[
https://issues.apache.org/jira/browse/DRILL-4335?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15957875#comment-15957875
]
ASF GitHub Bot commented on DRILL-4335:
---------------------------------------
Github user sudheeshkatkam commented on a diff in the pull request:
https://github.com/apache/drill/pull/773#discussion_r109974828
--- Diff:
exec/rpc/src/main/java/org/apache/drill/exec/rpc/AbstractRemoteConnection.java
---
@@ -224,4 +237,67 @@ public void close() {
}
}
+ /**
+ * Helps to add all the required security handler's after negotiation
for encryption is completed.
+ * <p>
+ * Handler's that are added are:
+ * <li> SaslDecryptionHandler
+ * <li> LengthFieldBasedFrameDecoder Handler
+ * <li> SaslEncryptionHandler
+ * <li> ChunkCreationHandler
+ * </p>
+ * <p>
+ * If encryption is enabled ChunkCreationHandler is always added
irrespective of chunkMode enabled or not.
+ * This helps to make a generic encryption handler.
+ * </p>
+ */
+ @Override
+ public void addSecurityHandlers() {
+
+ final ChannelPipeline channelPipeline = getChannel().pipeline();
+ channelPipeline.addFirst("SaslDecryptionHandler", new
SaslDecryptionHandler(saslBackend, getWrappedChunkSize(),
+ OutOfMemoryHandler.DEFAULT_INSTANCE));
+
+ channelPipeline.addFirst("Length-Decoder",
+ new LengthFieldBasedFrameDecoder(ByteOrder.BIG_ENDIAN,
Integer.MAX_VALUE,
+ RpcConstants.LENGTH_FIELD_OFFSET,
RpcConstants.LENGTH_FIELD_LENGTH, RpcConstants.LENGTH_ADJUSTMENT,
+ RpcConstants.INITIAL_BYTES_TO_STRIP, true));
+
+ channelPipeline.addAfter("message-decoder", "SaslEncryptionHandler",
+ new SaslEncryptionHandler(saslBackend,
encryptionContext.getMaxRawWrapSendSize(),
+ OutOfMemoryHandler.DEFAULT_INSTANCE));
+
+ channelPipeline.addAfter("SaslEncryptionHandler",
"ChunkCreationHandler",
+ new ChunkCreationHandler("ChunkCreatorHandler",
encryptionContext.getMaxRawWrapSendSize()));
+ }
+
+ public void setEncrypted(boolean encrypted) {
--- End diff --
maybe `getEncryptionContext` to avoid delegating setters and getters?
> Apache Drill should support network encryption
> ----------------------------------------------
>
> Key: DRILL-4335
> URL: https://issues.apache.org/jira/browse/DRILL-4335
> Project: Apache Drill
> Issue Type: New Feature
> Reporter: Keys Botzum
> Assignee: Sorabh Hamirwasia
> Labels: security
> Attachments: ApacheDrillEncryptionUsingSASLDesign.pdf
>
>
> This is clearly related to Drill-291 but wanted to make explicit that this
> needs to include network level encryption and not just authentication. This
> is particularly important for the client connection to Drill which will often
> be sending passwords in the clear until there is encryption.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
