Github user sohami commented on a diff in the pull request:
https://github.com/apache/drill/pull/950#discussion_r140394583
--- Diff:
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserClient.java ---
@@ -102,19 +115,78 @@
// these are used for authentication
private volatile List<String> serverAuthMechanisms = null;
private volatile boolean authComplete = true;
+ private SSLConfig sslConfig;
+ private Channel sslChannel;
+ private DrillbitEndpoint endpoint;
public UserClient(String clientName, DrillConfig config, boolean
supportComplexTypes,
- BufferAllocator allocator, EventLoopGroup eventLoopGroup, Executor
eventExecutor) {
- super(
- UserRpcConfig.getMapping(config, eventExecutor),
- allocator.getAsByteBufAllocator(),
- eventLoopGroup,
- RpcType.HANDSHAKE,
- BitToUserHandshake.class,
- BitToUserHandshake.PARSER);
+ BufferAllocator allocator, EventLoopGroup eventLoopGroup, Executor
eventExecutor,
+ DrillbitEndpoint endpoint) throws NonTransientRpcException {
+ super(UserRpcConfig.getMapping(config, eventExecutor),
allocator.getAsByteBufAllocator(),
+ eventLoopGroup, RpcType.HANDSHAKE, BitToUserHandshake.class,
BitToUserHandshake.PARSER);
+ this.endpoint = endpoint; // save the endpoint; it might be needed by
SSL init.
this.clientName = clientName;
this.allocator = allocator;
this.supportComplexTypes = supportComplexTypes;
+ this.sslChannel = null;
+ try {
+ this.sslConfig = new
SSLConfigBuilder().config(config).mode(SSLFactory.Mode.CLIENT)
+ .initializeSSLContext(true).validateKeyStore(false).build();
+ } catch (DrillException e) {
+ throw new NonTransientRpcException(e.getMessage());
+ }
+
+ }
+
+ @Override protected void setupSSL(ChannelPipeline pipe,
+ ConnectionMultiListener.SSLHandshakeListener sslHandshakeListener) {
+ if (sslConfig.isUserSslEnabled()) {
+
+ String peerHost = endpoint.getAddress();
+ int peerPort = endpoint.getUserPort();
+ SSLEngine sslEngine = sslConfig.createSSLEngine(allocator, peerHost,
peerPort);
+
+ if (!sslConfig.disableHostVerification()) {
+ SSLParameters sslParameters = sslEngine.getSSLParameters();
+ // only available since Java 7
+ sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+ sslEngine.setSSLParameters(sslParameters);
+ }
+
+ sslEngine.setUseClientMode(true);
+
+ // set Security property jdk.certpath.disabledAlgorithms to disable
specific ssl algorithms
+ sslEngine.setEnabledProtocols(sslEngine.getEnabledProtocols());
+
+ // set Security property jdk.tls.disabledAlgorithms to disable
specific cipher suites
+ sslEngine.setEnabledCipherSuites(sslEngine.getEnabledCipherSuites());
+ sslEngine.setEnableSessionCreation(true);
+
+ // Add SSL handler into pipeline
+ SslHandler sslHandler = new SslHandler(sslEngine);
+
sslHandler.setHandshakeTimeoutMillis(sslConfig.getHandshakeTimeout());
+
+ // Add a listener for SSL Handshake complete. The Drill client
handshake will be enabled only
+ // after this is done.
+ sslHandler.handshakeFuture().addListener(sslHandshakeListener);
+ pipe.addFirst(RpcConstants.SSL_HANDLER, sslHandler);
+ }
+ logger.debug(sslConfig.toString());
+ }
+
+ @Override protected boolean isSslEnabled() {
+ return sslConfig.isUserSslEnabled();
+ }
+
+ @Override public void setSslChannel(Channel c) {
+ sslChannel = c;
+ return;
--- End diff --
_return_ not required
---
