[GitHub] drill pull request #950: DRILL-5431: SSL Support

Thu, 21 Sep 2017 20:47:34 -0700 

Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/950#discussion_r140132632
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/rpc/user/UserClient.java ---
    @@ -102,19 +115,78 @@
       // these are used for authentication
       private volatile List<String> serverAuthMechanisms = null;
       private volatile boolean authComplete = true;
    +  private SSLConfig sslConfig;
    +  private Channel sslChannel;
    +  private DrillbitEndpoint endpoint;
     
       public UserClient(String clientName, DrillConfig config, boolean 
supportComplexTypes,
    -      BufferAllocator allocator, EventLoopGroup eventLoopGroup, Executor 
eventExecutor) {
    -    super(
    -        UserRpcConfig.getMapping(config, eventExecutor),
    -        allocator.getAsByteBufAllocator(),
    -        eventLoopGroup,
    -        RpcType.HANDSHAKE,
    -        BitToUserHandshake.class,
    -        BitToUserHandshake.PARSER);
    +      BufferAllocator allocator, EventLoopGroup eventLoopGroup, Executor 
eventExecutor,
    +      DrillbitEndpoint endpoint) throws NonTransientRpcException {
    +    super(UserRpcConfig.getMapping(config, eventExecutor), 
allocator.getAsByteBufAllocator(),
    +        eventLoopGroup, RpcType.HANDSHAKE, BitToUserHandshake.class, 
BitToUserHandshake.PARSER);
    +    this.endpoint = endpoint; // save the endpoint; it might be needed by 
SSL init.
         this.clientName = clientName;
         this.allocator = allocator;
         this.supportComplexTypes = supportComplexTypes;
    +    this.sslChannel = null;
    +    try {
    +      this.sslConfig = new 
SSLConfigBuilder().config(config).mode(SSLFactory.Mode.CLIENT)
    +          .initializeSSLContext(true).validateKeyStore(false).build();
    +    } catch (DrillException e) {
    --- End diff --
    
    So based on comment in previous commit if we don't pass the info object 
which contains the Connection URL parameters inside DrillConfig to keep both 
separate then that will work well here as well. We can do the following:
    
    1) Add a method in SSLConfigBuilder to accept Properties type config as 
well not just DrillConfig.
    2) For SSLFactory.Mode.CLIENT we will always pass an instance of Properties 
type config whereas for SSLFactory.Mode.SERVER we will always pass an instance 
of DrillConfig. This check can be enforced inside the builder.build()
    3) Inside build() method when mode is client we are referencing all the 
DrillProperties inside DrillConfig which actually is part of the instance of 
Properties object passed to connect call. But with above change it will be 
consistent.


---

Reply via email to