giraph-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [giraph] atanu1991 commented on a change in pull request #150: GIRAPH-1251: Add SSLHandler for all Netty Communication (Initial diff)
Date Mon, 03 May 2021 23:38:48 GMT

atanu1991 commented on a change in pull request #150:
URL: https://github.com/apache/giraph/pull/150#discussion_r625431757



##########
File path: giraph-core/src/main/java/org/apache/giraph/comm/netty/NettySSLHandler.java
##########
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.giraph.comm.netty;
+
+import io.netty.buffer.ByteBufAllocator;
+import io.netty.channel.Channel;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslHandler;
+import io.netty.util.concurrent.Future;
+import org.apache.giraph.conf.ImmutableClassesGiraphConfiguration;
+import org.apache.log4j.Logger;
+
+import javax.net.ssl.SSLException;
+
+/**
+ * Utility class for all SSL related functions
+ */
+public class NettySSLHandler
+{
+  /** Class Logger */
+  private static final Logger LOG = Logger.getLogger(NettySSLHandler.class);
+  /** Client or Server */
+  private boolean client;
+  /** Giraph Configuration */
+  private ImmutableClassesGiraphConfiguration conf;
+  /** SSL Event Handler interface */
+  private SSLEventHandler sslEventHandler;
+
+  /**
+   * Constructor
+   *
+   * @param client client/server for which the ssl handler needs to be created
+   * @param conf configuration object
+   */
+  public NettySSLHandler(
+    boolean client, ImmutableClassesGiraphConfiguration conf) {
+    this.client = client;
+    this.conf = conf;
+    sslEventHandler = conf.createSSLEventHandler();
+  }
+
+  /**
+   * Build the client or server SSL Context, create new SSL handler,
+   * add a listener function to onSslHandshakeComplete and return
+   *
+   * @param allocator ByteBufAllocator of the channel
+   *
+   * @throws SSLException
+   *
+   * @return The SSL Handler object
+   */
+  public SslHandler getSslHandler(ByteBufAllocator allocator)
+      throws SSLException
+  {
+    SslContext sslContext = new SslConfig.Builder(this.client, this.conf)
+        .verifyMode(SslConfig.VerifyMode.VERIFY_REQ_CLIENT_CERT)
+        .build()
+        .buildSslContext();
+    SslHandler handler = sslContext.newHandler(allocator);
+    handler.handshakeFuture().addListener(
+        f -> onSslHandshakeComplete(f, handler));
+    return handler;
+  }
+
+  /**
+   * Build the client or server SSL Context, create new SSL handler,
+   * add a listener function to onSslHandshakeComplete and return
+   *
+   * @param future Future object to be notified once handshake completes
+   * @param sslHandler SslHandler object
+   *
+   * @throws Exception
+   */
+  private void onSslHandshakeComplete(
+      Future<? super Channel> future,
+        SslHandler sslHandler) throws Exception
+  {
+    if (!future.isSuccess()) {
+      throw new SSLException("SSL Handshake failure", future.cause());
+    }
+    if (sslEventHandler != null) {

Review comment:
       Its not necessary to have sslEventHandler (onSslHandshakeComplete) event defined. Its
required for facebook use case where we need to do custom authn and authz. If you want the
default behavior then do nothing on onSslHandshakeComplete. So sslEventHandler is null by
default




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message