Change in asterixdb[master]: [ASTERIXDB-2490][NET] Support Encrypted RMI Connections

Murtadha Hubail (Code Review) Mon, 17 Dec 2018 15:10:35 -0800

Murtadha Hubail has uploaded a new change for review.

  https://asterix-gerrit.ics.uci.edu/3093


Change subject: [ASTERIXDB-2490][NET] Support Encrypted RMI Connections
......................................................................

[ASTERIXDB-2490][NET] Support Encrypted RMI Connections

- user model changes: no
- storage format changes: no
- interface changes: yes

Details:
- Use RMIServer/ClientFactory in metadata node RMI connections
  to support both unencrypted and encrypted sockets.
- Add config getter to network security manager.

Change-Id: I11577b7d26d8002d4182255fee0dd769945ca389
---
M 
asterixdb/asterix-app/src/main/java/org/apache/asterix/app/nc/NCAppRuntimeContext.java
A 
asterixdb/asterix-metadata/src/main/java/org/apache/asterix/metadata/RMIClientFactory.java
A 
asterixdb/asterix-metadata/src/main/java/org/apache/asterix/metadata/RMIServerFactory.java
M 
hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityManager.java
M 
hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
5 files changed, 109 insertions(+), 1 deletion(-)


  git pull ssh://asterix-gerrit.ics.uci.edu:29418/asterixdb 
refs/changes/93/3093/1

diff --git 
a/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/nc/NCAppRuntimeContext.java
 
b/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/nc/NCAppRuntimeContext.java
index 8924512..d89004b 100644
--- 
a/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/nc/NCAppRuntimeContext.java
+++ 
b/asterixdb/asterix-app/src/main/java/org/apache/asterix/app/nc/NCAppRuntimeContext.java
@@ -66,6 +66,8 @@
 import org.apache.asterix.file.StorageComponentProvider;
 import org.apache.asterix.metadata.MetadataManager;
 import org.apache.asterix.metadata.MetadataNode;
+import org.apache.asterix.metadata.RMIClientFactory;
+import org.apache.asterix.metadata.RMIServerFactory;
 import org.apache.asterix.metadata.api.IAsterixStateProxy;
 import org.apache.asterix.metadata.api.IMetadataNode;
 import org.apache.asterix.metadata.bootstrap.MetadataBootstrap;
@@ -84,6 +86,7 @@
 import org.apache.hyracks.api.io.IPersistedResourceRegistry;
 import org.apache.hyracks.api.lifecycle.ILifeCycleComponent;
 import org.apache.hyracks.api.lifecycle.ILifeCycleComponentManager;
+import org.apache.hyracks.api.network.INetworkSecurityManager;
 import org.apache.hyracks.control.nc.NodeControllerService;
 import org.apache.hyracks.ipc.impl.HyracksConnection;
 import org.apache.hyracks.storage.am.lsm.common.api.ILSMIOOperationScheduler;
@@ -430,8 +433,13 @@
     @Override
     public synchronized void exportMetadataNodeStub() throws RemoteException {
         if (metadataNodeStub == null) {
+            final INetworkSecurityManager networkSecurityManager =
+                    
ncServiceContext.getControllerService().getNetworkSecurityManager();
+            final RMIServerFactory serverSocketFactory = new 
RMIServerFactory(networkSecurityManager);
+            final RMIClientFactory clientSocketFactory =
+                    new 
RMIClientFactory(networkSecurityManager.getConfiguration().isSslEnabled());
             metadataNodeStub = (IMetadataNode) 
UnicastRemoteObject.exportObject(MetadataNode.INSTANCE,
-                    getMetadataProperties().getMetadataPort());
+                    getMetadataProperties().getMetadataPort(), 
clientSocketFactory, serverSocketFactory);
         }
     }
 
diff --git 
a/asterixdb/asterix-metadata/src/main/java/org/apache/asterix/metadata/RMIClientFactory.java
 
b/asterixdb/asterix-metadata/src/main/java/org/apache/asterix/metadata/RMIClientFactory.java
new file mode 100644
index 0000000..b4f7190
--- /dev/null
+++ 
b/asterixdb/asterix-metadata/src/main/java/org/apache/asterix/metadata/RMIClientFactory.java
@@ -0,0 +1,44 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.asterix.metadata;
+
+import java.io.IOException;
+import java.io.Serializable;
+import java.net.Socket;
+import java.rmi.server.RMIClientSocketFactory;
+
+import javax.net.SocketFactory;
+import javax.net.ssl.SSLSocketFactory;
+
+public class RMIClientFactory implements RMIClientSocketFactory, Serializable {
+
+    private final boolean sslEnabled;
+
+    public RMIClientFactory(boolean sslEnabled) {
+        this.sslEnabled = sslEnabled;
+    }
+
+    public Socket createSocket(String host, int port) throws IOException {
+        if (sslEnabled) {
+            return SSLSocketFactory.getDefault().createSocket(host, port);
+        }
+        return SocketFactory.getDefault().createSocket();
+    }
+}
\ No newline at end of file
diff --git 
a/asterixdb/asterix-metadata/src/main/java/org/apache/asterix/metadata/RMIServerFactory.java
 
b/asterixdb/asterix-metadata/src/main/java/org/apache/asterix/metadata/RMIServerFactory.java
new file mode 100644
index 0000000..9506c5a
--- /dev/null
+++ 
b/asterixdb/asterix-metadata/src/main/java/org/apache/asterix/metadata/RMIServerFactory.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.asterix.metadata;
+
+import java.io.IOException;
+import java.net.ServerSocket;
+import java.rmi.server.RMIServerSocketFactory;
+
+import javax.net.ServerSocketFactory;
+
+import org.apache.hyracks.api.network.INetworkSecurityManager;
+
+public class RMIServerFactory implements RMIServerSocketFactory {
+
+    private final INetworkSecurityManager securityManager;
+
+    public RMIServerFactory(INetworkSecurityManager securityManager) {
+        this.securityManager = securityManager;
+    }
+
+    @Override
+    public ServerSocket createServerSocket(int port) throws IOException {
+        if (securityManager.getConfiguration().isSslEnabled()) {
+            return 
securityManager.newSSLContext().getServerSocketFactory().createServerSocket(port);
+        }
+        return ServerSocketFactory.getDefault().createServerSocket(port);
+    }
+}
diff --git 
a/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityManager.java
 
b/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityManager.java
index 9dc6960..2cdf525 100644
--- 
a/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityManager.java
+++ 
b/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityManager.java
@@ -50,4 +50,11 @@
      * @return the socket channel factory
      */
     ISocketChannelFactory getSocketChannelFactory();
+
+    /**
+     * Gets the current configuration of this {@link INetworkSecurityManager}
+     *
+     * @return the current configuration
+     */
+    INetworkSecurityConfig getConfiguration();
 }
\ No newline at end of file
diff --git 
a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
 
b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
index ed25f41..158a5e9 100644
--- 
a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
+++ 
b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
@@ -84,6 +84,11 @@
     }
 
     @Override
+    public INetworkSecurityConfig getConfiguration() {
+        return config;
+    }
+
+    @Override
     public void setConfiguration(INetworkSecurityConfig config) {
         this.config = config;
     }

-- 
To view, visit https://asterix-gerrit.ics.uci.edu/3093
To unsubscribe, visit https://asterix-gerrit.ics.uci.edu/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I11577b7d26d8002d4182255fee0dd769945ca389
Gerrit-PatchSet: 1
Gerrit-Project: asterixdb
Gerrit-Branch: master
Gerrit-Owner: Murtadha Hubail <[email protected]>

Change in asterixdb[master]: [ASTERIXDB-2490][NET] Support Encrypted RMI Connections

Reply via email to