Authenticator they might be using. in the case you pointed out, one can do this in buildPrincipal if (transportLayer is instanceOf SSLTransportLayer) SSLSession = ((SSLTransportLayer) sslTransportLayer).sslSession(); > On May 22, 2015, 12:14 a.m., Michael Herstine wrote: > > clients/src/main/java/org/apache/kafka/common/network/SSLChannelBuilder.java, > > line 37 > > <https://reviews.apache.org/r/33620/diff/8/?file=966804#file966804line37> > > > > More a question than an issue: do you want `SSLChannelBuilder` to > > always build a client channel? Sorry I should've added a comment for this. I left this as a more of a question and wanted to get feedback from the reviewers. I was thinking injecting a key value pair into the configs from producer and client that says "ssl.mode" "SSLFactory.Mode.CLIENT" for producer/client and on the broker side "ssl.mode" "SSLFactory.Mode.SERVER". > On May 22, 2015, 12:14 a.m., Michael Herstine wrote: > > clients/src/main/java/org/apache/kafka/common/network/SSLTransportLayer.java, > > line 65 > > <https://reviews.apache.org/r/33620/diff/8/?file=966806#file966806line65> > > > > Two questions: > > > > - is this initialized somewhere? > > - AFAICT it is a copy of the interest operations in the key... so why > > does it exist? > > - The reason behind this is while handshaking is going on we don't want external selector.send or reads set the interestBits. So while handshake happening we are storing the pending interest bits into this variable and once handshake is done we do key.interestOps(interestOps) - Sriharsha ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/33620/#review84235 ----------------------------------------------------------- On May 21, 2015, 5:37 p.m., Sriharsha Chintalapani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/33620/ > ----------------------------------------------------------- > > (Updated May 21, 2015, 5:37 p.m.) > > > Review request for kafka. > > > Bugs: KAFKA-1690 > https://issues.apache.org/jira/browse/KAFKA-1690 > > > Repository: kafka > > > Description > ------- > > KAFKA-1690. new java producer needs ssl support as a client. > > > KAFKA-1690. new java producer needs ssl support as a client. > > > KAFKA-1690. new java producer needs ssl support as a client. > > > KAFKA-1690. new java producer needs ssl support as a client. SSLFactory tests. > > > KAFKA-1690. new java producer needs ssl support as a client. Added > PrincipalBuilder. > > > KAFKA-1690. new java producer needs ssl support as a client. Addressing > reviews. > > > KAFKA-1690. new java producer needs ssl support as a client. Addressing > reviews. > > > KAFKA-1690. new java producer needs ssl support as a client. Addressing > reviews. > > > KAFKA-1690. new java producer needs ssl support as a client. Fixed minor > issues with the patch. > > > KAFKA-1690. new java producer needs ssl support as a client. Fixed minor > issues with the patch. > > > Diffs > ----- > > build.gradle cd2aa838fd53e8124f308979b1d70efe0c5725a6 > checkstyle/import-control.xml f2e6cec267e67ce8e261341e373718e14a8e8e03 > clients/src/main/java/org/apache/kafka/clients/ClientUtils.java > 0d68bf1e1e90fe9d5d4397ddf817b9a9af8d9f7a > clients/src/main/java/org/apache/kafka/clients/consumer/ConsumerConfig.java > bdff518b732105823058e6182f445248b45dc388 > clients/src/main/java/org/apache/kafka/clients/consumer/KafkaConsumer.java > d301be4709f7b112e1f3a39f3c04cfa65f00fa60 > clients/src/main/java/org/apache/kafka/clients/producer/KafkaProducer.java > 8e336a3aa96c73f52beaeb56b931baf4b026cf21 > clients/src/main/java/org/apache/kafka/clients/producer/ProducerConfig.java > 187d0004c8c46b6664ddaffecc6166d4b47351e5 > clients/src/main/java/org/apache/kafka/common/config/AbstractConfig.java > c4fa058692f50abb4f47bd344119d805c60123f5 > clients/src/main/java/org/apache/kafka/common/config/SecurityConfigs.java > PRE-CREATION > clients/src/main/java/org/apache/kafka/common/network/Authenticator.java > PRE-CREATION > clients/src/main/java/org/apache/kafka/common/network/Channel.java > PRE-CREATION > clients/src/main/java/org/apache/kafka/common/network/ChannelBuilder.java > PRE-CREATION > > clients/src/main/java/org/apache/kafka/common/network/DefaultAuthenticator.java > PRE-CREATION > > clients/src/main/java/org/apache/kafka/common/network/PlainTextChannelBuilder.java > PRE-CREATION > > clients/src/main/java/org/apache/kafka/common/network/PlainTextTransportLayer.java > PRE-CREATION > > clients/src/main/java/org/apache/kafka/common/network/SSLChannelBuilder.java > PRE-CREATION > clients/src/main/java/org/apache/kafka/common/network/SSLFactory.java > PRE-CREATION > > clients/src/main/java/org/apache/kafka/common/network/SSLTransportLayer.java > PRE-CREATION > clients/src/main/java/org/apache/kafka/common/network/Selectable.java > b5f8d83e89f9026dc0853e5f92c00b2d7f043e22 > clients/src/main/java/org/apache/kafka/common/network/Selector.java > 57de0585e5e9a53eb9dcd99cac1ab3eb2086a302 > clients/src/main/java/org/apache/kafka/common/network/TransportLayer.java > PRE-CREATION > > clients/src/main/java/org/apache/kafka/common/protocol/SecurityProtocol.java > dab1a94dd29563688b6ecf4eeb0e180b06049d3f > > clients/src/main/java/org/apache/kafka/common/security/auth/DefaultPrincipalBuilder.java > PRE-CREATION > > clients/src/main/java/org/apache/kafka/common/security/auth/KafkaPrincipal.java > PRE-CREATION > > clients/src/main/java/org/apache/kafka/common/security/auth/PrincipalBuilder.java > PRE-CREATION > clients/src/main/java/org/apache/kafka/common/utils/Utils.java > f73eedb030987f018d8446bb1dcd98d19fa97331 > clients/src/test/java/org/apache/kafka/common/network/EchoServer.java > PRE-CREATION > clients/src/test/java/org/apache/kafka/common/network/SSLFactoryTest.java > PRE-CREATION > clients/src/test/java/org/apache/kafka/common/network/SSLSelectorTest.java > PRE-CREATION > clients/src/test/java/org/apache/kafka/common/network/SelectorTest.java > d5b306b026e788b4e5479f3419805aa49ae889f3 > clients/src/test/java/org/apache/kafka/common/utils/UtilsTest.java > 2ebe3c21f611dc133a2dbb8c7dfb0845f8c21498 > clients/src/test/java/org/apache/kafka/test/TestSSLUtils.java PRE-CREATION > > Diff: https://reviews.apache.org/r/33620/diff/ > > > Testing > ------- > > > Thanks, > > Sriharsha Chintalapani > >
