You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by sb...@apache.org on 2017/04/24 15:04:00 UTC

[37/50] [abbrv] ignite git commit: ignite-3054 - SSL fix

ignite-3054 - SSL fix


Project: http://git-wip-us.apache.org/repos/asf/ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/9814a9d8
Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/9814a9d8
Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/9814a9d8

Branch: refs/heads/ignite-3054
Commit: 9814a9d855dab71583fb4371f444ec086efdfcb8
Parents: e9c30f8
Author: dkarachentsev <dk...@gridgain.com>
Authored: Wed Dec 14 13:40:11 2016 +0300
Committer: dkarachentsev <dk...@gridgain.com>
Committed: Wed Dec 14 13:40:11 2016 +0300

----------------------------------------------------------------------
 .../util/nio/ssl/BlockingSslHandler.java        | 82 ++++----------------
 1 file changed, 13 insertions(+), 69 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ignite/blob/9814a9d8/modules/core/src/main/java/org/apache/ignite/internal/util/nio/ssl/BlockingSslHandler.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/util/nio/ssl/BlockingSslHandler.java b/modules/core/src/main/java/org/apache/ignite/internal/util/nio/ssl/BlockingSslHandler.java
index 899dc13..047fb6e 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/util/nio/ssl/BlockingSslHandler.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/util/nio/ssl/BlockingSslHandler.java
@@ -139,6 +139,8 @@ public class BlockingSslHandler {
 
         boolean loop = true;
 
+        SSLEngineResult unwrapRes = null;
+
         while (loop) {
             switch (handshakeStatus) {
                 case NOT_HANDSHAKING:
@@ -157,11 +159,11 @@ public class BlockingSslHandler {
                 }
 
                 case NEED_UNWRAP: {
-                    Status status = unwrapHandshake();
+                    unwrapRes = unwrapHandshake(unwrapRes);
 
                     handshakeStatus = sslEngine.getHandshakeStatus();
 
-                    if (status == BUFFER_UNDERFLOW && sslEngine.isInboundDone())
+                    if (unwrapRes.getStatus() == BUFFER_UNDERFLOW && sslEngine.isInboundDone())
                         // Either there is no enough data in buffer or session was closed.
                         loop = false;
 
@@ -372,28 +374,19 @@ public class BlockingSslHandler {
      * @throws SSLException If SSL exception occurred while unwrapping.
      * @throws GridNioException If failed to pass event to the next filter.
      */
-    private Status unwrapHandshake() throws SSLException, IgniteCheckedException {
-        final int pos = inNetBuf.position();
-
-        // Try to unwrap data already available in buffer.
-        SSLEngineResult res = tryUnwrap();
-
-        if (handshakeStatus == NEED_UNWRAP)
+    private SSLEngineResult unwrapHandshake(SSLEngineResult prevRes) throws SSLException, IgniteCheckedException {
+        // Avoid blocking on reading if there unprocessed data left in input buffer.
+        if (inNetBuf.position() == 0 || prevRes.getStatus() != OK)
             readFromNet();
 
-        if (res == null || handshakeStatus == NEED_UNWRAP) {
-            // Flip input buffer so we can read the collected data.
-            inNetBuf.flip();
-
-            // Must restore position after tryUnwrap()
-            inNetBuf.position(pos);
+        // Flip input buffer so we can read the collected data.
+        inNetBuf.flip();
 
-            res = unwrap0();
+        SSLEngineResult res = unwrap0();
 
-            handshakeStatus = res.getHandshakeStatus();
+        handshakeStatus = res.getHandshakeStatus();
 
-            checkStatus(res);
-        }
+        checkStatus(res);
 
         // If handshake finished, no data was produced, and the status is still ok,
         // try to unwrap more
@@ -416,39 +409,6 @@ public class BlockingSslHandler {
             // prepare to be written again
             inNetBuf.compact();
 
-        return res.getStatus();
-    }
-
-    /**
-     * Try to unwrap data left in buffer. If that data was not enough,
-     * position must be restored after reading data from network.
-     * <p>
-     *     This method was made for cases when all required data already read and next reading
-     *     from channel with block thread indefinitely.
-     * </p>
-     *
-     * @return SSLEngineResult after unwrap.
-     * @throws SSLException If failed.
-     */
-    private SSLEngineResult tryUnwrap() throws SSLException {
-        final int pos = inNetBuf.position();
-        final int lim = inNetBuf.limit();
-
-        // Nothing to unwrap.
-        if (pos == 0)
-            return null;
-
-        inNetBuf.flip();
-
-        final SSLEngineResult res = unwrap0();
-
-        handshakeStatus = res.getHandshakeStatus();
-
-        if (handshakeStatus == NEED_UNWRAP) {
-            inNetBuf.position(pos);
-            inNetBuf.limit(lim);
-        }
-
         return res;
     }
 
@@ -545,7 +505,7 @@ public class BlockingSslHandler {
     }
 
     /**
-     * Copies data from out net buffer and passes it to the underlying chain.
+     * Copies data from out net buffer and passes it to the underlying channel.
      *
      * @throws GridNioException If send failed.
      */
@@ -578,22 +538,6 @@ public class BlockingSslHandler {
     }
 
     /**
-     * Copies the given byte buffer.
-     *
-     * @param original Byte buffer to copy.
-     * @return Copy of the original byte buffer.
-     */
-    private ByteBuffer copy(ByteBuffer original) {
-        ByteBuffer cp = ByteBuffer.allocate(original.remaining());
-
-        cp.put(original);
-
-        cp.flip();
-
-        return cp;
-    }
-
-    /**
      * Get SSLEngine instance.
      *
      * @return SSLEngine instance.