You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by cl...@apache.org on 2021/04/15 12:31:43 UTC
[activemq-artemis] branch main updated: ARTEMIS-3117 - tackle the
root cause of the scale issue with the netty ssl acceptor,
the creation of an sslcontext per connetion, since ARTEMIS-400
This is an automated email from the ASF dual-hosted git repository.
clebertsuconic pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new 64f5761 ARTEMIS-3117 - tackle the root cause of the scale issue with the netty ssl acceptor, the creation of an sslcontext per connetion, since ARTEMIS-400
new 28fbc2e This closes #3544
64f5761 is described below
commit 64f57617673b151c2ae0c8bbcc4ca096c185aa7a
Author: gtully <ga...@gmail.com>
AuthorDate: Wed Apr 14 14:55:48 2021 +0100
ARTEMIS-3117 - tackle the root cause of the scale issue with the netty ssl acceptor, the creation of an sslcontext per connetion, since ARTEMIS-400
---
.../core/remoting/impl/netty/NettyAcceptor.java | 43 +++++++++++++---------
1 file changed, 25 insertions(+), 18 deletions(-)
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
index 8b76cbe..6a31efa 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java
@@ -241,6 +241,8 @@ public class NettyAcceptor extends AbstractAcceptor {
final Executor failureExecutor;
+ private volatile Object providerAgnosticSslContext;
+
public NettyAcceptor(final String name,
final ClusterConnection clusterConnection,
final Map<String, Object> configuration,
@@ -333,6 +335,7 @@ public class NettyAcceptor extends AbstractAcceptor {
.trustManagerFactoryPlugin(trustManagerFactoryPlugin)
.crlPath(crlPath)
.build();
+ providerAgnosticSslContext = loadSSLContext();
} else {
keyStoreProvider = TransportConstants.DEFAULT_KEYSTORE_PROVIDER;
keyStoreType = TransportConstants.DEFAULT_KEYSTORE_TYPE;
@@ -371,6 +374,20 @@ public class NettyAcceptor extends AbstractAcceptor {
autoStart = ConfigurationHelper.getBooleanProperty(TransportConstants.AUTO_START, TransportConstants.DEFAULT_AUTO_START, configuration);
}
+ private Object loadSSLContext() {
+ checkSSLConfiguration();
+ try {
+ if (TransportConstants.OPENSSL_PROVIDER.equals(sslProvider)) {
+ return OpenSSLContextFactoryProvider.getOpenSSLContextFactory().getServerSslContext(sslContextConfig, configuration);
+ } else {
+ return SSLContextFactoryProvider.getSSLContextFactory().getSSLContext(sslContextConfig, configuration);
+ }
+ } catch (Exception e) {
+ IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port, e);
+ throw ise;
+ }
+ }
+
@Override
public synchronized void start() throws Exception {
if (channelClazz != null) {
@@ -434,8 +451,8 @@ public class NettyAcceptor extends AbstractAcceptor {
@Override
public void initChannel(Channel channel) throws Exception {
ChannelPipeline pipeline = channel.pipeline();
- Pair<String, Integer> peerInfo = getPeerInfo(channel);
if (sslEnabled) {
+ final Pair<String, Integer> peerInfo = getPeerInfo(channel);
try {
pipeline.addLast("ssl", getSslHandler(channel.alloc(), peerInfo.getA(), peerInfo.getB()));
pipeline.addLast("sslHandshakeExceptionHandler", new SslHandshakeExceptionHandler());
@@ -563,10 +580,14 @@ public class NettyAcceptor extends AbstractAcceptor {
serverChannelGroup.clear();
+ if (sslEnabled) {
+ providerAgnosticSslContext = loadSSLContext();
+ }
+
startServerChannels();
}
- public synchronized SslHandler getSslHandler(ByteBufAllocator alloc, String peerHost, int peerPort) throws Exception {
+ public SslHandler getSslHandler(ByteBufAllocator alloc, String peerHost, int peerPort) throws Exception {
SSLEngine engine;
if (TransportConstants.OPENSSL_PROVIDER.equals(sslProvider)) {
engine = loadOpenSslEngine(alloc, peerHost, peerPort);
@@ -641,14 +662,7 @@ public class NettyAcceptor extends AbstractAcceptor {
}
private SSLEngine loadJdkSslEngine(String peerHost, int peerPort) throws Exception {
- final SSLContext context;
- try {
- checkSSLConfiguration();
- context = SSLContextFactoryProvider.getSSLContextFactory().getSSLContext(sslContextConfig, configuration);
- } catch (Exception e) {
- IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port, e);
- throw ise;
- }
+ final SSLContext context = (SSLContext) providerAgnosticSslContext;
Subject subject = null;
if (kerb5Config != null) {
LoginContext loginContext = new LoginContext(kerb5Config);
@@ -679,14 +693,7 @@ public class NettyAcceptor extends AbstractAcceptor {
}
private SSLEngine loadOpenSslEngine(ByteBufAllocator alloc, String peerHost, int peerPort) throws Exception {
- final SslContext context;
- try {
- checkSSLConfiguration();
- context = OpenSSLContextFactoryProvider.getOpenSSLContextFactory().getServerSslContext(sslContextConfig, configuration);
- } catch (Exception e) {
- IllegalStateException ise = new IllegalStateException("Unable to create NettyAcceptor for " + host + ":" + port, e);
- throw ise;
- }
+ final SslContext context = (SslContext) providerAgnosticSslContext;
Subject subject = null;
if (kerb5Config != null) {
LoginContext loginContext = new LoginContext(kerb5Config);