bschuchardt commented on a change in pull request #6063:
URL: https://github.com/apache/geode/pull/6063#discussion_r587889010
##########
File path:
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
##########
@@ -527,10 +542,6 @@
final long tilt = System.currentTimeMillis() + timeLimitMillis;
if (isSelector()) {
- if (socketCreator.forCluster().useSSL()) {
Review comment:
It's fantastic to see this restriction lifted
##########
File path:
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
##########
@@ -1115,7 +1126,7 @@ private void runSelectorLoop() {
keysIterator.remove();
final ServerConnection sc = (ServerConnection) key.attachment();
try {
- if (key.isValid() && key.isReadable()) {
+ if (key.isValid() && (key.isReadable() || key.isWritable())) {
Review comment:
Why do we want the isWritable() check?
##########
File path:
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/Message.java
##########
@@ -1160,10 +1220,119 @@ public void receive() throws IOException {
public void receive(ServerConnection sc, int maxMessageLength, Semaphore
dataLimiter,
Semaphore msgLimiter) throws IOException {
this.serverConnection = sc;
+ if (sc.getSSLEngine() != null) {
+ setSslEngine(sc.getSSLEngine());
+ }
this.maxIncomingMessageLength = maxMessageLength;
this.dataLimiter = dataLimiter;
this.messageLimiter = msgLimiter;
receive();
}
+ public void setSslEngine(NioSslEngine sslEngine) {
+ this.sslEngine = sslEngine;
+ }
+
+ private void readWrappedHeaders(ByteBuffer cb) throws IOException {
+ int bytesRead = this.socketChannel.read(cb);
+ if (bytesRead == -1) {
+ throw new EOFException(
+ "The connection has been reset while reading the header");
+ }
+ cb.flip();
+ try (final ByteBufferSharing outputSharing = sslEngine.unwrap(cb)) {
+ if (this.messageStats != null) {
+
this.messageStats.incReceivedBytes(outputSharing.getBuffer().remaining());
+ }
+ }
+
+ }
+
+ private void readUnwrappedPayloadFields(int numParts, int readSecurePart,
int bytesRemaining)
+ throws IOException {
+
+ final ByteBuffer cb = getCommBuffer();
+
+ ByteBuffer unwrapbuffer;
+ try (final ByteBufferSharing sharedBuffer =
this.sslEngine.getUnwrappedBuffer()) {
+ unwrapbuffer = sharedBuffer.getBuffer();
+ }
+
+ for (int i = 0; i < numParts + readSecurePart
+ || readSecurePart == 1 && unwrapbuffer.remaining() > 0; i++) {
+ int bytesReadThisTime = readUnwrappedPartChunk(bytesRemaining);
+ bytesRemaining -= bytesReadThisTime;
+
+ Part part;
+
+ if (i < numParts) {
+ part = this.partsList[i];
+ } else {
+ part = this.securePart;
+ }
+
+ int partLen = unwrapbuffer.getInt();
+ byte partType = unwrapbuffer.get();
+ byte[] partBytes;
+
+ if (partLen > 0) {
+ partBytes = new byte[partLen];
+ int alreadyReadBytes = unwrapbuffer.remaining();
+ if (alreadyReadBytes > 0) {
+ if (partLen < alreadyReadBytes) {
+ alreadyReadBytes = partLen;
+ }
+ unwrapbuffer.get(partBytes, 0, alreadyReadBytes);
+ }
+
+ // now we need to read partLen - alreadyReadBytes off the wire
+ int off = alreadyReadBytes;
+ int remaining = partLen - off;
+
+ if (remaining > 0) {
+
+ this.sslEngine.ensureWrappedCapacity(remaining, cb,
+ BufferPool.BufferType.TRACKED_RECEIVER);
Review comment:
This overloads the DMStats statistic. The descriptions of the buffer
stats should be updated to reflect that cache server use of buffers is now
included.
##########
File path:
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
##########
@@ -1550,12 +1568,63 @@ public void refuseHandshake(OutputStream out, String
message, byte exception) th
out.flush();
}
- private boolean handOffQueueInitialization(Socket socket, CommunicationMode
communicationMode) {
+ @Override
+ public void refuseHandshake(OutputStream out, String message, byte exception,
+ NioSslEngine sslEngine, Socket socket) throws IOException {
+ if (sslEngine == null) {
+ refuseHandshake(out, message, exception);
+ return;
+ }
+ try (ByteBufferOutputStream bbos =
+ new ByteBufferOutputStream(sslEngine.getPacketBufferSize())) {
+
+ DataOutputStream dos = new DataOutputStream(bbos);
+
+ // Write refused reply
+ dos.writeByte(exception);
+
+ // write dummy endpointType
+ dos.writeByte(0);
+ // write dummy queueSize
+ dos.writeInt(0);
+
+ // Write the server's member
+ HeapDataOutputStream memberDos = new
HeapDataOutputStream(KnownVersion.CURRENT);
+ DataSerializer.writeObject(member, memberDos);
+ DataSerializer.writeByteArray(memberDos.toByteArray(), dos);
+ memberDos.close();
+
+ // Write the refusal message
+ if (message == null) {
+ message = "";
+ }
+ dos.writeUTF(message);
+
+ // Write dummy delta-propagation property value. This will never be read
at
+ // receiver because the exception byte above will cause the receiver code
+ // throw an exception before the below byte could be read.
+ dos.writeBoolean(Boolean.TRUE);
+
+ bbos.flush();
+ ByteBuffer buffer = bbos.getContentBuffer();
+ try (final ByteBufferSharing outputSharing = sslEngine.wrap(buffer)) {
+ final ByteBuffer wrappedBuffer = outputSharing.getBuffer();
+ if (socket != null) {
Review comment:
Is this null check really needed? If there's a sslEngine there ought to
be a socket as well.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
