You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by gi...@apache.org on 2018/08/11 14:49:12 UTC
[01/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Repository: hbase-site
Updated Branches:
refs/heads/asf-site 828b7ec27 -> 10a20a245
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/downloads.html
----------------------------------------------------------------------
diff --git a/downloads.html b/downloads.html
index 0e257eb..841570c 100644
--- a/downloads.html
+++ b/downloads.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Apache HBase Downloads</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -423,7 +423,7 @@ under the License. -->
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/export_control.html
----------------------------------------------------------------------
diff --git a/export_control.html b/export_control.html
index 782b920..86da97c 100644
--- a/export_control.html
+++ b/export_control.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase –
Export Control
@@ -331,7 +331,7 @@ for more details.</p>
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/index.html
----------------------------------------------------------------------
diff --git a/index.html b/index.html
index 7472ae0..6fe5e6c 100644
--- a/index.html
+++ b/index.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Apache HBase™ Home</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -411,7 +411,7 @@ Apache HBase is an open-source, distributed, versioned, non-relational database
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/integration.html
----------------------------------------------------------------------
diff --git a/integration.html b/integration.html
index 0e97d03..6ce181d 100644
--- a/integration.html
+++ b/integration.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – CI Management</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -291,7 +291,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/issue-tracking.html
----------------------------------------------------------------------
diff --git a/issue-tracking.html b/issue-tracking.html
index f9cee6a..5954a52 100644
--- a/issue-tracking.html
+++ b/issue-tracking.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Issue Management</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -288,7 +288,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/license.html
----------------------------------------------------------------------
diff --git a/license.html b/license.html
index c44acb5..4e41028 100644
--- a/license.html
+++ b/license.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Project Licenses</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -491,7 +491,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/mail-lists.html
----------------------------------------------------------------------
diff --git a/mail-lists.html b/mail-lists.html
index 2ccbbbe..1d8b025 100644
--- a/mail-lists.html
+++ b/mail-lists.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Project Mailing Lists</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -341,7 +341,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/metrics.html
----------------------------------------------------------------------
diff --git a/metrics.html b/metrics.html
index cbe14b8..26a1895 100644
--- a/metrics.html
+++ b/metrics.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase –
Apache HBase (TM) Metrics
@@ -459,7 +459,7 @@ export HBASE_REGIONSERVER_OPTS="$HBASE_JMX_OPTS -Dcom.sun.management.jmxrem
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/old_news.html
----------------------------------------------------------------------
diff --git a/old_news.html b/old_news.html
index f6a616d..307ff8c 100644
--- a/old_news.html
+++ b/old_news.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase –
Old Apache HBase (TM) News
@@ -440,7 +440,7 @@ under the License. -->
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/plugin-management.html
----------------------------------------------------------------------
diff --git a/plugin-management.html b/plugin-management.html
index fb348a3..0240672 100644
--- a/plugin-management.html
+++ b/plugin-management.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Project Plugin Management</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -440,7 +440,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/plugins.html
----------------------------------------------------------------------
diff --git a/plugins.html b/plugins.html
index d41583a..a2ae9c4 100644
--- a/plugins.html
+++ b/plugins.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Project Plugins</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -375,7 +375,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/poweredbyhbase.html
----------------------------------------------------------------------
diff --git a/poweredbyhbase.html b/poweredbyhbase.html
index 522d330..691a76e 100644
--- a/poweredbyhbase.html
+++ b/poweredbyhbase.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Powered By Apache HBase</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -769,7 +769,7 @@ under the License. -->
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/project-info.html
----------------------------------------------------------------------
diff --git a/project-info.html b/project-info.html
index 50a6946..9f2532c 100644
--- a/project-info.html
+++ b/project-info.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Project Information</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -335,7 +335,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/project-reports.html
----------------------------------------------------------------------
diff --git a/project-reports.html b/project-reports.html
index 4291beb..79bd8b5 100644
--- a/project-reports.html
+++ b/project-reports.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Generated Reports</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -305,7 +305,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/project-summary.html
----------------------------------------------------------------------
diff --git a/project-summary.html b/project-summary.html
index b784593..3148693 100644
--- a/project-summary.html
+++ b/project-summary.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Project Summary</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -331,7 +331,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/pseudo-distributed.html
----------------------------------------------------------------------
diff --git a/pseudo-distributed.html b/pseudo-distributed.html
index e534bd6..a8a3628 100644
--- a/pseudo-distributed.html
+++ b/pseudo-distributed.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase –
Running Apache HBase (TM) in pseudo-distributed mode
@@ -308,7 +308,7 @@ under the License. -->
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/replication.html
----------------------------------------------------------------------
diff --git a/replication.html b/replication.html
index f8d5c3d..362307d 100644
--- a/replication.html
+++ b/replication.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase –
Apache HBase (TM) Replication
@@ -303,7 +303,7 @@ under the License. -->
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/resources.html
----------------------------------------------------------------------
diff --git a/resources.html b/resources.html
index f1306e9..35434e2 100644
--- a/resources.html
+++ b/resources.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Other Apache HBase (TM) Resources</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -331,7 +331,7 @@ under the License. -->
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/source-repository.html
----------------------------------------------------------------------
diff --git a/source-repository.html b/source-repository.html
index f6d1c91..735bfd5 100644
--- a/source-repository.html
+++ b/source-repository.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Source Code Management</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -299,7 +299,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/sponsors.html
----------------------------------------------------------------------
diff --git a/sponsors.html b/sponsors.html
index 9935a77..b5ac552 100644
--- a/sponsors.html
+++ b/sponsors.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Apache HBase Sponsors</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -333,7 +333,7 @@ under the License. -->
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/supportingprojects.html
----------------------------------------------------------------------
diff --git a/supportingprojects.html b/supportingprojects.html
index 0882eda..6eec71c 100644
--- a/supportingprojects.html
+++ b/supportingprojects.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Supporting Projects</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -520,7 +520,7 @@ under the License. -->
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/team-list.html
----------------------------------------------------------------------
diff --git a/team-list.html b/team-list.html
index 7986d56..86360cc 100644
--- a/team-list.html
+++ b/team-list.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Project Team</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -742,7 +742,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
[05/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html
index 40ef9f4..36b4e7f 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html
@@ -375,455 +375,464 @@
<span class="sourceLineNo">367</span><a name="line.367"></a>
<span class="sourceLineNo">368</span> private final Promise<Void> promise;<a name="line.368"></a>
<span class="sourceLineNo">369</span><a name="line.369"></a>
-<span class="sourceLineNo">370</span> private int step = 0;<a name="line.370"></a>
+<span class="sourceLineNo">370</span> private final DFSClient dfsClient;<a name="line.370"></a>
<span class="sourceLineNo">371</span><a name="line.371"></a>
-<span class="sourceLineNo">372</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.372"></a>
-<span class="sourceLineNo">373</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {<a name="line.373"></a>
-<span class="sourceLineNo">374</span> this.conf = conf;<a name="line.374"></a>
-<span class="sourceLineNo">375</span> this.saslProps = saslProps;<a name="line.375"></a>
-<span class="sourceLineNo">376</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.376"></a>
-<span class="sourceLineNo">377</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.377"></a>
-<span class="sourceLineNo">378</span> this.timeoutMs = timeoutMs;<a name="line.378"></a>
-<span class="sourceLineNo">379</span> this.promise = promise;<a name="line.379"></a>
-<span class="sourceLineNo">380</span> }<a name="line.380"></a>
-<span class="sourceLineNo">381</span><a name="line.381"></a>
-<span class="sourceLineNo">382</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.382"></a>
-<span class="sourceLineNo">383</span> sendSaslMessage(ctx, payload, null);<a name="line.383"></a>
+<span class="sourceLineNo">372</span> private int step = 0;<a name="line.372"></a>
+<span class="sourceLineNo">373</span><a name="line.373"></a>
+<span class="sourceLineNo">374</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.374"></a>
+<span class="sourceLineNo">375</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,<a name="line.375"></a>
+<span class="sourceLineNo">376</span> DFSClient dfsClient) throws SaslException {<a name="line.376"></a>
+<span class="sourceLineNo">377</span> this.conf = conf;<a name="line.377"></a>
+<span class="sourceLineNo">378</span> this.saslProps = saslProps;<a name="line.378"></a>
+<span class="sourceLineNo">379</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.379"></a>
+<span class="sourceLineNo">380</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.380"></a>
+<span class="sourceLineNo">381</span> this.timeoutMs = timeoutMs;<a name="line.381"></a>
+<span class="sourceLineNo">382</span> this.promise = promise;<a name="line.382"></a>
+<span class="sourceLineNo">383</span> this.dfsClient = dfsClient;<a name="line.383"></a>
<span class="sourceLineNo">384</span> }<a name="line.384"></a>
<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.387"></a>
-<span class="sourceLineNo">388</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.388"></a>
-<span class="sourceLineNo">389</span> // values for future expansion.<a name="line.389"></a>
-<span class="sourceLineNo">390</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.390"></a>
-<span class="sourceLineNo">391</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.391"></a>
-<span class="sourceLineNo">392</span> return null;<a name="line.392"></a>
-<span class="sourceLineNo">393</span> }<a name="line.393"></a>
-<span class="sourceLineNo">394</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.394"></a>
-<span class="sourceLineNo">395</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.395"></a>
-<span class="sourceLineNo">396</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.396"></a>
+<span class="sourceLineNo">386</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.386"></a>
+<span class="sourceLineNo">387</span> sendSaslMessage(ctx, payload, null);<a name="line.387"></a>
+<span class="sourceLineNo">388</span> }<a name="line.388"></a>
+<span class="sourceLineNo">389</span><a name="line.389"></a>
+<span class="sourceLineNo">390</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.390"></a>
+<span class="sourceLineNo">391</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.391"></a>
+<span class="sourceLineNo">392</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.392"></a>
+<span class="sourceLineNo">393</span> // values for future expansion.<a name="line.393"></a>
+<span class="sourceLineNo">394</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.395"></a>
+<span class="sourceLineNo">396</span> return null;<a name="line.396"></a>
<span class="sourceLineNo">397</span> }<a name="line.397"></a>
-<span class="sourceLineNo">398</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.398"></a>
-<span class="sourceLineNo">399</span> }<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.401"></a>
-<span class="sourceLineNo">402</span> List<CipherOption> options) throws IOException {<a name="line.402"></a>
-<span class="sourceLineNo">403</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.403"></a>
-<span class="sourceLineNo">404</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.404"></a>
-<span class="sourceLineNo">405</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> if (payload != null) {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.407"></a>
-<span class="sourceLineNo">408</span> // and we want to keep that out of hbase-server.<a name="line.408"></a>
-<span class="sourceLineNo">409</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.409"></a>
-<span class="sourceLineNo">410</span> }<a name="line.410"></a>
-<span class="sourceLineNo">411</span> if (options != null) {<a name="line.411"></a>
-<span class="sourceLineNo">412</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.412"></a>
-<span class="sourceLineNo">413</span> }<a name="line.413"></a>
-<span class="sourceLineNo">414</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> int size = proto.getSerializedSize();<a name="line.415"></a>
-<span class="sourceLineNo">416</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.416"></a>
-<span class="sourceLineNo">417</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.417"></a>
-<span class="sourceLineNo">418</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.418"></a>
-<span class="sourceLineNo">419</span> ctx.write(buf);<a name="line.419"></a>
-<span class="sourceLineNo">420</span> }<a name="line.420"></a>
-<span class="sourceLineNo">421</span><a name="line.421"></a>
-<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
-<span class="sourceLineNo">423</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.423"></a>
-<span class="sourceLineNo">424</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.424"></a>
-<span class="sourceLineNo">425</span> sendSaslMessage(ctx, new byte[0]);<a name="line.425"></a>
-<span class="sourceLineNo">426</span> ctx.flush();<a name="line.426"></a>
-<span class="sourceLineNo">427</span> step++;<a name="line.427"></a>
-<span class="sourceLineNo">428</span> }<a name="line.428"></a>
-<span class="sourceLineNo">429</span><a name="line.429"></a>
-<span class="sourceLineNo">430</span> @Override<a name="line.430"></a>
-<span class="sourceLineNo">431</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.431"></a>
-<span class="sourceLineNo">432</span> saslClient.dispose();<a name="line.432"></a>
-<span class="sourceLineNo">433</span> }<a name="line.433"></a>
-<span class="sourceLineNo">434</span><a name="line.434"></a>
-<span class="sourceLineNo">435</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.435"></a>
-<span class="sourceLineNo">436</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.436"></a>
-<span class="sourceLineNo">437</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.437"></a>
-<span class="sourceLineNo">438</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.438"></a>
-<span class="sourceLineNo">439</span> throw new IOException(proto.getMessage());<a name="line.439"></a>
-<span class="sourceLineNo">440</span> }<a name="line.440"></a>
-<span class="sourceLineNo">441</span> }<a name="line.441"></a>
-<span class="sourceLineNo">442</span><a name="line.442"></a>
-<span class="sourceLineNo">443</span> private String getNegotiatedQop() {<a name="line.443"></a>
-<span class="sourceLineNo">444</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> }<a name="line.445"></a>
-<span class="sourceLineNo">446</span><a name="line.446"></a>
-<span class="sourceLineNo">447</span> private boolean isNegotiatedQopPrivacy() {<a name="line.447"></a>
-<span class="sourceLineNo">448</span> String qop = getNegotiatedQop();<a name="line.448"></a>
-<span class="sourceLineNo">449</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.449"></a>
+<span class="sourceLineNo">398</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.398"></a>
+<span class="sourceLineNo">399</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.399"></a>
+<span class="sourceLineNo">400</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.400"></a>
+<span class="sourceLineNo">401</span> }<a name="line.401"></a>
+<span class="sourceLineNo">402</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.402"></a>
+<span class="sourceLineNo">403</span> }<a name="line.403"></a>
+<span class="sourceLineNo">404</span><a name="line.404"></a>
+<span class="sourceLineNo">405</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.405"></a>
+<span class="sourceLineNo">406</span> List<CipherOption> options) throws IOException {<a name="line.406"></a>
+<span class="sourceLineNo">407</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.407"></a>
+<span class="sourceLineNo">408</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.408"></a>
+<span class="sourceLineNo">409</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> if (payload != null) {<a name="line.410"></a>
+<span class="sourceLineNo">411</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.411"></a>
+<span class="sourceLineNo">412</span> // and we want to keep that out of hbase-server.<a name="line.412"></a>
+<span class="sourceLineNo">413</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.413"></a>
+<span class="sourceLineNo">414</span> }<a name="line.414"></a>
+<span class="sourceLineNo">415</span> if (options != null) {<a name="line.415"></a>
+<span class="sourceLineNo">416</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.416"></a>
+<span class="sourceLineNo">417</span> }<a name="line.417"></a>
+<span class="sourceLineNo">418</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.418"></a>
+<span class="sourceLineNo">419</span> int size = proto.getSerializedSize();<a name="line.419"></a>
+<span class="sourceLineNo">420</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.420"></a>
+<span class="sourceLineNo">421</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.421"></a>
+<span class="sourceLineNo">422</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.422"></a>
+<span class="sourceLineNo">423</span> ctx.write(buf);<a name="line.423"></a>
+<span class="sourceLineNo">424</span> }<a name="line.424"></a>
+<span class="sourceLineNo">425</span><a name="line.425"></a>
+<span class="sourceLineNo">426</span> @Override<a name="line.426"></a>
+<span class="sourceLineNo">427</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.427"></a>
+<span class="sourceLineNo">428</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.428"></a>
+<span class="sourceLineNo">429</span> sendSaslMessage(ctx, new byte[0]);<a name="line.429"></a>
+<span class="sourceLineNo">430</span> ctx.flush();<a name="line.430"></a>
+<span class="sourceLineNo">431</span> step++;<a name="line.431"></a>
+<span class="sourceLineNo">432</span> }<a name="line.432"></a>
+<span class="sourceLineNo">433</span><a name="line.433"></a>
+<span class="sourceLineNo">434</span> @Override<a name="line.434"></a>
+<span class="sourceLineNo">435</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.435"></a>
+<span class="sourceLineNo">436</span> saslClient.dispose();<a name="line.436"></a>
+<span class="sourceLineNo">437</span> }<a name="line.437"></a>
+<span class="sourceLineNo">438</span><a name="line.438"></a>
+<span class="sourceLineNo">439</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.439"></a>
+<span class="sourceLineNo">440</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.440"></a>
+<span class="sourceLineNo">441</span> dfsClient.clearDataEncryptionKey();<a name="line.441"></a>
+<span class="sourceLineNo">442</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.442"></a>
+<span class="sourceLineNo">443</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> throw new IOException(proto.getMessage());<a name="line.444"></a>
+<span class="sourceLineNo">445</span> }<a name="line.445"></a>
+<span class="sourceLineNo">446</span> }<a name="line.446"></a>
+<span class="sourceLineNo">447</span><a name="line.447"></a>
+<span class="sourceLineNo">448</span> private String getNegotiatedQop() {<a name="line.448"></a>
+<span class="sourceLineNo">449</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.449"></a>
<span class="sourceLineNo">450</span> }<a name="line.450"></a>
<span class="sourceLineNo">451</span><a name="line.451"></a>
-<span class="sourceLineNo">452</span> private boolean requestedQopContainsPrivacy() {<a name="line.452"></a>
-<span class="sourceLineNo">453</span> Set<String> requestedQop =<a name="line.453"></a>
-<span class="sourceLineNo">454</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.454"></a>
-<span class="sourceLineNo">455</span> return requestedQop.contains("auth-conf");<a name="line.455"></a>
-<span class="sourceLineNo">456</span> }<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> private void checkSaslComplete() throws IOException {<a name="line.458"></a>
-<span class="sourceLineNo">459</span> if (!saslClient.isComplete()) {<a name="line.459"></a>
-<span class="sourceLineNo">460</span> throw new IOException("Failed to complete SASL handshake");<a name="line.460"></a>
-<span class="sourceLineNo">461</span> }<a name="line.461"></a>
-<span class="sourceLineNo">462</span> Set<String> requestedQop =<a name="line.462"></a>
-<span class="sourceLineNo">463</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.463"></a>
-<span class="sourceLineNo">464</span> String negotiatedQop = getNegotiatedQop();<a name="line.464"></a>
-<span class="sourceLineNo">465</span> LOG.debug(<a name="line.465"></a>
-<span class="sourceLineNo">466</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.466"></a>
-<span class="sourceLineNo">467</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.467"></a>
-<span class="sourceLineNo">468</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.468"></a>
-<span class="sourceLineNo">469</span> + "channel does not have acceptable quality of protection, "<a name="line.469"></a>
-<span class="sourceLineNo">470</span> + "requested = %s, negotiated = %s",<a name="line.470"></a>
-<span class="sourceLineNo">471</span> requestedQop, negotiatedQop));<a name="line.471"></a>
-<span class="sourceLineNo">472</span> }<a name="line.472"></a>
-<span class="sourceLineNo">473</span> }<a name="line.473"></a>
-<span class="sourceLineNo">474</span><a name="line.474"></a>
-<span class="sourceLineNo">475</span> private boolean useWrap() {<a name="line.475"></a>
-<span class="sourceLineNo">476</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.476"></a>
-<span class="sourceLineNo">477</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.477"></a>
+<span class="sourceLineNo">452</span> private boolean isNegotiatedQopPrivacy() {<a name="line.452"></a>
+<span class="sourceLineNo">453</span> String qop = getNegotiatedQop();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.454"></a>
+<span class="sourceLineNo">455</span> }<a name="line.455"></a>
+<span class="sourceLineNo">456</span><a name="line.456"></a>
+<span class="sourceLineNo">457</span> private boolean requestedQopContainsPrivacy() {<a name="line.457"></a>
+<span class="sourceLineNo">458</span> Set<String> requestedQop =<a name="line.458"></a>
+<span class="sourceLineNo">459</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.459"></a>
+<span class="sourceLineNo">460</span> return requestedQop.contains("auth-conf");<a name="line.460"></a>
+<span class="sourceLineNo">461</span> }<a name="line.461"></a>
+<span class="sourceLineNo">462</span><a name="line.462"></a>
+<span class="sourceLineNo">463</span> private void checkSaslComplete() throws IOException {<a name="line.463"></a>
+<span class="sourceLineNo">464</span> if (!saslClient.isComplete()) {<a name="line.464"></a>
+<span class="sourceLineNo">465</span> throw new IOException("Failed to complete SASL handshake");<a name="line.465"></a>
+<span class="sourceLineNo">466</span> }<a name="line.466"></a>
+<span class="sourceLineNo">467</span> Set<String> requestedQop =<a name="line.467"></a>
+<span class="sourceLineNo">468</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.468"></a>
+<span class="sourceLineNo">469</span> String negotiatedQop = getNegotiatedQop();<a name="line.469"></a>
+<span class="sourceLineNo">470</span> LOG.debug(<a name="line.470"></a>
+<span class="sourceLineNo">471</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.471"></a>
+<span class="sourceLineNo">472</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.472"></a>
+<span class="sourceLineNo">473</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.473"></a>
+<span class="sourceLineNo">474</span> + "channel does not have acceptable quality of protection, "<a name="line.474"></a>
+<span class="sourceLineNo">475</span> + "requested = %s, negotiated = %s",<a name="line.475"></a>
+<span class="sourceLineNo">476</span> requestedQop, negotiatedQop));<a name="line.476"></a>
+<span class="sourceLineNo">477</span> }<a name="line.477"></a>
<span class="sourceLineNo">478</span> }<a name="line.478"></a>
<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.480"></a>
-<span class="sourceLineNo">481</span> byte[] inKey = option.getInKey();<a name="line.481"></a>
-<span class="sourceLineNo">482</span> if (inKey != null) {<a name="line.482"></a>
-<span class="sourceLineNo">483</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.483"></a>
-<span class="sourceLineNo">484</span> }<a name="line.484"></a>
-<span class="sourceLineNo">485</span> byte[] outKey = option.getOutKey();<a name="line.485"></a>
-<span class="sourceLineNo">486</span> if (outKey != null) {<a name="line.486"></a>
-<span class="sourceLineNo">487</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.487"></a>
-<span class="sourceLineNo">488</span> }<a name="line.488"></a>
-<span class="sourceLineNo">489</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.489"></a>
-<span class="sourceLineNo">490</span> option.getOutIv());<a name="line.490"></a>
-<span class="sourceLineNo">491</span> }<a name="line.491"></a>
-<span class="sourceLineNo">492</span><a name="line.492"></a>
-<span class="sourceLineNo">493</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.493"></a>
-<span class="sourceLineNo">494</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.494"></a>
-<span class="sourceLineNo">495</span> List<CipherOption> cipherOptions =<a name="line.495"></a>
-<span class="sourceLineNo">496</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.496"></a>
-<span class="sourceLineNo">497</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.497"></a>
-<span class="sourceLineNo">498</span> return null;<a name="line.498"></a>
-<span class="sourceLineNo">499</span> }<a name="line.499"></a>
-<span class="sourceLineNo">500</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.501"></a>
-<span class="sourceLineNo">502</span> }<a name="line.502"></a>
-<span class="sourceLineNo">503</span><a name="line.503"></a>
-<span class="sourceLineNo">504</span> @Override<a name="line.504"></a>
-<span class="sourceLineNo">505</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.505"></a>
-<span class="sourceLineNo">506</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.506"></a>
-<span class="sourceLineNo">507</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.507"></a>
-<span class="sourceLineNo">508</span> check(proto);<a name="line.508"></a>
-<span class="sourceLineNo">509</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.509"></a>
-<span class="sourceLineNo">510</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.510"></a>
-<span class="sourceLineNo">511</span> switch (step) {<a name="line.511"></a>
-<span class="sourceLineNo">512</span> case 1: {<a name="line.512"></a>
-<span class="sourceLineNo">513</span> List<CipherOption> cipherOptions = null;<a name="line.513"></a>
-<span class="sourceLineNo">514</span> if (requestedQopContainsPrivacy()) {<a name="line.514"></a>
-<span class="sourceLineNo">515</span> cipherOptions = getCipherOptions();<a name="line.515"></a>
-<span class="sourceLineNo">516</span> }<a name="line.516"></a>
-<span class="sourceLineNo">517</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.517"></a>
-<span class="sourceLineNo">518</span> ctx.flush();<a name="line.518"></a>
-<span class="sourceLineNo">519</span> step++;<a name="line.519"></a>
-<span class="sourceLineNo">520</span> break;<a name="line.520"></a>
-<span class="sourceLineNo">521</span> }<a name="line.521"></a>
-<span class="sourceLineNo">522</span> case 2: {<a name="line.522"></a>
-<span class="sourceLineNo">523</span> assert response == null;<a name="line.523"></a>
-<span class="sourceLineNo">524</span> checkSaslComplete();<a name="line.524"></a>
-<span class="sourceLineNo">525</span> CipherOption cipherOption =<a name="line.525"></a>
-<span class="sourceLineNo">526</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.526"></a>
-<span class="sourceLineNo">527</span> ChannelPipeline p = ctx.pipeline();<a name="line.527"></a>
-<span class="sourceLineNo">528</span> while (p.first() != null) {<a name="line.528"></a>
-<span class="sourceLineNo">529</span> p.removeFirst();<a name="line.529"></a>
-<span class="sourceLineNo">530</span> }<a name="line.530"></a>
-<span class="sourceLineNo">531</span> if (cipherOption != null) {<a name="line.531"></a>
-<span class="sourceLineNo">532</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.532"></a>
-<span class="sourceLineNo">533</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.533"></a>
-<span class="sourceLineNo">534</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.534"></a>
-<span class="sourceLineNo">535</span> } else {<a name="line.535"></a>
-<span class="sourceLineNo">536</span> if (useWrap()) {<a name="line.536"></a>
-<span class="sourceLineNo">537</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.537"></a>
-<span class="sourceLineNo">538</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.538"></a>
-<span class="sourceLineNo">539</span> new SaslUnwrapHandler(saslClient));<a name="line.539"></a>
-<span class="sourceLineNo">540</span> }<a name="line.540"></a>
-<span class="sourceLineNo">541</span> }<a name="line.541"></a>
-<span class="sourceLineNo">542</span> promise.trySuccess(null);<a name="line.542"></a>
-<span class="sourceLineNo">543</span> break;<a name="line.543"></a>
-<span class="sourceLineNo">544</span> }<a name="line.544"></a>
-<span class="sourceLineNo">545</span> default:<a name="line.545"></a>
-<span class="sourceLineNo">546</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.546"></a>
-<span class="sourceLineNo">547</span> }<a name="line.547"></a>
-<span class="sourceLineNo">548</span> } else {<a name="line.548"></a>
-<span class="sourceLineNo">549</span> ctx.fireChannelRead(msg);<a name="line.549"></a>
-<span class="sourceLineNo">550</span> }<a name="line.550"></a>
-<span class="sourceLineNo">551</span> }<a name="line.551"></a>
-<span class="sourceLineNo">552</span><a name="line.552"></a>
-<span class="sourceLineNo">553</span> @Override<a name="line.553"></a>
-<span class="sourceLineNo">554</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.554"></a>
-<span class="sourceLineNo">555</span> promise.tryFailure(cause);<a name="line.555"></a>
+<span class="sourceLineNo">480</span> private boolean useWrap() {<a name="line.480"></a>
+<span class="sourceLineNo">481</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.481"></a>
+<span class="sourceLineNo">482</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> }<a name="line.483"></a>
+<span class="sourceLineNo">484</span><a name="line.484"></a>
+<span class="sourceLineNo">485</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.485"></a>
+<span class="sourceLineNo">486</span> byte[] inKey = option.getInKey();<a name="line.486"></a>
+<span class="sourceLineNo">487</span> if (inKey != null) {<a name="line.487"></a>
+<span class="sourceLineNo">488</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.488"></a>
+<span class="sourceLineNo">489</span> }<a name="line.489"></a>
+<span class="sourceLineNo">490</span> byte[] outKey = option.getOutKey();<a name="line.490"></a>
+<span class="sourceLineNo">491</span> if (outKey != null) {<a name="line.491"></a>
+<span class="sourceLineNo">492</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.492"></a>
+<span class="sourceLineNo">493</span> }<a name="line.493"></a>
+<span class="sourceLineNo">494</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.494"></a>
+<span class="sourceLineNo">495</span> option.getOutIv());<a name="line.495"></a>
+<span class="sourceLineNo">496</span> }<a name="line.496"></a>
+<span class="sourceLineNo">497</span><a name="line.497"></a>
+<span class="sourceLineNo">498</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.498"></a>
+<span class="sourceLineNo">499</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.499"></a>
+<span class="sourceLineNo">500</span> List<CipherOption> cipherOptions =<a name="line.500"></a>
+<span class="sourceLineNo">501</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.501"></a>
+<span class="sourceLineNo">502</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.502"></a>
+<span class="sourceLineNo">503</span> return null;<a name="line.503"></a>
+<span class="sourceLineNo">504</span> }<a name="line.504"></a>
+<span class="sourceLineNo">505</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.505"></a>
+<span class="sourceLineNo">506</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.506"></a>
+<span class="sourceLineNo">507</span> }<a name="line.507"></a>
+<span class="sourceLineNo">508</span><a name="line.508"></a>
+<span class="sourceLineNo">509</span> @Override<a name="line.509"></a>
+<span class="sourceLineNo">510</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.510"></a>
+<span class="sourceLineNo">511</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.511"></a>
+<span class="sourceLineNo">512</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.512"></a>
+<span class="sourceLineNo">513</span> check(proto);<a name="line.513"></a>
+<span class="sourceLineNo">514</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.514"></a>
+<span class="sourceLineNo">515</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.515"></a>
+<span class="sourceLineNo">516</span> switch (step) {<a name="line.516"></a>
+<span class="sourceLineNo">517</span> case 1: {<a name="line.517"></a>
+<span class="sourceLineNo">518</span> List<CipherOption> cipherOptions = null;<a name="line.518"></a>
+<span class="sourceLineNo">519</span> if (requestedQopContainsPrivacy()) {<a name="line.519"></a>
+<span class="sourceLineNo">520</span> cipherOptions = getCipherOptions();<a name="line.520"></a>
+<span class="sourceLineNo">521</span> }<a name="line.521"></a>
+<span class="sourceLineNo">522</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.522"></a>
+<span class="sourceLineNo">523</span> ctx.flush();<a name="line.523"></a>
+<span class="sourceLineNo">524</span> step++;<a name="line.524"></a>
+<span class="sourceLineNo">525</span> break;<a name="line.525"></a>
+<span class="sourceLineNo">526</span> }<a name="line.526"></a>
+<span class="sourceLineNo">527</span> case 2: {<a name="line.527"></a>
+<span class="sourceLineNo">528</span> assert response == null;<a name="line.528"></a>
+<span class="sourceLineNo">529</span> checkSaslComplete();<a name="line.529"></a>
+<span class="sourceLineNo">530</span> CipherOption cipherOption =<a name="line.530"></a>
+<span class="sourceLineNo">531</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.531"></a>
+<span class="sourceLineNo">532</span> ChannelPipeline p = ctx.pipeline();<a name="line.532"></a>
+<span class="sourceLineNo">533</span> while (p.first() != null) {<a name="line.533"></a>
+<span class="sourceLineNo">534</span> p.removeFirst();<a name="line.534"></a>
+<span class="sourceLineNo">535</span> }<a name="line.535"></a>
+<span class="sourceLineNo">536</span> if (cipherOption != null) {<a name="line.536"></a>
+<span class="sourceLineNo">537</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.537"></a>
+<span class="sourceLineNo">538</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.538"></a>
+<span class="sourceLineNo">539</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.539"></a>
+<span class="sourceLineNo">540</span> } else {<a name="line.540"></a>
+<span class="sourceLineNo">541</span> if (useWrap()) {<a name="line.541"></a>
+<span class="sourceLineNo">542</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.542"></a>
+<span class="sourceLineNo">543</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.543"></a>
+<span class="sourceLineNo">544</span> new SaslUnwrapHandler(saslClient));<a name="line.544"></a>
+<span class="sourceLineNo">545</span> }<a name="line.545"></a>
+<span class="sourceLineNo">546</span> }<a name="line.546"></a>
+<span class="sourceLineNo">547</span> promise.trySuccess(null);<a name="line.547"></a>
+<span class="sourceLineNo">548</span> break;<a name="line.548"></a>
+<span class="sourceLineNo">549</span> }<a name="line.549"></a>
+<span class="sourceLineNo">550</span> default:<a name="line.550"></a>
+<span class="sourceLineNo">551</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.551"></a>
+<span class="sourceLineNo">552</span> }<a name="line.552"></a>
+<span class="sourceLineNo">553</span> } else {<a name="line.553"></a>
+<span class="sourceLineNo">554</span> ctx.fireChannelRead(msg);<a name="line.554"></a>
+<span class="sourceLineNo">555</span> }<a name="line.555"></a>
<span class="sourceLineNo">556</span> }<a name="line.556"></a>
<span class="sourceLineNo">557</span><a name="line.557"></a>
<span class="sourceLineNo">558</span> @Override<a name="line.558"></a>
-<span class="sourceLineNo">559</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.559"></a>
-<span class="sourceLineNo">560</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.560"></a>
-<span class="sourceLineNo">561</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.561"></a>
-<span class="sourceLineNo">562</span> } else {<a name="line.562"></a>
-<span class="sourceLineNo">563</span> super.userEventTriggered(ctx, evt);<a name="line.563"></a>
-<span class="sourceLineNo">564</span> }<a name="line.564"></a>
-<span class="sourceLineNo">565</span> }<a name="line.565"></a>
-<span class="sourceLineNo">566</span> }<a name="line.566"></a>
-<span class="sourceLineNo">567</span><a name="line.567"></a>
-<span class="sourceLineNo">568</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.568"></a>
-<span class="sourceLineNo">569</span><a name="line.569"></a>
-<span class="sourceLineNo">570</span> private final SaslClient saslClient;<a name="line.570"></a>
-<span class="sourceLineNo">571</span><a name="line.571"></a>
-<span class="sourceLineNo">572</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.572"></a>
-<span class="sourceLineNo">573</span> this.saslClient = saslClient;<a name="line.573"></a>
-<span class="sourceLineNo">574</span> }<a name="line.574"></a>
-<span class="sourceLineNo">575</span><a name="line.575"></a>
-<span class="sourceLineNo">576</span> @Override<a name="line.576"></a>
-<span class="sourceLineNo">577</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.577"></a>
-<span class="sourceLineNo">578</span> saslClient.dispose();<a name="line.578"></a>
+<span class="sourceLineNo">559</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.559"></a>
+<span class="sourceLineNo">560</span> promise.tryFailure(cause);<a name="line.560"></a>
+<span class="sourceLineNo">561</span> }<a name="line.561"></a>
+<span class="sourceLineNo">562</span><a name="line.562"></a>
+<span class="sourceLineNo">563</span> @Override<a name="line.563"></a>
+<span class="sourceLineNo">564</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.564"></a>
+<span class="sourceLineNo">565</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.565"></a>
+<span class="sourceLineNo">566</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.566"></a>
+<span class="sourceLineNo">567</span> } else {<a name="line.567"></a>
+<span class="sourceLineNo">568</span> super.userEventTriggered(ctx, evt);<a name="line.568"></a>
+<span class="sourceLineNo">569</span> }<a name="line.569"></a>
+<span class="sourceLineNo">570</span> }<a name="line.570"></a>
+<span class="sourceLineNo">571</span> }<a name="line.571"></a>
+<span class="sourceLineNo">572</span><a name="line.572"></a>
+<span class="sourceLineNo">573</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.573"></a>
+<span class="sourceLineNo">574</span><a name="line.574"></a>
+<span class="sourceLineNo">575</span> private final SaslClient saslClient;<a name="line.575"></a>
+<span class="sourceLineNo">576</span><a name="line.576"></a>
+<span class="sourceLineNo">577</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.577"></a>
+<span class="sourceLineNo">578</span> this.saslClient = saslClient;<a name="line.578"></a>
<span class="sourceLineNo">579</span> }<a name="line.579"></a>
<span class="sourceLineNo">580</span><a name="line.580"></a>
<span class="sourceLineNo">581</span> @Override<a name="line.581"></a>
-<span class="sourceLineNo">582</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.582"></a>
-<span class="sourceLineNo">583</span> msg.skipBytes(4);<a name="line.583"></a>
-<span class="sourceLineNo">584</span> byte[] b = new byte[msg.readableBytes()];<a name="line.584"></a>
-<span class="sourceLineNo">585</span> msg.readBytes(b);<a name="line.585"></a>
-<span class="sourceLineNo">586</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.586"></a>
-<span class="sourceLineNo">587</span> }<a name="line.587"></a>
-<span class="sourceLineNo">588</span> }<a name="line.588"></a>
-<span class="sourceLineNo">589</span><a name="line.589"></a>
-<span class="sourceLineNo">590</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.590"></a>
-<span class="sourceLineNo">591</span><a name="line.591"></a>
-<span class="sourceLineNo">592</span> private final SaslClient saslClient;<a name="line.592"></a>
-<span class="sourceLineNo">593</span><a name="line.593"></a>
-<span class="sourceLineNo">594</span> private CompositeByteBuf cBuf;<a name="line.594"></a>
-<span class="sourceLineNo">595</span><a name="line.595"></a>
-<span class="sourceLineNo">596</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.596"></a>
-<span class="sourceLineNo">597</span> this.saslClient = saslClient;<a name="line.597"></a>
-<span class="sourceLineNo">598</span> }<a name="line.598"></a>
-<span class="sourceLineNo">599</span><a name="line.599"></a>
-<span class="sourceLineNo">600</span> @Override<a name="line.600"></a>
-<span class="sourceLineNo">601</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.601"></a>
-<span class="sourceLineNo">602</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.602"></a>
+<span class="sourceLineNo">582</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.582"></a>
+<span class="sourceLineNo">583</span> saslClient.dispose();<a name="line.583"></a>
+<span class="sourceLineNo">584</span> }<a name="line.584"></a>
+<span class="sourceLineNo">585</span><a name="line.585"></a>
+<span class="sourceLineNo">586</span> @Override<a name="line.586"></a>
+<span class="sourceLineNo">587</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.587"></a>
+<span class="sourceLineNo">588</span> msg.skipBytes(4);<a name="line.588"></a>
+<span class="sourceLineNo">589</span> byte[] b = new byte[msg.readableBytes()];<a name="line.589"></a>
+<span class="sourceLineNo">590</span> msg.readBytes(b);<a name="line.590"></a>
+<span class="sourceLineNo">591</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.591"></a>
+<span class="sourceLineNo">592</span> }<a name="line.592"></a>
+<span class="sourceLineNo">593</span> }<a name="line.593"></a>
+<span class="sourceLineNo">594</span><a name="line.594"></a>
+<span class="sourceLineNo">595</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.595"></a>
+<span class="sourceLineNo">596</span><a name="line.596"></a>
+<span class="sourceLineNo">597</span> private final SaslClient saslClient;<a name="line.597"></a>
+<span class="sourceLineNo">598</span><a name="line.598"></a>
+<span class="sourceLineNo">599</span> private CompositeByteBuf cBuf;<a name="line.599"></a>
+<span class="sourceLineNo">600</span><a name="line.600"></a>
+<span class="sourceLineNo">601</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.601"></a>
+<span class="sourceLineNo">602</span> this.saslClient = saslClient;<a name="line.602"></a>
<span class="sourceLineNo">603</span> }<a name="line.603"></a>
<span class="sourceLineNo">604</span><a name="line.604"></a>
<span class="sourceLineNo">605</span> @Override<a name="line.605"></a>
-<span class="sourceLineNo">606</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.606"></a>
-<span class="sourceLineNo">607</span> throws Exception {<a name="line.607"></a>
-<span class="sourceLineNo">608</span> if (msg instanceof ByteBuf) {<a name="line.608"></a>
-<span class="sourceLineNo">609</span> ByteBuf buf = (ByteBuf) msg;<a name="line.609"></a>
-<span class="sourceLineNo">610</span> cBuf.addComponent(buf);<a name="line.610"></a>
-<span class="sourceLineNo">611</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.611"></a>
-<span class="sourceLineNo">612</span> } else {<a name="line.612"></a>
-<span class="sourceLineNo">613</span> ctx.write(msg);<a name="line.613"></a>
-<span class="sourceLineNo">614</span> }<a name="line.614"></a>
-<span class="sourceLineNo">615</span> }<a name="line.615"></a>
-<span class="sourceLineNo">616</span><a name="line.616"></a>
-<span class="sourceLineNo">617</span> @Override<a name="line.617"></a>
-<span class="sourceLineNo">618</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.618"></a>
-<span class="sourceLineNo">619</span> if (cBuf.isReadable()) {<a name="line.619"></a>
-<span class="sourceLineNo">620</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.620"></a>
-<span class="sourceLineNo">621</span> cBuf.readBytes(b);<a name="line.621"></a>
-<span class="sourceLineNo">622</span> cBuf.discardReadComponents();<a name="line.622"></a>
-<span class="sourceLineNo">623</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.623"></a>
-<span class="sourceLineNo">624</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.624"></a>
-<span class="sourceLineNo">625</span> buf.writeInt(wrapped.length);<a name="line.625"></a>
-<span class="sourceLineNo">626</span> buf.writeBytes(wrapped);<a name="line.626"></a>
-<span class="sourceLineNo">627</span> ctx.write(buf);<a name="line.627"></a>
-<span class="sourceLineNo">628</span> }<a name="line.628"></a>
-<span class="sourceLineNo">629</span> ctx.flush();<a name="line.629"></a>
-<span class="sourceLineNo">630</span> }<a name="line.630"></a>
-<span class="sourceLineNo">631</span><a name="line.631"></a>
-<span class="sourceLineNo">632</span> @Override<a name="line.632"></a>
-<span class="sourceLineNo">633</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.633"></a>
-<span class="sourceLineNo">634</span> cBuf.release();<a name="line.634"></a>
-<span class="sourceLineNo">635</span> cBuf = null;<a name="line.635"></a>
-<span class="sourceLineNo">636</span> }<a name="line.636"></a>
-<span class="sourceLineNo">637</span> }<a name="line.637"></a>
-<span class="sourceLineNo">638</span><a name="line.638"></a>
-<span class="sourceLineNo">639</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.639"></a>
-<span class="sourceLineNo">640</span><a name="line.640"></a>
-<span class="sourceLineNo">641</span> private final Decryptor decryptor;<a name="line.641"></a>
-<span class="sourceLineNo">642</span><a name="line.642"></a>
-<span class="sourceLineNo">643</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.643"></a>
-<span class="sourceLineNo">644</span> throws GeneralSecurityException, IOException {<a name="line.644"></a>
-<span class="sourceLineNo">645</span> this.decryptor = codec.createDecryptor();<a name="line.645"></a>
-<span class="sourceLineNo">646</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.646"></a>
-<span class="sourceLineNo">647</span> }<a name="line.647"></a>
-<span class="sourceLineNo">648</span><a name="line.648"></a>
-<span class="sourceLineNo">649</span> @Override<a name="line.649"></a>
-<span class="sourceLineNo">650</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.650"></a>
-<span class="sourceLineNo">651</span> ByteBuf inBuf;<a name="line.651"></a>
-<span class="sourceLineNo">652</span> boolean release = false;<a name="line.652"></a>
-<span class="sourceLineNo">653</span> if (msg.nioBufferCount() == 1) {<a name="line.653"></a>
-<span class="sourceLineNo">654</span> inBuf = msg;<a name="line.654"></a>
-<span class="sourceLineNo">655</span> } else {<a name="line.655"></a>
-<span class="sourceLineNo">656</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.656"></a>
-<span class="sourceLineNo">657</span> msg.readBytes(inBuf);<a name="line.657"></a>
-<span class="sourceLineNo">658</span> release = true;<a name="line.658"></a>
-<span class="sourceLineNo">659</span> }<a name="line.659"></a>
-<span class="sourceLineNo">660</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.660"></a>
-<span class="sourceLineNo">661</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.661"></a>
-<span class="sourceLineNo">662</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.662"></a>
-<span class="sourceLineNo">663</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.663"></a>
-<span class="sourceLineNo">664</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.664"></a>
-<span class="sourceLineNo">665</span> if (release) {<a name="line.665"></a>
-<span class="sourceLineNo">666</span> inBuf.release();<a name="line.666"></a>
-<span class="sourceLineNo">667</span> }<a name="line.667"></a>
-<span class="sourceLineNo">668</span> ctx.fireChannelRead(outBuf);<a name="line.668"></a>
-<span class="sourceLineNo">669</span> }<a name="line.669"></a>
-<span class="sourceLineNo">670</span> }<a name="line.670"></a>
-<span class="sourceLineNo">671</span><a name="line.671"></a>
-<span class="sourceLineNo">672</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.672"></a>
-<span class="sourceLineNo">673</span><a name="line.673"></a>
-<span class="sourceLineNo">674</span> private final Encryptor encryptor;<a name="line.674"></a>
-<span class="sourceLineNo">675</span><a name="line.675"></a>
-<span class="sourceLineNo">676</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.676"></a>
-<span class="sourceLineNo">677</span> throws GeneralSecurityException, IOException {<a name="line.677"></a>
-<span class="sourceLineNo">678</span> this.encryptor = codec.createEncryptor();<a name="line.678"></a>
-<span class="sourceLineNo">679</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.679"></a>
-<span class="sourceLineNo">680</span> }<a name="line.680"></a>
-<span class="sourceLineNo">681</span><a name="line.681"></a>
-<span class="sourceLineNo">682</span> @Override<a name="line.682"></a>
-<span class="sourceLineNo">683</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.683"></a>
-<span class="sourceLineNo">684</span> throws Exception {<a name="line.684"></a>
-<span class="sourceLineNo">685</span> if (preferDirect) {<a name="line.685"></a>
-<span class="sourceLineNo">686</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.686"></a>
-<span class="sourceLineNo">687</span> } else {<a name="line.687"></a>
-<span class="sourceLineNo">688</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.688"></a>
-<span class="sourceLineNo">689</span> }<a name="line.689"></a>
-<span class="sourceLineNo">690</span> }<a name="line.690"></a>
-<span class="sourceLineNo">691</span><a name="line.691"></a>
-<span class="sourceLineNo">692</span> @Override<a name="line.692"></a>
-<span class="sourceLineNo">693</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.693"></a>
-<span class="sourceLineNo">694</span> ByteBuf inBuf;<a name="line.694"></a>
-<span class="sourceLineNo">695</span> boolean release = false;<a name="line.695"></a>
-<span class="sourceLineNo">696</span> if (msg.nioBufferCount() == 1) {<a name="line.696"></a>
-<span class="sourceLineNo">697</span> inBuf = msg;<a name="line.697"></a>
-<span class="sourceLineNo">698</span> } else {<a name="line.698"></a>
-<span class="sourceLineNo">699</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.699"></a>
-<span class="sourceLineNo">700</span> msg.readBytes(inBuf);<a name="line.700"></a>
-<span class="sourceLineNo">701</span> release = true;<a name="line.701"></a>
-<span class="sourceLineNo">702</span> }<a name="line.702"></a>
-<span class="sourceLineNo">703</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.703"></a>
-<span class="sourceLineNo">704</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.704"></a>
-<span class="sourceLineNo">705</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.705"></a>
-<span class="sourceLineNo">706</span> out.writerIndex(inBuf.readableBytes());<a name="line.706"></a>
-<span class="sourceLineNo">707</span> if (release) {<a name="line.707"></a>
-<span class="sourceLineNo">708</span> inBuf.release();<a name="line.708"></a>
-<span class="sourceLineNo">709</span> }<a name="line.709"></a>
-<span class="sourceLineNo">710</span> }<a name="line.710"></a>
-<span class="sourceLineNo">711</span> }<a name="line.711"></a>
-<span class="sourceLineNo">712</span><a name="line.712"></a>
-<span class="sourceLineNo">713</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.713"></a>
-<span class="sourceLineNo">714</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.714"></a>
-<span class="sourceLineNo">715</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.715"></a>
+<span class="sourceLineNo">606</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.606"></a>
+<span class="sourceLineNo">607</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.607"></a>
+<span class="sourceLineNo">608</span> }<a name="line.608"></a>
+<span class="sourceLineNo">609</span><a name="line.609"></a>
+<span class="sourceLineNo">610</span> @Override<a name="line.610"></a>
+<span class="sourceLineNo">611</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.611"></a>
+<span class="sourceLineNo">612</span> throws Exception {<a name="line.612"></a>
+<span class="sourceLineNo">613</span> if (msg instanceof ByteBuf) {<a name="line.613"></a>
+<span class="sourceLineNo">614</span> ByteBuf buf = (ByteBuf) msg;<a name="line.614"></a>
+<span class="sourceLineNo">615</span> cBuf.addComponent(buf);<a name="line.615"></a>
+<span class="sourceLineNo">616</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.616"></a>
+<span class="sourceLineNo">617</span> } else {<a name="line.617"></a>
+<span class="sourceLineNo">618</span> ctx.write(msg);<a name="line.618"></a>
+<span class="sourceLineNo">619</span> }<a name="line.619"></a>
+<span class="sourceLineNo">620</span> }<a name="line.620"></a>
+<span class="sourceLineNo">621</span><a name="line.621"></a>
+<span class="sourceLineNo">622</span> @Override<a name="line.622"></a>
+<span class="sourceLineNo">623</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.623"></a>
+<span class="sourceLineNo">624</span> if (cBuf.isReadable()) {<a name="line.624"></a>
+<span class="sourceLineNo">625</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.625"></a>
+<span class="sourceLineNo">626</span> cBuf.readBytes(b);<a name="line.626"></a>
+<span class="sourceLineNo">627</span> cBuf.discardReadComponents();<a name="line.627"></a>
+<span class="sourceLineNo">628</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.628"></a>
+<span class="sourceLineNo">629</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.629"></a>
+<span class="sourceLineNo">630</span> buf.writeInt(wrapped.length);<a name="line.630"></a>
+<span class="sourceLineNo">631</span> buf.writeBytes(wrapped);<a name="line.631"></a>
+<span class="sourceLineNo">632</span> ctx.write(buf);<a name="line.632"></a>
+<span class="sourceLineNo">633</span> }<a name="line.633"></a>
+<span class="sourceLineNo">634</span> ctx.flush();<a name="line.634"></a>
+<span class="sourceLineNo">635</span> }<a name="line.635"></a>
+<span class="sourceLineNo">636</span><a name="line.636"></a>
+<span class="sourceLineNo">637</span> @Override<a name="line.637"></a>
+<span class="sourceLineNo">638</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.638"></a>
+<span class="sourceLineNo">639</span> cBuf.release();<a name="line.639"></a>
+<span class="sourceLineNo">640</span> cBuf = null;<a name="line.640"></a>
+<span class="sourceLineNo">641</span> }<a name="line.641"></a>
+<span class="sourceLineNo">642</span> }<a name="line.642"></a>
+<span class="sourceLineNo">643</span><a name="line.643"></a>
+<span class="sourceLineNo">644</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.644"></a>
+<span class="sourceLineNo">645</span><a name="line.645"></a>
+<span class="sourceLineNo">646</span> private final Decryptor decryptor;<a name="line.646"></a>
+<span class="sourceLineNo">647</span><a name="line.647"></a>
+<span class="sourceLineNo">648</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.648"></a>
+<span class="sourceLineNo">649</span> throws GeneralSecurityException, IOException {<a name="line.649"></a>
+<span class="sourceLineNo">650</span> this.decryptor = codec.createDecryptor();<a name="line.650"></a>
+<span class="sourceLineNo">651</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.651"></a>
+<span class="sourceLineNo">652</span> }<a name="line.652"></a>
+<span class="sourceLineNo">653</span><a name="line.653"></a>
+<span class="sourceLineNo">654</span> @Override<a name="line.654"></a>
+<span class="sourceLineNo">655</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.655"></a>
+<span class="sourceLineNo">656</span> ByteBuf inBuf;<a name="line.656"></a>
+<span class="sourceLineNo">657</span> boolean release = false;<a name="line.657"></a>
+<span class="sourceLineNo">658</span> if (msg.nioBufferCount() == 1) {<a name="line.658"></a>
+<span class="sourceLineNo">659</span> inBuf = msg;<a name="line.659"></a>
+<span class="sourceLineNo">660</span> } else {<a name="line.660"></a>
+<span class="sourceLineNo">661</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.661"></a>
+<span class="sourceLineNo">662</span> msg.readBytes(inBuf);<a name="line.662"></a>
+<span class="sourceLineNo">663</span> release = true;<a name="line.663"></a>
+<span class="sourceLineNo">664</span> }<a name="line.664"></a>
+<span class="sourceLineNo">665</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.665"></a>
+<span class="sourceLineNo">666</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.666"></a>
+<span class="sourceLineNo">667</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.667"></a>
+<span class="sourceLineNo">668</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.668"></a>
+<span class="sourceLineNo">669</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.669"></a>
+<span class="sourceLineNo">670</span> if (release) {<a name="line.670"></a>
+<span class="sourceLineNo">671</span> inBuf.release();<a name="line.671"></a>
+<span class="sourceLineNo">672</span> }<a name="line.672"></a>
+<span class="sourceLineNo">673</span> ctx.fireChannelRead(outBuf);<a name="line.673"></a>
+<span class="sourceLineNo">674</span> }<a name="line.674"></a>
+<span class="sourceLineNo">675</span> }<a name="line.675"></a>
+<span class="sourceLineNo">676</span><a name="line.676"></a>
+<span class="sourceLineNo">677</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.677"></a>
+<span class="sourceLineNo">678</span><a name="line.678"></a>
+<span class="sourceLineNo">679</span> private final Encryptor encryptor;<a name="line.679"></a>
+<span class="sourceLineNo">680</span><a name="line.680"></a>
+<span class="sourceLineNo">681</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.681"></a>
+<span class="sourceLineNo">682</span> throws GeneralSecurityException, IOException {<a name="line.682"></a>
+<span class="sourceLineNo">683</span> this.encryptor = codec.createEncryptor();<a name="line.683"></a>
+<span class="sourceLineNo">684</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.684"></a>
+<span class="sourceLineNo">685</span> }<a name="line.685"></a>
+<span class="sourceLineNo">686</span><a name="line.686"></a>
+<span class="sourceLineNo">687</span> @Override<a name="line.687"></a>
+<span class="sourceLineNo">688</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.688"></a>
+<span class="sourceLineNo">689</span> throws Exception {<a name="line.689"></a>
+<span class="sourceLineNo">690</span> if (preferDirect) {<a name="line.690"></a>
+<span class="sourceLineNo">691</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.691"></a>
+<span class="sourceLineNo">692</span> } else {<a name="line.692"></a>
+<span class="sourceLineNo">693</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.693"></a>
+<span class="sourceLineNo">694</span> }<a name="line.694"></a>
+<span class="sourceLineNo">695</span> }<a name="line.695"></a>
+<span class="sourceLineNo">696</span><a name="line.696"></a>
+<span class="sourceLineNo">697</span> @Override<a name="line.697"></a>
+<span class="sourceLineNo">698</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.698"></a>
+<span class="sourceLineNo">699</span> ByteBuf inBuf;<a name="line.699"></a>
+<span class="sourceLineNo">700</span> boolean release = false;<a name="line.700"></a>
+<span class="sourceLineNo">701</span> if (msg.nioBufferCount() == 1) {<a name="line.701"></a>
+<span class="sourceLineNo">702</span> inBuf = msg;<a name="line.702"></a>
+<span class="sourceLineNo">703</span> } else {<a name="line.703"></a>
+<span class="sourceLineNo">704</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.704"></a>
+<span class="sourceLineNo">705</span> msg.readBytes(inBuf);<a name="line.705"></a>
+<span class="sourceLineNo">706</span> release = true;<a name="line.706"></a>
+<span class="sourceLineNo">707</span> }<a name="line.707"></a>
+<span class="sourceLineNo">708</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.708"></a>
+<span class="sourceLineNo">709</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.709"></a>
+<span class="sourceLineNo">710</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.710"></a>
+<span class="sourceLineNo">711</span> out.writerIndex(inBuf.readableBytes());<a name="line.711"></a>
+<span class="sourceLineNo">712</span> if (release) {<a name="line.712"></a>
+<span class="sourceLineNo">713</span> inBuf.release();<a name="line.713"></a>
+<span class="sourceLineNo">714</span> }<a name="line.714"></a>
+<span class="sourceLineNo">715</span> }<a name="line.715"></a>
<span class="sourceLineNo">716</span> }<a name="line.716"></a>
<span class="sourceLineNo">717</span><a name="line.717"></a>
-<span class="sourceLineNo">718</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.718"></a>
-<span class="sourceLineNo">719</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.719"></a>
-<span class="sourceLineNo">720</span> }<a name="line.720"></a>
-<span class="sourceLineNo">721</span><a name="line.721"></a>
-<span class="sourceLineNo">722</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.722"></a>
-<span class="sourceLineNo">723</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.723"></a>
-<span class="sourceLineNo">724</span> }<a name="line.724"></a>
-<span class="sourceLineNo">725</span><a name="line.725"></a>
-<span class="sourceLineNo">726</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.726"></a>
-<span class="sourceLineNo">727</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.727"></a>
-<span class="sourceLineNo">728</span> .toCharArray();<a name="line.728"></a>
+<span class="sourceLineNo">718</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.718"></a>
+<span class="sourceLineNo">719</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.719"></a>
+<span class="sourceLineNo">720</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.720"></a>
+<span class="sourceLineNo">721</span> }<a name="line.721"></a>
+<span class="sourceLineNo">722</span><a name="line.722"></a>
+<span class="sourceLineNo">723</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.723"></a>
+<span class="sourceLineNo">724</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.724"></a>
+<span class="sourceLineNo">725</span> }<a name="line.725"></a>
+<span class="sourceLineNo">726</span><a name="line.726"></a>
+<span class="sourceLineNo">727</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.727"></a>
+<span class="sourceLineNo">728</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.728"></a>
<span class="sourceLineNo">729</span> }<a name="line.729"></a>
<span class="sourceLineNo">730</span><a name="line.730"></a>
-<span class="sourceLineNo">731</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.731"></a>
-<span class="sourceLineNo">732</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.732"></a>
-<span class="sourceLineNo">733</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.733"></a>
-<span class="sourceLineNo">734</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.734"></a>
-<span class="sourceLineNo">735</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.735"></a>
-<span class="sourceLineNo">736</span> return saslProps;<a name="line.736"></a>
-<span class="sourceLineNo">737</span> }<a name="line.737"></a>
-<span class="sourceLineNo">738</span><a name="line.738"></a>
-<span class="sourceLineNo">739</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.739"></a>
-<span class="sourceLineNo">740</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {<a name="line.740"></a>
-<span class="sourceLineNo">741</span> try {<a name="line.741"></a>
-<span class="sourceLineNo">742</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.742"></a>
-<span class="sourceLineNo">743</span> new ProtobufVarint32FrameDecoder(),<a name="line.743"></a>
-<span class="sourceLineNo">744</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.744"></a>
-<span class="sourceLineNo">745</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));<a name="line.745"></a>
-<span class="sourceLineNo">746</span> } catch (SaslException e) {<a name="line.746"></a>
-<span class="sourceLineNo">747</span> saslPromise.tryFailure(e);<a name="line.747"></a>
-<span class="sourceLineNo">748</span> }<a name="line.748"></a>
-<span class="sourceLineNo">749</span> }<a name="line.749"></a>
-<span class="sourceLineNo">750</span><a name="line.750"></a>
-<span class="sourceLineNo">751</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.751"></a>
-<span class="sourceLineNo">752</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.752"></a>
-<span class="sourceLineNo">753</span> Promise<Void> saslPromise) throws IOException {<a name="line.753"></a>
-<span class="sourceLineNo">754</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.754"></a>
-<span class="sourceLineNo">755</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.755"></a>
-<span class="sourceLineNo">756</span> TrustedChannelResolver trustedChannelResolver =<a name="line.756"></a>
-<span class="sourceLineNo">757</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.757"></a>
-<span class="sourceLineNo">758</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.758"></a>
-<span class="sourceLineNo">759</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.759"></a>
-<span class="sourceLineNo">760</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.760"></a>
-<span class="sourceLineNo">761</span> saslPromise.trySuccess(null);<a name="line.761"></a>
-<span class="sourceLineNo">762</span> return;<a name="line.762"></a>
-<span class="sourceLineNo">763</span> }<a name="line.763"></a>
-<span class="sourceLineNo">764</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.764"></a>
-<span class="sourceLineNo">765</span> if (encryptionKey != null) {<a name="line.765"></a>
-<span class="sourceLineNo">766</span> if (LOG.isDebugEnabled()) {<a name="line.766"></a>
-<span class="sourceLineNo">767</span> LOG.debug(<a name="line.767"></a>
-<span class="sourceLineNo">768</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.768"></a>
-<span class="sourceLineNo">769</span> }<a name="line.769"></a>
-<span class="sourceLineNo">770</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.770"></a>
-<span class="sourceLineNo">771</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.771"></a>
-<span class="sourceLineNo">772</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);<a name="line.772"></a>
-<span class="sourceLineNo">773</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.773"></a>
-<span class="sourceLineNo">774</span> if (LOG.isDebugEnabled()) {<a name="line.774"></a>
-<span class="sourceLineNo">775</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.775"></a>
-<span class="sourceLineNo">776</span> + ", datanodeId = " + dnInfo);<a name="line.776"></a>
-<span class="sourceLineNo">777</span> }<a name="line.777"></a>
-<span class="sourceLineNo">778</span> saslPromise.trySuccess(null);<a name="line.778"></a>
-<span class="sourceLineNo">779</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.779"></a>
-<span class="sourceLineNo">780</span> if (LOG.isDebugEnabled()) {<a name="line.780"></a>
-<span class="sourceLineNo">781</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.781"></a>
-<span class="sourceLineNo">782</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.782"></a>
-<span class="sourceLineNo">783</span> }<a name="line.783"></a>
-<span class="sourceLineNo">784</span> saslPromise.trySuccess(null);<a name="line.784"></a>
-<span class="sourceLineNo">785</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.785"></a>
-<span class="sourceLineNo">786</span> if (LOG.isDebugEnabled()) {<a name="line.786"></a>
-<span class="sourceLineNo">787</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.787"></a>
-<span class="sourceLineNo">788</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.788"></a>
-<span class="sourceLineNo">789</span> }<a name="line.789"></a>
-<span class="sourceLineNo">790</span> saslPromise.trySuccess(null);<a name="line.790"></a>
-<span class="sourceLineNo">791</span> } else if (saslPropsResolver != null) {<a name="line.791"></a>
-<span class="sourceLineNo">792</span> if (LOG.isDebugEnabled()) {<a name="line.792"></a>
-<span class="sourceLineNo">793</span> LOG.debug(<a name="line.793"></a>
-<span class="sourceLineNo">794</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.794"></a>
-<span class="sourceLineNo">795</span> }<a name="line.795"></a>
-<span class="sourceLineNo">796</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.796"></a>
-<span class="sourceLineNo">797</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);<a name="line.797"></a>
-<span class="sourceLineNo">798</span> } else {<a name="line.798"></a>
-<span class="sourceLineNo">799</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.799"></a>
-<span class="sourceLineNo">800</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.800"></a>
-<span class="sourceLineNo">801</span> // edge case.<a name="line.801"></a>
-<span class="sourceLineNo">802</span> if (LOG.isDebugEnabled()) {<a name="line.802"></a>
-<span class="sourceLineNo">803</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.803"></a>
-<span class="sourceLineNo">804</span> + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.804"></a>
-<span class="sourceLineNo">805</span> }<a name="line.805"></a>
-<span class="sourceLineNo">806</span> saslPromise.trySuccess(null);<a name="line.806"></a>
-<span class="sourceLineNo">807</span> }<a name="line.807"></a>
-<span class="sourceLineNo">808</span> }<a name="line.808"></a>
-<span class="sourceLineNo">809</span><a name="line.809"></a>
-<span class="sourceLineNo">810</span> static Encryptor createEncryptor(Configuration conf, HdfsFileStatus stat, DFSClient client)<a name="line.810"></a>
-<span class="sourceLineNo">811</span> throws IOException {<a name="line.811"></a>
-<span class="sourceLineNo">812</span> FileEncryptionInfo feInfo = stat.getFileEncryptionInfo();<a name="line.812"></a>
-<span class="sourceLineNo">813</span> if (feInfo == null) {<a name="line.813"></a>
-<span class="sourceLineNo">814</span> return null;<a name="line.814"></a>
-<span class="sourceLineNo">815</span> }<a name="line.815"></a>
-<span class="sourceLineNo">816</span> return TRANSPARENT_CRYPTO_HELPER.createEncryptor(conf, feInfo, client);<a name="line.816"></a>
+<span class="sourceLineNo">731</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.731"></a>
+<span class="sourceLineNo">732</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.732"></a>
+<span class="sourceLineNo">733</span> .toCharArray();<a name="line.733"></a>
+<span class="sourceLineNo">734</span> }<a name="line.734"></a>
+<span class="sourceLineNo">735</span><a name="line.735"></a>
+<span class="sourceLineNo">736</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.736"></a>
+<span class="sourceLineNo">737</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.737"></a>
+<span class="sourceLineNo">738</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.738"></a>
+<span class="sourceLineNo">739</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.739"></a>
+<span class="sourceLineNo">740</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.740"></a>
+<span class="sourceLineNo">741</span> return saslProps;<a name="line.741"></a>
+<span class="sourceLineNo">742</span> }<a name="line.742"></a>
+<span class="sourceLineNo">743</span><a name="line.743"></a>
+<span class="sourceLineNo">744</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.744"></a>
+<span class="sourceLineNo">745</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,<a name="line.745"></a>
+<span class="sourceLineNo">746</span> DFSClient dfsClient) {<a name="line.746"></a>
+<span class="sourceLineNo">747</span> try {<a name="line.747"></a>
+<span class="sourceLineNo">748</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.748"></a>
+<span class="sourceLineNo">749</span> new ProtobufVarint32FrameDecoder(),<a name="line.749"></a>
+<span class="sourceLineNo">750</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.750"></a>
+<span class="sourceLineNo">751</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,<a name="line.751"></a>
+<span class="sourceLineNo">752</span> dfsClient));<a name="line.752"></a>
+<span class="sourceLineNo">753</span> } catch (SaslException e) {<a name="line.753"></a>
+<span class="sourceLineNo">754</span> saslPromise.tryFailure(e);<a name="line.754"></a>
+<span class="sourceLineNo">755</span> }<a name="line.755"></a>
+<span class="sourceLineNo">756</span> }<a name="line.756"></a>
+<span class="sourceLineNo">757</span><a name="line.757"></a>
+<span class="sourceLineNo">758</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.758"></a>
+<span class="sourceLineNo">759</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.759"></a>
+<span class="sourceLineNo">760</span> Promise<Void> saslPromise) throws IOException {<a name="line.760"></a>
+<span class="sourceLineNo">761</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.761"></a>
+<span class="sourceLineNo">762</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.762"></a>
+<span class="sourceLineNo">763</span> TrustedChannelResolver trustedChannelResolver =<a name="line.763"></a>
+<span class="sourceLineNo">764</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.764"></a>
+<span class="sourceLineNo">765</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.765"></a>
+<span class="sourceLineNo">766</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.766"></a>
+<span class="sourceLineNo">767</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.767"></a>
+<span class="sourceLineNo">768</span> saslPromise.trySuccess(null);<a name="line.768"></a>
+<span class="sourceLineNo">769</span> return;<a name="line.769"></a>
+<span class="sourceLineNo">770</span> }<a name="line.770"></a>
+<span class="sourceLineNo">771</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.771"></a>
+<span class="sourceLineNo">772</span> if (encryptionKey != null) {<a name="line.772"></a>
+<span class="sourceLineNo">773</span> if (LOG.isDebugEnabled()) {<a name="line.773"></a>
+<span class="sourceLineNo">774</span> LOG.debug(<a name="line.774"></a>
+<span class="sourceLineNo">775</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.775"></a>
+<span class="sourceLineNo">776</span> }<a name="line.776"></a>
+<span class="sourceLineNo">777</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.777"></a>
+<span class="sourceLineNo">778</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.778"></a>
+<span class="sourceLineNo">779</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,<a name="line.779"></a>
+<span class="sourceLineNo">780</span> client);<a name="line.780"></a>
+<span class="sourceLineNo">781</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.781"></a>
+<span class="sourceLineNo">782</span> if (LOG.isDebugEnabled()) {<a name="line.782"></a>
+<span class="sourceLineNo">783</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.783"></a>
+<span class="sourceLineNo">784</span> + ", datanodeId = " + dnInfo);<a name="line.784"></a>
+<span class="sourceLineNo">785</span> }<a name="line.785"></a>
+<span class="sourceLineNo">786</span> saslPromise.trySuccess(null);<a name="line.786"></a>
+<span class="sourceLineNo">787</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.787"></a>
+<span class="sourceLineNo">788</span> if (LOG.isDebugEnabled()) {<a name="line.788"></a>
+<span class="sourceLineNo">789</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.789"></a>
+<span class="sourceLineNo">790</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.790"></a>
+<span class="sourceLineNo">791</span> }<a name="line.791"></a>
+<span class="sourceLineNo">792</span> saslPromise.trySuccess(null);<a name="line.792"></a>
+<span class="sourceLineNo">793</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.793"></a>
+<span class="sourceLineNo">794</span> if (LOG.isDebugEnabled()) {<a name="line.794"></a>
+<span class="sourceLineNo">795</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.795"></a>
+<span class="sourceLineNo">796</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.796"></a>
+<span class="sourceLineNo">797</span> }<a name="line.797"></a>
+<span class="sourceLineNo">798</span> saslPromise.trySuccess(null);<a name="line.798"></a>
+<span class="sourceLineNo">799</span> } else if (saslPropsResolver != null) {<a name="line.799"></a>
+<span class="sourceLineNo">800</span> if (LOG.isDebugEnabled()) {<a name="line.800"></a>
+<span class="sourceLineNo">801</span> LOG.debug(<a name="line.801"></a>
+<span class="sourceLineNo">802</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.802"></a>
+<span class="sourceLineNo">803</span> }<a name="line.803"></a>
+<span class="sourceLineNo">804</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.804"></a>
+<span class="sourceLineNo">805</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,<a name="line.805"></a>
+<span class="sourceLineNo">806</span> client);<a name="line.806"></a>
+<span class="sourceLineNo">807</span> } else {<a name="line.807"></a>
+<span class="sourceLineNo">808</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.808"></a>
+<span class="sourceLineNo">809</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.809"></a>
+<span class="sourceLineNo">810</span> // edge case.<a name="line.810"></a>
+<span class="sourceLineNo">811</span> if (LOG.isDebugEnabled()) {<a name="line.811"></a>
+<span class="sourceLineNo">812</span> LOG.debug("S
<TRUNCATED>
[06/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html
index 40ef9f4..36b4e7f 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html
@@ -375,455 +375,464 @@
<span class="sourceLineNo">367</span><a name="line.367"></a>
<span class="sourceLineNo">368</span> private final Promise<Void> promise;<a name="line.368"></a>
<span class="sourceLineNo">369</span><a name="line.369"></a>
-<span class="sourceLineNo">370</span> private int step = 0;<a name="line.370"></a>
+<span class="sourceLineNo">370</span> private final DFSClient dfsClient;<a name="line.370"></a>
<span class="sourceLineNo">371</span><a name="line.371"></a>
-<span class="sourceLineNo">372</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.372"></a>
-<span class="sourceLineNo">373</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {<a name="line.373"></a>
-<span class="sourceLineNo">374</span> this.conf = conf;<a name="line.374"></a>
-<span class="sourceLineNo">375</span> this.saslProps = saslProps;<a name="line.375"></a>
-<span class="sourceLineNo">376</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.376"></a>
-<span class="sourceLineNo">377</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.377"></a>
-<span class="sourceLineNo">378</span> this.timeoutMs = timeoutMs;<a name="line.378"></a>
-<span class="sourceLineNo">379</span> this.promise = promise;<a name="line.379"></a>
-<span class="sourceLineNo">380</span> }<a name="line.380"></a>
-<span class="sourceLineNo">381</span><a name="line.381"></a>
-<span class="sourceLineNo">382</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.382"></a>
-<span class="sourceLineNo">383</span> sendSaslMessage(ctx, payload, null);<a name="line.383"></a>
+<span class="sourceLineNo">372</span> private int step = 0;<a name="line.372"></a>
+<span class="sourceLineNo">373</span><a name="line.373"></a>
+<span class="sourceLineNo">374</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.374"></a>
+<span class="sourceLineNo">375</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,<a name="line.375"></a>
+<span class="sourceLineNo">376</span> DFSClient dfsClient) throws SaslException {<a name="line.376"></a>
+<span class="sourceLineNo">377</span> this.conf = conf;<a name="line.377"></a>
+<span class="sourceLineNo">378</span> this.saslProps = saslProps;<a name="line.378"></a>
+<span class="sourceLineNo">379</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.379"></a>
+<span class="sourceLineNo">380</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.380"></a>
+<span class="sourceLineNo">381</span> this.timeoutMs = timeoutMs;<a name="line.381"></a>
+<span class="sourceLineNo">382</span> this.promise = promise;<a name="line.382"></a>
+<span class="sourceLineNo">383</span> this.dfsClient = dfsClient;<a name="line.383"></a>
<span class="sourceLineNo">384</span> }<a name="line.384"></a>
<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.387"></a>
-<span class="sourceLineNo">388</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.388"></a>
-<span class="sourceLineNo">389</span> // values for future expansion.<a name="line.389"></a>
-<span class="sourceLineNo">390</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.390"></a>
-<span class="sourceLineNo">391</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.391"></a>
-<span class="sourceLineNo">392</span> return null;<a name="line.392"></a>
-<span class="sourceLineNo">393</span> }<a name="line.393"></a>
-<span class="sourceLineNo">394</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.394"></a>
-<span class="sourceLineNo">395</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.395"></a>
-<span class="sourceLineNo">396</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.396"></a>
+<span class="sourceLineNo">386</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.386"></a>
+<span class="sourceLineNo">387</span> sendSaslMessage(ctx, payload, null);<a name="line.387"></a>
+<span class="sourceLineNo">388</span> }<a name="line.388"></a>
+<span class="sourceLineNo">389</span><a name="line.389"></a>
+<span class="sourceLineNo">390</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.390"></a>
+<span class="sourceLineNo">391</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.391"></a>
+<span class="sourceLineNo">392</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.392"></a>
+<span class="sourceLineNo">393</span> // values for future expansion.<a name="line.393"></a>
+<span class="sourceLineNo">394</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.395"></a>
+<span class="sourceLineNo">396</span> return null;<a name="line.396"></a>
<span class="sourceLineNo">397</span> }<a name="line.397"></a>
-<span class="sourceLineNo">398</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.398"></a>
-<span class="sourceLineNo">399</span> }<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.401"></a>
-<span class="sourceLineNo">402</span> List<CipherOption> options) throws IOException {<a name="line.402"></a>
-<span class="sourceLineNo">403</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.403"></a>
-<span class="sourceLineNo">404</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.404"></a>
-<span class="sourceLineNo">405</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> if (payload != null) {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.407"></a>
-<span class="sourceLineNo">408</span> // and we want to keep that out of hbase-server.<a name="line.408"></a>
-<span class="sourceLineNo">409</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.409"></a>
-<span class="sourceLineNo">410</span> }<a name="line.410"></a>
-<span class="sourceLineNo">411</span> if (options != null) {<a name="line.411"></a>
-<span class="sourceLineNo">412</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.412"></a>
-<span class="sourceLineNo">413</span> }<a name="line.413"></a>
-<span class="sourceLineNo">414</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> int size = proto.getSerializedSize();<a name="line.415"></a>
-<span class="sourceLineNo">416</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.416"></a>
-<span class="sourceLineNo">417</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.417"></a>
-<span class="sourceLineNo">418</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.418"></a>
-<span class="sourceLineNo">419</span> ctx.write(buf);<a name="line.419"></a>
-<span class="sourceLineNo">420</span> }<a name="line.420"></a>
-<span class="sourceLineNo">421</span><a name="line.421"></a>
-<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
-<span class="sourceLineNo">423</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.423"></a>
-<span class="sourceLineNo">424</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.424"></a>
-<span class="sourceLineNo">425</span> sendSaslMessage(ctx, new byte[0]);<a name="line.425"></a>
-<span class="sourceLineNo">426</span> ctx.flush();<a name="line.426"></a>
-<span class="sourceLineNo">427</span> step++;<a name="line.427"></a>
-<span class="sourceLineNo">428</span> }<a name="line.428"></a>
-<span class="sourceLineNo">429</span><a name="line.429"></a>
-<span class="sourceLineNo">430</span> @Override<a name="line.430"></a>
-<span class="sourceLineNo">431</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.431"></a>
-<span class="sourceLineNo">432</span> saslClient.dispose();<a name="line.432"></a>
-<span class="sourceLineNo">433</span> }<a name="line.433"></a>
-<span class="sourceLineNo">434</span><a name="line.434"></a>
-<span class="sourceLineNo">435</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.435"></a>
-<span class="sourceLineNo">436</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.436"></a>
-<span class="sourceLineNo">437</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.437"></a>
-<span class="sourceLineNo">438</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.438"></a>
-<span class="sourceLineNo">439</span> throw new IOException(proto.getMessage());<a name="line.439"></a>
-<span class="sourceLineNo">440</span> }<a name="line.440"></a>
-<span class="sourceLineNo">441</span> }<a name="line.441"></a>
-<span class="sourceLineNo">442</span><a name="line.442"></a>
-<span class="sourceLineNo">443</span> private String getNegotiatedQop() {<a name="line.443"></a>
-<span class="sourceLineNo">444</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> }<a name="line.445"></a>
-<span class="sourceLineNo">446</span><a name="line.446"></a>
-<span class="sourceLineNo">447</span> private boolean isNegotiatedQopPrivacy() {<a name="line.447"></a>
-<span class="sourceLineNo">448</span> String qop = getNegotiatedQop();<a name="line.448"></a>
-<span class="sourceLineNo">449</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.449"></a>
+<span class="sourceLineNo">398</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.398"></a>
+<span class="sourceLineNo">399</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.399"></a>
+<span class="sourceLineNo">400</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.400"></a>
+<span class="sourceLineNo">401</span> }<a name="line.401"></a>
+<span class="sourceLineNo">402</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.402"></a>
+<span class="sourceLineNo">403</span> }<a name="line.403"></a>
+<span class="sourceLineNo">404</span><a name="line.404"></a>
+<span class="sourceLineNo">405</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.405"></a>
+<span class="sourceLineNo">406</span> List<CipherOption> options) throws IOException {<a name="line.406"></a>
+<span class="sourceLineNo">407</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.407"></a>
+<span class="sourceLineNo">408</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.408"></a>
+<span class="sourceLineNo">409</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> if (payload != null) {<a name="line.410"></a>
+<span class="sourceLineNo">411</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.411"></a>
+<span class="sourceLineNo">412</span> // and we want to keep that out of hbase-server.<a name="line.412"></a>
+<span class="sourceLineNo">413</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.413"></a>
+<span class="sourceLineNo">414</span> }<a name="line.414"></a>
+<span class="sourceLineNo">415</span> if (options != null) {<a name="line.415"></a>
+<span class="sourceLineNo">416</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.416"></a>
+<span class="sourceLineNo">417</span> }<a name="line.417"></a>
+<span class="sourceLineNo">418</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.418"></a>
+<span class="sourceLineNo">419</span> int size = proto.getSerializedSize();<a name="line.419"></a>
+<span class="sourceLineNo">420</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.420"></a>
+<span class="sourceLineNo">421</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.421"></a>
+<span class="sourceLineNo">422</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.422"></a>
+<span class="sourceLineNo">423</span> ctx.write(buf);<a name="line.423"></a>
+<span class="sourceLineNo">424</span> }<a name="line.424"></a>
+<span class="sourceLineNo">425</span><a name="line.425"></a>
+<span class="sourceLineNo">426</span> @Override<a name="line.426"></a>
+<span class="sourceLineNo">427</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.427"></a>
+<span class="sourceLineNo">428</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.428"></a>
+<span class="sourceLineNo">429</span> sendSaslMessage(ctx, new byte[0]);<a name="line.429"></a>
+<span class="sourceLineNo">430</span> ctx.flush();<a name="line.430"></a>
+<span class="sourceLineNo">431</span> step++;<a name="line.431"></a>
+<span class="sourceLineNo">432</span> }<a name="line.432"></a>
+<span class="sourceLineNo">433</span><a name="line.433"></a>
+<span class="sourceLineNo">434</span> @Override<a name="line.434"></a>
+<span class="sourceLineNo">435</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.435"></a>
+<span class="sourceLineNo">436</span> saslClient.dispose();<a name="line.436"></a>
+<span class="sourceLineNo">437</span> }<a name="line.437"></a>
+<span class="sourceLineNo">438</span><a name="line.438"></a>
+<span class="sourceLineNo">439</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.439"></a>
+<span class="sourceLineNo">440</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.440"></a>
+<span class="sourceLineNo">441</span> dfsClient.clearDataEncryptionKey();<a name="line.441"></a>
+<span class="sourceLineNo">442</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.442"></a>
+<span class="sourceLineNo">443</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> throw new IOException(proto.getMessage());<a name="line.444"></a>
+<span class="sourceLineNo">445</span> }<a name="line.445"></a>
+<span class="sourceLineNo">446</span> }<a name="line.446"></a>
+<span class="sourceLineNo">447</span><a name="line.447"></a>
+<span class="sourceLineNo">448</span> private String getNegotiatedQop() {<a name="line.448"></a>
+<span class="sourceLineNo">449</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.449"></a>
<span class="sourceLineNo">450</span> }<a name="line.450"></a>
<span class="sourceLineNo">451</span><a name="line.451"></a>
-<span class="sourceLineNo">452</span> private boolean requestedQopContainsPrivacy() {<a name="line.452"></a>
-<span class="sourceLineNo">453</span> Set<String> requestedQop =<a name="line.453"></a>
-<span class="sourceLineNo">454</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.454"></a>
-<span class="sourceLineNo">455</span> return requestedQop.contains("auth-conf");<a name="line.455"></a>
-<span class="sourceLineNo">456</span> }<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> private void checkSaslComplete() throws IOException {<a name="line.458"></a>
-<span class="sourceLineNo">459</span> if (!saslClient.isComplete()) {<a name="line.459"></a>
-<span class="sourceLineNo">460</span> throw new IOException("Failed to complete SASL handshake");<a name="line.460"></a>
-<span class="sourceLineNo">461</span> }<a name="line.461"></a>
-<span class="sourceLineNo">462</span> Set<String> requestedQop =<a name="line.462"></a>
-<span class="sourceLineNo">463</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.463"></a>
-<span class="sourceLineNo">464</span> String negotiatedQop = getNegotiatedQop();<a name="line.464"></a>
-<span class="sourceLineNo">465</span> LOG.debug(<a name="line.465"></a>
-<span class="sourceLineNo">466</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.466"></a>
-<span class="sourceLineNo">467</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.467"></a>
-<span class="sourceLineNo">468</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.468"></a>
-<span class="sourceLineNo">469</span> + "channel does not have acceptable quality of protection, "<a name="line.469"></a>
-<span class="sourceLineNo">470</span> + "requested = %s, negotiated = %s",<a name="line.470"></a>
-<span class="sourceLineNo">471</span> requestedQop, negotiatedQop));<a name="line.471"></a>
-<span class="sourceLineNo">472</span> }<a name="line.472"></a>
-<span class="sourceLineNo">473</span> }<a name="line.473"></a>
-<span class="sourceLineNo">474</span><a name="line.474"></a>
-<span class="sourceLineNo">475</span> private boolean useWrap() {<a name="line.475"></a>
-<span class="sourceLineNo">476</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.476"></a>
-<span class="sourceLineNo">477</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.477"></a>
+<span class="sourceLineNo">452</span> private boolean isNegotiatedQopPrivacy() {<a name="line.452"></a>
+<span class="sourceLineNo">453</span> String qop = getNegotiatedQop();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.454"></a>
+<span class="sourceLineNo">455</span> }<a name="line.455"></a>
+<span class="sourceLineNo">456</span><a name="line.456"></a>
+<span class="sourceLineNo">457</span> private boolean requestedQopContainsPrivacy() {<a name="line.457"></a>
+<span class="sourceLineNo">458</span> Set<String> requestedQop =<a name="line.458"></a>
+<span class="sourceLineNo">459</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.459"></a>
+<span class="sourceLineNo">460</span> return requestedQop.contains("auth-conf");<a name="line.460"></a>
+<span class="sourceLineNo">461</span> }<a name="line.461"></a>
+<span class="sourceLineNo">462</span><a name="line.462"></a>
+<span class="sourceLineNo">463</span> private void checkSaslComplete() throws IOException {<a name="line.463"></a>
+<span class="sourceLineNo">464</span> if (!saslClient.isComplete()) {<a name="line.464"></a>
+<span class="sourceLineNo">465</span> throw new IOException("Failed to complete SASL handshake");<a name="line.465"></a>
+<span class="sourceLineNo">466</span> }<a name="line.466"></a>
+<span class="sourceLineNo">467</span> Set<String> requestedQop =<a name="line.467"></a>
+<span class="sourceLineNo">468</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.468"></a>
+<span class="sourceLineNo">469</span> String negotiatedQop = getNegotiatedQop();<a name="line.469"></a>
+<span class="sourceLineNo">470</span> LOG.debug(<a name="line.470"></a>
+<span class="sourceLineNo">471</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.471"></a>
+<span class="sourceLineNo">472</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.472"></a>
+<span class="sourceLineNo">473</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.473"></a>
+<span class="sourceLineNo">474</span> + "channel does not have acceptable quality of protection, "<a name="line.474"></a>
+<span class="sourceLineNo">475</span> + "requested = %s, negotiated = %s",<a name="line.475"></a>
+<span class="sourceLineNo">476</span> requestedQop, negotiatedQop));<a name="line.476"></a>
+<span class="sourceLineNo">477</span> }<a name="line.477"></a>
<span class="sourceLineNo">478</span> }<a name="line.478"></a>
<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.480"></a>
-<span class="sourceLineNo">481</span> byte[] inKey = option.getInKey();<a name="line.481"></a>
-<span class="sourceLineNo">482</span> if (inKey != null) {<a name="line.482"></a>
-<span class="sourceLineNo">483</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.483"></a>
-<span class="sourceLineNo">484</span> }<a name="line.484"></a>
-<span class="sourceLineNo">485</span> byte[] outKey = option.getOutKey();<a name="line.485"></a>
-<span class="sourceLineNo">486</span> if (outKey != null) {<a name="line.486"></a>
-<span class="sourceLineNo">487</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.487"></a>
-<span class="sourceLineNo">488</span> }<a name="line.488"></a>
-<span class="sourceLineNo">489</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.489"></a>
-<span class="sourceLineNo">490</span> option.getOutIv());<a name="line.490"></a>
-<span class="sourceLineNo">491</span> }<a name="line.491"></a>
-<span class="sourceLineNo">492</span><a name="line.492"></a>
-<span class="sourceLineNo">493</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.493"></a>
-<span class="sourceLineNo">494</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.494"></a>
-<span class="sourceLineNo">495</span> List<CipherOption> cipherOptions =<a name="line.495"></a>
-<span class="sourceLineNo">496</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.496"></a>
-<span class="sourceLineNo">497</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.497"></a>
-<span class="sourceLineNo">498</span> return null;<a name="line.498"></a>
-<span class="sourceLineNo">499</span> }<a name="line.499"></a>
-<span class="sourceLineNo">500</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.501"></a>
-<span class="sourceLineNo">502</span> }<a name="line.502"></a>
-<span class="sourceLineNo">503</span><a name="line.503"></a>
-<span class="sourceLineNo">504</span> @Override<a name="line.504"></a>
-<span class="sourceLineNo">505</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.505"></a>
-<span class="sourceLineNo">506</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.506"></a>
-<span class="sourceLineNo">507</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.507"></a>
-<span class="sourceLineNo">508</span> check(proto);<a name="line.508"></a>
-<span class="sourceLineNo">509</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.509"></a>
-<span class="sourceLineNo">510</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.510"></a>
-<span class="sourceLineNo">511</span> switch (step) {<a name="line.511"></a>
-<span class="sourceLineNo">512</span> case 1: {<a name="line.512"></a>
-<span class="sourceLineNo">513</span> List<CipherOption> cipherOptions = null;<a name="line.513"></a>
-<span class="sourceLineNo">514</span> if (requestedQopContainsPrivacy()) {<a name="line.514"></a>
-<span class="sourceLineNo">515</span> cipherOptions = getCipherOptions();<a name="line.515"></a>
-<span class="sourceLineNo">516</span> }<a name="line.516"></a>
-<span class="sourceLineNo">517</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.517"></a>
-<span class="sourceLineNo">518</span> ctx.flush();<a name="line.518"></a>
-<span class="sourceLineNo">519</span> step++;<a name="line.519"></a>
-<span class="sourceLineNo">520</span> break;<a name="line.520"></a>
-<span class="sourceLineNo">521</span> }<a name="line.521"></a>
-<span class="sourceLineNo">522</span> case 2: {<a name="line.522"></a>
-<span class="sourceLineNo">523</span> assert response == null;<a name="line.523"></a>
-<span class="sourceLineNo">524</span> checkSaslComplete();<a name="line.524"></a>
-<span class="sourceLineNo">525</span> CipherOption cipherOption =<a name="line.525"></a>
-<span class="sourceLineNo">526</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.526"></a>
-<span class="sourceLineNo">527</span> ChannelPipeline p = ctx.pipeline();<a name="line.527"></a>
-<span class="sourceLineNo">528</span> while (p.first() != null) {<a name="line.528"></a>
-<span class="sourceLineNo">529</span> p.removeFirst();<a name="line.529"></a>
-<span class="sourceLineNo">530</span> }<a name="line.530"></a>
-<span class="sourceLineNo">531</span> if (cipherOption != null) {<a name="line.531"></a>
-<span class="sourceLineNo">532</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.532"></a>
-<span class="sourceLineNo">533</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.533"></a>
-<span class="sourceLineNo">534</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.534"></a>
-<span class="sourceLineNo">535</span> } else {<a name="line.535"></a>
-<span class="sourceLineNo">536</span> if (useWrap()) {<a name="line.536"></a>
-<span class="sourceLineNo">537</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.537"></a>
-<span class="sourceLineNo">538</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.538"></a>
-<span class="sourceLineNo">539</span> new SaslUnwrapHandler(saslClient));<a name="line.539"></a>
-<span class="sourceLineNo">540</span> }<a name="line.540"></a>
-<span class="sourceLineNo">541</span> }<a name="line.541"></a>
-<span class="sourceLineNo">542</span> promise.trySuccess(null);<a name="line.542"></a>
-<span class="sourceLineNo">543</span> break;<a name="line.543"></a>
-<span class="sourceLineNo">544</span> }<a name="line.544"></a>
-<span class="sourceLineNo">545</span> default:<a name="line.545"></a>
-<span class="sourceLineNo">546</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.546"></a>
-<span class="sourceLineNo">547</span> }<a name="line.547"></a>
-<span class="sourceLineNo">548</span> } else {<a name="line.548"></a>
-<span class="sourceLineNo">549</span> ctx.fireChannelRead(msg);<a name="line.549"></a>
-<span class="sourceLineNo">550</span> }<a name="line.550"></a>
-<span class="sourceLineNo">551</span> }<a name="line.551"></a>
-<span class="sourceLineNo">552</span><a name="line.552"></a>
-<span class="sourceLineNo">553</span> @Override<a name="line.553"></a>
-<span class="sourceLineNo">554</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.554"></a>
-<span class="sourceLineNo">555</span> promise.tryFailure(cause);<a name="line.555"></a>
+<span class="sourceLineNo">480</span> private boolean useWrap() {<a name="line.480"></a>
+<span class="sourceLineNo">481</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.481"></a>
+<span class="sourceLineNo">482</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> }<a name="line.483"></a>
+<span class="sourceLineNo">484</span><a name="line.484"></a>
+<span class="sourceLineNo">485</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.485"></a>
+<span class="sourceLineNo">486</span> byte[] inKey = option.getInKey();<a name="line.486"></a>
+<span class="sourceLineNo">487</span> if (inKey != null) {<a name="line.487"></a>
+<span class="sourceLineNo">488</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.488"></a>
+<span class="sourceLineNo">489</span> }<a name="line.489"></a>
+<span class="sourceLineNo">490</span> byte[] outKey = option.getOutKey();<a name="line.490"></a>
+<span class="sourceLineNo">491</span> if (outKey != null) {<a name="line.491"></a>
+<span class="sourceLineNo">492</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.492"></a>
+<span class="sourceLineNo">493</span> }<a name="line.493"></a>
+<span class="sourceLineNo">494</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.494"></a>
+<span class="sourceLineNo">495</span> option.getOutIv());<a name="line.495"></a>
+<span class="sourceLineNo">496</span> }<a name="line.496"></a>
+<span class="sourceLineNo">497</span><a name="line.497"></a>
+<span class="sourceLineNo">498</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.498"></a>
+<span class="sourceLineNo">499</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.499"></a>
+<span class="sourceLineNo">500</span> List<CipherOption> cipherOptions =<a name="line.500"></a>
+<span class="sourceLineNo">501</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.501"></a>
+<span class="sourceLineNo">502</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.502"></a>
+<span class="sourceLineNo">503</span> return null;<a name="line.503"></a>
+<span class="sourceLineNo">504</span> }<a name="line.504"></a>
+<span class="sourceLineNo">505</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.505"></a>
+<span class="sourceLineNo">506</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.506"></a>
+<span class="sourceLineNo">507</span> }<a name="line.507"></a>
+<span class="sourceLineNo">508</span><a name="line.508"></a>
+<span class="sourceLineNo">509</span> @Override<a name="line.509"></a>
+<span class="sourceLineNo">510</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.510"></a>
+<span class="sourceLineNo">511</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.511"></a>
+<span class="sourceLineNo">512</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.512"></a>
+<span class="sourceLineNo">513</span> check(proto);<a name="line.513"></a>
+<span class="sourceLineNo">514</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.514"></a>
+<span class="sourceLineNo">515</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.515"></a>
+<span class="sourceLineNo">516</span> switch (step) {<a name="line.516"></a>
+<span class="sourceLineNo">517</span> case 1: {<a name="line.517"></a>
+<span class="sourceLineNo">518</span> List<CipherOption> cipherOptions = null;<a name="line.518"></a>
+<span class="sourceLineNo">519</span> if (requestedQopContainsPrivacy()) {<a name="line.519"></a>
+<span class="sourceLineNo">520</span> cipherOptions = getCipherOptions();<a name="line.520"></a>
+<span class="sourceLineNo">521</span> }<a name="line.521"></a>
+<span class="sourceLineNo">522</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.522"></a>
+<span class="sourceLineNo">523</span> ctx.flush();<a name="line.523"></a>
+<span class="sourceLineNo">524</span> step++;<a name="line.524"></a>
+<span class="sourceLineNo">525</span> break;<a name="line.525"></a>
+<span class="sourceLineNo">526</span> }<a name="line.526"></a>
+<span class="sourceLineNo">527</span> case 2: {<a name="line.527"></a>
+<span class="sourceLineNo">528</span> assert response == null;<a name="line.528"></a>
+<span class="sourceLineNo">529</span> checkSaslComplete();<a name="line.529"></a>
+<span class="sourceLineNo">530</span> CipherOption cipherOption =<a name="line.530"></a>
+<span class="sourceLineNo">531</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.531"></a>
+<span class="sourceLineNo">532</span> ChannelPipeline p = ctx.pipeline();<a name="line.532"></a>
+<span class="sourceLineNo">533</span> while (p.first() != null) {<a name="line.533"></a>
+<span class="sourceLineNo">534</span> p.removeFirst();<a name="line.534"></a>
+<span class="sourceLineNo">535</span> }<a name="line.535"></a>
+<span class="sourceLineNo">536</span> if (cipherOption != null) {<a name="line.536"></a>
+<span class="sourceLineNo">537</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.537"></a>
+<span class="sourceLineNo">538</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.538"></a>
+<span class="sourceLineNo">539</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.539"></a>
+<span class="sourceLineNo">540</span> } else {<a name="line.540"></a>
+<span class="sourceLineNo">541</span> if (useWrap()) {<a name="line.541"></a>
+<span class="sourceLineNo">542</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.542"></a>
+<span class="sourceLineNo">543</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.543"></a>
+<span class="sourceLineNo">544</span> new SaslUnwrapHandler(saslClient));<a name="line.544"></a>
+<span class="sourceLineNo">545</span> }<a name="line.545"></a>
+<span class="sourceLineNo">546</span> }<a name="line.546"></a>
+<span class="sourceLineNo">547</span> promise.trySuccess(null);<a name="line.547"></a>
+<span class="sourceLineNo">548</span> break;<a name="line.548"></a>
+<span class="sourceLineNo">549</span> }<a name="line.549"></a>
+<span class="sourceLineNo">550</span> default:<a name="line.550"></a>
+<span class="sourceLineNo">551</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.551"></a>
+<span class="sourceLineNo">552</span> }<a name="line.552"></a>
+<span class="sourceLineNo">553</span> } else {<a name="line.553"></a>
+<span class="sourceLineNo">554</span> ctx.fireChannelRead(msg);<a name="line.554"></a>
+<span class="sourceLineNo">555</span> }<a name="line.555"></a>
<span class="sourceLineNo">556</span> }<a name="line.556"></a>
<span class="sourceLineNo">557</span><a name="line.557"></a>
<span class="sourceLineNo">558</span> @Override<a name="line.558"></a>
-<span class="sourceLineNo">559</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.559"></a>
-<span class="sourceLineNo">560</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.560"></a>
-<span class="sourceLineNo">561</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.561"></a>
-<span class="sourceLineNo">562</span> } else {<a name="line.562"></a>
-<span class="sourceLineNo">563</span> super.userEventTriggered(ctx, evt);<a name="line.563"></a>
-<span class="sourceLineNo">564</span> }<a name="line.564"></a>
-<span class="sourceLineNo">565</span> }<a name="line.565"></a>
-<span class="sourceLineNo">566</span> }<a name="line.566"></a>
-<span class="sourceLineNo">567</span><a name="line.567"></a>
-<span class="sourceLineNo">568</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.568"></a>
-<span class="sourceLineNo">569</span><a name="line.569"></a>
-<span class="sourceLineNo">570</span> private final SaslClient saslClient;<a name="line.570"></a>
-<span class="sourceLineNo">571</span><a name="line.571"></a>
-<span class="sourceLineNo">572</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.572"></a>
-<span class="sourceLineNo">573</span> this.saslClient = saslClient;<a name="line.573"></a>
-<span class="sourceLineNo">574</span> }<a name="line.574"></a>
-<span class="sourceLineNo">575</span><a name="line.575"></a>
-<span class="sourceLineNo">576</span> @Override<a name="line.576"></a>
-<span class="sourceLineNo">577</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.577"></a>
-<span class="sourceLineNo">578</span> saslClient.dispose();<a name="line.578"></a>
+<span class="sourceLineNo">559</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.559"></a>
+<span class="sourceLineNo">560</span> promise.tryFailure(cause);<a name="line.560"></a>
+<span class="sourceLineNo">561</span> }<a name="line.561"></a>
+<span class="sourceLineNo">562</span><a name="line.562"></a>
+<span class="sourceLineNo">563</span> @Override<a name="line.563"></a>
+<span class="sourceLineNo">564</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.564"></a>
+<span class="sourceLineNo">565</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.565"></a>
+<span class="sourceLineNo">566</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.566"></a>
+<span class="sourceLineNo">567</span> } else {<a name="line.567"></a>
+<span class="sourceLineNo">568</span> super.userEventTriggered(ctx, evt);<a name="line.568"></a>
+<span class="sourceLineNo">569</span> }<a name="line.569"></a>
+<span class="sourceLineNo">570</span> }<a name="line.570"></a>
+<span class="sourceLineNo">571</span> }<a name="line.571"></a>
+<span class="sourceLineNo">572</span><a name="line.572"></a>
+<span class="sourceLineNo">573</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.573"></a>
+<span class="sourceLineNo">574</span><a name="line.574"></a>
+<span class="sourceLineNo">575</span> private final SaslClient saslClient;<a name="line.575"></a>
+<span class="sourceLineNo">576</span><a name="line.576"></a>
+<span class="sourceLineNo">577</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.577"></a>
+<span class="sourceLineNo">578</span> this.saslClient = saslClient;<a name="line.578"></a>
<span class="sourceLineNo">579</span> }<a name="line.579"></a>
<span class="sourceLineNo">580</span><a name="line.580"></a>
<span class="sourceLineNo">581</span> @Override<a name="line.581"></a>
-<span class="sourceLineNo">582</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.582"></a>
-<span class="sourceLineNo">583</span> msg.skipBytes(4);<a name="line.583"></a>
-<span class="sourceLineNo">584</span> byte[] b = new byte[msg.readableBytes()];<a name="line.584"></a>
-<span class="sourceLineNo">585</span> msg.readBytes(b);<a name="line.585"></a>
-<span class="sourceLineNo">586</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.586"></a>
-<span class="sourceLineNo">587</span> }<a name="line.587"></a>
-<span class="sourceLineNo">588</span> }<a name="line.588"></a>
-<span class="sourceLineNo">589</span><a name="line.589"></a>
-<span class="sourceLineNo">590</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.590"></a>
-<span class="sourceLineNo">591</span><a name="line.591"></a>
-<span class="sourceLineNo">592</span> private final SaslClient saslClient;<a name="line.592"></a>
-<span class="sourceLineNo">593</span><a name="line.593"></a>
-<span class="sourceLineNo">594</span> private CompositeByteBuf cBuf;<a name="line.594"></a>
-<span class="sourceLineNo">595</span><a name="line.595"></a>
-<span class="sourceLineNo">596</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.596"></a>
-<span class="sourceLineNo">597</span> this.saslClient = saslClient;<a name="line.597"></a>
-<span class="sourceLineNo">598</span> }<a name="line.598"></a>
-<span class="sourceLineNo">599</span><a name="line.599"></a>
-<span class="sourceLineNo">600</span> @Override<a name="line.600"></a>
-<span class="sourceLineNo">601</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.601"></a>
-<span class="sourceLineNo">602</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.602"></a>
+<span class="sourceLineNo">582</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.582"></a>
+<span class="sourceLineNo">583</span> saslClient.dispose();<a name="line.583"></a>
+<span class="sourceLineNo">584</span> }<a name="line.584"></a>
+<span class="sourceLineNo">585</span><a name="line.585"></a>
+<span class="sourceLineNo">586</span> @Override<a name="line.586"></a>
+<span class="sourceLineNo">587</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.587"></a>
+<span class="sourceLineNo">588</span> msg.skipBytes(4);<a name="line.588"></a>
+<span class="sourceLineNo">589</span> byte[] b = new byte[msg.readableBytes()];<a name="line.589"></a>
+<span class="sourceLineNo">590</span> msg.readBytes(b);<a name="line.590"></a>
+<span class="sourceLineNo">591</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.591"></a>
+<span class="sourceLineNo">592</span> }<a name="line.592"></a>
+<span class="sourceLineNo">593</span> }<a name="line.593"></a>
+<span class="sourceLineNo">594</span><a name="line.594"></a>
+<span class="sourceLineNo">595</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.595"></a>
+<span class="sourceLineNo">596</span><a name="line.596"></a>
+<span class="sourceLineNo">597</span> private final SaslClient saslClient;<a name="line.597"></a>
+<span class="sourceLineNo">598</span><a name="line.598"></a>
+<span class="sourceLineNo">599</span> private CompositeByteBuf cBuf;<a name="line.599"></a>
+<span class="sourceLineNo">600</span><a name="line.600"></a>
+<span class="sourceLineNo">601</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.601"></a>
+<span class="sourceLineNo">602</span> this.saslClient = saslClient;<a name="line.602"></a>
<span class="sourceLineNo">603</span> }<a name="line.603"></a>
<span class="sourceLineNo">604</span><a name="line.604"></a>
<span class="sourceLineNo">605</span> @Override<a name="line.605"></a>
-<span class="sourceLineNo">606</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.606"></a>
-<span class="sourceLineNo">607</span> throws Exception {<a name="line.607"></a>
-<span class="sourceLineNo">608</span> if (msg instanceof ByteBuf) {<a name="line.608"></a>
-<span class="sourceLineNo">609</span> ByteBuf buf = (ByteBuf) msg;<a name="line.609"></a>
-<span class="sourceLineNo">610</span> cBuf.addComponent(buf);<a name="line.610"></a>
-<span class="sourceLineNo">611</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.611"></a>
-<span class="sourceLineNo">612</span> } else {<a name="line.612"></a>
-<span class="sourceLineNo">613</span> ctx.write(msg);<a name="line.613"></a>
-<span class="sourceLineNo">614</span> }<a name="line.614"></a>
-<span class="sourceLineNo">615</span> }<a name="line.615"></a>
-<span class="sourceLineNo">616</span><a name="line.616"></a>
-<span class="sourceLineNo">617</span> @Override<a name="line.617"></a>
-<span class="sourceLineNo">618</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.618"></a>
-<span class="sourceLineNo">619</span> if (cBuf.isReadable()) {<a name="line.619"></a>
-<span class="sourceLineNo">620</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.620"></a>
-<span class="sourceLineNo">621</span> cBuf.readBytes(b);<a name="line.621"></a>
-<span class="sourceLineNo">622</span> cBuf.discardReadComponents();<a name="line.622"></a>
-<span class="sourceLineNo">623</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.623"></a>
-<span class="sourceLineNo">624</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.624"></a>
-<span class="sourceLineNo">625</span> buf.writeInt(wrapped.length);<a name="line.625"></a>
-<span class="sourceLineNo">626</span> buf.writeBytes(wrapped);<a name="line.626"></a>
-<span class="sourceLineNo">627</span> ctx.write(buf);<a name="line.627"></a>
-<span class="sourceLineNo">628</span> }<a name="line.628"></a>
-<span class="sourceLineNo">629</span> ctx.flush();<a name="line.629"></a>
-<span class="sourceLineNo">630</span> }<a name="line.630"></a>
-<span class="sourceLineNo">631</span><a name="line.631"></a>
-<span class="sourceLineNo">632</span> @Override<a name="line.632"></a>
-<span class="sourceLineNo">633</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.633"></a>
-<span class="sourceLineNo">634</span> cBuf.release();<a name="line.634"></a>
-<span class="sourceLineNo">635</span> cBuf = null;<a name="line.635"></a>
-<span class="sourceLineNo">636</span> }<a name="line.636"></a>
-<span class="sourceLineNo">637</span> }<a name="line.637"></a>
-<span class="sourceLineNo">638</span><a name="line.638"></a>
-<span class="sourceLineNo">639</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.639"></a>
-<span class="sourceLineNo">640</span><a name="line.640"></a>
-<span class="sourceLineNo">641</span> private final Decryptor decryptor;<a name="line.641"></a>
-<span class="sourceLineNo">642</span><a name="line.642"></a>
-<span class="sourceLineNo">643</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.643"></a>
-<span class="sourceLineNo">644</span> throws GeneralSecurityException, IOException {<a name="line.644"></a>
-<span class="sourceLineNo">645</span> this.decryptor = codec.createDecryptor();<a name="line.645"></a>
-<span class="sourceLineNo">646</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.646"></a>
-<span class="sourceLineNo">647</span> }<a name="line.647"></a>
-<span class="sourceLineNo">648</span><a name="line.648"></a>
-<span class="sourceLineNo">649</span> @Override<a name="line.649"></a>
-<span class="sourceLineNo">650</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.650"></a>
-<span class="sourceLineNo">651</span> ByteBuf inBuf;<a name="line.651"></a>
-<span class="sourceLineNo">652</span> boolean release = false;<a name="line.652"></a>
-<span class="sourceLineNo">653</span> if (msg.nioBufferCount() == 1) {<a name="line.653"></a>
-<span class="sourceLineNo">654</span> inBuf = msg;<a name="line.654"></a>
-<span class="sourceLineNo">655</span> } else {<a name="line.655"></a>
-<span class="sourceLineNo">656</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.656"></a>
-<span class="sourceLineNo">657</span> msg.readBytes(inBuf);<a name="line.657"></a>
-<span class="sourceLineNo">658</span> release = true;<a name="line.658"></a>
-<span class="sourceLineNo">659</span> }<a name="line.659"></a>
-<span class="sourceLineNo">660</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.660"></a>
-<span class="sourceLineNo">661</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.661"></a>
-<span class="sourceLineNo">662</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.662"></a>
-<span class="sourceLineNo">663</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.663"></a>
-<span class="sourceLineNo">664</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.664"></a>
-<span class="sourceLineNo">665</span> if (release) {<a name="line.665"></a>
-<span class="sourceLineNo">666</span> inBuf.release();<a name="line.666"></a>
-<span class="sourceLineNo">667</span> }<a name="line.667"></a>
-<span class="sourceLineNo">668</span> ctx.fireChannelRead(outBuf);<a name="line.668"></a>
-<span class="sourceLineNo">669</span> }<a name="line.669"></a>
-<span class="sourceLineNo">670</span> }<a name="line.670"></a>
-<span class="sourceLineNo">671</span><a name="line.671"></a>
-<span class="sourceLineNo">672</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.672"></a>
-<span class="sourceLineNo">673</span><a name="line.673"></a>
-<span class="sourceLineNo">674</span> private final Encryptor encryptor;<a name="line.674"></a>
-<span class="sourceLineNo">675</span><a name="line.675"></a>
-<span class="sourceLineNo">676</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.676"></a>
-<span class="sourceLineNo">677</span> throws GeneralSecurityException, IOException {<a name="line.677"></a>
-<span class="sourceLineNo">678</span> this.encryptor = codec.createEncryptor();<a name="line.678"></a>
-<span class="sourceLineNo">679</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.679"></a>
-<span class="sourceLineNo">680</span> }<a name="line.680"></a>
-<span class="sourceLineNo">681</span><a name="line.681"></a>
-<span class="sourceLineNo">682</span> @Override<a name="line.682"></a>
-<span class="sourceLineNo">683</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.683"></a>
-<span class="sourceLineNo">684</span> throws Exception {<a name="line.684"></a>
-<span class="sourceLineNo">685</span> if (preferDirect) {<a name="line.685"></a>
-<span class="sourceLineNo">686</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.686"></a>
-<span class="sourceLineNo">687</span> } else {<a name="line.687"></a>
-<span class="sourceLineNo">688</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.688"></a>
-<span class="sourceLineNo">689</span> }<a name="line.689"></a>
-<span class="sourceLineNo">690</span> }<a name="line.690"></a>
-<span class="sourceLineNo">691</span><a name="line.691"></a>
-<span class="sourceLineNo">692</span> @Override<a name="line.692"></a>
-<span class="sourceLineNo">693</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.693"></a>
-<span class="sourceLineNo">694</span> ByteBuf inBuf;<a name="line.694"></a>
-<span class="sourceLineNo">695</span> boolean release = false;<a name="line.695"></a>
-<span class="sourceLineNo">696</span> if (msg.nioBufferCount() == 1) {<a name="line.696"></a>
-<span class="sourceLineNo">697</span> inBuf = msg;<a name="line.697"></a>
-<span class="sourceLineNo">698</span> } else {<a name="line.698"></a>
-<span class="sourceLineNo">699</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.699"></a>
-<span class="sourceLineNo">700</span> msg.readBytes(inBuf);<a name="line.700"></a>
-<span class="sourceLineNo">701</span> release = true;<a name="line.701"></a>
-<span class="sourceLineNo">702</span> }<a name="line.702"></a>
-<span class="sourceLineNo">703</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.703"></a>
-<span class="sourceLineNo">704</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.704"></a>
-<span class="sourceLineNo">705</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.705"></a>
-<span class="sourceLineNo">706</span> out.writerIndex(inBuf.readableBytes());<a name="line.706"></a>
-<span class="sourceLineNo">707</span> if (release) {<a name="line.707"></a>
-<span class="sourceLineNo">708</span> inBuf.release();<a name="line.708"></a>
-<span class="sourceLineNo">709</span> }<a name="line.709"></a>
-<span class="sourceLineNo">710</span> }<a name="line.710"></a>
-<span class="sourceLineNo">711</span> }<a name="line.711"></a>
-<span class="sourceLineNo">712</span><a name="line.712"></a>
-<span class="sourceLineNo">713</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.713"></a>
-<span class="sourceLineNo">714</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.714"></a>
-<span class="sourceLineNo">715</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.715"></a>
+<span class="sourceLineNo">606</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.606"></a>
+<span class="sourceLineNo">607</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.607"></a>
+<span class="sourceLineNo">608</span> }<a name="line.608"></a>
+<span class="sourceLineNo">609</span><a name="line.609"></a>
+<span class="sourceLineNo">610</span> @Override<a name="line.610"></a>
+<span class="sourceLineNo">611</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.611"></a>
+<span class="sourceLineNo">612</span> throws Exception {<a name="line.612"></a>
+<span class="sourceLineNo">613</span> if (msg instanceof ByteBuf) {<a name="line.613"></a>
+<span class="sourceLineNo">614</span> ByteBuf buf = (ByteBuf) msg;<a name="line.614"></a>
+<span class="sourceLineNo">615</span> cBuf.addComponent(buf);<a name="line.615"></a>
+<span class="sourceLineNo">616</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.616"></a>
+<span class="sourceLineNo">617</span> } else {<a name="line.617"></a>
+<span class="sourceLineNo">618</span> ctx.write(msg);<a name="line.618"></a>
+<span class="sourceLineNo">619</span> }<a name="line.619"></a>
+<span class="sourceLineNo">620</span> }<a name="line.620"></a>
+<span class="sourceLineNo">621</span><a name="line.621"></a>
+<span class="sourceLineNo">622</span> @Override<a name="line.622"></a>
+<span class="sourceLineNo">623</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.623"></a>
+<span class="sourceLineNo">624</span> if (cBuf.isReadable()) {<a name="line.624"></a>
+<span class="sourceLineNo">625</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.625"></a>
+<span class="sourceLineNo">626</span> cBuf.readBytes(b);<a name="line.626"></a>
+<span class="sourceLineNo">627</span> cBuf.discardReadComponents();<a name="line.627"></a>
+<span class="sourceLineNo">628</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.628"></a>
+<span class="sourceLineNo">629</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.629"></a>
+<span class="sourceLineNo">630</span> buf.writeInt(wrapped.length);<a name="line.630"></a>
+<span class="sourceLineNo">631</span> buf.writeBytes(wrapped);<a name="line.631"></a>
+<span class="sourceLineNo">632</span> ctx.write(buf);<a name="line.632"></a>
+<span class="sourceLineNo">633</span> }<a name="line.633"></a>
+<span class="sourceLineNo">634</span> ctx.flush();<a name="line.634"></a>
+<span class="sourceLineNo">635</span> }<a name="line.635"></a>
+<span class="sourceLineNo">636</span><a name="line.636"></a>
+<span class="sourceLineNo">637</span> @Override<a name="line.637"></a>
+<span class="sourceLineNo">638</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.638"></a>
+<span class="sourceLineNo">639</span> cBuf.release();<a name="line.639"></a>
+<span class="sourceLineNo">640</span> cBuf = null;<a name="line.640"></a>
+<span class="sourceLineNo">641</span> }<a name="line.641"></a>
+<span class="sourceLineNo">642</span> }<a name="line.642"></a>
+<span class="sourceLineNo">643</span><a name="line.643"></a>
+<span class="sourceLineNo">644</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.644"></a>
+<span class="sourceLineNo">645</span><a name="line.645"></a>
+<span class="sourceLineNo">646</span> private final Decryptor decryptor;<a name="line.646"></a>
+<span class="sourceLineNo">647</span><a name="line.647"></a>
+<span class="sourceLineNo">648</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.648"></a>
+<span class="sourceLineNo">649</span> throws GeneralSecurityException, IOException {<a name="line.649"></a>
+<span class="sourceLineNo">650</span> this.decryptor = codec.createDecryptor();<a name="line.650"></a>
+<span class="sourceLineNo">651</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.651"></a>
+<span class="sourceLineNo">652</span> }<a name="line.652"></a>
+<span class="sourceLineNo">653</span><a name="line.653"></a>
+<span class="sourceLineNo">654</span> @Override<a name="line.654"></a>
+<span class="sourceLineNo">655</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.655"></a>
+<span class="sourceLineNo">656</span> ByteBuf inBuf;<a name="line.656"></a>
+<span class="sourceLineNo">657</span> boolean release = false;<a name="line.657"></a>
+<span class="sourceLineNo">658</span> if (msg.nioBufferCount() == 1) {<a name="line.658"></a>
+<span class="sourceLineNo">659</span> inBuf = msg;<a name="line.659"></a>
+<span class="sourceLineNo">660</span> } else {<a name="line.660"></a>
+<span class="sourceLineNo">661</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.661"></a>
+<span class="sourceLineNo">662</span> msg.readBytes(inBuf);<a name="line.662"></a>
+<span class="sourceLineNo">663</span> release = true;<a name="line.663"></a>
+<span class="sourceLineNo">664</span> }<a name="line.664"></a>
+<span class="sourceLineNo">665</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.665"></a>
+<span class="sourceLineNo">666</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.666"></a>
+<span class="sourceLineNo">667</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.667"></a>
+<span class="sourceLineNo">668</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.668"></a>
+<span class="sourceLineNo">669</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.669"></a>
+<span class="sourceLineNo">670</span> if (release) {<a name="line.670"></a>
+<span class="sourceLineNo">671</span> inBuf.release();<a name="line.671"></a>
+<span class="sourceLineNo">672</span> }<a name="line.672"></a>
+<span class="sourceLineNo">673</span> ctx.fireChannelRead(outBuf);<a name="line.673"></a>
+<span class="sourceLineNo">674</span> }<a name="line.674"></a>
+<span class="sourceLineNo">675</span> }<a name="line.675"></a>
+<span class="sourceLineNo">676</span><a name="line.676"></a>
+<span class="sourceLineNo">677</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.677"></a>
+<span class="sourceLineNo">678</span><a name="line.678"></a>
+<span class="sourceLineNo">679</span> private final Encryptor encryptor;<a name="line.679"></a>
+<span class="sourceLineNo">680</span><a name="line.680"></a>
+<span class="sourceLineNo">681</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.681"></a>
+<span class="sourceLineNo">682</span> throws GeneralSecurityException, IOException {<a name="line.682"></a>
+<span class="sourceLineNo">683</span> this.encryptor = codec.createEncryptor();<a name="line.683"></a>
+<span class="sourceLineNo">684</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.684"></a>
+<span class="sourceLineNo">685</span> }<a name="line.685"></a>
+<span class="sourceLineNo">686</span><a name="line.686"></a>
+<span class="sourceLineNo">687</span> @Override<a name="line.687"></a>
+<span class="sourceLineNo">688</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.688"></a>
+<span class="sourceLineNo">689</span> throws Exception {<a name="line.689"></a>
+<span class="sourceLineNo">690</span> if (preferDirect) {<a name="line.690"></a>
+<span class="sourceLineNo">691</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.691"></a>
+<span class="sourceLineNo">692</span> } else {<a name="line.692"></a>
+<span class="sourceLineNo">693</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.693"></a>
+<span class="sourceLineNo">694</span> }<a name="line.694"></a>
+<span class="sourceLineNo">695</span> }<a name="line.695"></a>
+<span class="sourceLineNo">696</span><a name="line.696"></a>
+<span class="sourceLineNo">697</span> @Override<a name="line.697"></a>
+<span class="sourceLineNo">698</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.698"></a>
+<span class="sourceLineNo">699</span> ByteBuf inBuf;<a name="line.699"></a>
+<span class="sourceLineNo">700</span> boolean release = false;<a name="line.700"></a>
+<span class="sourceLineNo">701</span> if (msg.nioBufferCount() == 1) {<a name="line.701"></a>
+<span class="sourceLineNo">702</span> inBuf = msg;<a name="line.702"></a>
+<span class="sourceLineNo">703</span> } else {<a name="line.703"></a>
+<span class="sourceLineNo">704</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.704"></a>
+<span class="sourceLineNo">705</span> msg.readBytes(inBuf);<a name="line.705"></a>
+<span class="sourceLineNo">706</span> release = true;<a name="line.706"></a>
+<span class="sourceLineNo">707</span> }<a name="line.707"></a>
+<span class="sourceLineNo">708</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.708"></a>
+<span class="sourceLineNo">709</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.709"></a>
+<span class="sourceLineNo">710</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.710"></a>
+<span class="sourceLineNo">711</span> out.writerIndex(inBuf.readableBytes());<a name="line.711"></a>
+<span class="sourceLineNo">712</span> if (release) {<a name="line.712"></a>
+<span class="sourceLineNo">713</span> inBuf.release();<a name="line.713"></a>
+<span class="sourceLineNo">714</span> }<a name="line.714"></a>
+<span class="sourceLineNo">715</span> }<a name="line.715"></a>
<span class="sourceLineNo">716</span> }<a name="line.716"></a>
<span class="sourceLineNo">717</span><a name="line.717"></a>
-<span class="sourceLineNo">718</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.718"></a>
-<span class="sourceLineNo">719</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.719"></a>
-<span class="sourceLineNo">720</span> }<a name="line.720"></a>
-<span class="sourceLineNo">721</span><a name="line.721"></a>
-<span class="sourceLineNo">722</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.722"></a>
-<span class="sourceLineNo">723</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.723"></a>
-<span class="sourceLineNo">724</span> }<a name="line.724"></a>
-<span class="sourceLineNo">725</span><a name="line.725"></a>
-<span class="sourceLineNo">726</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.726"></a>
-<span class="sourceLineNo">727</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.727"></a>
-<span class="sourceLineNo">728</span> .toCharArray();<a name="line.728"></a>
+<span class="sourceLineNo">718</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.718"></a>
+<span class="sourceLineNo">719</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.719"></a>
+<span class="sourceLineNo">720</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.720"></a>
+<span class="sourceLineNo">721</span> }<a name="line.721"></a>
+<span class="sourceLineNo">722</span><a name="line.722"></a>
+<span class="sourceLineNo">723</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.723"></a>
+<span class="sourceLineNo">724</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.724"></a>
+<span class="sourceLineNo">725</span> }<a name="line.725"></a>
+<span class="sourceLineNo">726</span><a name="line.726"></a>
+<span class="sourceLineNo">727</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.727"></a>
+<span class="sourceLineNo">728</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.728"></a>
<span class="sourceLineNo">729</span> }<a name="line.729"></a>
<span class="sourceLineNo">730</span><a name="line.730"></a>
-<span class="sourceLineNo">731</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.731"></a>
-<span class="sourceLineNo">732</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.732"></a>
-<span class="sourceLineNo">733</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.733"></a>
-<span class="sourceLineNo">734</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.734"></a>
-<span class="sourceLineNo">735</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.735"></a>
-<span class="sourceLineNo">736</span> return saslProps;<a name="line.736"></a>
-<span class="sourceLineNo">737</span> }<a name="line.737"></a>
-<span class="sourceLineNo">738</span><a name="line.738"></a>
-<span class="sourceLineNo">739</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.739"></a>
-<span class="sourceLineNo">740</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {<a name="line.740"></a>
-<span class="sourceLineNo">741</span> try {<a name="line.741"></a>
-<span class="sourceLineNo">742</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.742"></a>
-<span class="sourceLineNo">743</span> new ProtobufVarint32FrameDecoder(),<a name="line.743"></a>
-<span class="sourceLineNo">744</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.744"></a>
-<span class="sourceLineNo">745</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));<a name="line.745"></a>
-<span class="sourceLineNo">746</span> } catch (SaslException e) {<a name="line.746"></a>
-<span class="sourceLineNo">747</span> saslPromise.tryFailure(e);<a name="line.747"></a>
-<span class="sourceLineNo">748</span> }<a name="line.748"></a>
-<span class="sourceLineNo">749</span> }<a name="line.749"></a>
-<span class="sourceLineNo">750</span><a name="line.750"></a>
-<span class="sourceLineNo">751</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.751"></a>
-<span class="sourceLineNo">752</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.752"></a>
-<span class="sourceLineNo">753</span> Promise<Void> saslPromise) throws IOException {<a name="line.753"></a>
-<span class="sourceLineNo">754</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.754"></a>
-<span class="sourceLineNo">755</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.755"></a>
-<span class="sourceLineNo">756</span> TrustedChannelResolver trustedChannelResolver =<a name="line.756"></a>
-<span class="sourceLineNo">757</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.757"></a>
-<span class="sourceLineNo">758</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.758"></a>
-<span class="sourceLineNo">759</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.759"></a>
-<span class="sourceLineNo">760</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.760"></a>
-<span class="sourceLineNo">761</span> saslPromise.trySuccess(null);<a name="line.761"></a>
-<span class="sourceLineNo">762</span> return;<a name="line.762"></a>
-<span class="sourceLineNo">763</span> }<a name="line.763"></a>
-<span class="sourceLineNo">764</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.764"></a>
-<span class="sourceLineNo">765</span> if (encryptionKey != null) {<a name="line.765"></a>
-<span class="sourceLineNo">766</span> if (LOG.isDebugEnabled()) {<a name="line.766"></a>
-<span class="sourceLineNo">767</span> LOG.debug(<a name="line.767"></a>
-<span class="sourceLineNo">768</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.768"></a>
-<span class="sourceLineNo">769</span> }<a name="line.769"></a>
-<span class="sourceLineNo">770</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.770"></a>
-<span class="sourceLineNo">771</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.771"></a>
-<span class="sourceLineNo">772</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);<a name="line.772"></a>
-<span class="sourceLineNo">773</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.773"></a>
-<span class="sourceLineNo">774</span> if (LOG.isDebugEnabled()) {<a name="line.774"></a>
-<span class="sourceLineNo">775</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.775"></a>
-<span class="sourceLineNo">776</span> + ", datanodeId = " + dnInfo);<a name="line.776"></a>
-<span class="sourceLineNo">777</span> }<a name="line.777"></a>
-<span class="sourceLineNo">778</span> saslPromise.trySuccess(null);<a name="line.778"></a>
-<span class="sourceLineNo">779</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.779"></a>
-<span class="sourceLineNo">780</span> if (LOG.isDebugEnabled()) {<a name="line.780"></a>
-<span class="sourceLineNo">781</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.781"></a>
-<span class="sourceLineNo">782</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.782"></a>
-<span class="sourceLineNo">783</span> }<a name="line.783"></a>
-<span class="sourceLineNo">784</span> saslPromise.trySuccess(null);<a name="line.784"></a>
-<span class="sourceLineNo">785</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.785"></a>
-<span class="sourceLineNo">786</span> if (LOG.isDebugEnabled()) {<a name="line.786"></a>
-<span class="sourceLineNo">787</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.787"></a>
-<span class="sourceLineNo">788</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.788"></a>
-<span class="sourceLineNo">789</span> }<a name="line.789"></a>
-<span class="sourceLineNo">790</span> saslPromise.trySuccess(null);<a name="line.790"></a>
-<span class="sourceLineNo">791</span> } else if (saslPropsResolver != null) {<a name="line.791"></a>
-<span class="sourceLineNo">792</span> if (LOG.isDebugEnabled()) {<a name="line.792"></a>
-<span class="sourceLineNo">793</span> LOG.debug(<a name="line.793"></a>
-<span class="sourceLineNo">794</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.794"></a>
-<span class="sourceLineNo">795</span> }<a name="line.795"></a>
-<span class="sourceLineNo">796</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.796"></a>
-<span class="sourceLineNo">797</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);<a name="line.797"></a>
-<span class="sourceLineNo">798</span> } else {<a name="line.798"></a>
-<span class="sourceLineNo">799</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.799"></a>
-<span class="sourceLineNo">800</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.800"></a>
-<span class="sourceLineNo">801</span> // edge case.<a name="line.801"></a>
-<span class="sourceLineNo">802</span> if (LOG.isDebugEnabled()) {<a name="line.802"></a>
-<span class="sourceLineNo">803</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.803"></a>
-<span class="sourceLineNo">804</span> + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.804"></a>
-<span class="sourceLineNo">805</span> }<a name="line.805"></a>
-<span class="sourceLineNo">806</span> saslPromise.trySuccess(null);<a name="line.806"></a>
-<span class="sourceLineNo">807</span> }<a name="line.807"></a>
-<span class="sourceLineNo">808</span> }<a name="line.808"></a>
-<span class="sourceLineNo">809</span><a name="line.809"></a>
-<span class="sourceLineNo">810</span> static Encryptor createEncryptor(Configuration conf, HdfsFileStatus stat, DFSClient client)<a name="line.810"></a>
-<span class="sourceLineNo">811</span> throws IOException {<a name="line.811"></a>
-<span class="sourceLineNo">812</span> FileEncryptionInfo feInfo = stat.getFileEncryptionInfo();<a name="line.812"></a>
-<span class="sourceLineNo">813</span> if (feInfo == null) {<a name="line.813"></a>
-<span class="sourceLineNo">814</span> return null;<a name="line.814"></a>
-<span class="sourceLineNo">815</span> }<a name="line.815"></a>
-<span class="sourceLineNo">816</span> return TRANSPARENT_CRYPTO_HELPER.createEncryptor(conf, feInfo, client);<a name="line.816"></a>
+<span class="sourceLineNo">731</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.731"></a>
+<span class="sourceLineNo">732</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.732"></a>
+<span class="sourceLineNo">733</span> .toCharArray();<a name="line.733"></a>
+<span class="sourceLineNo">734</span> }<a name="line.734"></a>
+<span class="sourceLineNo">735</span><a name="line.735"></a>
+<span class="sourceLineNo">736</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.736"></a>
+<span class="sourceLineNo">737</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.737"></a>
+<span class="sourceLineNo">738</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.738"></a>
+<span class="sourceLineNo">739</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.739"></a>
+<span class="sourceLineNo">740</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.740"></a>
+<span class="sourceLineNo">741</span> return saslProps;<a name="line.741"></a>
+<span class="sourceLineNo">742</span> }<a name="line.742"></a>
+<span class="sourceLineNo">743</span><a name="line.743"></a>
+<span class="sourceLineNo">744</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.744"></a>
+<span class="sourceLineNo">745</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,<a name="line.745"></a>
+<span class="sourceLineNo">746</span> DFSClient dfsClient) {<a name="line.746"></a>
+<span class="sourceLineNo">747</span> try {<a name="line.747"></a>
+<span class="sourceLineNo">748</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.748"></a>
+<span class="sourceLineNo">749</span> new ProtobufVarint32FrameDecoder(),<a name="line.749"></a>
+<span class="sourceLineNo">750</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.750"></a>
+<span class="sourceLineNo">751</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,<a name="line.751"></a>
+<span class="sourceLineNo">752</span> dfsClient));<a name="line.752"></a>
+<span class="sourceLineNo">753</span> } catch (SaslException e) {<a name="line.753"></a>
+<span class="sourceLineNo">754</span> saslPromise.tryFailure(e);<a name="line.754"></a>
+<span class="sourceLineNo">755</span> }<a name="line.755"></a>
+<span class="sourceLineNo">756</span> }<a name="line.756"></a>
+<span class="sourceLineNo">757</span><a name="line.757"></a>
+<span class="sourceLineNo">758</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.758"></a>
+<span class="sourceLineNo">759</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.759"></a>
+<span class="sourceLineNo">760</span> Promise<Void> saslPromise) throws IOException {<a name="line.760"></a>
+<span class="sourceLineNo">761</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.761"></a>
+<span class="sourceLineNo">762</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.762"></a>
+<span class="sourceLineNo">763</span> TrustedChannelResolver trustedChannelResolver =<a name="line.763"></a>
+<span class="sourceLineNo">764</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.764"></a>
+<span class="sourceLineNo">765</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.765"></a>
+<span class="sourceLineNo">766</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.766"></a>
+<span class="sourceLineNo">767</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.767"></a>
+<span class="sourceLineNo">768</span> saslPromise.trySuccess(null);<a name="line.768"></a>
+<span class="sourceLineNo">769</span> return;<a name="line.769"></a>
+<span class="sourceLineNo">770</span> }<a name="line.770"></a>
+<span class="sourceLineNo">771</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.771"></a>
+<span class="sourceLineNo">772</span> if (encryptionKey != null) {<a name="line.772"></a>
+<span class="sourceLineNo">773</span> if (LOG.isDebugEnabled()) {<a name="line.773"></a>
+<span class="sourceLineNo">774</span> LOG.debug(<a name="line.774"></a>
+<span class="sourceLineNo">775</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.775"></a>
+<span class="sourceLineNo">776</span> }<a name="line.776"></a>
+<span class="sourceLineNo">777</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.777"></a>
+<span class="sourceLineNo">778</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.778"></a>
+<span class="sourceLineNo">779</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,<a name="line.779"></a>
+<span class="sourceLineNo">780</span> client);<a name="line.780"></a>
+<span class="sourceLineNo">781</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.781"></a>
+<span class="sourceLineNo">782</span> if (LOG.isDebugEnabled()) {<a name="line.782"></a>
+<span class="sourceLineNo">783</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.783"></a>
+<span class="sourceLineNo">784</span> + ", datanodeId = " + dnInfo);<a name="line.784"></a>
+<span class="sourceLineNo">785</span> }<a name="line.785"></a>
+<span class="sourceLineNo">786</span> saslPromise.trySuccess(null);<a name="line.786"></a>
+<span class="sourceLineNo">787</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.787"></a>
+<span class="sourceLineNo">788</span> if (LOG.isDebugEnabled()) {<a name="line.788"></a>
+<span class="sourceLineNo">789</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.789"></a>
+<span class="sourceLineNo">790</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.790"></a>
+<span class="sourceLineNo">791</span> }<a name="line.791"></a>
+<span class="sourceLineNo">792</span> saslPromise.trySuccess(null);<a name="line.792"></a>
+<span class="sourceLineNo">793</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.793"></a>
+<span class="sourceLineNo">794</span> if (LOG.isDebugEnabled()) {<a name="line.794"></a>
+<span class="sourceLineNo">795</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.795"></a>
+<span class="sourceLineNo">796</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.796"></a>
+<span class="sourceLineNo">797</span> }<a name="line.797"></a>
+<span class="sourceLineNo">798</span> saslPromise.trySuccess(null);<a name="line.798"></a>
+<span class="sourceLineNo">799</span> } else if (saslPropsResolver != null) {<a name="line.799"></a>
+<span class="sourceLineNo">800</span> if (LOG.isDebugEnabled()) {<a name="line.800"></a>
+<span class="sourceLineNo">801</span> LOG.debug(<a name="line.801"></a>
+<span class="sourceLineNo">802</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.802"></a>
+<span class="sourceLineNo">803</span> }<a name="line.803"></a>
+<span class="sourceLineNo">804</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.804"></a>
+<span class="sourceLineNo">805</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,<a name="line.805"></a>
+<span class="sourceLineNo">806</span> client);<a name="line.806"></a>
+<span class="sourceLineNo">807</span> } else {<a name="line.807"></a>
+<span class="sourceLineNo">808</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.808"></a>
+<span class="sourceLineNo">809</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.809"></a>
+<span class="sourceLineNo">810</span> // edge case.<a name="line.810"></a>
+<span class="sourceLineNo">811</span> if (LOG.isDebugEnabled()) {<a name="line.811"></a>
+<span class="sourceLineNo">812</span>
<TRUNCATED>
[09/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.PBHelper.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.PBHelper.html b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.PBHelper.html
index 40ef9f4..36b4e7f 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.PBHelper.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.PBHelper.html
@@ -375,455 +375,464 @@
<span class="sourceLineNo">367</span><a name="line.367"></a>
<span class="sourceLineNo">368</span> private final Promise<Void> promise;<a name="line.368"></a>
<span class="sourceLineNo">369</span><a name="line.369"></a>
-<span class="sourceLineNo">370</span> private int step = 0;<a name="line.370"></a>
+<span class="sourceLineNo">370</span> private final DFSClient dfsClient;<a name="line.370"></a>
<span class="sourceLineNo">371</span><a name="line.371"></a>
-<span class="sourceLineNo">372</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.372"></a>
-<span class="sourceLineNo">373</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {<a name="line.373"></a>
-<span class="sourceLineNo">374</span> this.conf = conf;<a name="line.374"></a>
-<span class="sourceLineNo">375</span> this.saslProps = saslProps;<a name="line.375"></a>
-<span class="sourceLineNo">376</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.376"></a>
-<span class="sourceLineNo">377</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.377"></a>
-<span class="sourceLineNo">378</span> this.timeoutMs = timeoutMs;<a name="line.378"></a>
-<span class="sourceLineNo">379</span> this.promise = promise;<a name="line.379"></a>
-<span class="sourceLineNo">380</span> }<a name="line.380"></a>
-<span class="sourceLineNo">381</span><a name="line.381"></a>
-<span class="sourceLineNo">382</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.382"></a>
-<span class="sourceLineNo">383</span> sendSaslMessage(ctx, payload, null);<a name="line.383"></a>
+<span class="sourceLineNo">372</span> private int step = 0;<a name="line.372"></a>
+<span class="sourceLineNo">373</span><a name="line.373"></a>
+<span class="sourceLineNo">374</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.374"></a>
+<span class="sourceLineNo">375</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,<a name="line.375"></a>
+<span class="sourceLineNo">376</span> DFSClient dfsClient) throws SaslException {<a name="line.376"></a>
+<span class="sourceLineNo">377</span> this.conf = conf;<a name="line.377"></a>
+<span class="sourceLineNo">378</span> this.saslProps = saslProps;<a name="line.378"></a>
+<span class="sourceLineNo">379</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.379"></a>
+<span class="sourceLineNo">380</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.380"></a>
+<span class="sourceLineNo">381</span> this.timeoutMs = timeoutMs;<a name="line.381"></a>
+<span class="sourceLineNo">382</span> this.promise = promise;<a name="line.382"></a>
+<span class="sourceLineNo">383</span> this.dfsClient = dfsClient;<a name="line.383"></a>
<span class="sourceLineNo">384</span> }<a name="line.384"></a>
<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.387"></a>
-<span class="sourceLineNo">388</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.388"></a>
-<span class="sourceLineNo">389</span> // values for future expansion.<a name="line.389"></a>
-<span class="sourceLineNo">390</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.390"></a>
-<span class="sourceLineNo">391</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.391"></a>
-<span class="sourceLineNo">392</span> return null;<a name="line.392"></a>
-<span class="sourceLineNo">393</span> }<a name="line.393"></a>
-<span class="sourceLineNo">394</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.394"></a>
-<span class="sourceLineNo">395</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.395"></a>
-<span class="sourceLineNo">396</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.396"></a>
+<span class="sourceLineNo">386</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.386"></a>
+<span class="sourceLineNo">387</span> sendSaslMessage(ctx, payload, null);<a name="line.387"></a>
+<span class="sourceLineNo">388</span> }<a name="line.388"></a>
+<span class="sourceLineNo">389</span><a name="line.389"></a>
+<span class="sourceLineNo">390</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.390"></a>
+<span class="sourceLineNo">391</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.391"></a>
+<span class="sourceLineNo">392</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.392"></a>
+<span class="sourceLineNo">393</span> // values for future expansion.<a name="line.393"></a>
+<span class="sourceLineNo">394</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.395"></a>
+<span class="sourceLineNo">396</span> return null;<a name="line.396"></a>
<span class="sourceLineNo">397</span> }<a name="line.397"></a>
-<span class="sourceLineNo">398</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.398"></a>
-<span class="sourceLineNo">399</span> }<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.401"></a>
-<span class="sourceLineNo">402</span> List<CipherOption> options) throws IOException {<a name="line.402"></a>
-<span class="sourceLineNo">403</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.403"></a>
-<span class="sourceLineNo">404</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.404"></a>
-<span class="sourceLineNo">405</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> if (payload != null) {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.407"></a>
-<span class="sourceLineNo">408</span> // and we want to keep that out of hbase-server.<a name="line.408"></a>
-<span class="sourceLineNo">409</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.409"></a>
-<span class="sourceLineNo">410</span> }<a name="line.410"></a>
-<span class="sourceLineNo">411</span> if (options != null) {<a name="line.411"></a>
-<span class="sourceLineNo">412</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.412"></a>
-<span class="sourceLineNo">413</span> }<a name="line.413"></a>
-<span class="sourceLineNo">414</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> int size = proto.getSerializedSize();<a name="line.415"></a>
-<span class="sourceLineNo">416</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.416"></a>
-<span class="sourceLineNo">417</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.417"></a>
-<span class="sourceLineNo">418</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.418"></a>
-<span class="sourceLineNo">419</span> ctx.write(buf);<a name="line.419"></a>
-<span class="sourceLineNo">420</span> }<a name="line.420"></a>
-<span class="sourceLineNo">421</span><a name="line.421"></a>
-<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
-<span class="sourceLineNo">423</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.423"></a>
-<span class="sourceLineNo">424</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.424"></a>
-<span class="sourceLineNo">425</span> sendSaslMessage(ctx, new byte[0]);<a name="line.425"></a>
-<span class="sourceLineNo">426</span> ctx.flush();<a name="line.426"></a>
-<span class="sourceLineNo">427</span> step++;<a name="line.427"></a>
-<span class="sourceLineNo">428</span> }<a name="line.428"></a>
-<span class="sourceLineNo">429</span><a name="line.429"></a>
-<span class="sourceLineNo">430</span> @Override<a name="line.430"></a>
-<span class="sourceLineNo">431</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.431"></a>
-<span class="sourceLineNo">432</span> saslClient.dispose();<a name="line.432"></a>
-<span class="sourceLineNo">433</span> }<a name="line.433"></a>
-<span class="sourceLineNo">434</span><a name="line.434"></a>
-<span class="sourceLineNo">435</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.435"></a>
-<span class="sourceLineNo">436</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.436"></a>
-<span class="sourceLineNo">437</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.437"></a>
-<span class="sourceLineNo">438</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.438"></a>
-<span class="sourceLineNo">439</span> throw new IOException(proto.getMessage());<a name="line.439"></a>
-<span class="sourceLineNo">440</span> }<a name="line.440"></a>
-<span class="sourceLineNo">441</span> }<a name="line.441"></a>
-<span class="sourceLineNo">442</span><a name="line.442"></a>
-<span class="sourceLineNo">443</span> private String getNegotiatedQop() {<a name="line.443"></a>
-<span class="sourceLineNo">444</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> }<a name="line.445"></a>
-<span class="sourceLineNo">446</span><a name="line.446"></a>
-<span class="sourceLineNo">447</span> private boolean isNegotiatedQopPrivacy() {<a name="line.447"></a>
-<span class="sourceLineNo">448</span> String qop = getNegotiatedQop();<a name="line.448"></a>
-<span class="sourceLineNo">449</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.449"></a>
+<span class="sourceLineNo">398</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.398"></a>
+<span class="sourceLineNo">399</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.399"></a>
+<span class="sourceLineNo">400</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.400"></a>
+<span class="sourceLineNo">401</span> }<a name="line.401"></a>
+<span class="sourceLineNo">402</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.402"></a>
+<span class="sourceLineNo">403</span> }<a name="line.403"></a>
+<span class="sourceLineNo">404</span><a name="line.404"></a>
+<span class="sourceLineNo">405</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.405"></a>
+<span class="sourceLineNo">406</span> List<CipherOption> options) throws IOException {<a name="line.406"></a>
+<span class="sourceLineNo">407</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.407"></a>
+<span class="sourceLineNo">408</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.408"></a>
+<span class="sourceLineNo">409</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> if (payload != null) {<a name="line.410"></a>
+<span class="sourceLineNo">411</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.411"></a>
+<span class="sourceLineNo">412</span> // and we want to keep that out of hbase-server.<a name="line.412"></a>
+<span class="sourceLineNo">413</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.413"></a>
+<span class="sourceLineNo">414</span> }<a name="line.414"></a>
+<span class="sourceLineNo">415</span> if (options != null) {<a name="line.415"></a>
+<span class="sourceLineNo">416</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.416"></a>
+<span class="sourceLineNo">417</span> }<a name="line.417"></a>
+<span class="sourceLineNo">418</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.418"></a>
+<span class="sourceLineNo">419</span> int size = proto.getSerializedSize();<a name="line.419"></a>
+<span class="sourceLineNo">420</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.420"></a>
+<span class="sourceLineNo">421</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.421"></a>
+<span class="sourceLineNo">422</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.422"></a>
+<span class="sourceLineNo">423</span> ctx.write(buf);<a name="line.423"></a>
+<span class="sourceLineNo">424</span> }<a name="line.424"></a>
+<span class="sourceLineNo">425</span><a name="line.425"></a>
+<span class="sourceLineNo">426</span> @Override<a name="line.426"></a>
+<span class="sourceLineNo">427</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.427"></a>
+<span class="sourceLineNo">428</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.428"></a>
+<span class="sourceLineNo">429</span> sendSaslMessage(ctx, new byte[0]);<a name="line.429"></a>
+<span class="sourceLineNo">430</span> ctx.flush();<a name="line.430"></a>
+<span class="sourceLineNo">431</span> step++;<a name="line.431"></a>
+<span class="sourceLineNo">432</span> }<a name="line.432"></a>
+<span class="sourceLineNo">433</span><a name="line.433"></a>
+<span class="sourceLineNo">434</span> @Override<a name="line.434"></a>
+<span class="sourceLineNo">435</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.435"></a>
+<span class="sourceLineNo">436</span> saslClient.dispose();<a name="line.436"></a>
+<span class="sourceLineNo">437</span> }<a name="line.437"></a>
+<span class="sourceLineNo">438</span><a name="line.438"></a>
+<span class="sourceLineNo">439</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.439"></a>
+<span class="sourceLineNo">440</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.440"></a>
+<span class="sourceLineNo">441</span> dfsClient.clearDataEncryptionKey();<a name="line.441"></a>
+<span class="sourceLineNo">442</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.442"></a>
+<span class="sourceLineNo">443</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> throw new IOException(proto.getMessage());<a name="line.444"></a>
+<span class="sourceLineNo">445</span> }<a name="line.445"></a>
+<span class="sourceLineNo">446</span> }<a name="line.446"></a>
+<span class="sourceLineNo">447</span><a name="line.447"></a>
+<span class="sourceLineNo">448</span> private String getNegotiatedQop() {<a name="line.448"></a>
+<span class="sourceLineNo">449</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.449"></a>
<span class="sourceLineNo">450</span> }<a name="line.450"></a>
<span class="sourceLineNo">451</span><a name="line.451"></a>
-<span class="sourceLineNo">452</span> private boolean requestedQopContainsPrivacy() {<a name="line.452"></a>
-<span class="sourceLineNo">453</span> Set<String> requestedQop =<a name="line.453"></a>
-<span class="sourceLineNo">454</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.454"></a>
-<span class="sourceLineNo">455</span> return requestedQop.contains("auth-conf");<a name="line.455"></a>
-<span class="sourceLineNo">456</span> }<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> private void checkSaslComplete() throws IOException {<a name="line.458"></a>
-<span class="sourceLineNo">459</span> if (!saslClient.isComplete()) {<a name="line.459"></a>
-<span class="sourceLineNo">460</span> throw new IOException("Failed to complete SASL handshake");<a name="line.460"></a>
-<span class="sourceLineNo">461</span> }<a name="line.461"></a>
-<span class="sourceLineNo">462</span> Set<String> requestedQop =<a name="line.462"></a>
-<span class="sourceLineNo">463</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.463"></a>
-<span class="sourceLineNo">464</span> String negotiatedQop = getNegotiatedQop();<a name="line.464"></a>
-<span class="sourceLineNo">465</span> LOG.debug(<a name="line.465"></a>
-<span class="sourceLineNo">466</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.466"></a>
-<span class="sourceLineNo">467</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.467"></a>
-<span class="sourceLineNo">468</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.468"></a>
-<span class="sourceLineNo">469</span> + "channel does not have acceptable quality of protection, "<a name="line.469"></a>
-<span class="sourceLineNo">470</span> + "requested = %s, negotiated = %s",<a name="line.470"></a>
-<span class="sourceLineNo">471</span> requestedQop, negotiatedQop));<a name="line.471"></a>
-<span class="sourceLineNo">472</span> }<a name="line.472"></a>
-<span class="sourceLineNo">473</span> }<a name="line.473"></a>
-<span class="sourceLineNo">474</span><a name="line.474"></a>
-<span class="sourceLineNo">475</span> private boolean useWrap() {<a name="line.475"></a>
-<span class="sourceLineNo">476</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.476"></a>
-<span class="sourceLineNo">477</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.477"></a>
+<span class="sourceLineNo">452</span> private boolean isNegotiatedQopPrivacy() {<a name="line.452"></a>
+<span class="sourceLineNo">453</span> String qop = getNegotiatedQop();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.454"></a>
+<span class="sourceLineNo">455</span> }<a name="line.455"></a>
+<span class="sourceLineNo">456</span><a name="line.456"></a>
+<span class="sourceLineNo">457</span> private boolean requestedQopContainsPrivacy() {<a name="line.457"></a>
+<span class="sourceLineNo">458</span> Set<String> requestedQop =<a name="line.458"></a>
+<span class="sourceLineNo">459</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.459"></a>
+<span class="sourceLineNo">460</span> return requestedQop.contains("auth-conf");<a name="line.460"></a>
+<span class="sourceLineNo">461</span> }<a name="line.461"></a>
+<span class="sourceLineNo">462</span><a name="line.462"></a>
+<span class="sourceLineNo">463</span> private void checkSaslComplete() throws IOException {<a name="line.463"></a>
+<span class="sourceLineNo">464</span> if (!saslClient.isComplete()) {<a name="line.464"></a>
+<span class="sourceLineNo">465</span> throw new IOException("Failed to complete SASL handshake");<a name="line.465"></a>
+<span class="sourceLineNo">466</span> }<a name="line.466"></a>
+<span class="sourceLineNo">467</span> Set<String> requestedQop =<a name="line.467"></a>
+<span class="sourceLineNo">468</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.468"></a>
+<span class="sourceLineNo">469</span> String negotiatedQop = getNegotiatedQop();<a name="line.469"></a>
+<span class="sourceLineNo">470</span> LOG.debug(<a name="line.470"></a>
+<span class="sourceLineNo">471</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.471"></a>
+<span class="sourceLineNo">472</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.472"></a>
+<span class="sourceLineNo">473</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.473"></a>
+<span class="sourceLineNo">474</span> + "channel does not have acceptable quality of protection, "<a name="line.474"></a>
+<span class="sourceLineNo">475</span> + "requested = %s, negotiated = %s",<a name="line.475"></a>
+<span class="sourceLineNo">476</span> requestedQop, negotiatedQop));<a name="line.476"></a>
+<span class="sourceLineNo">477</span> }<a name="line.477"></a>
<span class="sourceLineNo">478</span> }<a name="line.478"></a>
<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.480"></a>
-<span class="sourceLineNo">481</span> byte[] inKey = option.getInKey();<a name="line.481"></a>
-<span class="sourceLineNo">482</span> if (inKey != null) {<a name="line.482"></a>
-<span class="sourceLineNo">483</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.483"></a>
-<span class="sourceLineNo">484</span> }<a name="line.484"></a>
-<span class="sourceLineNo">485</span> byte[] outKey = option.getOutKey();<a name="line.485"></a>
-<span class="sourceLineNo">486</span> if (outKey != null) {<a name="line.486"></a>
-<span class="sourceLineNo">487</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.487"></a>
-<span class="sourceLineNo">488</span> }<a name="line.488"></a>
-<span class="sourceLineNo">489</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.489"></a>
-<span class="sourceLineNo">490</span> option.getOutIv());<a name="line.490"></a>
-<span class="sourceLineNo">491</span> }<a name="line.491"></a>
-<span class="sourceLineNo">492</span><a name="line.492"></a>
-<span class="sourceLineNo">493</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.493"></a>
-<span class="sourceLineNo">494</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.494"></a>
-<span class="sourceLineNo">495</span> List<CipherOption> cipherOptions =<a name="line.495"></a>
-<span class="sourceLineNo">496</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.496"></a>
-<span class="sourceLineNo">497</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.497"></a>
-<span class="sourceLineNo">498</span> return null;<a name="line.498"></a>
-<span class="sourceLineNo">499</span> }<a name="line.499"></a>
-<span class="sourceLineNo">500</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.501"></a>
-<span class="sourceLineNo">502</span> }<a name="line.502"></a>
-<span class="sourceLineNo">503</span><a name="line.503"></a>
-<span class="sourceLineNo">504</span> @Override<a name="line.504"></a>
-<span class="sourceLineNo">505</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.505"></a>
-<span class="sourceLineNo">506</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.506"></a>
-<span class="sourceLineNo">507</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.507"></a>
-<span class="sourceLineNo">508</span> check(proto);<a name="line.508"></a>
-<span class="sourceLineNo">509</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.509"></a>
-<span class="sourceLineNo">510</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.510"></a>
-<span class="sourceLineNo">511</span> switch (step) {<a name="line.511"></a>
-<span class="sourceLineNo">512</span> case 1: {<a name="line.512"></a>
-<span class="sourceLineNo">513</span> List<CipherOption> cipherOptions = null;<a name="line.513"></a>
-<span class="sourceLineNo">514</span> if (requestedQopContainsPrivacy()) {<a name="line.514"></a>
-<span class="sourceLineNo">515</span> cipherOptions = getCipherOptions();<a name="line.515"></a>
-<span class="sourceLineNo">516</span> }<a name="line.516"></a>
-<span class="sourceLineNo">517</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.517"></a>
-<span class="sourceLineNo">518</span> ctx.flush();<a name="line.518"></a>
-<span class="sourceLineNo">519</span> step++;<a name="line.519"></a>
-<span class="sourceLineNo">520</span> break;<a name="line.520"></a>
-<span class="sourceLineNo">521</span> }<a name="line.521"></a>
-<span class="sourceLineNo">522</span> case 2: {<a name="line.522"></a>
-<span class="sourceLineNo">523</span> assert response == null;<a name="line.523"></a>
-<span class="sourceLineNo">524</span> checkSaslComplete();<a name="line.524"></a>
-<span class="sourceLineNo">525</span> CipherOption cipherOption =<a name="line.525"></a>
-<span class="sourceLineNo">526</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.526"></a>
-<span class="sourceLineNo">527</span> ChannelPipeline p = ctx.pipeline();<a name="line.527"></a>
-<span class="sourceLineNo">528</span> while (p.first() != null) {<a name="line.528"></a>
-<span class="sourceLineNo">529</span> p.removeFirst();<a name="line.529"></a>
-<span class="sourceLineNo">530</span> }<a name="line.530"></a>
-<span class="sourceLineNo">531</span> if (cipherOption != null) {<a name="line.531"></a>
-<span class="sourceLineNo">532</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.532"></a>
-<span class="sourceLineNo">533</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.533"></a>
-<span class="sourceLineNo">534</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.534"></a>
-<span class="sourceLineNo">535</span> } else {<a name="line.535"></a>
-<span class="sourceLineNo">536</span> if (useWrap()) {<a name="line.536"></a>
-<span class="sourceLineNo">537</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.537"></a>
-<span class="sourceLineNo">538</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.538"></a>
-<span class="sourceLineNo">539</span> new SaslUnwrapHandler(saslClient));<a name="line.539"></a>
-<span class="sourceLineNo">540</span> }<a name="line.540"></a>
-<span class="sourceLineNo">541</span> }<a name="line.541"></a>
-<span class="sourceLineNo">542</span> promise.trySuccess(null);<a name="line.542"></a>
-<span class="sourceLineNo">543</span> break;<a name="line.543"></a>
-<span class="sourceLineNo">544</span> }<a name="line.544"></a>
-<span class="sourceLineNo">545</span> default:<a name="line.545"></a>
-<span class="sourceLineNo">546</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.546"></a>
-<span class="sourceLineNo">547</span> }<a name="line.547"></a>
-<span class="sourceLineNo">548</span> } else {<a name="line.548"></a>
-<span class="sourceLineNo">549</span> ctx.fireChannelRead(msg);<a name="line.549"></a>
-<span class="sourceLineNo">550</span> }<a name="line.550"></a>
-<span class="sourceLineNo">551</span> }<a name="line.551"></a>
-<span class="sourceLineNo">552</span><a name="line.552"></a>
-<span class="sourceLineNo">553</span> @Override<a name="line.553"></a>
-<span class="sourceLineNo">554</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.554"></a>
-<span class="sourceLineNo">555</span> promise.tryFailure(cause);<a name="line.555"></a>
+<span class="sourceLineNo">480</span> private boolean useWrap() {<a name="line.480"></a>
+<span class="sourceLineNo">481</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.481"></a>
+<span class="sourceLineNo">482</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> }<a name="line.483"></a>
+<span class="sourceLineNo">484</span><a name="line.484"></a>
+<span class="sourceLineNo">485</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.485"></a>
+<span class="sourceLineNo">486</span> byte[] inKey = option.getInKey();<a name="line.486"></a>
+<span class="sourceLineNo">487</span> if (inKey != null) {<a name="line.487"></a>
+<span class="sourceLineNo">488</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.488"></a>
+<span class="sourceLineNo">489</span> }<a name="line.489"></a>
+<span class="sourceLineNo">490</span> byte[] outKey = option.getOutKey();<a name="line.490"></a>
+<span class="sourceLineNo">491</span> if (outKey != null) {<a name="line.491"></a>
+<span class="sourceLineNo">492</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.492"></a>
+<span class="sourceLineNo">493</span> }<a name="line.493"></a>
+<span class="sourceLineNo">494</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.494"></a>
+<span class="sourceLineNo">495</span> option.getOutIv());<a name="line.495"></a>
+<span class="sourceLineNo">496</span> }<a name="line.496"></a>
+<span class="sourceLineNo">497</span><a name="line.497"></a>
+<span class="sourceLineNo">498</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.498"></a>
+<span class="sourceLineNo">499</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.499"></a>
+<span class="sourceLineNo">500</span> List<CipherOption> cipherOptions =<a name="line.500"></a>
+<span class="sourceLineNo">501</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.501"></a>
+<span class="sourceLineNo">502</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.502"></a>
+<span class="sourceLineNo">503</span> return null;<a name="line.503"></a>
+<span class="sourceLineNo">504</span> }<a name="line.504"></a>
+<span class="sourceLineNo">505</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.505"></a>
+<span class="sourceLineNo">506</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.506"></a>
+<span class="sourceLineNo">507</span> }<a name="line.507"></a>
+<span class="sourceLineNo">508</span><a name="line.508"></a>
+<span class="sourceLineNo">509</span> @Override<a name="line.509"></a>
+<span class="sourceLineNo">510</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.510"></a>
+<span class="sourceLineNo">511</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.511"></a>
+<span class="sourceLineNo">512</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.512"></a>
+<span class="sourceLineNo">513</span> check(proto);<a name="line.513"></a>
+<span class="sourceLineNo">514</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.514"></a>
+<span class="sourceLineNo">515</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.515"></a>
+<span class="sourceLineNo">516</span> switch (step) {<a name="line.516"></a>
+<span class="sourceLineNo">517</span> case 1: {<a name="line.517"></a>
+<span class="sourceLineNo">518</span> List<CipherOption> cipherOptions = null;<a name="line.518"></a>
+<span class="sourceLineNo">519</span> if (requestedQopContainsPrivacy()) {<a name="line.519"></a>
+<span class="sourceLineNo">520</span> cipherOptions = getCipherOptions();<a name="line.520"></a>
+<span class="sourceLineNo">521</span> }<a name="line.521"></a>
+<span class="sourceLineNo">522</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.522"></a>
+<span class="sourceLineNo">523</span> ctx.flush();<a name="line.523"></a>
+<span class="sourceLineNo">524</span> step++;<a name="line.524"></a>
+<span class="sourceLineNo">525</span> break;<a name="line.525"></a>
+<span class="sourceLineNo">526</span> }<a name="line.526"></a>
+<span class="sourceLineNo">527</span> case 2: {<a name="line.527"></a>
+<span class="sourceLineNo">528</span> assert response == null;<a name="line.528"></a>
+<span class="sourceLineNo">529</span> checkSaslComplete();<a name="line.529"></a>
+<span class="sourceLineNo">530</span> CipherOption cipherOption =<a name="line.530"></a>
+<span class="sourceLineNo">531</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.531"></a>
+<span class="sourceLineNo">532</span> ChannelPipeline p = ctx.pipeline();<a name="line.532"></a>
+<span class="sourceLineNo">533</span> while (p.first() != null) {<a name="line.533"></a>
+<span class="sourceLineNo">534</span> p.removeFirst();<a name="line.534"></a>
+<span class="sourceLineNo">535</span> }<a name="line.535"></a>
+<span class="sourceLineNo">536</span> if (cipherOption != null) {<a name="line.536"></a>
+<span class="sourceLineNo">537</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.537"></a>
+<span class="sourceLineNo">538</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.538"></a>
+<span class="sourceLineNo">539</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.539"></a>
+<span class="sourceLineNo">540</span> } else {<a name="line.540"></a>
+<span class="sourceLineNo">541</span> if (useWrap()) {<a name="line.541"></a>
+<span class="sourceLineNo">542</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.542"></a>
+<span class="sourceLineNo">543</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.543"></a>
+<span class="sourceLineNo">544</span> new SaslUnwrapHandler(saslClient));<a name="line.544"></a>
+<span class="sourceLineNo">545</span> }<a name="line.545"></a>
+<span class="sourceLineNo">546</span> }<a name="line.546"></a>
+<span class="sourceLineNo">547</span> promise.trySuccess(null);<a name="line.547"></a>
+<span class="sourceLineNo">548</span> break;<a name="line.548"></a>
+<span class="sourceLineNo">549</span> }<a name="line.549"></a>
+<span class="sourceLineNo">550</span> default:<a name="line.550"></a>
+<span class="sourceLineNo">551</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.551"></a>
+<span class="sourceLineNo">552</span> }<a name="line.552"></a>
+<span class="sourceLineNo">553</span> } else {<a name="line.553"></a>
+<span class="sourceLineNo">554</span> ctx.fireChannelRead(msg);<a name="line.554"></a>
+<span class="sourceLineNo">555</span> }<a name="line.555"></a>
<span class="sourceLineNo">556</span> }<a name="line.556"></a>
<span class="sourceLineNo">557</span><a name="line.557"></a>
<span class="sourceLineNo">558</span> @Override<a name="line.558"></a>
-<span class="sourceLineNo">559</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.559"></a>
-<span class="sourceLineNo">560</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.560"></a>
-<span class="sourceLineNo">561</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.561"></a>
-<span class="sourceLineNo">562</span> } else {<a name="line.562"></a>
-<span class="sourceLineNo">563</span> super.userEventTriggered(ctx, evt);<a name="line.563"></a>
-<span class="sourceLineNo">564</span> }<a name="line.564"></a>
-<span class="sourceLineNo">565</span> }<a name="line.565"></a>
-<span class="sourceLineNo">566</span> }<a name="line.566"></a>
-<span class="sourceLineNo">567</span><a name="line.567"></a>
-<span class="sourceLineNo">568</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.568"></a>
-<span class="sourceLineNo">569</span><a name="line.569"></a>
-<span class="sourceLineNo">570</span> private final SaslClient saslClient;<a name="line.570"></a>
-<span class="sourceLineNo">571</span><a name="line.571"></a>
-<span class="sourceLineNo">572</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.572"></a>
-<span class="sourceLineNo">573</span> this.saslClient = saslClient;<a name="line.573"></a>
-<span class="sourceLineNo">574</span> }<a name="line.574"></a>
-<span class="sourceLineNo">575</span><a name="line.575"></a>
-<span class="sourceLineNo">576</span> @Override<a name="line.576"></a>
-<span class="sourceLineNo">577</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.577"></a>
-<span class="sourceLineNo">578</span> saslClient.dispose();<a name="line.578"></a>
+<span class="sourceLineNo">559</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.559"></a>
+<span class="sourceLineNo">560</span> promise.tryFailure(cause);<a name="line.560"></a>
+<span class="sourceLineNo">561</span> }<a name="line.561"></a>
+<span class="sourceLineNo">562</span><a name="line.562"></a>
+<span class="sourceLineNo">563</span> @Override<a name="line.563"></a>
+<span class="sourceLineNo">564</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.564"></a>
+<span class="sourceLineNo">565</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.565"></a>
+<span class="sourceLineNo">566</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.566"></a>
+<span class="sourceLineNo">567</span> } else {<a name="line.567"></a>
+<span class="sourceLineNo">568</span> super.userEventTriggered(ctx, evt);<a name="line.568"></a>
+<span class="sourceLineNo">569</span> }<a name="line.569"></a>
+<span class="sourceLineNo">570</span> }<a name="line.570"></a>
+<span class="sourceLineNo">571</span> }<a name="line.571"></a>
+<span class="sourceLineNo">572</span><a name="line.572"></a>
+<span class="sourceLineNo">573</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.573"></a>
+<span class="sourceLineNo">574</span><a name="line.574"></a>
+<span class="sourceLineNo">575</span> private final SaslClient saslClient;<a name="line.575"></a>
+<span class="sourceLineNo">576</span><a name="line.576"></a>
+<span class="sourceLineNo">577</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.577"></a>
+<span class="sourceLineNo">578</span> this.saslClient = saslClient;<a name="line.578"></a>
<span class="sourceLineNo">579</span> }<a name="line.579"></a>
<span class="sourceLineNo">580</span><a name="line.580"></a>
<span class="sourceLineNo">581</span> @Override<a name="line.581"></a>
-<span class="sourceLineNo">582</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.582"></a>
-<span class="sourceLineNo">583</span> msg.skipBytes(4);<a name="line.583"></a>
-<span class="sourceLineNo">584</span> byte[] b = new byte[msg.readableBytes()];<a name="line.584"></a>
-<span class="sourceLineNo">585</span> msg.readBytes(b);<a name="line.585"></a>
-<span class="sourceLineNo">586</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.586"></a>
-<span class="sourceLineNo">587</span> }<a name="line.587"></a>
-<span class="sourceLineNo">588</span> }<a name="line.588"></a>
-<span class="sourceLineNo">589</span><a name="line.589"></a>
-<span class="sourceLineNo">590</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.590"></a>
-<span class="sourceLineNo">591</span><a name="line.591"></a>
-<span class="sourceLineNo">592</span> private final SaslClient saslClient;<a name="line.592"></a>
-<span class="sourceLineNo">593</span><a name="line.593"></a>
-<span class="sourceLineNo">594</span> private CompositeByteBuf cBuf;<a name="line.594"></a>
-<span class="sourceLineNo">595</span><a name="line.595"></a>
-<span class="sourceLineNo">596</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.596"></a>
-<span class="sourceLineNo">597</span> this.saslClient = saslClient;<a name="line.597"></a>
-<span class="sourceLineNo">598</span> }<a name="line.598"></a>
-<span class="sourceLineNo">599</span><a name="line.599"></a>
-<span class="sourceLineNo">600</span> @Override<a name="line.600"></a>
-<span class="sourceLineNo">601</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.601"></a>
-<span class="sourceLineNo">602</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.602"></a>
+<span class="sourceLineNo">582</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.582"></a>
+<span class="sourceLineNo">583</span> saslClient.dispose();<a name="line.583"></a>
+<span class="sourceLineNo">584</span> }<a name="line.584"></a>
+<span class="sourceLineNo">585</span><a name="line.585"></a>
+<span class="sourceLineNo">586</span> @Override<a name="line.586"></a>
+<span class="sourceLineNo">587</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.587"></a>
+<span class="sourceLineNo">588</span> msg.skipBytes(4);<a name="line.588"></a>
+<span class="sourceLineNo">589</span> byte[] b = new byte[msg.readableBytes()];<a name="line.589"></a>
+<span class="sourceLineNo">590</span> msg.readBytes(b);<a name="line.590"></a>
+<span class="sourceLineNo">591</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.591"></a>
+<span class="sourceLineNo">592</span> }<a name="line.592"></a>
+<span class="sourceLineNo">593</span> }<a name="line.593"></a>
+<span class="sourceLineNo">594</span><a name="line.594"></a>
+<span class="sourceLineNo">595</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.595"></a>
+<span class="sourceLineNo">596</span><a name="line.596"></a>
+<span class="sourceLineNo">597</span> private final SaslClient saslClient;<a name="line.597"></a>
+<span class="sourceLineNo">598</span><a name="line.598"></a>
+<span class="sourceLineNo">599</span> private CompositeByteBuf cBuf;<a name="line.599"></a>
+<span class="sourceLineNo">600</span><a name="line.600"></a>
+<span class="sourceLineNo">601</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.601"></a>
+<span class="sourceLineNo">602</span> this.saslClient = saslClient;<a name="line.602"></a>
<span class="sourceLineNo">603</span> }<a name="line.603"></a>
<span class="sourceLineNo">604</span><a name="line.604"></a>
<span class="sourceLineNo">605</span> @Override<a name="line.605"></a>
-<span class="sourceLineNo">606</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.606"></a>
-<span class="sourceLineNo">607</span> throws Exception {<a name="line.607"></a>
-<span class="sourceLineNo">608</span> if (msg instanceof ByteBuf) {<a name="line.608"></a>
-<span class="sourceLineNo">609</span> ByteBuf buf = (ByteBuf) msg;<a name="line.609"></a>
-<span class="sourceLineNo">610</span> cBuf.addComponent(buf);<a name="line.610"></a>
-<span class="sourceLineNo">611</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.611"></a>
-<span class="sourceLineNo">612</span> } else {<a name="line.612"></a>
-<span class="sourceLineNo">613</span> ctx.write(msg);<a name="line.613"></a>
-<span class="sourceLineNo">614</span> }<a name="line.614"></a>
-<span class="sourceLineNo">615</span> }<a name="line.615"></a>
-<span class="sourceLineNo">616</span><a name="line.616"></a>
-<span class="sourceLineNo">617</span> @Override<a name="line.617"></a>
-<span class="sourceLineNo">618</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.618"></a>
-<span class="sourceLineNo">619</span> if (cBuf.isReadable()) {<a name="line.619"></a>
-<span class="sourceLineNo">620</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.620"></a>
-<span class="sourceLineNo">621</span> cBuf.readBytes(b);<a name="line.621"></a>
-<span class="sourceLineNo">622</span> cBuf.discardReadComponents();<a name="line.622"></a>
-<span class="sourceLineNo">623</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.623"></a>
-<span class="sourceLineNo">624</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.624"></a>
-<span class="sourceLineNo">625</span> buf.writeInt(wrapped.length);<a name="line.625"></a>
-<span class="sourceLineNo">626</span> buf.writeBytes(wrapped);<a name="line.626"></a>
-<span class="sourceLineNo">627</span> ctx.write(buf);<a name="line.627"></a>
-<span class="sourceLineNo">628</span> }<a name="line.628"></a>
-<span class="sourceLineNo">629</span> ctx.flush();<a name="line.629"></a>
-<span class="sourceLineNo">630</span> }<a name="line.630"></a>
-<span class="sourceLineNo">631</span><a name="line.631"></a>
-<span class="sourceLineNo">632</span> @Override<a name="line.632"></a>
-<span class="sourceLineNo">633</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.633"></a>
-<span class="sourceLineNo">634</span> cBuf.release();<a name="line.634"></a>
-<span class="sourceLineNo">635</span> cBuf = null;<a name="line.635"></a>
-<span class="sourceLineNo">636</span> }<a name="line.636"></a>
-<span class="sourceLineNo">637</span> }<a name="line.637"></a>
-<span class="sourceLineNo">638</span><a name="line.638"></a>
-<span class="sourceLineNo">639</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.639"></a>
-<span class="sourceLineNo">640</span><a name="line.640"></a>
-<span class="sourceLineNo">641</span> private final Decryptor decryptor;<a name="line.641"></a>
-<span class="sourceLineNo">642</span><a name="line.642"></a>
-<span class="sourceLineNo">643</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.643"></a>
-<span class="sourceLineNo">644</span> throws GeneralSecurityException, IOException {<a name="line.644"></a>
-<span class="sourceLineNo">645</span> this.decryptor = codec.createDecryptor();<a name="line.645"></a>
-<span class="sourceLineNo">646</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.646"></a>
-<span class="sourceLineNo">647</span> }<a name="line.647"></a>
-<span class="sourceLineNo">648</span><a name="line.648"></a>
-<span class="sourceLineNo">649</span> @Override<a name="line.649"></a>
-<span class="sourceLineNo">650</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.650"></a>
-<span class="sourceLineNo">651</span> ByteBuf inBuf;<a name="line.651"></a>
-<span class="sourceLineNo">652</span> boolean release = false;<a name="line.652"></a>
-<span class="sourceLineNo">653</span> if (msg.nioBufferCount() == 1) {<a name="line.653"></a>
-<span class="sourceLineNo">654</span> inBuf = msg;<a name="line.654"></a>
-<span class="sourceLineNo">655</span> } else {<a name="line.655"></a>
-<span class="sourceLineNo">656</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.656"></a>
-<span class="sourceLineNo">657</span> msg.readBytes(inBuf);<a name="line.657"></a>
-<span class="sourceLineNo">658</span> release = true;<a name="line.658"></a>
-<span class="sourceLineNo">659</span> }<a name="line.659"></a>
-<span class="sourceLineNo">660</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.660"></a>
-<span class="sourceLineNo">661</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.661"></a>
-<span class="sourceLineNo">662</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.662"></a>
-<span class="sourceLineNo">663</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.663"></a>
-<span class="sourceLineNo">664</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.664"></a>
-<span class="sourceLineNo">665</span> if (release) {<a name="line.665"></a>
-<span class="sourceLineNo">666</span> inBuf.release();<a name="line.666"></a>
-<span class="sourceLineNo">667</span> }<a name="line.667"></a>
-<span class="sourceLineNo">668</span> ctx.fireChannelRead(outBuf);<a name="line.668"></a>
-<span class="sourceLineNo">669</span> }<a name="line.669"></a>
-<span class="sourceLineNo">670</span> }<a name="line.670"></a>
-<span class="sourceLineNo">671</span><a name="line.671"></a>
-<span class="sourceLineNo">672</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.672"></a>
-<span class="sourceLineNo">673</span><a name="line.673"></a>
-<span class="sourceLineNo">674</span> private final Encryptor encryptor;<a name="line.674"></a>
-<span class="sourceLineNo">675</span><a name="line.675"></a>
-<span class="sourceLineNo">676</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.676"></a>
-<span class="sourceLineNo">677</span> throws GeneralSecurityException, IOException {<a name="line.677"></a>
-<span class="sourceLineNo">678</span> this.encryptor = codec.createEncryptor();<a name="line.678"></a>
-<span class="sourceLineNo">679</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.679"></a>
-<span class="sourceLineNo">680</span> }<a name="line.680"></a>
-<span class="sourceLineNo">681</span><a name="line.681"></a>
-<span class="sourceLineNo">682</span> @Override<a name="line.682"></a>
-<span class="sourceLineNo">683</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.683"></a>
-<span class="sourceLineNo">684</span> throws Exception {<a name="line.684"></a>
-<span class="sourceLineNo">685</span> if (preferDirect) {<a name="line.685"></a>
-<span class="sourceLineNo">686</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.686"></a>
-<span class="sourceLineNo">687</span> } else {<a name="line.687"></a>
-<span class="sourceLineNo">688</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.688"></a>
-<span class="sourceLineNo">689</span> }<a name="line.689"></a>
-<span class="sourceLineNo">690</span> }<a name="line.690"></a>
-<span class="sourceLineNo">691</span><a name="line.691"></a>
-<span class="sourceLineNo">692</span> @Override<a name="line.692"></a>
-<span class="sourceLineNo">693</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.693"></a>
-<span class="sourceLineNo">694</span> ByteBuf inBuf;<a name="line.694"></a>
-<span class="sourceLineNo">695</span> boolean release = false;<a name="line.695"></a>
-<span class="sourceLineNo">696</span> if (msg.nioBufferCount() == 1) {<a name="line.696"></a>
-<span class="sourceLineNo">697</span> inBuf = msg;<a name="line.697"></a>
-<span class="sourceLineNo">698</span> } else {<a name="line.698"></a>
-<span class="sourceLineNo">699</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.699"></a>
-<span class="sourceLineNo">700</span> msg.readBytes(inBuf);<a name="line.700"></a>
-<span class="sourceLineNo">701</span> release = true;<a name="line.701"></a>
-<span class="sourceLineNo">702</span> }<a name="line.702"></a>
-<span class="sourceLineNo">703</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.703"></a>
-<span class="sourceLineNo">704</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.704"></a>
-<span class="sourceLineNo">705</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.705"></a>
-<span class="sourceLineNo">706</span> out.writerIndex(inBuf.readableBytes());<a name="line.706"></a>
-<span class="sourceLineNo">707</span> if (release) {<a name="line.707"></a>
-<span class="sourceLineNo">708</span> inBuf.release();<a name="line.708"></a>
-<span class="sourceLineNo">709</span> }<a name="line.709"></a>
-<span class="sourceLineNo">710</span> }<a name="line.710"></a>
-<span class="sourceLineNo">711</span> }<a name="line.711"></a>
-<span class="sourceLineNo">712</span><a name="line.712"></a>
-<span class="sourceLineNo">713</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.713"></a>
-<span class="sourceLineNo">714</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.714"></a>
-<span class="sourceLineNo">715</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.715"></a>
+<span class="sourceLineNo">606</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.606"></a>
+<span class="sourceLineNo">607</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.607"></a>
+<span class="sourceLineNo">608</span> }<a name="line.608"></a>
+<span class="sourceLineNo">609</span><a name="line.609"></a>
+<span class="sourceLineNo">610</span> @Override<a name="line.610"></a>
+<span class="sourceLineNo">611</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.611"></a>
+<span class="sourceLineNo">612</span> throws Exception {<a name="line.612"></a>
+<span class="sourceLineNo">613</span> if (msg instanceof ByteBuf) {<a name="line.613"></a>
+<span class="sourceLineNo">614</span> ByteBuf buf = (ByteBuf) msg;<a name="line.614"></a>
+<span class="sourceLineNo">615</span> cBuf.addComponent(buf);<a name="line.615"></a>
+<span class="sourceLineNo">616</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.616"></a>
+<span class="sourceLineNo">617</span> } else {<a name="line.617"></a>
+<span class="sourceLineNo">618</span> ctx.write(msg);<a name="line.618"></a>
+<span class="sourceLineNo">619</span> }<a name="line.619"></a>
+<span class="sourceLineNo">620</span> }<a name="line.620"></a>
+<span class="sourceLineNo">621</span><a name="line.621"></a>
+<span class="sourceLineNo">622</span> @Override<a name="line.622"></a>
+<span class="sourceLineNo">623</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.623"></a>
+<span class="sourceLineNo">624</span> if (cBuf.isReadable()) {<a name="line.624"></a>
+<span class="sourceLineNo">625</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.625"></a>
+<span class="sourceLineNo">626</span> cBuf.readBytes(b);<a name="line.626"></a>
+<span class="sourceLineNo">627</span> cBuf.discardReadComponents();<a name="line.627"></a>
+<span class="sourceLineNo">628</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.628"></a>
+<span class="sourceLineNo">629</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.629"></a>
+<span class="sourceLineNo">630</span> buf.writeInt(wrapped.length);<a name="line.630"></a>
+<span class="sourceLineNo">631</span> buf.writeBytes(wrapped);<a name="line.631"></a>
+<span class="sourceLineNo">632</span> ctx.write(buf);<a name="line.632"></a>
+<span class="sourceLineNo">633</span> }<a name="line.633"></a>
+<span class="sourceLineNo">634</span> ctx.flush();<a name="line.634"></a>
+<span class="sourceLineNo">635</span> }<a name="line.635"></a>
+<span class="sourceLineNo">636</span><a name="line.636"></a>
+<span class="sourceLineNo">637</span> @Override<a name="line.637"></a>
+<span class="sourceLineNo">638</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.638"></a>
+<span class="sourceLineNo">639</span> cBuf.release();<a name="line.639"></a>
+<span class="sourceLineNo">640</span> cBuf = null;<a name="line.640"></a>
+<span class="sourceLineNo">641</span> }<a name="line.641"></a>
+<span class="sourceLineNo">642</span> }<a name="line.642"></a>
+<span class="sourceLineNo">643</span><a name="line.643"></a>
+<span class="sourceLineNo">644</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.644"></a>
+<span class="sourceLineNo">645</span><a name="line.645"></a>
+<span class="sourceLineNo">646</span> private final Decryptor decryptor;<a name="line.646"></a>
+<span class="sourceLineNo">647</span><a name="line.647"></a>
+<span class="sourceLineNo">648</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.648"></a>
+<span class="sourceLineNo">649</span> throws GeneralSecurityException, IOException {<a name="line.649"></a>
+<span class="sourceLineNo">650</span> this.decryptor = codec.createDecryptor();<a name="line.650"></a>
+<span class="sourceLineNo">651</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.651"></a>
+<span class="sourceLineNo">652</span> }<a name="line.652"></a>
+<span class="sourceLineNo">653</span><a name="line.653"></a>
+<span class="sourceLineNo">654</span> @Override<a name="line.654"></a>
+<span class="sourceLineNo">655</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.655"></a>
+<span class="sourceLineNo">656</span> ByteBuf inBuf;<a name="line.656"></a>
+<span class="sourceLineNo">657</span> boolean release = false;<a name="line.657"></a>
+<span class="sourceLineNo">658</span> if (msg.nioBufferCount() == 1) {<a name="line.658"></a>
+<span class="sourceLineNo">659</span> inBuf = msg;<a name="line.659"></a>
+<span class="sourceLineNo">660</span> } else {<a name="line.660"></a>
+<span class="sourceLineNo">661</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.661"></a>
+<span class="sourceLineNo">662</span> msg.readBytes(inBuf);<a name="line.662"></a>
+<span class="sourceLineNo">663</span> release = true;<a name="line.663"></a>
+<span class="sourceLineNo">664</span> }<a name="line.664"></a>
+<span class="sourceLineNo">665</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.665"></a>
+<span class="sourceLineNo">666</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.666"></a>
+<span class="sourceLineNo">667</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.667"></a>
+<span class="sourceLineNo">668</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.668"></a>
+<span class="sourceLineNo">669</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.669"></a>
+<span class="sourceLineNo">670</span> if (release) {<a name="line.670"></a>
+<span class="sourceLineNo">671</span> inBuf.release();<a name="line.671"></a>
+<span class="sourceLineNo">672</span> }<a name="line.672"></a>
+<span class="sourceLineNo">673</span> ctx.fireChannelRead(outBuf);<a name="line.673"></a>
+<span class="sourceLineNo">674</span> }<a name="line.674"></a>
+<span class="sourceLineNo">675</span> }<a name="line.675"></a>
+<span class="sourceLineNo">676</span><a name="line.676"></a>
+<span class="sourceLineNo">677</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.677"></a>
+<span class="sourceLineNo">678</span><a name="line.678"></a>
+<span class="sourceLineNo">679</span> private final Encryptor encryptor;<a name="line.679"></a>
+<span class="sourceLineNo">680</span><a name="line.680"></a>
+<span class="sourceLineNo">681</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.681"></a>
+<span class="sourceLineNo">682</span> throws GeneralSecurityException, IOException {<a name="line.682"></a>
+<span class="sourceLineNo">683</span> this.encryptor = codec.createEncryptor();<a name="line.683"></a>
+<span class="sourceLineNo">684</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.684"></a>
+<span class="sourceLineNo">685</span> }<a name="line.685"></a>
+<span class="sourceLineNo">686</span><a name="line.686"></a>
+<span class="sourceLineNo">687</span> @Override<a name="line.687"></a>
+<span class="sourceLineNo">688</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.688"></a>
+<span class="sourceLineNo">689</span> throws Exception {<a name="line.689"></a>
+<span class="sourceLineNo">690</span> if (preferDirect) {<a name="line.690"></a>
+<span class="sourceLineNo">691</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.691"></a>
+<span class="sourceLineNo">692</span> } else {<a name="line.692"></a>
+<span class="sourceLineNo">693</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.693"></a>
+<span class="sourceLineNo">694</span> }<a name="line.694"></a>
+<span class="sourceLineNo">695</span> }<a name="line.695"></a>
+<span class="sourceLineNo">696</span><a name="line.696"></a>
+<span class="sourceLineNo">697</span> @Override<a name="line.697"></a>
+<span class="sourceLineNo">698</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.698"></a>
+<span class="sourceLineNo">699</span> ByteBuf inBuf;<a name="line.699"></a>
+<span class="sourceLineNo">700</span> boolean release = false;<a name="line.700"></a>
+<span class="sourceLineNo">701</span> if (msg.nioBufferCount() == 1) {<a name="line.701"></a>
+<span class="sourceLineNo">702</span> inBuf = msg;<a name="line.702"></a>
+<span class="sourceLineNo">703</span> } else {<a name="line.703"></a>
+<span class="sourceLineNo">704</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.704"></a>
+<span class="sourceLineNo">705</span> msg.readBytes(inBuf);<a name="line.705"></a>
+<span class="sourceLineNo">706</span> release = true;<a name="line.706"></a>
+<span class="sourceLineNo">707</span> }<a name="line.707"></a>
+<span class="sourceLineNo">708</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.708"></a>
+<span class="sourceLineNo">709</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.709"></a>
+<span class="sourceLineNo">710</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.710"></a>
+<span class="sourceLineNo">711</span> out.writerIndex(inBuf.readableBytes());<a name="line.711"></a>
+<span class="sourceLineNo">712</span> if (release) {<a name="line.712"></a>
+<span class="sourceLineNo">713</span> inBuf.release();<a name="line.713"></a>
+<span class="sourceLineNo">714</span> }<a name="line.714"></a>
+<span class="sourceLineNo">715</span> }<a name="line.715"></a>
<span class="sourceLineNo">716</span> }<a name="line.716"></a>
<span class="sourceLineNo">717</span><a name="line.717"></a>
-<span class="sourceLineNo">718</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.718"></a>
-<span class="sourceLineNo">719</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.719"></a>
-<span class="sourceLineNo">720</span> }<a name="line.720"></a>
-<span class="sourceLineNo">721</span><a name="line.721"></a>
-<span class="sourceLineNo">722</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.722"></a>
-<span class="sourceLineNo">723</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.723"></a>
-<span class="sourceLineNo">724</span> }<a name="line.724"></a>
-<span class="sourceLineNo">725</span><a name="line.725"></a>
-<span class="sourceLineNo">726</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.726"></a>
-<span class="sourceLineNo">727</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.727"></a>
-<span class="sourceLineNo">728</span> .toCharArray();<a name="line.728"></a>
+<span class="sourceLineNo">718</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.718"></a>
+<span class="sourceLineNo">719</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.719"></a>
+<span class="sourceLineNo">720</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.720"></a>
+<span class="sourceLineNo">721</span> }<a name="line.721"></a>
+<span class="sourceLineNo">722</span><a name="line.722"></a>
+<span class="sourceLineNo">723</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.723"></a>
+<span class="sourceLineNo">724</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.724"></a>
+<span class="sourceLineNo">725</span> }<a name="line.725"></a>
+<span class="sourceLineNo">726</span><a name="line.726"></a>
+<span class="sourceLineNo">727</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.727"></a>
+<span class="sourceLineNo">728</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.728"></a>
<span class="sourceLineNo">729</span> }<a name="line.729"></a>
<span class="sourceLineNo">730</span><a name="line.730"></a>
-<span class="sourceLineNo">731</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.731"></a>
-<span class="sourceLineNo">732</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.732"></a>
-<span class="sourceLineNo">733</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.733"></a>
-<span class="sourceLineNo">734</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.734"></a>
-<span class="sourceLineNo">735</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.735"></a>
-<span class="sourceLineNo">736</span> return saslProps;<a name="line.736"></a>
-<span class="sourceLineNo">737</span> }<a name="line.737"></a>
-<span class="sourceLineNo">738</span><a name="line.738"></a>
-<span class="sourceLineNo">739</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.739"></a>
-<span class="sourceLineNo">740</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {<a name="line.740"></a>
-<span class="sourceLineNo">741</span> try {<a name="line.741"></a>
-<span class="sourceLineNo">742</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.742"></a>
-<span class="sourceLineNo">743</span> new ProtobufVarint32FrameDecoder(),<a name="line.743"></a>
-<span class="sourceLineNo">744</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.744"></a>
-<span class="sourceLineNo">745</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));<a name="line.745"></a>
-<span class="sourceLineNo">746</span> } catch (SaslException e) {<a name="line.746"></a>
-<span class="sourceLineNo">747</span> saslPromise.tryFailure(e);<a name="line.747"></a>
-<span class="sourceLineNo">748</span> }<a name="line.748"></a>
-<span class="sourceLineNo">749</span> }<a name="line.749"></a>
-<span class="sourceLineNo">750</span><a name="line.750"></a>
-<span class="sourceLineNo">751</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.751"></a>
-<span class="sourceLineNo">752</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.752"></a>
-<span class="sourceLineNo">753</span> Promise<Void> saslPromise) throws IOException {<a name="line.753"></a>
-<span class="sourceLineNo">754</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.754"></a>
-<span class="sourceLineNo">755</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.755"></a>
-<span class="sourceLineNo">756</span> TrustedChannelResolver trustedChannelResolver =<a name="line.756"></a>
-<span class="sourceLineNo">757</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.757"></a>
-<span class="sourceLineNo">758</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.758"></a>
-<span class="sourceLineNo">759</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.759"></a>
-<span class="sourceLineNo">760</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.760"></a>
-<span class="sourceLineNo">761</span> saslPromise.trySuccess(null);<a name="line.761"></a>
-<span class="sourceLineNo">762</span> return;<a name="line.762"></a>
-<span class="sourceLineNo">763</span> }<a name="line.763"></a>
-<span class="sourceLineNo">764</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.764"></a>
-<span class="sourceLineNo">765</span> if (encryptionKey != null) {<a name="line.765"></a>
-<span class="sourceLineNo">766</span> if (LOG.isDebugEnabled()) {<a name="line.766"></a>
-<span class="sourceLineNo">767</span> LOG.debug(<a name="line.767"></a>
-<span class="sourceLineNo">768</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.768"></a>
-<span class="sourceLineNo">769</span> }<a name="line.769"></a>
-<span class="sourceLineNo">770</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.770"></a>
-<span class="sourceLineNo">771</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.771"></a>
-<span class="sourceLineNo">772</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);<a name="line.772"></a>
-<span class="sourceLineNo">773</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.773"></a>
-<span class="sourceLineNo">774</span> if (LOG.isDebugEnabled()) {<a name="line.774"></a>
-<span class="sourceLineNo">775</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.775"></a>
-<span class="sourceLineNo">776</span> + ", datanodeId = " + dnInfo);<a name="line.776"></a>
-<span class="sourceLineNo">777</span> }<a name="line.777"></a>
-<span class="sourceLineNo">778</span> saslPromise.trySuccess(null);<a name="line.778"></a>
-<span class="sourceLineNo">779</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.779"></a>
-<span class="sourceLineNo">780</span> if (LOG.isDebugEnabled()) {<a name="line.780"></a>
-<span class="sourceLineNo">781</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.781"></a>
-<span class="sourceLineNo">782</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.782"></a>
-<span class="sourceLineNo">783</span> }<a name="line.783"></a>
-<span class="sourceLineNo">784</span> saslPromise.trySuccess(null);<a name="line.784"></a>
-<span class="sourceLineNo">785</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.785"></a>
-<span class="sourceLineNo">786</span> if (LOG.isDebugEnabled()) {<a name="line.786"></a>
-<span class="sourceLineNo">787</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.787"></a>
-<span class="sourceLineNo">788</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.788"></a>
-<span class="sourceLineNo">789</span> }<a name="line.789"></a>
-<span class="sourceLineNo">790</span> saslPromise.trySuccess(null);<a name="line.790"></a>
-<span class="sourceLineNo">791</span> } else if (saslPropsResolver != null) {<a name="line.791"></a>
-<span class="sourceLineNo">792</span> if (LOG.isDebugEnabled()) {<a name="line.792"></a>
-<span class="sourceLineNo">793</span> LOG.debug(<a name="line.793"></a>
-<span class="sourceLineNo">794</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.794"></a>
-<span class="sourceLineNo">795</span> }<a name="line.795"></a>
-<span class="sourceLineNo">796</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.796"></a>
-<span class="sourceLineNo">797</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);<a name="line.797"></a>
-<span class="sourceLineNo">798</span> } else {<a name="line.798"></a>
-<span class="sourceLineNo">799</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.799"></a>
-<span class="sourceLineNo">800</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.800"></a>
-<span class="sourceLineNo">801</span> // edge case.<a name="line.801"></a>
-<span class="sourceLineNo">802</span> if (LOG.isDebugEnabled()) {<a name="line.802"></a>
-<span class="sourceLineNo">803</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.803"></a>
-<span class="sourceLineNo">804</span> + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.804"></a>
-<span class="sourceLineNo">805</span> }<a name="line.805"></a>
-<span class="sourceLineNo">806</span> saslPromise.trySuccess(null);<a name="line.806"></a>
-<span class="sourceLineNo">807</span> }<a name="line.807"></a>
-<span class="sourceLineNo">808</span> }<a name="line.808"></a>
-<span class="sourceLineNo">809</span><a name="line.809"></a>
-<span class="sourceLineNo">810</span> static Encryptor createEncryptor(Configuration conf, HdfsFileStatus stat, DFSClient client)<a name="line.810"></a>
-<span class="sourceLineNo">811</span> throws IOException {<a name="line.811"></a>
-<span class="sourceLineNo">812</span> FileEncryptionInfo feInfo = stat.getFileEncryptionInfo();<a name="line.812"></a>
-<span class="sourceLineNo">813</span> if (feInfo == null) {<a name="line.813"></a>
-<span class="sourceLineNo">814</span> return null;<a name="line.814"></a>
-<span class="sourceLineNo">815</span> }<a name="line.815"></a>
-<span class="sourceLineNo">816</span> return TRANSPARENT_CRYPTO_HELPER.createEncryptor(conf, feInfo, client);<a name="line.816"></a>
+<span class="sourceLineNo">731</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.731"></a>
+<span class="sourceLineNo">732</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.732"></a>
+<span class="sourceLineNo">733</span> .toCharArray();<a name="line.733"></a>
+<span class="sourceLineNo">734</span> }<a name="line.734"></a>
+<span class="sourceLineNo">735</span><a name="line.735"></a>
+<span class="sourceLineNo">736</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.736"></a>
+<span class="sourceLineNo">737</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.737"></a>
+<span class="sourceLineNo">738</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.738"></a>
+<span class="sourceLineNo">739</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.739"></a>
+<span class="sourceLineNo">740</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.740"></a>
+<span class="sourceLineNo">741</span> return saslProps;<a name="line.741"></a>
+<span class="sourceLineNo">742</span> }<a name="line.742"></a>
+<span class="sourceLineNo">743</span><a name="line.743"></a>
+<span class="sourceLineNo">744</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.744"></a>
+<span class="sourceLineNo">745</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,<a name="line.745"></a>
+<span class="sourceLineNo">746</span> DFSClient dfsClient) {<a name="line.746"></a>
+<span class="sourceLineNo">747</span> try {<a name="line.747"></a>
+<span class="sourceLineNo">748</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.748"></a>
+<span class="sourceLineNo">749</span> new ProtobufVarint32FrameDecoder(),<a name="line.749"></a>
+<span class="sourceLineNo">750</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.750"></a>
+<span class="sourceLineNo">751</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,<a name="line.751"></a>
+<span class="sourceLineNo">752</span> dfsClient));<a name="line.752"></a>
+<span class="sourceLineNo">753</span> } catch (SaslException e) {<a name="line.753"></a>
+<span class="sourceLineNo">754</span> saslPromise.tryFailure(e);<a name="line.754"></a>
+<span class="sourceLineNo">755</span> }<a name="line.755"></a>
+<span class="sourceLineNo">756</span> }<a name="line.756"></a>
+<span class="sourceLineNo">757</span><a name="line.757"></a>
+<span class="sourceLineNo">758</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.758"></a>
+<span class="sourceLineNo">759</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.759"></a>
+<span class="sourceLineNo">760</span> Promise<Void> saslPromise) throws IOException {<a name="line.760"></a>
+<span class="sourceLineNo">761</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.761"></a>
+<span class="sourceLineNo">762</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.762"></a>
+<span class="sourceLineNo">763</span> TrustedChannelResolver trustedChannelResolver =<a name="line.763"></a>
+<span class="sourceLineNo">764</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.764"></a>
+<span class="sourceLineNo">765</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.765"></a>
+<span class="sourceLineNo">766</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.766"></a>
+<span class="sourceLineNo">767</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.767"></a>
+<span class="sourceLineNo">768</span> saslPromise.trySuccess(null);<a name="line.768"></a>
+<span class="sourceLineNo">769</span> return;<a name="line.769"></a>
+<span class="sourceLineNo">770</span> }<a name="line.770"></a>
+<span class="sourceLineNo">771</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.771"></a>
+<span class="sourceLineNo">772</span> if (encryptionKey != null) {<a name="line.772"></a>
+<span class="sourceLineNo">773</span> if (LOG.isDebugEnabled()) {<a name="line.773"></a>
+<span class="sourceLineNo">774</span> LOG.debug(<a name="line.774"></a>
+<span class="sourceLineNo">775</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.775"></a>
+<span class="sourceLineNo">776</span> }<a name="line.776"></a>
+<span class="sourceLineNo">777</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.777"></a>
+<span class="sourceLineNo">778</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.778"></a>
+<span class="sourceLineNo">779</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,<a name="line.779"></a>
+<span class="sourceLineNo">780</span> client);<a name="line.780"></a>
+<span class="sourceLineNo">781</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.781"></a>
+<span class="sourceLineNo">782</span> if (LOG.isDebugEnabled()) {<a name="line.782"></a>
+<span class="sourceLineNo">783</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.783"></a>
+<span class="sourceLineNo">784</span> + ", datanodeId = " + dnInfo);<a name="line.784"></a>
+<span class="sourceLineNo">785</span> }<a name="line.785"></a>
+<span class="sourceLineNo">786</span> saslPromise.trySuccess(null);<a name="line.786"></a>
+<span class="sourceLineNo">787</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.787"></a>
+<span class="sourceLineNo">788</span> if (LOG.isDebugEnabled()) {<a name="line.788"></a>
+<span class="sourceLineNo">789</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.789"></a>
+<span class="sourceLineNo">790</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.790"></a>
+<span class="sourceLineNo">791</span> }<a name="line.791"></a>
+<span class="sourceLineNo">792</span> saslPromise.trySuccess(null);<a name="line.792"></a>
+<span class="sourceLineNo">793</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.793"></a>
+<span class="sourceLineNo">794</span> if (LOG.isDebugEnabled()) {<a name="line.794"></a>
+<span class="sourceLineNo">795</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.795"></a>
+<span class="sourceLineNo">796</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.796"></a>
+<span class="sourceLineNo">797</span> }<a name="line.797"></a>
+<span class="sourceLineNo">798</span> saslPromise.trySuccess(null);<a name="line.798"></a>
+<span class="sourceLineNo">799</span> } else if (saslPropsResolver != null) {<a name="line.799"></a>
+<span class="sourceLineNo">800</span> if (LOG.isDebugEnabled()) {<a name="line.800"></a>
+<span class="sourceLineNo">801</span> LOG.debug(<a name="line.801"></a>
+<span class="sourceLineNo">802</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.802"></a>
+<span class="sourceLineNo">803</span> }<a name="line.803"></a>
+<span class="sourceLineNo">804</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.804"></a>
+<span class="sourceLineNo">805</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,<a name="line.805"></a>
+<span class="sourceLineNo">806</span> client);<a name="line.806"></a>
+<span class="sourceLineNo">807</span> } else {<a name="line.807"></a>
+<span class="sourceLineNo">808</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.808"></a>
+<span class="sourceLineNo">809</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.809"></a>
+<span class="sourceLineNo">810</span> // edge case.<a name="line.810"></a>
+<span class="sourceLineNo">811</span> if (LOG.isDebugEnabled()) {<a name="line.811"></a>
+<span class="sourceLineNo">812</span> LOG.debug("SASL client skipping handshake in secured conf
<TRUNCATED>
[12/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html
index d3df994..c6de397 100644
--- a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html
+++ b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html
@@ -294,13 +294,14 @@ extends <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
</tr>
<tr id="i9" class="rowColor">
<td class="colFirst"><code>private static void</code></td>
-<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#doSaslNegotiation-org.apache.hadoop.conf.Configuration-org.apache.hbase.thirdparty.io.netty.channel.Channel-int-java.lang.String-char:A-java.util.Map-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-">doSaslNegotiation</a></span>(org.apache.hadoop.conf.Configuration conf,
+<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#doSaslNegotiation-org.apache.hadoop.conf.Configuration-org.apache.hbase.thirdparty.io.netty.channel.Channel-int-java.lang.String-char:A-java.util.Map-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-org.apache.hadoop.hdfs.DFSClient-">doSaslNegotiation</a></span>(org.apache.hadoop.conf.Configuration conf,
org.apache.hbase.thirdparty.io.netty.channel.Channel channel,
int timeoutMs,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> username,
char[] password,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a><<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>,<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>> saslProps,
- org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise<<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Void.html?is-external=true" title="class or interface in java.lang">Void</a>> saslPromise)</code> </td>
+ org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise<<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Void.html?is-external=true" title="class or interface in java.lang">Void</a>> saslPromise,
+ org.apache.hadoop.hdfs.DFSClient dfsClient)</code> </td>
</tr>
<tr id="i10" class="altColor">
<td class="colFirst"><code>private static char[]</code></td>
@@ -550,7 +551,7 @@ extends <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
<ul class="blockList">
<li class="blockList">
<h4>getUserNameFromEncryptionKey</h4>
-<pre>private static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.713">getUserNameFromEncryptionKey</a>(org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey encryptionKey)</pre>
+<pre>private static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.718">getUserNameFromEncryptionKey</a>(org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey encryptionKey)</pre>
</li>
</ul>
<a name="encryptionKeyToPassword-byte:A-">
@@ -559,7 +560,7 @@ extends <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
<ul class="blockList">
<li class="blockList">
<h4>encryptionKeyToPassword</h4>
-<pre>private static char[] <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.718">encryptionKeyToPassword</a>(byte[] encryptionKey)</pre>
+<pre>private static char[] <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.723">encryptionKeyToPassword</a>(byte[] encryptionKey)</pre>
</li>
</ul>
<a name="buildUsername-org.apache.hadoop.security.token.Token-">
@@ -568,7 +569,7 @@ extends <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
<ul class="blockList">
<li class="blockList">
<h4>buildUsername</h4>
-<pre>private static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.722">buildUsername</a>(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> blockToken)</pre>
+<pre>private static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.727">buildUsername</a>(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> blockToken)</pre>
</li>
</ul>
<a name="buildClientPassword-org.apache.hadoop.security.token.Token-">
@@ -577,7 +578,7 @@ extends <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
<ul class="blockList">
<li class="blockList">
<h4>buildClientPassword</h4>
-<pre>private static char[] <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.726">buildClientPassword</a>(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> blockToken)</pre>
+<pre>private static char[] <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.731">buildClientPassword</a>(org.apache.hadoop.security.token.Token<org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier> blockToken)</pre>
</li>
</ul>
<a name="createSaslPropertiesForEncryption-java.lang.String-">
@@ -586,22 +587,23 @@ extends <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
<ul class="blockList">
<li class="blockList">
<h4>createSaslPropertiesForEncryption</h4>
-<pre>private static <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a><<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>,<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.731">createSaslPropertiesForEncryption</a>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> encryptionAlgorithm)</pre>
+<pre>private static <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a><<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>,<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.736">createSaslPropertiesForEncryption</a>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> encryptionAlgorithm)</pre>
</li>
</ul>
-<a name="doSaslNegotiation-org.apache.hadoop.conf.Configuration-org.apache.hbase.thirdparty.io.netty.channel.Channel-int-java.lang.String-char:A-java.util.Map-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-">
+<a name="doSaslNegotiation-org.apache.hadoop.conf.Configuration-org.apache.hbase.thirdparty.io.netty.channel.Channel-int-java.lang.String-char:A-java.util.Map-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-org.apache.hadoop.hdfs.DFSClient-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>doSaslNegotiation</h4>
-<pre>private static void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.739">doSaslNegotiation</a>(org.apache.hadoop.conf.Configuration conf,
+<pre>private static void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.744">doSaslNegotiation</a>(org.apache.hadoop.conf.Configuration conf,
org.apache.hbase.thirdparty.io.netty.channel.Channel channel,
int timeoutMs,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> username,
char[] password,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a><<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>,<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>> saslProps,
- org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise<<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Void.html?is-external=true" title="class or interface in java.lang">Void</a>> saslPromise)</pre>
+ org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise<<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Void.html?is-external=true" title="class or interface in java.lang">Void</a>> saslPromise,
+ org.apache.hadoop.hdfs.DFSClient dfsClient)</pre>
</li>
</ul>
<a name="trySaslNegotiate-org.apache.hadoop.conf.Configuration-org.apache.hbase.thirdparty.io.netty.channel.Channel-org.apache.hadoop.hdfs.protocol.DatanodeInfo-int-org.apache.hadoop.hdfs.DFSClient-org.apache.hadoop.security.token.Token-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-">
@@ -610,7 +612,7 @@ extends <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
<ul class="blockList">
<li class="blockList">
<h4>trySaslNegotiate</h4>
-<pre>static void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.751">trySaslNegotiate</a>(org.apache.hadoop.conf.Configuration conf,
+<pre>static void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.758">trySaslNegotiate</a>(org.apache.hadoop.conf.Configuration conf,
org.apache.hbase.thirdparty.io.netty.channel.Channel channel,
org.apache.hadoop.hdfs.protocol.DatanodeInfo dnInfo,
int timeoutMs,
@@ -630,7 +632,7 @@ extends <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html
<ul class="blockListLast">
<li class="blockList">
<h4>createEncryptor</h4>
-<pre>static org.apache.hadoop.crypto.Encryptor <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.810">createEncryptor</a>(org.apache.hadoop.conf.Configuration conf,
+<pre>static org.apache.hadoop.crypto.Encryptor <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.819">createEncryptor</a>(org.apache.hadoop.conf.Configuration conf,
org.apache.hadoop.hdfs.protocol.HdfsFileStatus stat,
org.apache.hadoop.hdfs.DFSClient client)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></pre>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/io/hfile/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/io/hfile/package-tree.html b/devapidocs/org/apache/hadoop/hbase/io/hfile/package-tree.html
index 0c26793..d4124d7 100644
--- a/devapidocs/org/apache/hadoop/hbase/io/hfile/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/io/hfile/package-tree.html
@@ -274,12 +274,12 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
+<li type="circle">org.apache.hadoop.hbase.io.hfile.<a href="../../../../../../org/apache/hadoop/hbase/io/hfile/CacheConfig.ExternalBlockCaches.html" title="enum in org.apache.hadoop.hbase.io.hfile"><span class="typeNameLink">CacheConfig.ExternalBlockCaches</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.io.hfile.<a href="../../../../../../org/apache/hadoop/hbase/io/hfile/Cacheable.MemoryType.html" title="enum in org.apache.hadoop.hbase.io.hfile"><span class="typeNameLink">Cacheable.MemoryType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.io.hfile.<a href="../../../../../../org/apache/hadoop/hbase/io/hfile/HFileBlock.Writer.State.html" title="enum in org.apache.hadoop.hbase.io.hfile"><span class="typeNameLink">HFileBlock.Writer.State</span></a></li>
<li type="circle">org.apache.hadoop.hbase.io.hfile.<a href="../../../../../../org/apache/hadoop/hbase/io/hfile/BlockType.html" title="enum in org.apache.hadoop.hbase.io.hfile"><span class="typeNameLink">BlockType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.io.hfile.<a href="../../../../../../org/apache/hadoop/hbase/io/hfile/BlockPriority.html" title="enum in org.apache.hadoop.hbase.io.hfile"><span class="typeNameLink">BlockPriority</span></a></li>
<li type="circle">org.apache.hadoop.hbase.io.hfile.<a href="../../../../../../org/apache/hadoop/hbase/io/hfile/BlockType.BlockCategory.html" title="enum in org.apache.hadoop.hbase.io.hfile"><span class="typeNameLink">BlockType.BlockCategory</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.io.hfile.<a href="../../../../../../org/apache/hadoop/hbase/io/hfile/HFileBlock.Writer.State.html" title="enum in org.apache.hadoop.hbase.io.hfile"><span class="typeNameLink">HFileBlock.Writer.State</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.io.hfile.<a href="../../../../../../org/apache/hadoop/hbase/io/hfile/Cacheable.MemoryType.html" title="enum in org.apache.hadoop.hbase.io.hfile"><span class="typeNameLink">Cacheable.MemoryType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.io.hfile.<a href="../../../../../../org/apache/hadoop/hbase/io/hfile/CacheConfig.ExternalBlockCaches.html" title="enum in org.apache.hadoop.hbase.io.hfile"><span class="typeNameLink">CacheConfig.ExternalBlockCaches</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.io.hfile.<a href="../../../../../../org/apache/hadoop/hbase/io/hfile/BlockPriority.html" title="enum in org.apache.hadoop.hbase.io.hfile"><span class="typeNameLink">BlockPriority</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/ipc/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/ipc/package-tree.html b/devapidocs/org/apache/hadoop/hbase/ipc/package-tree.html
index 91a2ed4..df0adf0 100644
--- a/devapidocs/org/apache/hadoop/hbase/ipc/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/ipc/package-tree.html
@@ -353,9 +353,9 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.ipc.<a href="../../../../../org/apache/hadoop/hbase/ipc/CallEvent.Type.html" title="enum in org.apache.hadoop.hbase.ipc"><span class="typeNameLink">CallEvent.Type</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.ipc.<a href="../../../../../org/apache/hadoop/hbase/ipc/BufferCallBeforeInitHandler.BufferCallAction.html" title="enum in org.apache.hadoop.hbase.ipc"><span class="typeNameLink">BufferCallBeforeInitHandler.BufferCallAction</span></a></li>
<li type="circle">org.apache.hadoop.hbase.ipc.<a href="../../../../../org/apache/hadoop/hbase/ipc/MetricsHBaseServerSourceFactoryImpl.SourceStorage.html" title="enum in org.apache.hadoop.hbase.ipc"><span class="typeNameLink">MetricsHBaseServerSourceFactoryImpl.SourceStorage</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.ipc.<a href="../../../../../org/apache/hadoop/hbase/ipc/BufferCallBeforeInitHandler.BufferCallAction.html" title="enum in org.apache.hadoop.hbase.ipc"><span class="typeNameLink">BufferCallBeforeInitHandler.BufferCallAction</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.ipc.<a href="../../../../../org/apache/hadoop/hbase/ipc/CallEvent.Type.html" title="enum in org.apache.hadoop.hbase.ipc"><span class="typeNameLink">CallEvent.Type</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/mapreduce/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/mapreduce/package-tree.html b/devapidocs/org/apache/hadoop/hbase/mapreduce/package-tree.html
index a07a1d8..bc33c0a 100644
--- a/devapidocs/org/apache/hadoop/hbase/mapreduce/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/mapreduce/package-tree.html
@@ -293,9 +293,9 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.mapreduce.<a href="../../../../../org/apache/hadoop/hbase/mapreduce/CellCounter.CellCounterMapper.Counters.html" title="enum in org.apache.hadoop.hbase.mapreduce"><span class="typeNameLink">CellCounter.CellCounterMapper.Counters</span></a></li>
<li type="circle">org.apache.hadoop.hbase.mapreduce.<a href="../../../../../org/apache/hadoop/hbase/mapreduce/TableSplit.Version.html" title="enum in org.apache.hadoop.hbase.mapreduce"><span class="typeNameLink">TableSplit.Version</span></a></li>
<li type="circle">org.apache.hadoop.hbase.mapreduce.<a href="../../../../../org/apache/hadoop/hbase/mapreduce/SyncTable.SyncMapper.Counter.html" title="enum in org.apache.hadoop.hbase.mapreduce"><span class="typeNameLink">SyncTable.SyncMapper.Counter</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.mapreduce.<a href="../../../../../org/apache/hadoop/hbase/mapreduce/CellCounter.CellCounterMapper.Counters.html" title="enum in org.apache.hadoop.hbase.mapreduce"><span class="typeNameLink">CellCounter.CellCounterMapper.Counters</span></a></li>
<li type="circle">org.apache.hadoop.hbase.mapreduce.<a href="../../../../../org/apache/hadoop/hbase/mapreduce/RowCounter.RowCounterMapper.Counters.html" title="enum in org.apache.hadoop.hbase.mapreduce"><span class="typeNameLink">RowCounter.RowCounterMapper.Counters</span></a></li>
</ul>
</li>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/master/balancer/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/master/balancer/package-tree.html b/devapidocs/org/apache/hadoop/hbase/master/balancer/package-tree.html
index abd92a9..1799704 100644
--- a/devapidocs/org/apache/hadoop/hbase/master/balancer/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/master/balancer/package-tree.html
@@ -198,8 +198,8 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.master.balancer.<a href="../../../../../../org/apache/hadoop/hbase/master/balancer/BaseLoadBalancer.Cluster.LocalityType.html" title="enum in org.apache.hadoop.hbase.master.balancer"><span class="typeNameLink">BaseLoadBalancer.Cluster.LocalityType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.master.balancer.<a href="../../../../../../org/apache/hadoop/hbase/master/balancer/BaseLoadBalancer.Cluster.Action.Type.html" title="enum in org.apache.hadoop.hbase.master.balancer"><span class="typeNameLink">BaseLoadBalancer.Cluster.Action.Type</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.master.balancer.<a href="../../../../../../org/apache/hadoop/hbase/master/balancer/BaseLoadBalancer.Cluster.LocalityType.html" title="enum in org.apache.hadoop.hbase.master.balancer"><span class="typeNameLink">BaseLoadBalancer.Cluster.LocalityType</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/master/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/master/package-tree.html b/devapidocs/org/apache/hadoop/hbase/master/package-tree.html
index 6aa7b77..5202f82 100644
--- a/devapidocs/org/apache/hadoop/hbase/master/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/master/package-tree.html
@@ -348,11 +348,11 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.master.<a href="../../../../../org/apache/hadoop/hbase/master/MasterRpcServices.BalanceSwitchMode.html" title="enum in org.apache.hadoop.hbase.master"><span class="typeNameLink">MasterRpcServices.BalanceSwitchMode</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.master.<a href="../../../../../org/apache/hadoop/hbase/master/RegionState.State.html" title="enum in org.apache.hadoop.hbase.master"><span class="typeNameLink">RegionState.State</span></a></li>
<li type="circle">org.apache.hadoop.hbase.master.<a href="../../../../../org/apache/hadoop/hbase/master/SplitLogManager.TerminationStatus.html" title="enum in org.apache.hadoop.hbase.master"><span class="typeNameLink">SplitLogManager.TerminationStatus</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.master.<a href="../../../../../org/apache/hadoop/hbase/master/MasterRpcServices.BalanceSwitchMode.html" title="enum in org.apache.hadoop.hbase.master"><span class="typeNameLink">MasterRpcServices.BalanceSwitchMode</span></a></li>
<li type="circle">org.apache.hadoop.hbase.master.<a href="../../../../../org/apache/hadoop/hbase/master/MetricsMasterSourceFactoryImpl.FactoryStorage.html" title="enum in org.apache.hadoop.hbase.master"><span class="typeNameLink">MetricsMasterSourceFactoryImpl.FactoryStorage</span></a></li>
<li type="circle">org.apache.hadoop.hbase.master.<a href="../../../../../org/apache/hadoop/hbase/master/SplitLogManager.ResubmitDirective.html" title="enum in org.apache.hadoop.hbase.master"><span class="typeNameLink">SplitLogManager.ResubmitDirective</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.master.<a href="../../../../../org/apache/hadoop/hbase/master/RegionState.State.html" title="enum in org.apache.hadoop.hbase.master"><span class="typeNameLink">RegionState.State</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/master/procedure/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/master/procedure/package-tree.html b/devapidocs/org/apache/hadoop/hbase/master/procedure/package-tree.html
index cd365ca..f86b651 100644
--- a/devapidocs/org/apache/hadoop/hbase/master/procedure/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/master/procedure/package-tree.html
@@ -216,10 +216,10 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.master.procedure.<a href="../../../../../../org/apache/hadoop/hbase/master/procedure/ServerProcedureInterface.ServerOperationType.html" title="enum in org.apache.hadoop.hbase.master.procedure"><span class="typeNameLink">ServerProcedureInterface.ServerOperationType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.master.procedure.<a href="../../../../../../org/apache/hadoop/hbase/master/procedure/MetaProcedureInterface.MetaOperationType.html" title="enum in org.apache.hadoop.hbase.master.procedure"><span class="typeNameLink">MetaProcedureInterface.MetaOperationType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.master.procedure.<a href="../../../../../../org/apache/hadoop/hbase/master/procedure/TableProcedureInterface.TableOperationType.html" title="enum in org.apache.hadoop.hbase.master.procedure"><span class="typeNameLink">TableProcedureInterface.TableOperationType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.master.procedure.<a href="../../../../../../org/apache/hadoop/hbase/master/procedure/PeerProcedureInterface.PeerOperationType.html" title="enum in org.apache.hadoop.hbase.master.procedure"><span class="typeNameLink">PeerProcedureInterface.PeerOperationType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.master.procedure.<a href="../../../../../../org/apache/hadoop/hbase/master/procedure/ServerProcedureInterface.ServerOperationType.html" title="enum in org.apache.hadoop.hbase.master.procedure"><span class="typeNameLink">ServerProcedureInterface.ServerOperationType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.master.procedure.<a href="../../../../../../org/apache/hadoop/hbase/master/procedure/MetaProcedureInterface.MetaOperationType.html" title="enum in org.apache.hadoop.hbase.master.procedure"><span class="typeNameLink">MetaProcedureInterface.MetaOperationType</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/package-tree.html b/devapidocs/org/apache/hadoop/hbase/package-tree.html
index ef79126..dcd371f 100644
--- a/devapidocs/org/apache/hadoop/hbase/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/package-tree.html
@@ -437,19 +437,19 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
+<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/Size.Unit.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">Size.Unit</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/ClusterMetrics.Option.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">ClusterMetrics.Option</span></a></li>
<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/CompatibilitySingletonFactory.SingletonStorage.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">CompatibilitySingletonFactory.SingletonStorage</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/KeyValue.Type.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">KeyValue.Type</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/KeepDeletedCells.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">KeepDeletedCells</span></a></li>
<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/CellBuilderType.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">CellBuilderType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/MetaTableAccessor.QueryType.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">MetaTableAccessor.QueryType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/MemoryCompactionPolicy.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">MemoryCompactionPolicy</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/Cell.Type.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">Cell.Type</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/ClusterMetrics.Option.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">ClusterMetrics.Option</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/HConstants.OperationStatusCode.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">HConstants.OperationStatusCode</span></a></li>
<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/HealthChecker.HealthCheckerExitStatus.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">HealthChecker.HealthCheckerExitStatus</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/Cell.Type.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">Cell.Type</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/MemoryCompactionPolicy.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">MemoryCompactionPolicy</span></a></li>
<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/Coprocessor.State.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">Coprocessor.State</span></a></li>
<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/CompareOperator.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">CompareOperator</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/Size.Unit.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">Size.Unit</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/KeepDeletedCells.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">KeepDeletedCells</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/KeyValue.Type.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">KeyValue.Type</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.<a href="../../../../org/apache/hadoop/hbase/HConstants.OperationStatusCode.html" title="enum in org.apache.hadoop.hbase"><span class="typeNameLink">HConstants.OperationStatusCode</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html b/devapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html
index 6934461..62513a9 100644
--- a/devapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/procedure2/package-tree.html
@@ -216,11 +216,11 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.procedure2.<a href="../../../../../org/apache/hadoop/hbase/procedure2/LockedResourceType.html" title="enum in org.apache.hadoop.hbase.procedure2"><span class="typeNameLink">LockedResourceType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.procedure2.<a href="../../../../../org/apache/hadoop/hbase/procedure2/Procedure.LockState.html" title="enum in org.apache.hadoop.hbase.procedure2"><span class="typeNameLink">Procedure.LockState</span></a></li>
<li type="circle">org.apache.hadoop.hbase.procedure2.<a href="../../../../../org/apache/hadoop/hbase/procedure2/RootProcedureState.State.html" title="enum in org.apache.hadoop.hbase.procedure2"><span class="typeNameLink">RootProcedureState.State</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.procedure2.<a href="../../../../../org/apache/hadoop/hbase/procedure2/StateMachineProcedure.Flow.html" title="enum in org.apache.hadoop.hbase.procedure2"><span class="typeNameLink">StateMachineProcedure.Flow</span></a></li>
<li type="circle">org.apache.hadoop.hbase.procedure2.<a href="../../../../../org/apache/hadoop/hbase/procedure2/LockType.html" title="enum in org.apache.hadoop.hbase.procedure2"><span class="typeNameLink">LockType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.procedure2.<a href="../../../../../org/apache/hadoop/hbase/procedure2/LockedResourceType.html" title="enum in org.apache.hadoop.hbase.procedure2"><span class="typeNameLink">LockedResourceType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.procedure2.<a href="../../../../../org/apache/hadoop/hbase/procedure2/StateMachineProcedure.Flow.html" title="enum in org.apache.hadoop.hbase.procedure2"><span class="typeNameLink">StateMachineProcedure.Flow</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/quotas/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/quotas/package-tree.html b/devapidocs/org/apache/hadoop/hbase/quotas/package-tree.html
index e1475c6..51b8c05 100644
--- a/devapidocs/org/apache/hadoop/hbase/quotas/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/quotas/package-tree.html
@@ -229,13 +229,13 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.quotas.<a href="../../../../../org/apache/hadoop/hbase/quotas/QuotaType.html" title="enum in org.apache.hadoop.hbase.quotas"><span class="typeNameLink">QuotaType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.quotas.<a href="../../../../../org/apache/hadoop/hbase/quotas/OperationQuota.OperationType.html" title="enum in org.apache.hadoop.hbase.quotas"><span class="typeNameLink">OperationQuota.OperationType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.quotas.<a href="../../../../../org/apache/hadoop/hbase/quotas/SpaceViolationPolicy.html" title="enum in org.apache.hadoop.hbase.quotas"><span class="typeNameLink">SpaceViolationPolicy</span></a></li>
<li type="circle">org.apache.hadoop.hbase.quotas.<a href="../../../../../org/apache/hadoop/hbase/quotas/ThrottlingException.Type.html" title="enum in org.apache.hadoop.hbase.quotas"><span class="typeNameLink">ThrottlingException.Type</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.quotas.<a href="../../../../../org/apache/hadoop/hbase/quotas/SpaceViolationPolicy.html" title="enum in org.apache.hadoop.hbase.quotas"><span class="typeNameLink">SpaceViolationPolicy</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.quotas.<a href="../../../../../org/apache/hadoop/hbase/quotas/OperationQuota.OperationType.html" title="enum in org.apache.hadoop.hbase.quotas"><span class="typeNameLink">OperationQuota.OperationType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.quotas.<a href="../../../../../org/apache/hadoop/hbase/quotas/RpcThrottlingException.Type.html" title="enum in org.apache.hadoop.hbase.quotas"><span class="typeNameLink">RpcThrottlingException.Type</span></a></li>
<li type="circle">org.apache.hadoop.hbase.quotas.<a href="../../../../../org/apache/hadoop/hbase/quotas/ThrottleType.html" title="enum in org.apache.hadoop.hbase.quotas"><span class="typeNameLink">ThrottleType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.quotas.<a href="../../../../../org/apache/hadoop/hbase/quotas/QuotaScope.html" title="enum in org.apache.hadoop.hbase.quotas"><span class="typeNameLink">QuotaScope</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.quotas.<a href="../../../../../org/apache/hadoop/hbase/quotas/QuotaType.html" title="enum in org.apache.hadoop.hbase.quotas"><span class="typeNameLink">QuotaType</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html b/devapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html
index 13b3bbe..3b96953 100644
--- a/devapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/regionserver/package-tree.html
@@ -708,20 +708,20 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/CompactingMemStore.IndexType.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">CompactingMemStore.IndexType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/Region.Operation.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">Region.Operation</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/FlushType.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">FlushType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/MemStoreCompactionStrategy.Action.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">MemStoreCompactionStrategy.Action</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/ScannerContext.NextState.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">ScannerContext.NextState</span></a></li>
<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/BloomType.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">BloomType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/MetricsRegionServerSourceFactoryImpl.FactoryStorage.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">MetricsRegionServerSourceFactoryImpl.FactoryStorage</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/ChunkCreator.ChunkType.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">ChunkCreator.ChunkType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/DefaultHeapMemoryTuner.StepDirection.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">DefaultHeapMemoryTuner.StepDirection</span></a></li>
<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/ScanType.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">ScanType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/MemStoreCompactionStrategy.Action.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">MemStoreCompactionStrategy.Action</span></a></li>
<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/HRegion.FlushResult.Result.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">HRegion.FlushResult.Result</span></a></li>
<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/ScannerContext.LimitScope.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">ScannerContext.LimitScope</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/ScannerContext.NextState.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">ScannerContext.NextState</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/ChunkCreator.ChunkType.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">ChunkCreator.ChunkType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/DefaultHeapMemoryTuner.StepDirection.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">DefaultHeapMemoryTuner.StepDirection</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/CompactingMemStore.IndexType.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">CompactingMemStore.IndexType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/TimeRangeTracker.Type.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">TimeRangeTracker.Type</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/MetricsRegionServerSourceFactoryImpl.FactoryStorage.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">MetricsRegionServerSourceFactoryImpl.FactoryStorage</span></a></li>
<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/SplitLogWorker.TaskExecutor.Status.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">SplitLogWorker.TaskExecutor.Status</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/FlushType.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">FlushType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.regionserver.<a href="../../../../../org/apache/hadoop/hbase/regionserver/Region.Operation.html" title="enum in org.apache.hadoop.hbase.regionserver"><span class="typeNameLink">Region.Operation</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/regionserver/querymatcher/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/regionserver/querymatcher/package-tree.html b/devapidocs/org/apache/hadoop/hbase/regionserver/querymatcher/package-tree.html
index 3bd22b5..2731576 100644
--- a/devapidocs/org/apache/hadoop/hbase/regionserver/querymatcher/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/regionserver/querymatcher/package-tree.html
@@ -131,8 +131,8 @@
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
<li type="circle">org.apache.hadoop.hbase.regionserver.querymatcher.<a href="../../../../../../org/apache/hadoop/hbase/regionserver/querymatcher/ScanQueryMatcher.MatchCode.html" title="enum in org.apache.hadoop.hbase.regionserver.querymatcher"><span class="typeNameLink">ScanQueryMatcher.MatchCode</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.regionserver.querymatcher.<a href="../../../../../../org/apache/hadoop/hbase/regionserver/querymatcher/StripeCompactionScanQueryMatcher.DropDeletesInOutput.html" title="enum in org.apache.hadoop.hbase.regionserver.querymatcher"><span class="typeNameLink">StripeCompactionScanQueryMatcher.DropDeletesInOutput</span></a></li>
<li type="circle">org.apache.hadoop.hbase.regionserver.querymatcher.<a href="../../../../../../org/apache/hadoop/hbase/regionserver/querymatcher/DeleteTracker.DeleteResult.html" title="enum in org.apache.hadoop.hbase.regionserver.querymatcher"><span class="typeNameLink">DeleteTracker.DeleteResult</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.regionserver.querymatcher.<a href="../../../../../../org/apache/hadoop/hbase/regionserver/querymatcher/StripeCompactionScanQueryMatcher.DropDeletesInOutput.html" title="enum in org.apache.hadoop.hbase.regionserver.querymatcher"><span class="typeNameLink">StripeCompactionScanQueryMatcher.DropDeletesInOutput</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/regionserver/wal/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/regionserver/wal/package-tree.html b/devapidocs/org/apache/hadoop/hbase/regionserver/wal/package-tree.html
index f0c55c8..19354d1 100644
--- a/devapidocs/org/apache/hadoop/hbase/regionserver/wal/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/regionserver/wal/package-tree.html
@@ -247,9 +247,9 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.regionserver.wal.<a href="../../../../../../org/apache/hadoop/hbase/regionserver/wal/RingBufferTruck.Type.html" title="enum in org.apache.hadoop.hbase.regionserver.wal"><span class="typeNameLink">RingBufferTruck.Type</span></a></li>
<li type="circle">org.apache.hadoop.hbase.regionserver.wal.<a href="../../../../../../org/apache/hadoop/hbase/regionserver/wal/CompressionContext.DictionaryIndex.html" title="enum in org.apache.hadoop.hbase.regionserver.wal"><span class="typeNameLink">CompressionContext.DictionaryIndex</span></a></li>
<li type="circle">org.apache.hadoop.hbase.regionserver.wal.<a href="../../../../../../org/apache/hadoop/hbase/regionserver/wal/ProtobufLogReader.WALHdrResult.html" title="enum in org.apache.hadoop.hbase.regionserver.wal"><span class="typeNameLink">ProtobufLogReader.WALHdrResult</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.regionserver.wal.<a href="../../../../../../org/apache/hadoop/hbase/regionserver/wal/RingBufferTruck.Type.html" title="enum in org.apache.hadoop.hbase.regionserver.wal"><span class="typeNameLink">RingBufferTruck.Type</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/replication/regionserver/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/replication/regionserver/package-tree.html b/devapidocs/org/apache/hadoop/hbase/replication/regionserver/package-tree.html
index 30c4e73..cd3870f 100644
--- a/devapidocs/org/apache/hadoop/hbase/replication/regionserver/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/replication/regionserver/package-tree.html
@@ -207,8 +207,8 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.replication.regionserver.<a href="../../../../../../org/apache/hadoop/hbase/replication/regionserver/MetricsReplicationSourceFactoryImpl.SourceHolder.html" title="enum in org.apache.hadoop.hbase.replication.regionserver"><span class="typeNameLink">MetricsReplicationSourceFactoryImpl.SourceHolder</span></a></li>
<li type="circle">org.apache.hadoop.hbase.replication.regionserver.<a href="../../../../../../org/apache/hadoop/hbase/replication/regionserver/ReplicationSourceShipper.WorkerState.html" title="enum in org.apache.hadoop.hbase.replication.regionserver"><span class="typeNameLink">ReplicationSourceShipper.WorkerState</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.replication.regionserver.<a href="../../../../../../org/apache/hadoop/hbase/replication/regionserver/MetricsReplicationSourceFactoryImpl.SourceHolder.html" title="enum in org.apache.hadoop.hbase.replication.regionserver"><span class="typeNameLink">MetricsReplicationSourceFactoryImpl.SourceHolder</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html b/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html
index 8051208..eec8680 100644
--- a/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/security/access/package-tree.html
@@ -142,9 +142,9 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.security.access.<a href="../../../../../../org/apache/hadoop/hbase/security/access/AccessController.OpType.html" title="enum in org.apache.hadoop.hbase.security.access"><span class="typeNameLink">AccessController.OpType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.security.access.<a href="../../../../../../org/apache/hadoop/hbase/security/access/Permission.Action.html" title="enum in org.apache.hadoop.hbase.security.access"><span class="typeNameLink">Permission.Action</span></a></li>
<li type="circle">org.apache.hadoop.hbase.security.access.<a href="../../../../../../org/apache/hadoop/hbase/security/access/AccessControlFilter.Strategy.html" title="enum in org.apache.hadoop.hbase.security.access"><span class="typeNameLink">AccessControlFilter.Strategy</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.security.access.<a href="../../../../../../org/apache/hadoop/hbase/security/access/Permission.Action.html" title="enum in org.apache.hadoop.hbase.security.access"><span class="typeNameLink">Permission.Action</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.security.access.<a href="../../../../../../org/apache/hadoop/hbase/security/access/AccessController.OpType.html" title="enum in org.apache.hadoop.hbase.security.access"><span class="typeNameLink">AccessController.OpType</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/security/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/security/package-tree.html b/devapidocs/org/apache/hadoop/hbase/security/package-tree.html
index 6ef281d..29d7634 100644
--- a/devapidocs/org/apache/hadoop/hbase/security/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/security/package-tree.html
@@ -191,8 +191,8 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.security.<a href="../../../../../org/apache/hadoop/hbase/security/SaslUtil.QualityOfProtection.html" title="enum in org.apache.hadoop.hbase.security"><span class="typeNameLink">SaslUtil.QualityOfProtection</span></a></li>
<li type="circle">org.apache.hadoop.hbase.security.<a href="../../../../../org/apache/hadoop/hbase/security/SaslStatus.html" title="enum in org.apache.hadoop.hbase.security"><span class="typeNameLink">SaslStatus</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.security.<a href="../../../../../org/apache/hadoop/hbase/security/SaslUtil.QualityOfProtection.html" title="enum in org.apache.hadoop.hbase.security"><span class="typeNameLink">SaslUtil.QualityOfProtection</span></a></li>
<li type="circle">org.apache.hadoop.hbase.security.<a href="../../../../../org/apache/hadoop/hbase/security/AuthMethod.html" title="enum in org.apache.hadoop.hbase.security"><span class="typeNameLink">AuthMethod</span></a></li>
</ul>
</li>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/thrift/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/thrift/package-tree.html b/devapidocs/org/apache/hadoop/hbase/thrift/package-tree.html
index 03e1383..2923faf 100644
--- a/devapidocs/org/apache/hadoop/hbase/thrift/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/thrift/package-tree.html
@@ -199,9 +199,9 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
+<li type="circle">org.apache.hadoop.hbase.thrift.<a href="../../../../../org/apache/hadoop/hbase/thrift/ThriftServerRunner.ImplType.html" title="enum in org.apache.hadoop.hbase.thrift"><span class="typeNameLink">ThriftServerRunner.ImplType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.thrift.<a href="../../../../../org/apache/hadoop/hbase/thrift/MetricsThriftServerSourceFactoryImpl.FactoryStorage.html" title="enum in org.apache.hadoop.hbase.thrift"><span class="typeNameLink">MetricsThriftServerSourceFactoryImpl.FactoryStorage</span></a></li>
<li type="circle">org.apache.hadoop.hbase.thrift.<a href="../../../../../org/apache/hadoop/hbase/thrift/ThriftMetrics.ThriftServerType.html" title="enum in org.apache.hadoop.hbase.thrift"><span class="typeNameLink">ThriftMetrics.ThriftServerType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.thrift.<a href="../../../../../org/apache/hadoop/hbase/thrift/ThriftServerRunner.ImplType.html" title="enum in org.apache.hadoop.hbase.thrift"><span class="typeNameLink">ThriftServerRunner.ImplType</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/util/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/util/package-tree.html b/devapidocs/org/apache/hadoop/hbase/util/package-tree.html
index e8132f1..bd47e2e 100644
--- a/devapidocs/org/apache/hadoop/hbase/util/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/util/package-tree.html
@@ -515,14 +515,14 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/ChecksumType.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">ChecksumType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/PrettyPrinter.Unit.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">PrettyPrinter.Unit</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/PoolMap.PoolType.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">PoolMap.PoolType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/HBaseFsck.ErrorReporter.ERROR_CODE.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">HBaseFsck.ErrorReporter.ERROR_CODE</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/Order.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">Order</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/Bytes.LexicographicalComparerHolder.UnsafeComparer.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">Bytes.LexicographicalComparerHolder.UnsafeComparer</span></a> (implements org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/Bytes.Comparer.html" title="interface in org.apache.hadoop.hbase.util">Bytes.Comparer</a><T>)</li>
+<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/PrettyPrinter.Unit.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">PrettyPrinter.Unit</span></a></li>
<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/Bytes.LexicographicalComparerHolder.PureJavaComparer.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">Bytes.LexicographicalComparerHolder.PureJavaComparer</span></a> (implements org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/Bytes.Comparer.html" title="interface in org.apache.hadoop.hbase.util">Bytes.Comparer</a><T>)</li>
+<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/ChecksumType.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">ChecksumType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/PoolMap.PoolType.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">PoolMap.PoolType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/IdReadWriteLock.ReferenceType.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">IdReadWriteLock.ReferenceType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/Bytes.LexicographicalComparerHolder.UnsafeComparer.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">Bytes.LexicographicalComparerHolder.UnsafeComparer</span></a> (implements org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/Bytes.Comparer.html" title="interface in org.apache.hadoop.hbase.util">Bytes.Comparer</a><T>)</li>
+<li type="circle">org.apache.hadoop.hbase.util.<a href="../../../../../org/apache/hadoop/hbase/util/Order.html" title="enum in org.apache.hadoop.hbase.util"><span class="typeNameLink">Order</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/Version.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/Version.html b/devapidocs/src-html/org/apache/hadoop/hbase/Version.html
index f61da78..7907c2e 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/Version.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/Version.html
@@ -16,11 +16,11 @@
<span class="sourceLineNo">008</span>@InterfaceAudience.Private<a name="line.8"></a>
<span class="sourceLineNo">009</span>public class Version {<a name="line.9"></a>
<span class="sourceLineNo">010</span> public static final String version = "3.0.0-SNAPSHOT";<a name="line.10"></a>
-<span class="sourceLineNo">011</span> public static final String revision = "397388316ead020d005a33e233364d166d4add00";<a name="line.11"></a>
+<span class="sourceLineNo">011</span> public static final String revision = "a3ab9306a6a1b044a8558814c5e21a38e0cb8b03";<a name="line.11"></a>
<span class="sourceLineNo">012</span> public static final String user = "jenkins";<a name="line.12"></a>
-<span class="sourceLineNo">013</span> public static final String date = "Fri Aug 10 14:39:22 UTC 2018";<a name="line.13"></a>
+<span class="sourceLineNo">013</span> public static final String date = "Sat Aug 11 14:39:49 UTC 2018";<a name="line.13"></a>
<span class="sourceLineNo">014</span> public static final String url = "git://jenkins-websites1.apache.org/home/jenkins/jenkins-slave/workspace/hbase_generate_website/hbase";<a name="line.14"></a>
-<span class="sourceLineNo">015</span> public static final String srcChecksum = "6c3f408e84717bc608f6c4ea62a7de50";<a name="line.15"></a>
+<span class="sourceLineNo">015</span> public static final String srcChecksum = "66b521015c9059ec6f0addb39f4b146d";<a name="line.15"></a>
<span class="sourceLineNo">016</span>}<a name="line.16"></a>
[14/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/apache_hbase_reference_guide.pdf
----------------------------------------------------------------------
diff --git a/apache_hbase_reference_guide.pdf b/apache_hbase_reference_guide.pdf
index fe0f1d0..9bd6ad2 100644
--- a/apache_hbase_reference_guide.pdf
+++ b/apache_hbase_reference_guide.pdf
@@ -5,8 +5,8 @@
/Author (Apache HBase Team)
/Creator (Asciidoctor PDF 1.5.0.alpha.15, based on Prawn 2.2.2)
/Producer (Apache HBase Team)
-/ModDate (D:20180810142954+00'00')
-/CreationDate (D:20180810144520+00'00')
+/ModDate (D:20180811142954+00'00')
+/CreationDate (D:20180811144555+00'00')
>>
endobj
2 0 obj
@@ -10338,7 +10338,7 @@ endobj
>>
endobj
25 0 obj
-<< /Length 12754
+<< /Length 12768
>>
stream
q
@@ -11038,7 +11038,7 @@ ET
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
-2.9455 Tw
+0.0389 Tw
BT
48.24 103.422 Td
@@ -11053,12 +11053,12 @@ ET
0.2588 0.5451 0.7922 scn
0.2588 0.5451 0.7922 SCN
-2.9455 Tw
+0.0389 Tw
BT
-407.2375 103.422 Td
+378.1716 103.422 Td
/F1.0 10.5 Tf
-<70726976617465406170616368652e6f7267> Tj
+<707269766174654068626173652e6170616368652e6f7267> Tj
ET
@@ -11068,10 +11068,10 @@ ET
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
-2.9455 Tw
+0.0389 Tw
BT
-507.88 103.422 Td
+510.7866 103.422 Td
/F1.0 10.5 Tf
<2c207768696368> Tj
ET
@@ -11300,10 +11300,10 @@ endobj
<< /Border [0 0 0]
/A << /Type /Action
/S /URI
-/URI (mailto:private@apache.org)
+/URI (mailto:private@hbase.apache.org)
>>
/Subtype /Link
-/Rect [407.2375 100.356 507.88 114.636]
+/Rect [378.1716 100.356 510.7866 114.636]
/Type /Annot
>>
endobj
@@ -195870,7 +195870,7 @@ endobj
>>
endobj
1277 0 obj
-<< /Length 4694
+<< /Length 4706
>>
stream
q
@@ -195982,7 +195982,7 @@ ET
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
-4.9616 Tw
+0.3941 Tw
BT
192.24 687.855 Td
@@ -195997,12 +195997,12 @@ ET
0.2588 0.5451 0.7922 scn
0.2588 0.5451 0.7922 SCN
-4.9616 Tw
+0.3941 Tw
BT
-341.2947 687.855 Td
+318.4572 687.855 Td
/F1.0 10.5 Tf
-<70726976617465406170616368652e6f7267> Tj
+<707269766174654068626173652e6170616368652e6f7267> Tj
ET
@@ -196012,10 +196012,10 @@ ET
0.2 0.2 0.2 scn
0.2 0.2 0.2 SCN
-4.9616 Tw
+0.3941 Tw
BT
-441.9372 687.855 Td
+451.0722 687.855 Td
/F1.0 10.5 Tf
<2c20776869636820616c6c6f7773> Tj
ET
@@ -196217,10 +196217,10 @@ endobj
<< /Border [0 0 0]
/A << /Type /Action
/S /URI
-/URI (mailto:private@apache.org)
+/URI (mailto:private@hbase.apache.org)
>>
/Subtype /Link
-/Rect [341.2947 684.789 441.9372 699.069]
+/Rect [318.4572 684.789 451.0722 699.069]
/Type /Annot
>>
endobj
@@ -855265,5279 +855265,5279 @@ xref
0000202036 00000 n
0000205585 00000 n
0000205984 00000 n
-0000218792 00000 n
-0000219248 00000 n
-0000219292 00000 n
-0000219341 00000 n
-0000219441 00000 n
-0000219485 00000 n
-0000219661 00000 n
-0000219830 00000 n
-0000220018 00000 n
-0000220206 00000 n
-0000220384 00000 n
-0000220548 00000 n
-0000220726 00000 n
-0000221008 00000 n
-0000221159 00000 n
-0000221330 00000 n
-0000221539 00000 n
-0000221728 00000 n
-0000221898 00000 n
-0000221942 00000 n
-0000229036 00000 n
-0000229406 00000 n
-0000229579 00000 n
-0000229975 00000 n
-0000230319 00000 n
-0000230363 00000 n
-0000231184 00000 n
-0000231545 00000 n
-0000231589 00000 n
-0000231711 00000 n
-0000252100 00000 n
-0000252507 00000 n
-0000252551 00000 n
-0000252595 00000 n
-0000252713 00000 n
-0000252757 00000 n
-0000252948 00000 n
-0000268407 00000 n
-0000268777 00000 n
-0000280730 00000 n
-0000281117 00000 n
-0000281284 00000 n
-0000281328 00000 n
-0000292650 00000 n
-0000292994 00000 n
-0000303884 00000 n
-0000304228 00000 n
-0000316756 00000 n
-0000317177 00000 n
-0000317222 00000 n
-0000317349 00000 n
-0000317476 00000 n
-0000317713 00000 n
-0000317840 00000 n
-0000331607 00000 n
-0000331981 00000 n
-0000332109 00000 n
-0000347203 00000 n
-0000347573 00000 n
-0000367658 00000 n
-0000368065 00000 n
-0000368188 00000 n
-0000368232 00000 n
-0000368366 00000 n
-0000368411 00000 n
-0000385705 00000 n
-0000386079 00000 n
-0000386204 00000 n
-0000399931 00000 n
-0000400288 00000 n
-0000411736 00000 n
-0000412093 00000 n
-0000421287 00000 n
-0000421711 00000 n
-0000421835 00000 n
-0000422010 00000 n
-0000422186 00000 n
-0000422232 00000 n
-0000422363 00000 n
-0000424808 00000 n
-0000425196 00000 n
-0000425242 00000 n
-0000425373 00000 n
-0000425508 00000 n
-0000425656 00000 n
-0000425802 00000 n
-0000438337 00000 n
-0000438748 00000 n
-0000438794 00000 n
-0000438994 00000 n
-0000439118 00000 n
-0000442412 00000 n
-0000442784 00000 n
-0000463189 00000 n
-0000463672 00000 n
-0000463718 00000 n
-0000463764 00000 n
-0000463950 00000 n
-0000464144 00000 n
-0000464338 00000 n
-0000464532 00000 n
-0000464726 00000 n
-0000464920 00000 n
-0000465114 00000 n
-0000465161 00000 n
-0000465303 00000 n
-0000465445 00000 n
-0000465682 00000 n
-0000465918 00000 n
-0000480962 00000 n
-0000481360 00000 n
-0000481560 00000 n
-0000481606 00000 n
-0000481752 00000 n
-0000493785 00000 n
-0000494220 00000 n
-0000494399 00000 n
-0000494446 00000 n
-0000494616 00000 n
-0000494835 00000 n
-0000495052 00000 n
-0000495195 00000 n
-0000544484 00000 n
-0000544922 00000 n
-0000545122 00000 n
-0000545322 00000 n
-0000545516 00000 n
-0000545710 00000 n
-0000545902 00000 n
-0000546094 00000 n
-0000546288 00000 n
-0000559696 00000 n
-0000560115 00000 n
-0000560310 00000 n
-0000560504 00000 n
-0000560551 00000 n
-0000561086 00000 n
-0000561442 00000 n
-0000561589 00000 n
-0000562826 00000 n
-0000563203 00000 n
-0000563421 00000 n
-0000563467 00000 n
-0000578657 00000 n
-0000579076 00000 n
-0000579122 00000 n
-0000579247 00000 n
-0000579373 00000 n
-0000579419 00000 n
-0000579543 00000 n
-0000579589 00000 n
-0000579635 00000 n
-0000590879 00000 n
-0000591330 00000 n
-0000591514 00000 n
-0000591746 00000 n
-0000591976 00000 n
-0000592022 00000 n
-0000592150 00000 n
-0000592284 00000 n
-0000592331 00000 n
-0000592477 00000 n
-0000592602 00000 n
-0000611265 00000 n
-0000611650 00000 n
-0000611780 00000 n
-0000611924 00000 n
-0000616611 00000 n
-0000616970 00000 n
-0000627000 00000 n
-0000627390 00000 n
-0000627436 00000 n
-0000627567 00000 n
-0000638431 00000 n
-0000638834 00000 n
-0000638880 00000 n
-0000638926 00000 n
-0000639068 00000 n
-0000639114 00000 n
-0000639160 00000 n
-0000639207 00000 n
-0000639254 00000 n
-0000647044 00000 n
-0000647403 00000 n
-0000647449 00000 n
-0000647496 00000 n
-0000647543 00000 n
-0000648147 00000 n
-0000648194 00000 n
-0000648241 00000 n
-0000648287 00000 n
-0000657076 00000 n
-0000657435 00000 n
-0000657481 00000 n
-0000657528 00000 n
-0000657575 00000 n
-0000657622 00000 n
-0000657669 00000 n
-0000657715 00000 n
-0000665344 00000 n
-0000665703 00000 n
-0000665751 00000 n
-0000666471 00000 n
-0000666519 00000 n
-0000666567 00000 n
-0000666615 00000 n
-0000666663 00000 n
-0000666710 00000 n
-0000677790 00000 n
-0000678149 00000 n
-0000678196 00000 n
-0000678243 00000 n
-0000678289 00000 n
-0000686240 00000 n
-0000686599 00000 n
-0000686646 00000 n
-0000686693 00000 n
-0000686740 00000 n
-0000686787 00000 n
-0000686834 00000 n
-0000687607 00000 n
-0000687653 00000 n
-0000696120 00000 n
-0000696479 00000 n
-0000696526 00000 n
-0000696573 00000 n
-0000696620 00000 n
-0000696667 00000 n
-0000696714 00000 n
-0000696760 00000 n
-0000705853 00000 n
-0000706238 00000 n
-0000706285 00000 n
-0000706518 00000 n
-0000706750 00000 n
-0000706797 00000 n
-0000706844 00000 n
-0000706891 00000 n
-0000706936 00000 n
-0000714971 00000 n
-0000715372 00000 n
-0000715420 00000 n
-0000715666 00000 n
-0000715911 00000 n
-0000715959 00000 n
-0000716205 00000 n
-0000716450 00000 n
-0000716498 00000 n
-0000716546 00000 n
-0000717079 00000 n
-0000717127 00000 n
-0000717175 00000 n
-0000726190 00000 n
-0000726562 00000 n
-0000726610 00000 n
-0000726658 00000 n
-0000726706 00000 n
-0000726754 00000 n
-0000726802 00000 n
-0000736115 00000 n
-0000736500 00000 n
-0000736548 00000 n
-0000736596 00000 n
-0000736644 00000 n
-0000736692 00000 n
-0000737207 00000 n
-0000737404 00000 n
-0000737599 00000 n
-0000737647 00000 n
-0000745984 00000 n
-0000746343 00000 n
-0000746390 00000 n
-0000746437 00000 n
-0000746484 00000 n
-0000746531 00000 n
-0000746578 00000 n
-0000746624 00000 n
-0000753535 00000 n
-0000753894 00000 n
-0000753941 00000 n
-0000753988 00000 n
-0000754035 00000 n
-0000754082 00000 n
-0000754129 00000 n
-0000754176 00000 n
-0000763728 00000 n
-0000764087 00000 n
-0000764133 00000 n
-0000764180 00000 n
-0000764227 00000 n
-0000764274 00000 n
-0000764321 00000 n
-0000772916 00000 n
-0000773275 00000 n
-0000773321 00000 n
-0000773368 00000 n
-0000773415 00000 n
-0000773462 00000 n
-0000774143 00000 n
-0000774190 00000 n
-0000774235 00000 n
-0000783317 00000 n
-0000783676 00000 n
-0000783723 00000 n
-0000783770 00000 n
-0000783817 00000 n
-0000783864 00000 n
-0000794929 00000 n
-0000795288 00000 n
-0000795334 00000 n
-0000795381 00000 n
-0000795428 00000 n
-0000795474 00000 n
-0000804181 00000 n
-0000804540 00000 n
-0000804587 00000 n
-0000804634 00000 n
-0000804681 00000 n
-0000804728 00000 n
-0000804775 00000 n
-0000812835 00000 n
-0000813194 00000 n
-0000813241 00000 n
-0000813288 00000 n
-0000813335 00000 n
-0000813382 00000 n
-0000813429 00000 n
-0000813475 00000 n
-0000821894 00000 n
-0000822271 00000 n
-0000822318 00000 n
-0000822365 00000 n
-0000822565 00000 n
-0000822612 00000 n
-0000822659 00000 n
-0000822705 00000 n
-0000830388 00000 n
-0000830765 00000 n
-0000830951 00000 n
-0000830998 00000 n
-0000831045 00000 n
-0000832004 00000 n
-0000832051 00000 n
-0000832098 00000 n
-0000832145 00000 n
-0000832191 00000 n
-0000832784 00000 n
-0000842731 00000 n
-0000843140 00000 n
-0000843187 00000 n
-0000844000 00000 n
-0000844047 00000 n
-0000844274 00000 n
-0000844500 00000 n
-0000844547 00000 n
-0000844744 00000 n
-0000844791 00000 n
-0000845530 00000 n
-0000845725 00000 n
-0000845918 00000 n
-0000853637 00000 n
-0000853996 00000 n
-0000854042 00000 n
-0000854089 00000 n
-0000854136 00000 n
-0000854183 00000 n
-0000854230 00000 n
-0000854276 00000 n
-0000862748 00000 n
-0000863107 00000 n
-0000863154 00000 n
-0000863201 00000 n
-0000863248 00000 n
-0000863295 00000 n
-0000863342 00000 n
-0000871992 00000 n
-0000872351 00000 n
-0000872399 00000 n
-0000873056 00000 n
-0000873104 00000 n
-0000873152 00000 n
-0000873200 00000 n
-0000873248 00000 n
-0000881179 00000 n
-0000881538 00000 n
-0000881586 00000 n
-0000881634 00000 n
-0000881682 00000 n
-0000881730 00000 n
-0000881778 00000 n
-0000881826 00000 n
-0000889861 00000 n
-0000890220 00000 n
-0000890268 00000 n
-0000890316 00000 n
-0000890757 00000 n
-0000890805 00000 n
-0000890853 00000 n
-0000890901 00000 n
-0000890949 00000 n
-0000897813 00000 n
-0000898172 00000 n
-0000898219 00000 n
-0000898266 00000 n
-0000898313 00000 n
-0000898745 00000 n
-0000898792 00000 n
-0000898839 00000 n
-0000898886 00000 n
-0000898933 00000 n
-0000907343 00000 n
-0000907702 00000 n
-0000907749 00000 n
-0000907796 00000 n
-0000907843 00000 n
-0000907890 00000 n
-0000907937 00000 n
-0000907983 00000 n
-0000917429 00000 n
-0000917788 00000 n
-0000917835 00000 n
-0000917882 00000 n
-0000917929 00000 n
-0000917976 00000 n
-0000925842 00000 n
-0000926201 00000 n
-0000926247 00000 n
-0000926294 00000 n
-0000926341 00000 n
-0000926388 00000 n
-0000926435 00000 n
-0000926481 00000 n
-0000926527 00000 n
-0000934411 00000 n
-0000934796 00000 n
-0000934843 00000 n
-0000934890 00000 n
-0000935588 00000 n
-0000935635 00000 n
-0000935682 00000 n
-0000935728 00000 n
-0000935775 00000 n
-0000936426 00000 n
-0000936671 00000 n
-0000936916 00000 n
-0000946836 00000 n
-0000947235 00000 n
-0000947282 00000 n
-0000947329 00000 n
-0000947578 00000 n
-0000947827 00000 n
-0000947874 00000 n
-0000947921 00000 n
-0000948097 00000 n
-0000948145 00000 n
-0000957365 00000 n
-0000957724 00000 n
-0000957771 00000 n
-0000957818 00000 n
-0000957865 00000 n
-0000958611 00000 n
-0000958658 00000 n
-0000967513 00000 n
-0000967872 00000 n
-0000967918 00000 n
-0000967965 00000 n
-0000968012 00000 n
-0000968059 00000 n
-0000968106 00000 n
-0000968151 00000 n
-0000976242 00000 n
-0000976601 00000 n
-0000976648 00000 n
-0000976695 00000 n
-0000976742 00000 n
-0000976789 00000 n
-0000976835 00000 n
-0000984953 00000 n
-0000985312 00000 n
-0000985360 00000 n
-0000985408 00000 n
-0000985456 00000 n
-0000986088 00000 n
-0000986136 00000 n
-0000986184 00000 n
-0000986231 00000 n
-0000993775 00000 n
-0000994147 00000 n
-0000994194 00000 n
-0000994241 00000 n
-0000994288 00000 n
-0000994335 00000 n
-0000994382 00000 n
-0000994429 00000 n
-0001007397 00000 n
-0001007769 00000 n
-0001007815 00000 n
-0001007861 00000 n
-0001021561 00000 n
-0001021959 00000 n
-0001022005 00000 n
-0001022226 00000 n
-0001022445 00000 n
-0001022491 00000 n
-0001040497 00000 n
-0001040882 00000 n
-0001040928 00000 n
-0001040974 00000 n
-0001041020 00000 n
-0001047930 00000 n
-0001048302 00000 n
-0001048348 00000 n
-0001048394 00000 n
-0001058908 00000 n
-0001059351 00000 n
-0001059397 00000 n
-0001059443 00000 n
-0001059560 00000 n
-0001059681 00000 n
-0001059727 00000 n
-0001059918 00000 n
-0001060106 00000 n
-0001060297 00000 n
-0001060343 00000 n
-0001060389 00000 n
-0001060435 00000 n
-0001060481 00000 n
-0001060603 00000 n
-0001060648 00000 n
-0001072424 00000 n
-0001072843 00000 n
-0001072889 00000 n
-0001072935 00000 n
-0001073062 00000 n
-0001073108 00000 n
-0001073154 00000 n
-0001073279 00000 n
-0001073325 00000 n
-0001074061 00000 n
-0001074180 00000 n
-0001088576 00000 n
-0001088979 00000 n
-0001089025 00000 n
-0001089171 00000 n
-0001101272 00000 n
-0001101723 00000 n
-0001101769 00000 n
-0001101903 00000 n
-0001102173 00000 n
-0001102301 00000 n
-0001102348 00000 n
-0001102395 00000 n
-0001102442 00000 n
-0001102587 00000 n
-0001102634 00000 n
-0001102681 00000 n
-0001102873 00000 n
-0001103166 00000 n
-0001103360 00000 n
-0001112863 00000 n
-0001113261 00000 n
-0001113307 00000 n
-0001113529 00000 n
-0001113722 00000 n
-0001132050 00000 n
-0001132448 00000 n
-0001132494 00000 n
-0001132713 00000 n
-0001132907 00000 n
-0001144288 00000 n
-0001144660 00000 n
-0001155831 00000 n
-0001156203 00000 n
-0001174460 00000 n
-0001174832 00000 n
-0001174878 00000 n
-0001194928 00000 n
-0001195274 00000 n
-0001199295 00000 n
-0001199641 00000 n
-0001201986 00000 n
-0001202382 00000 n
-0001202428 00000 n
-0001202556 00000 n
-0001202727 00000 n
-0001202849 00000 n
-0001202997 00000 n
-0001203143 00000 n
-0001213391 00000 n
-0001213768 00000 n
-0001213814 00000 n
-0001213860 00000 n
-0001214024 00000 n
-0001214071 00000 n
-0001227492 00000 n
-0001227882 00000 n
-0001228086 00000 n
-0001256497 00000 n
-0001256882 00000 n
-0001257088 00000 n
-0001257292 00000 n
-0001271821 00000 n
-0001272227 00000 n
-0001272273 00000 n
-0001272487 00000 n
-0001272755 00000 n
-0001273024 00000 n
-0001273070 00000 n
-0001273116 00000 n
-0001273162 00000 n
-0001284599 00000 n
-0001285029 00000 n
-0001285074 00000 n
-0001285121 00000 n
-0001285257 00000 n
-0001285393 00000 n
-0001285515 00000 n
-0001285562 00000 n
-0001285698 00000 n
-0001285833 00000 n
-0001285971 00000 n
-0001298738 00000 n
-0001299115 00000 n
-0001299161 00000 n
-0001299596 00000 n
-0001299774 00000 n
-0001299967 00000 n
-0001300013 00000 n
-0001300159 00000 n
-0001310080 00000 n
-0001310439 00000 n
-0001310485 00000 n
-0001310532 00000 n
-0001321295 00000 n
-0001321685 00000 n
-0001321732 00000 n
-0001321944 00000 n
-0001329109 00000 n
-0001329468 00000 n
-0001340578 00000 n
-0001340963 00000 n
-0001341009 00000 n
-0001341055 00000 n
-0001341101 00000 n
-0001341147 00000 n
-0001341284 00000 n
-0001341331 00000 n
-0001341378 00000 n
-0001341515 00000 n
-0001358869 00000 n
-0001359326 00000 n
-0001359467 00000 n
-0001359608 00000 n
-0001359755 00000 n
-0001359900 00000 n
-0001360047 00000 n
-0001360193 00000 n
-0001360340 00000 n
-0001360486 00000 n
-0001360532 00000 n
-0001360579 00000 n
-0001360711 00000 n
-0001360843 00000 n
-0001361036 00000 n
-0001374250 00000 n
-0001374630 00000 n
-0001374821 00000 n
-0001374943 00000 n
-0001374989 00000 n
-0001375036 00000 n
-0001375229 00000 n
-0001388379 00000 n
-0001388788 00000 n
-0001388834 00000 n
-0001389264 00000 n
-0001389461 00000 n
-0001389591 00000 n
-0001389638 00000 n
-0001389786 00000 n
-0001389833 00000 n
-0001389999 00000 n
-0001390181 00000 n
-0001401628 00000 n
-0001402016 00000 n
-0001402210 00000 n
-0001402256 00000 n
-0001402303 00000 n
-0001402499 00000 n
-0001402546 00000 n
-0001402593 00000 n
-0001402725 00000 n
-0001402854 00000 n
-0001417836 00000 n
-0001418229 00000 n
-0001418274 00000 n
-0001418321 00000 n
-0001418459 00000 n
-0001418506 00000 n
-0001418627 00000 n
-0001418674 00000 n
-0001418870 00000 n
-0001418917 00000 n
-0001418964 00000 n
-0001432844 00000 n
-0001433258 00000 n
-0001433395 00000 n
-0001433441 00000 n
-0001433488 00000 n
-0001433535 00000 n
-0001433582 00000 n
-0001434082 00000 n
-0001434232 00000 n
-0001434381 00000 n
-0001434508 00000 n
-0001434554 00000 n
-0001449596 00000 n
-0001450098 00000 n
-0001450144 00000 n
-0001450191 00000 n
-0001450318 00000 n
-0001450444 00000 n
-0001450640 00000 n
-0001450687 00000 n
-0001450882 00000 n
-0001451076 00000 n
-0001451273 00000 n
-0001451470 00000 n
-0001451667 00000 n
-0001451864 00000 n
-0001452061 00000 n
-0001452255 00000 n
-0001452451 00000 n
-0001452647 00000 n
-0001452984 00000 n
-0001453321 00000 n
-0001466693 00000 n
-0001467144 00000 n
-0001467409 00000 n
-0001467582 00000 n
-0001467627 00000 n
-0001467761 00000 n
-0001467889 00000 n
-0001468085 00000 n
-0001468282 00000 n
-0001468479 00000 n
-0001479817 00000 n
-0001480207 00000 n
-0001480338 00000 n
-0001480384 00000 n
-0001480430 00000 n
-0001480476 00000 n
-0001480522 00000 n
-0001483811 00000 n
-0001484157 00000 n
-0001484203 00000 n
-0001484249 00000 n
-0001489107 00000 n
-0001489500 00000 n
-0001489546 00000 n
-0001489706 00000 n
-0001489834 00000 n
-0001490042 00000 n
-0001492223 00000 n
-0001492595 00000 n
-0001492641 00000 n
-0001495838 00000 n
-0001496215 00000 n
-0001496261 00000 n
-0001496455 00000 n
-0001506185 00000 n
-0001506588 00000 n
-0001506634 00000 n
-0001506775 00000 n
-0001515178 00000 n
-0001515550 00000 n
-0001515597 00000 n
-0001518954 00000 n
-0001519326 00000 n
-0001519372 00000 n
-0001526943 00000 n
-0001527302 00000 n
-0001531398 00000 n
-0001531770 00000 n
-0001531816 00000 n
-0001539111 00000 n
-0001539470 00000 n
-0001539516 00000 n
-0001539562 00000 n
-0001548475 00000 n
-0001548821 00000 n
-0001558775 00000 n
-0001559147 00000 n
-0001559193 00000 n
-0001559239 00000 n
-0001576123 00000 n
-0001576500 00000 n
-0001576719 00000 n
-0001576765 00000 n
-0001577131 00000 n
-0001577177 00000 n
-0001632969 00000 n
-0001633341 00000 n
-0001633387 00000 n
-0001633433 00000 n
-0001633479 00000 n
-0001638115 00000 n
-0001638474 00000 n
-0001638520 00000 n
-0001638566 00000 n
-0001648755 00000 n
-0001649127 00000 n
-0001649173 00000 n
-0001681012 00000 n
-0001681431 00000 n
-0001681477 00000 n
-0001681660 00000 n
-0001681911 00000 n
-0001682105 00000 n
-0001712232 00000 n
-0001712578 00000 n
-0001731306 00000 n
-0001731696 00000 n
-0001731742 00000 n
-0001731872 00000 n
-0001743815 00000 n
-0001744221 00000 n
-0001744267 00000 n
-0001744461 00000 n
-0001744653 00000 n
-0001744846 00000 n
-0001744892 00000 n
-0001744939 00000 n
-0001747249 00000 n
-0001747608 00000 n
-0001748256 00000 n
-0001748602 00000 n
-0001748648 00000 n
-0001749887 00000 n
-0001750233 00000 n
-0001750279 00000 n
-0001755766 00000 n
-0001756138 00000 n
-0001756184 00000 n
-0001757391 00000 n
-0001757763 00000 n
-0001757809 00000 n
-0001782357 00000 n
-0001782790 00000 n
-0001782836 00000 n
-0001783052 00000 n
-0001783098 00000 n
-0001783309 00000 n
-0001783568 00000 n
-0001783614 00000 n
-0001783827 00000 n
-0001784086 00000 n
-0001784346 00000 n
-0001784392 00000 n
-0001784605 00000 n
-0001784836 00000 n
-0001787668 00000 n
-0001788069 00000 n
-0001788115 00000 n
-0001788686 00000 n
-0001788902 00000 n
-0001789167 00000 n
-0001789296 00000 n
-0001789422 00000 n
-0001803210 00000 n
-0001803644 00000 n
-0001803690 00000 n
-0001804218 00000 n
-0001804411 00000 n
-0001804601 00000 n
-0001804647 00000 n
-0001805362 00000 n
-0001805589 00000 n
-0001805768 00000 n
-0001805947 00000 n
-0001828795 00000 n
-0001829253 00000 n
-0001829477 00000 n
-0001829615 00000 n
-0001829662 00000 n
-0001829709 00000 n
-0001829929 00000 n
-0001830149 00000 n
-0001830386 00000 n
-0001830629 00000 n
-0001830676 00000 n
-0001872839 00000 n
-0001873198 00000 n
-0001873244 00000 n
-0001873290 00000 n
-0001873336 00000 n
-0001873382 00000 n
-0001888062 00000 n
-0001888518 00000 n
-0001888564 00000 n
-0001888773 00000 n
-0001888981 00000 n
-0001889188 00000 n
-0001889310 00000 n
-0001889441 00000 n
-0001889636 00000 n
-0001889681 00000 n
-0001902645 00000 n
-0001903088 00000 n
-0001903217 00000 n
-0001903345 00000 n
-0001903391 00000 n
-0001903525 00000 n
-0001903657 00000 n
-0001903703 00000 n
-0001903896 00000 n
-0001903942 00000 n
-0001904133 00000 n
-0001905405 00000 n
-0001905751 00000 n
-0001905797 00000 n
-0001908265 00000 n
-0001908629 00000 n
-0001908675 00000 n
-0001908799 00000 n
-0001912446 00000 n
-0001912792 00000 n
-0001912838 00000 n
-0001914020 00000 n
-0001914392 00000 n
-0001914438 00000 n
-0001914602 00000 n
-0001914807 00000 n
-0001920527 00000 n
-0001920944 00000 n
-0001920990 00000 n
-0001921201 00000 n
-0001921411 00000 n
-0001921534 00000 n
-0001921667 00000 n
-0001921865 00000 n
-0001922082 00000 n
-0001938135 00000 n
-0001938549 00000 n
-0001938595 00000 n
-0001938716 00000 n
-0001938936 00000 n
-0001939068 00000 n
-0001939114 00000 n
-0001939231 00000 n
-0001946685 00000 n
-0001947049 00000 n
-0001947095 00000 n
-0001947219 00000 n
-0001950160 00000 n
-0001950524 00000 n
-0001950570 00000 n
-0001950794 00000 n
-0001956190 00000 n
-0001956554 00000 n
-0001956600 00000 n
-0001956726 00000 n
-0001956772 00000 n
-0001964225 00000 n
-0001964584 00000 n
-0001964630 00000 n
-0001964676 00000 n
-0001976114 00000 n
-0001976473 00000 n
-0001991746 00000 n
-0001992223 00000 n
-0001992484 00000 n
-0001992745 00000 n
-0001992930 00000 n
-0001993127 00000 n
-0001993174 00000 n
-0001993604 00000 n
-0001993793 00000 n
-0001994034 00000 n
-0001994203 00000 n
-0001994383 00000 n
-0001994518 00000 n
-0001994566 00000 n
-0001994871 00000 n
-0001994991 00000 n
-0002003759 00000 n
-0002004175 00000 n
-0002004293 00000 n
-0002004543 00000 n
-0002004666 00000 n
-0002004714 00000 n
-0002004837 00000 n
-0002004884 00000 n
-0002005007 00000 n
-0002005055 00000 n
-0002005103 00000 n
-0002043807 00000 n
-0002044222 00000 n
-0002044270 00000 n
-0002044465 00000 n
-0002044707 00000 n
-0002057294 00000 n
-0002057687 00000 n
-0002057819 00000 n
-0002057867 00000 n
-0002057914 00000 n
-0002058402 00000 n
-0002058450 00000 n
-0002099843 00000 n
-0002100223 00000 n
-0002100394 00000 n
-0002107408 00000 n
-0002107806 00000 n
-0002107854 00000 n
-0002107902 00000 n
-0002108125 00000 n
-0002108249 00000 n
-0002108297 00000 n
-0002108523 00000 n
-0002113434 00000 n
-0002113841 00000 n
-0002113889 00000 n
-0002114108 00000 n
-0002114330 00000 n
-0002114456 00000 n
-0002114504 00000 n
-0002114780 00000 n
-0002115739 00000 n
-0002116106 00000 n
-0002116154 00000 n
-0002116638 00000 n
-0002116758 00000 n
-0002122776 00000 n
-0002123178 00000 n
-0002123226 00000 n
-0002123450 00000 n
-0002123646 00000 n
-0002133326 00000 n
-0002133756 00000 n
-0002133804 00000 n
-0002134023 00000 n
-0002134243 00000 n
-0002193883 00000 n
-0002194231 00000 n
-0002254273 00000 n
-0002254621 00000 n
-0002266237 00000 n
-0002266598 00000 n
-0002277508 00000 n
-0002277924 00000 n
-0002277972 00000 n
-0002278099 00000 n
-0002278319 00000 n
-0002278539 00000 n
-0002278587 00000 n
-0002278716 00000 n
-0002278764 00000 n
-0002278903 00000 n
-0002282670 00000 n
-0002283055 00000 n
-0002283103 00000 n
-0002283243 00000 n
-0002283291 00000 n
-0002283430 00000 n
-0002283478 00000 n
-0002283592 00000 n
-0002286179 00000 n
-0002286546 00000 n
-0002286594 00000 n
-0002286824 00000 n
-0002297536 00000 n
-0002297925 00000 n
-0002297973 00000 n
-0002298095 00000 n
-0002298143 00000 n
-0002298191 00000 n
-0002298317 00000 n
-0002311979 00000 n
-0002312408 00000 n
-0002312456 00000 n
-0002312504 00000 n
-0002312699 00000 n
-0002312942 00000 n
-0002312991 00000 n
-0002323097 00000 n
-0002323504 00000 n
-0002323769 00000 n
-0002323817 00000 n
-0002323991 00000 n
-0002324165 00000 n
-0002324366 00000 n
-0002324414 00000 n
-0002334226 00000 n
-0002334619 00000 n
-0002334768 00000 n
-0002334816 00000 n
-0002344029 00000 n
-0002344409 00000 n
-0002344457 00000 n
-0002344505 00000 n
-0002345391 00000 n
-0002345536 00000 n
-0002356055 00000 n
-0002356435 00000 n
-0002356483 00000 n
-0002356627 00000 n
-0002356675 00000 n
-0002366877 00000 n
-0002367244 00000 n
-0002367292 00000 n
-0002367436 00000 n
-0002367484 00000 n
-0002367532 00000 n
-0002367580 00000 n
-0002367628 00000 n
-0002388103 00000 n
-0002388496 00000 n
-0002388644 00000 n
-0002388692 00000 n
-0002402269 00000 n
-0002402667 00000 n
-0002402862 00000 n
-0002403047 00000 n
-0002403231 00000 n
-0002405395 00000 n
-0002405730 00000 n
-0002419976 00000 n
-0002420350 00000 n
-0002420398 00000 n
-0002420446 00000 n
-0002420494 00000 n
-0002420542 00000 n
-0002437551 00000 n
-0002437993 00000 n
-0002438040 00000 n
-0002438282 00000 n
-0002438447 00000 n
-0002438717 00000 n
-0002438985 00000 n
-0002439175 00000 n
-0002448400 00000 n
-0002448761 00000 n
-0002448809 00000 n
-0002448857 00000 n
-0002448905 00000 n
-0002449492 00000 n
-0002460803 00000 n
-0002461210 00000 n
-0002461258 00000 n
-0002461306 00000 n
-0002461354 00000 n
-0002461402 00000 n
-0002461530 00000 n
-0002468864 00000 n
-0002469315 00000 n
-0002469363 00000 n
-0002469814 00000 n
-0002470074 00000 n
-0002470244 00000 n
-0002470502 00000 n
-0002470757 00000 n
-0002470969 00000 n
-0002471095 00000 n
-0002471267 00000 n
-0002486114 00000 n
-0002486520 00000 n
-0002486568 00000 n
-0002486797 00000 n
-0002497456 00000 n
-0002497804 00000 n
-0002503226 00000 n
-0002503600 00000 n
-0002514875 00000 n
-0002515251 00000 n
-0002515445 00000 n
-0002515583 00000 n
-0002522306 00000 n
-0002522673 00000 n
-0002522869 00000 n
-0002530448 00000 n
-0002530850 00000 n
-0002530898 00000 n
-0002531093 00000 n
-0002531313 00000 n
-0002536172 00000 n
-0002536533 00000 n
-0002536581 00000 n
-0002547647 00000 n
-0002548099 00000 n
-0002548147 00000 n
-0002548381 00000 n
-0002548616 00000 n
-0002548854 00000 n
-0002549084 00000 n
-0002549314 00000 n
-0002549549 00000 n
-0002549788 00000 n
-0002550010 00000 n
-0002550246 00000 n
-0002552039 00000 n
-0002552406 00000 n
-0002552454 00000 n
-0002552585 00000 n
-0002556567 00000 n
-0002556965 00000 n
-0002557013 00000 n
-0002557242 00000 n
-0002557382 00000 n
-0002557520 00000 n
-0002560582 00000 n
-0002560971 00000 n
-0002561019 00000 n
-0002561067 00000 n
-0002561593 00000 n
-0002561827 00000 n
-0002561875 00000 n
-0002562111 00000 n
-0002590122 00000 n
-0002590502 00000 n
-0002590550 00000 n
-0002590598 00000 n
-0002590826 00000 n
-0002616170 00000 n
-0002616550 00000 n
-0002616598 00000 n
-0002616831 00000 n
-0002638261 00000 n
-0002638622 00000 n
-0002638670 00000 n
-0002638718 00000 n
-0002681910 00000 n
-0002682258 00000 n
-0002706209 00000 n
-0002706570 00000 n
-0002706618 00000 n
-0002744215 00000 n
-0002744576 00000 n
-0002744624 00000 n
-0002764195 00000 n
-0002764556 00000 n
-0002764604 00000 n
-0002777706 00000 n
-0002778067 00000 n
-0002778115 00000 n
-0002778576 00000 n
-0002780657 00000 n
-0002781024 00000 n
-0002781072 00000 n
-0002781192 00000 n
-0002818484 00000 n
-0002818864 00000 n
-0002818912 00000 n
-0002819080 00000 n
-0002823829 00000 n
-0002824231 00000 n
-0002824279 00000 n
-0002824453 00000 n
-0002824629 00000 n
-0002832902 00000 n
-0002833308 00000 n
-0002833356 00000 n
-0002833585 00000 n
-0002841276 00000 n
-0002841650 00000 n
-0002841698 00000 n
-0002852532 00000 n
-0002852880 00000 n
-0002864913 00000 n
-0002865320 00000 n
-0002865368 00000 n
-0002865620 00000 n
-0002865870 00000 n
-0002865918 00000 n
-0002865966 00000 n
-0002866105 00000 n
-0002866153 00000 n
-0002866289 00000 n
-0002879997 00000 n
-0002880345 00000 n
-0002904145 00000 n
-0002904553 00000 n
-0002904601 00000 n
-0002904780 00000 n
-0002904926 00000 n
-0002920356 00000 n
-0002920861 00000 n
-0002920908 00000 n
-0002921044 00000 n
-0002921240 00000 n
-0002921436 00000 n
-0002921574 00000 n
-0002921712 00000 n
-0002921850 00000 n
-0002921987 00000 n
-0002922036 00000 n
-0002922175 00000 n
-0002922372 00000 n
-0002937992 00000 n
-0002938385 00000 n
-0002938654 00000 n
-0002938702 00000 n
-0002955735 00000 n
-0002956161 00000 n
-0002956310 00000 n
-0002956517 00000 n
-0002956720 00000 n
-0002956768 00000 n
-0002970596 00000 n
-0002970957 00000 n
-0002976610 00000 n
-0002977017 00000 n
-0002977065 00000 n
-0002977317 00000 n
-0002977567 00000 n
-0002977615 00000 n
-0002977754 00000 n
-0002977894 00000 n
-0002977942 00000 n
-0002977990 00000 n
-0002978409 00000 n
-0002993196 00000 n
-0002993557 00000 n
-0002993605 00000 n
-0003008929 00000 n
-0003009318 00000 n
-0003009366 00000 n
-0003009515 00000 n
-0003009563 00000 n
-0003009711 00000 n
-0003022735 00000 n
-0003023133 00000 n
-0003023181 00000 n
-0003023229 00000 n
-0003023475 00000 n
-0003023601 00000 n
-0003023727 00000 n
-0003023775 00000 n
-0003027261 00000 n
-0003027642 00000 n
-0003027780 00000 n
-0003041161 00000 n
-0003041585 00000 n
-0003041633 00000 n
-0003041756 00000 n
-0003041805 00000 n
-0003041942 00000 n
-0003042072 00000 n
-0003053901 00000 n
-0003054307 00000 n
-0003054355 00000 n
-0003054403 00000 n
-0003054541 00000 n
-0003054589 00000 n
-0003054637 00000 n
-0003070516 00000 n
-0003070890 00000 n
-0003070938 00000 n
-0003091728 00000 n
-0003092115 00000 n
-0003107424 00000 n
-0003107853 00000 n
-0003107991 00000 n
-0003108040 00000 n
-0003108169 00000 n
-0003108218 00000 n
-0003108367 00000 n
-0003108506 00000 n
-0003108646 00000 n
-0003118947 00000 n
-0003119308 00000 n
-0003134960 00000 n
-0003135308 00000 n
-0003149575 00000 n
-0003149962 00000 n
-0003150010 00000 n
-0003161501 00000 n
-0003161888 00000 n
-0003167596 00000 n
-0003167970 00000 n
-0003204454 00000 n
-0003204829 00000 n
-0003236578 00000 n
-0003236952 00000 n
-0003270572 00000 n
-0003270946 00000 n
-0003270995 00000 n
-0003287156 00000 n
-0003287585 00000 n
-0003287780 00000 n
-0003287975 00000 n
-0003299906 00000 n
-0003300312 00000 n
-0003300360 00000 n
-0003300507 00000 n
-0003300555 00000 n
-0003325587 00000 n
-0003325961 00000 n
-0003345971 00000 n
-0003346332 00000 n
-0003361566 00000 n
-0003361927 00000 n
-0003393819 00000 n
-0003394221 00000 n
-0003394269 00000 n
-0003394604 00000 n
-0003394901 00000 n
-0003428311 00000 n
-0003428722 00000 n
-0003428771 00000 n
-0003428969 00000 n
-0003429111 00000 n
-0003429250 00000 n
-0003429299 00000 n
-0003444152 00000 n
-0003444545 00000 n
-0003444738 00000 n
-0003444786 00000 n
-0003444834 00000 n
-0003445211 00000 n
-0003456692 00000 n
-0003457066 00000 n
-0003457114 00000 n
-0003473485 00000 n
-0003473859 00000 n
-0003486461 00000 n
-0003486848 00000 n
-0003486895 00000 n
-0003499567 00000 n
-0003499974 00000 n
-0003500022 00000 n
-0003500272 00000 n
-0003509387 00000 n
-0003509780 00000 n
-0003509828 00000 n
-0003510023 00000 n
-0003526016 00000 n
-0003526390 00000 n
-0003526438 00000 n
-0003543175 00000 n
-0003543523 00000 n
-0003558873 00000 n
-0003559234 00000 n
-0003559630 00000 n
-0003559978 00000 n
-0003560026 00000 n
-0003571314 00000 n
-0003571662 00000 n
-0003571710 00000 n
-0003571758 00000 n
-0003571806 00000 n
-0003576788 00000 n
-0003577164 00000 n
-0003577212 00000 n
-0003577746 00000 n
-0003577974 00000 n
-0003578099 00000 n
-0003589584 00000 n
-0003590008 00000 n
-0003590056 00000 n
-0003590104 00000 n
-0003590325 00000 n
-0003590570 00000 n
-0003590619 00000 n
-0003590761 00000 n
-0003610523 00000 n
-0003610979 00000 n
-0003611027 00000 n
-0003611161 00000 n
-0003611291 00000 n
-0003611511 00000 n
-0003611559 00000 n
-0003611692 00000 n
-0003611825 00000 n
-0003611873 00000 n
-0003612104 00000 n
-0003612152 00000 n
-0003612371 00000 n
-0003612593 00000 n
-0003637774 00000 n
-0003638252 00000 n
-0003638481 00000 n
-0003638529 00000 n
-0003638726 00000 n
-0003638954 00000 n
-0003639003 00000 n
-0003639229 00000 n
-0003639452 00000 n
-0003639679 00000 n
-0003639874 00000 n
-0003640043 00000 n
-0003640307 00000 n
-0003640356 00000 n
-0003659412 00000 n
-0003659773 00000 n
-0003659821 00000 n
-0003665435 00000 n
-0003665815 00000 n
-0003665863 00000 n
-0003666318 00000 n
-0003666444 00000 n
-0003685921 00000 n
-0003686346 00000 n
-0003686394 00000 n
-0003686607 00000 n
-0003686826 00000 n
-0003687048 00000 n
-0003687096 00000 n
-0003687144 00000 n
-0003687366 00000 n
-0003687414 00000 n
-0003687462 00000 n
-0003687699 00000 n
-0003687935 00000 n
-0003712434 00000 n
-0003712814 00000 n
-0003712862 00000 n
-0003712910 00000 n
-0003713046 00000 n
-0003730963 00000 n
-0003731388 00000 n
-0003731436 00000 n
-0003731670 00000 n
-0003731890 00000 n
-0003731938 00000 n
-0003732170 00000 n
-0003732218 00000 n
-0003732640 00000 n
-0003732876 00000 n
-0003732924 00000 n
-0003733153 00000 n
-0003733201 00000 n
-0003733249 00000 n
-0003733471 00000 n
-0003759589 00000 n
-0003759987 00000 n
-0003760035 00000 n
-0003760263 00000 n
-0003760310 00000 n
-0003760541 00000 n
-0003760588 00000 n
-0003760827 00000 n
-0003810877 00000 n
-0003811257 00000 n
-0003811305 00000 n
-0003811535 00000 n
-0003813794 00000 n
-0003814170 00000 n
-0003814218 00000 n
-0003814266 00000 n
-0003814487 00000 n
-0003814535 00000 n
-0003814583 00000 n
-0003815220 00000 n
-0003815454 00000 n
-0003827027 00000 n
-0003827452 00000 n
-0003827500 00000 n
-0003827629 00000 n
-0003827830 00000 n
-0003827878 00000 n
-0003827926 00000 n
-0003828054 00000 n
-0003828102 00000 n
-0003828150 00000 n
-0003828198 00000 n
-0003828330 00000 n
-0003828467 00000 n
-0003828515 00000 n
-0003828646 00000 n
-0003838773 00000 n
-0003839207 00000 n
-0003839255 00000 n
-0003839375 00000 n
-0003839495 00000 n
-0003839689 00000 n
-0003839807 00000 n
-0003839855 00000 n
-0003839903 00000 n
-0003839952 00000 n
-0003840001 00000 n
-0003840049 00000 n
-0003844471 00000 n
-0003844846 00000 n
-0003844895 00000 n
-0003853727 00000 n
-0003854116 00000 n
-0003854164 00000 n
-0003854292 00000 n
-0003854340 00000 n
-0003854388 00000 n
-0003854436 00000 n
-0003854484 00000 n
-0003854532 00000 n
-0003854580 00000 n
-0003855304 00000 n
-0003855352 00000 n
-0003855560 00000 n
-0003855608 00000 n
-0003868949 00000 n
-0003869386 00000 n
-0003869435 00000 n
-0003869484 00000 n
-0003869717 00000 n
-0003869854 00000 n
-0003870051 00000 n
-0003870100 00000 n
-0003889279 00000 n
-0003889708 00000 n
-0003889756 00000 n
-0003889946 00000 n
-0003890133 00000 n
-0003904300 00000 n
-0003904752 00000 n
-0003904876 00000 n
-0003905005 00000 n
-0003905132 00000 n
-0003905180 00000 n
-0003905373 00000 n
-0003905565 00000 n
-0003905613 00000 n
-0003905660 00000 n
-0003905897 00000 n
-0003927704 00000 n
-0003928115 00000 n
-0003928301 00000 n
-0003928483 00000 n
-0003928628 00000 n
-0003944699 00000 n
-0003945101 00000 n
-0003945333 00000 n
-0003945381 00000 n
-0003945788 00000 n
-0003945917 00000 n
-0003960845 00000 n
-0003961269 00000 n
-0003961462 00000 n
-0003961510 00000 n
-0003961654 00000 n
-0003961884 00000 n
-0003977896 00000 n
-0003978356 00000 n
-0003978405 00000 n
-0003978600 00000 n
-0003978649 00000 n
-0003978698 00000 n
-0003978895 00000 n
-0003979106 00000 n
-0003979315 00000 n
-0003979530 00000 n
-0003979663 00000 n
-0003979795 00000 n
-0003999242 00000 n
-0003999622 00000 n
-0003999752 00000 n
-0004010509 00000 n
-0004010920 00000 n
-0004010968 00000 n
-0004011015 00000 n
-0004011137 00000 n
-0004011361 00000 n
-0004011510 00000 n
-0004276598 00000 n
-0004278528 00000 n
-0004287216 00000 n
-0004287603 00000 n
-0004287651 00000 n
-0004306673 00000 n
-0004307115 00000 n
-0004307163 00000 n
-0004307211 00000 n
-0004307429 00000 n
-0004307558 00000 n
-0004307680 00000 n
-0004307873 00000 n
-0004308064 00000 n
-0004325730 00000 n
-0004326136 00000 n
-0004326184 00000 n
-0004326416 00000 n
-0004326464 00000 n
-0004338951 00000 n
-0004339344 00000 n
-0004339539 00000 n
-0004339588 00000 n
-0004339637 00000 n
-0004352882 00000 n
-0004353275 00000 n
-0004353323 00000 n
-0004353514 00000 n
-0004366983 00000 n
-0004367421 00000 n
-0004367613 00000 n
-0004367661 00000 n
-0004367856 00000 n
-0004367903 00000 n
-0004368043 00000 n
-0004368182 00000 n
-0004368230 00000 n
-0004368613 00000 n
-0004368662 00000 n
-0004368805 00000 n
-0004368947 00000 n
-0004381562 00000 n
-0004381937 00000 n
-0004396379 00000 n
-0004396803 00000 n
-0004396957 00000 n
-0004397111 00000 n
-0004397265 00000 n
-0004397316 00000 n
-0004411997 00000 n
-0004412403 00000 n
-0004412451 00000 n
-0004413215 00000 n
-0004413263 00000 n
-0004413391 00000 n
-0004416830 00000 n
-0004417204 00000 n
-0004417252 00000 n
-0004429086 00000 n
-0004429497 00000 n
-0004429545 00000 n
-0004429689 00000 n
-0004429830 00000 n
-0004429878 00000 n
-0004429926 00000 n
-0004430064 00000 n
-0004442987 00000 n
-0004443376 00000 n
-0004443511 00000 n
-0004443559 00000 n
-0004443607 00000 n
-0004443654 00000 n
-0004443702 00000 n
-0004443847 00000 n
-0004452508 00000 n
-0004452882 00000 n
-0004452930 00000 n
-0004548134 00000 n
-0004554014 00000 n
-0004554388 00000 n
-0004576974 00000 n
-0004577322 00000 n
-0004589378 00000 n
-0004589825 00000 n
-0004589872 00000 n
-0004590104 00000 n
-0004590334 00000 n
-0004590546 00000 n
-0004590593 00000 n
-0004590808 00000 n
-0004590940 00000 n
-0004590988 00000 n
-0004591230 00000 n
-0004591491 00000 n
-0004617105 00000 n
-0004617529 00000 n
-0004617578 00000 n
-0004617705 00000 n
-0004617831 00000 n
-0004617963 00000 n
-0004631397 00000 n
-0004631839 00000 n
-0004631969 00000 n
-0004632017 00000 n
-0004632265 00000 n
-0004632517 00000 n
-0004632758 00000 n
-0004633006 00000 n
-0004633054 00000 n
-0004645889 00000 n
-0004646250 00000 n
-0004646298 00000 n
-0004646346 00000 n
-0004646394 00000 n
-0004646984 00000 n
-0004647032 00000 n
-0004659639 00000 n
-0004660086 00000 n
-0004660134 00000 n
-0004660182 00000 n
-0004660377 00000 n
-0004660615 00000 n
-0004660835 00000 n
-0004661043 00000 n
-0004661165 00000 n
-0004661286 00000 n
-0004661334 00000 n
-0004661382 00000 n
-0004661524 00000 n
-0004670933 00000 n
-0004671326 00000 n
-0004671374 00000 n
-0004671497 00000 n
-0004671545 00000 n
-0004671593 00000 n
-0004688753 00000 n
-0004689178 00000 n
-0004689226 00000 n
-0004689421 00000 n
-0004689562 00000 n
-0004689704 00000 n
-0004704248 00000 n
-0004704699 00000 n
-0004704837 00000 n
-0004704977 00000 n
-0004705025 00000 n
-0004705074 00000 n
-0004705231 00000 n
-0004705369 00000 n
-0004705504 00000 n
-0004705553 00000 n
-0004705748 00000 n
-0004719373 00000 n
-0004719762 00000 n
-0004719810 00000 n
-0004719858 00000 n
-0004719983 00000 n
-0004720107 00000 n
-0004736506 00000 n
-0004736921 00000 n
-0004737060 00000 n
-0004737199 00000 n
-0004737247 00000 n
-0004753436 00000 n
-0004753838 00000 n
-0004753977 00000 n
-0004754120 00000 n
-0004767614 00000 n
-0004768007 00000 n
-0004768055 00000 n
-0004768184 00000 n
-0004781676 00000 n
-0004782056 00000 n
-0004782179 00000 n
-0004794348 00000 n
-0004794763 00000 n
-0004794811 00000 n
-0004794977 00000 n
-0004795104 00000 n
-0004808838 00000 n
-0004809226 00000 n
-0004809274 00000 n
-0004809784 00000 n
-0004809832 00000 n
-0004821529 00000 n
-0004821948 00000 n
-0004821995 00000 n
-0004822043 00000 n
-0004822181 00000 n
-0004822230 00000 n
-0004852662 00000 n
-0004853055 00000 n
-0004853103 00000 n
-0004853152 00000 n
-0004853290 00000 n
-0004877368 00000 n
-0004877756 00000 n
-0004877805 00000 n
-0004877854 00000 n
-0004891032 00000 n
-0004891456 00000 n
-0004891506 00000 n
-0004891733 00000 n
-0004891961 00000 n
-0004892011 00000 n
-0004892142 00000 n
-0004892192 00000 n
-0004892839 00000 n
-0004924364 00000 n
-0004924757 00000 n
-0004924805 00000 n
-0004924940 00000 n
-0004924989 00000 n
-0004925037 00000 n
-0004939135 00000 n
-0004939509 00000 n
-0004939559 00000 n
-0004944700 00000 n
-0004945080 00000 n
-0004945128 00000 n
-0004945267 00000 n
-0004957411 00000 n
-0004957772 00000 n
-0004957820 00000 n
-0004957868 00000 n
-0004957916 00000 n
-0004957964 00000 n
-0004958012 00000 n
-0004958060 00000 n
-0004958564 00000 n
-0004967290 00000 n
-0004967701 00000 n
-0004967749 00000 n
-0004967875 00000 n
-0004968008 00000 n
-0004968229 00000 n
-0004968277 00000 n
-0004971202 00000 n
-0004971569 00000 n
-0004971617 00000 n
-0004971847 00000 n
-0004971895 00000 n
-0004971943 00000 n
-0004982606 00000 n
-0004982999 00000 n
-0004983047 00000 n
-0004983167 00000 n
-0004983215 00000 n
-0004983263 00000 n
-0004995580 00000 n
-0004995928 00000 n
-0005058527 00000 n
-0005060290 00000 n
-0005065876 00000 n
-0005066250 00000 n
-0005066299 00000 n
-0005066978 00000 n
-0005077917 00000 n
-0005078291 00000 n
-0005078340 00000 n
-0005078389 00000 n
-0005078438 00000 n
-0005093243 00000 n
-0005093604 00000 n
-0005093652 00000 n
-0005093700 00000 n
-0005093748 00000 n
-0005106562 00000 n
-0005106923 00000 n
-0005106971 00000 n
-0005107019 00000 n
-0005107067 00000 n
-0005107115 00000 n
-0005123248 00000 n
-0005123596 00000 n
-0005138649 00000 n
-0005139011 00000 n
-0005155794 00000 n
-0005156169 00000 n
-0005156217 00000 n
-0005178203 00000 n
-0005178578 00000 n
-0005178626 00000 n
-0005178673 00000 n
-0005179134 00000 n
-0005179381 00000 n
-0005179429 00000 n
-0005179946 00000 n
-0005179994 00000 n
-0005180042 00000 n
-0005180090 00000 n
-0005203982 00000 n
-0005204343 00000 n
-0005204391 00000 n
-0005210553 00000 n
-0005210960 00000 n
-0005211008 00000 n
-0005211201 00000 n
-0005211393 00000 n
-0005211609 00000 n
-0005211832 00000 n
-0005228432 00000 n
-0005228866 00000 n
-0005228914 00000 n
-0005229034 00000 n
-0005229230 00000 n
-0005229352 00000 n
-0005229486 00000 n
-0005229534 00000 n
-0005240590 00000 n
-0005240964 00000 n
-0005241012 00000 n
-0005241061 00000 n
-0005241110 00000 n
-0005245662 00000 n
-0005246037 00000 n
-0005246085 00000 n
-0005259497 00000 n
-0005259890 00000 n
-0005259939 00000 n
-0005259988 00000 n
-0005260126 00000 n
-0005263205 00000 n
-0005263567 00000 n
-0005263979 00000 n
-0005264327 00000 n
-0005264375 00000 n
-0005271621 00000 n
-0005272010 00000 n
-0005272058 00000 n
-0005272274 00000 n
-0005272492 00000 n
-0005320186 00000 n
-0005320560 00000 n
-0005320608 00000 n
-0005332567 00000 n
-0005332928 00000 n
-0005333336 00000 n
-0005333684 00000 n
-0005333732 00000 n
-0005340088 00000 n
-0005340436 00000 n
-0005340484 00000 n
-0005344774 00000 n
-0005345148 00000 n
-0005345196 00000 n
-0005350835 00000 n
-0005351254 00000 n
-0005351302 00000 n
-0005351497 00000 n
-0005351545 00000 n
-0005360007 00000 n
-0005365626 00000 n
-0005365675 00000 n
-0005372092 00000 n
-0005382828 00000 n
-0005385618 00000 n
-0005386005 00000 n
-0005386053 00000 n
-0005398451 00000 n
-0005407267 00000 n
-0005419193 00000 n
-0005419580 00000 n
-0005419628 00000 n
-0005419676 00000 n
-0005419724 00000 n
-0005450242 00000 n
-0005450590 00000 n
-0005463451 00000 n
-0005463857 00000 n
-0005463905 00000 n
-0005464036 00000 n
-0005464084 00000 n
-0005464132 00000 n
-0005464834 00000 n
-0005464882 00000 n
-0005477957 00000 n
-0005478359 00000 n
-0005478494 00000 n
-0005478631 00000 n
-0005478679 00000 n
-0005478727 00000 n
-0005478775 00000 n
-0005492634 00000 n
-0005493036 00000 n
-0005493084 00000 n
-0005493220 00000 n
-0005493357 00000 n
-0005493405 00000 n
-0005493453 00000 n
-0005506725 00000 n
-0005507112 00000 n
-0005507160 00000 n
-0005507208 00000 n
-0005507256 00000 n
-0005507304 00000 n
-0005518420 00000 n
-0005518807 00000 n
-0005518855 00000 n
-0005518903 00000 n
-0005518951 00000 n
-0005525119 00000 n
-0005525480 00000 n
-0005537309 00000 n
-0005537683 00000 n
-0005537731 00000 n
-0005537779 00000 n
-0005537827 00000 n
-0005538205 00000 n
-0005538253 00000 n
-0005538301 00000 n
-0005538349 00000 n
-0005550810 00000 n
-0005551184 00000 n
-0005551232 00000 n
-0005551280 00000 n
-0005551328 00000 n
-0005551856 00000 n
-0005551904 00000 n
-0005551952 00000 n
-0005552000 00000 n
-0005552048 00000 n
-0005562032 00000 n
-0005562406 00000 n
-0005562454 00000 n
-0005562502 00000 n
-0005562550 00000 n
-0005562598 00000 n
-0005562646 00000 n
-0005562694 00000 n
-0005562742 00000 n
-0005562790 00000 n
-0005575315 00000 n
-0005575708 00000 n
-0005575756 00000 n
-0005575804 00000 n
-0005575852 00000 n
-0005575993 00000 n
-0005586184 00000 n
-0005586532 00000 n
-0005586580 00000 n
-0005586628 00000 n
-0005586676 00000 n
-0005586724 00000 n
-0005586772 00000 n
-0005587693 00000 n
-0005588028 00000 n
-0005595277 00000 n
-0005595664 00000 n
-0005595712 00000 n
-0005617257 00000 n
-0005618187 00000 n
-0005631510 00000 n
-0005631884 00000 n
-0005633349 00000 n
-0005633697 00000 n
-0005638302 00000 n
-0005638650 00000 n
-0005638698 00000 n
-0005639305 00000 n
-0005644098 00000 n
-0005644446 00000 n
-0005644494 00000 n
-0005650808 00000 n
-0005651169 00000 n
-0005651217 00000 n
-0005666628 00000 n
-0005667002 00000 n
-0005667050 00000 n
-0005667098 00000 n
-0005667146 00000 n
-0005671836 00000 n
-0005672203 00000 n
-0005672251 00000 n
-0005672388 00000 n
-0005684839 00000 n
-0005685282 00000 n
-0005685330 00000 n
-0005685526 00000 n
-0005685721 00000 n
-0005685915 00000 n
-0005686110 00000 n
-0005686305 00000 n
-0005686500 00000 n
-0005686692 00000 n
-0005686882 00000 n
-0005688438 00000 n
-0005688805 00000 n
-0005689000 00000 n
-0005689429 00000 n
-0005689777 00000 n
-0005689825 00000 n
-0005691343 00000 n
-0005691710 00000 n
-0005691758 00000 n
-0005691893 00000 n
-0005692630 00000 n
-0005692997 00000 n
-0005693045 00000 n
-0005693240 00000 n
-0005715020 00000 n
-0005715394 00000 n
-0005715442 00000 n
-0005730599 00000 n
-0005730960 00000 n
-0005733492 00000 n
-0005733868 00000 n
-0005733916 00000 n
-0005734104 00000 n
-0005734233 00000 n
-0005771322 00000 n
-0005771696 00000 n
-0005771744 00000 n
-0005815490 00000 n
-0005815838 00000 n
-0005817582 00000 n
-0005817958 00000 n
-0005818006 00000 n
-0005818196 00000 n
-0005818320 00000 n
-0005830872 00000 n
-0005831305 00000 n
-0005831353 00000 n
-0005831585 00000 n
-0005831815 00000 n
-0005831863 00000 n
-0005831911 00000 n
-0005832050 00000 n
-0005832173 00000 n
-0005832221 00000 n
-0005863013 00000 n
-0005863402 00000 n
-0005889003 00000 n
-0005889392 00000 n
-0005901862 00000 n
-0005902251 00000 n
-0005915471 00000 n
-0005915860 00000 n
-0005950553 00000 n
-0005950929 00000 n
-0005950977 00000 n
-0005997728 00000 n
-0005998076 00000 n
-0006049510 00000 n
-0006049858 00000 n
-0006128244 00000 n
-0006128605 00000 n
-0006128654 00000 n
-0006246934 00000 n
-0006247282 00000 n
-0006321752 00000 n
-0006322100 00000 n
-0006322950 00000 n
-0006323317 00000 n
-0006323365 00000 n
-0006323487 00000 n
-0006324881 00000 n
-0006325257 00000 n
-0006325305 00000 n
-0006325502 00000 n
-0006325698 00000 n
-0006341843 00000 n
-0006342281 00000 n
-0006342329 00000 n
-0006342498 00000 n
-0006342672 00000 n
-0006342848 00000 n
-0006343056 00000 n
-0006343262 00000 n
-0006343445 00000 n
-0006388061 00000 n
-0006388409 00000 n
-0006426422 00000 n
-0006426770 00000 n
-0006435212 00000 n
-0006435573 00000 n
-0006435621 00000 n
-0006435669 00000 n
-0006435717 00000 n
-0006435765 00000 n
-0006440271 00000 n
-0006440619 00000 n
-0006444047 00000 n
-0006444408 00000 n
-0006444456 00000 n
-0006444504 00000 n
-0006444552 00000 n
-0006452856 00000 n
-0006453217 00000 n
-0006458477 00000 n
-0006458838 00000 n
-0006461935 00000 n
-0006462329 00000 n
-0006462377 00000 n
-0006462549 00000 n
-0006462687 00000 n
-0006462824 00000 n
-0006462960 00000 n
-0006472489 00000 n
-0006472877 00000 n
-0006472925 00000 n
-0006472973 00000 n
-0006473021 00000 n
-0006490752 00000 n
-0006491139 00000 n
-0006491188 00000 n
-0006491237 00000 n
-0006501142 00000 n
-0006501516 00000 n
-0006501564 00000 n
-0006501613 00000 n
-0006502292 00000 n
-0006529723 00000 n
-0006530110 00000 n
-0006530158 00000 n
-0006530207 00000 n
-0006540149 00000 n
-0006540524 00000 n
-0006546037 00000 n
-0006546385 00000 n
-0006550350 00000 n
-0006550717 00000 n
-0006550765 00000 n
-0006550934 00000 n
-0006558846 00000 n
-0006559220 00000 n
-0006559268 00000 n
-0006601102 00000 n
-0006601450 00000 n
-0006603173 00000 n
-0006603521 00000 n
-0006608857 00000 n
-0006609250 00000 n
-0006609298 00000 n
-0006609477 00000 n
-0006616406 00000 n
-0006616767 00000 n
-0006621229 00000 n
-0006621590 00000 n
-0006621638 00000 n
-0006631197 00000 n
-0006631558 00000 n
-0006640298 00000 n
-0006640659 00000 n
-0006649132 00000 n
-0006649493 00000 n
-0006659436 00000 n
-0006659825 00000 n
-0006659873 00000 n
-0006660133 00000 n
-0006660327 00000 n
-0006660375 00000 n
-0006660423 00000 n
-0006669681 00000 n
-0006670042 00000 n
-0006670090 00000 n
-0006682798 00000 n
-0006683159 00000 n
-0006683207 00000 n
-0006683255 00000 n
-0006683303 00000 n
-0006694044 00000 n
-0006694405 00000 n
-0006698259 00000 n
-0006698607 00000 n
-0006708575 00000 n
-0006708923 00000 n
-0006722012 00000 n
-0006722360 00000 n
-0006729262 00000 n
-0006729691 00000 n
-0006729739 00000 n
-0006729950 00000 n
-0006730144 00000 n
-0006730351 00000 n
-0006730553 00000 n
-0006730750 00000 n
-0006743309 00000 n
-0006743734 00000 n
-0006743782 00000 n
-0006744004 00000 n
-0006744052 00000 n
-0006744100 00000 n
-0006744322 00000 n
-0006744557 00000 n
-0006744794 00000 n
-0006744921 00000 n
-0006745154 00000 n
-0006757844 00000 n
-0006758287 00000 n
-0006758335 00000 n
-0006758383 00000 n
-0006758796 00000 n
-0006759208 00000 n
-0006759256 00000 n
-0006759453 00000 n
-0006759501 00000 n
-0006759739 00000 n
-0006759977 00000 n
-0006760214 00000 n
-0006760446 00000 n
-0006760566 00000 n
-0006768658 00000 n
-0006769114 00000 n
-0006769162 00000 n
-0006769288 00000 n
-0006769412 00000 n
-0006769740 00000 n
-0006769964 00000 n
-0006770189 00000 n
-0006770392 00000 n
-0006770586 00000 n
-0006770707 00000 n
-0006782937 00000 n
-0006783324 00000 n
-0006783372 00000 n
-0006783420 00000 n
-0006798089 00000 n
-0006798489 00000 n
-0006798537 00000 n
-0006798585 00000 n
-0006798634 00000 n
-0006807513 00000 n
-0006807906 00000 n
-0006808099 00000 n
-0006808147 00000 n
-0006856648 00000 n
-0006857022 00000 n
-0006857070 00000 n
-0006886436 00000 n
-0006886797 00000 n
-0006886845 00000 n
-0006886893 00000 n
-0006886941 00000 n
-0006909644 00000 n
-0006910037 00000 n
-0006910085 00000 n
-0006910502 00000 n
-0006910551 00000 n
-0006910788 00000 n
-0006948969 00000 n
-0006949330 00000 n
-0006982321 00000 n
-0006982682 00000 n
-0006982730 00000 n
-0007018081 00000 n
-0007018442 00000 n
-0007045403 00000 n
-0007045751 00000 n
-0007083663 00000 n
-0007084011 00000 n
-0007094954 00000 n
-0007095334 00000 n
-0007095382 00000 n
-0007095917 00000 n
-0007096058 00000 n
-0007135023 00000 n
-0007135371 00000 n
-0007151281 00000 n
-0007151755 00000 n
-0007151803 00000 n
-0007152056 00000 n
-0007152239 00000 n
-0007152422 00000 n
-0007152605 00000 n
-0007152788 00000 n
-0007152971 00000 n
-0007153154 00000 n
-0007153337 00000 n
-0007153520 00000 n
-0007153703 00000 n
-0007154135 00000 n
-0007154483 00000 n
-0007154531 00000 n
-0007156802 00000 n
-0007157163 00000 n
-0007157211 00000 n
-0007157259 00000 n
-0007157307 00000 n
-0007157909 00000 n
-0007157957 00000 n
-0007158005 00000 n
-0007167726 00000 n
-0007168074 00000 n
-0007168122 00000 n
-0007168170 00000 n
-0007168218 00000 n
-0007168266 00000 n
-0007176393 00000 n
-0007176836 00000 n
-0007176884 00000 n
-0007177018 00000 n
-0007177066 00000 n
-0007177252 00000 n
-0007177456 00000 n
-0007177659 00000 n
-0007177835 00000 n
-0007178075 00000 n
-0007178282 00000 n
-0007178499 00000 n
-0007191917 00000 n
-0007192395 00000 n
-0007192443 00000 n
-0007192491 00000 n
-0007192539 00000 n
-0007192743 00000 n
-0007192944 00000 n
-0007193143 00000 n
-0007193335 00000 n
-0007193526 00000 n
-0007193778 00000 n
-0007194030 00000 n
-0007194161 00000 n
-0007194287 00000 n
-0007207875 00000 n
-0007208295 00000 n
-0007208343 00000 n
-0007208484 00000 n
-0007208532 00000 n
-0007208580 00000 n
-0007208913 00000 n
-0007208961 00000 n
-0007209107 00000 n
-0007209155 00000 n
-0007209290 00000 n
-0007209338 00000 n
-0007209530 00000 n
-0007222369 00000 n
-0007222839 00000 n
-0007223070 00000 n
-0007223118 00000 n
-0007223273 00000 n
-0007223321 00000 n
-0007223490 00000 n
-0007223539 00000 n
-0007223688 00000 n
-0007223737 00000 n
-0007223892 00000 n
-0007223941 00000 n
-0007224093 00000 n
-0007224243 00000 n
-0007224389 00000 n
-0007224584 00000 n
-0007224778 00000 n
-0007224827 00000 n
-0007225022 00000 n
-0007248965 00000 n
-0007249313 00000 n
-0007250472 00000 n
-0007250807 00000 n
-0007251983 00000 n
-0007252350 00000 n
-0007252398 00000 n
-0007252523 00000 n
-0007263706 00000 n
-0007264167 00000 n
-0007264215 00000 n
-0007264263 00000 n
-0007264390 00000 n
-0007264438 00000 n
-0007264558 00000 n
-0007264697 00000 n
-0007264745 00000 n
-0007264969 00000 n
-0007265104 00000 n
-0007265152 00000 n
-0007265335 00000 n
-0007265529 00000 n
-0007265724 00000 n
-0007265847 00000 n
-0007266050 00000 n
-0007266098 00000 n
-0007282159 00000 n
-0007282561 00000 n
-0007282609 00000 n
-0007282742 00000 n
-0007282967 00000 n
-0007283015 00000 n
-0007300062 00000 n
-0007300487 00000 n
-0007300535 00000 n
-0007300758 00000 n
-0007300879 00000 n
-0007300927 00000 n
-0007301054 00000 n
-0007301277 00000 n
-0007301325 00000 n
-0007301450 00000 n
-0007301575 00000 n
-0007301623 00000 n
-0007302988 00000 n
-0007303351 00000 n
-0007303474 00000 n
-0007303599 00000 n
-0007323598 00000 n
-0007323959 00000 n
-0007324007 00000 n
-0007324055 00000 n
-0007359273 00000 n
-0007359680 00000 n
-0007359728 00000 n
-0007359776 00000 n
-0007359906 00000 n
-0007359954 00000 n
-0007360088 00000 n
-0007360238 00000 n
-0007360371 00000 n
-0007371771 00000 n
-0007372182 00000 n
-0007372230 00000 n
-0007372455 00000 n
-0007372503 00000 n
-0007372630 00000 n
-0007372678 00000 n
-0007373140 00000 n
-0007373321 00000 n
-0007373369 00000 n
-0007373604 00000 n
-0007373652 00000 n
-0007376622 00000 n
-0007377007 00000 n
-0007377260 00000 n
-0007377392 00000 n
-0007377528 00000 n
-0007389105 00000 n
-0007389507 00000 n
-0007389555 00000 n
-0007390105 00000 n
-0007390288 00000 n
-0007390336 00000 n
-0007390550 00000 n
-0007390598 00000 n
-0007390646 00000 n
-0007390694 00000 n
-0007415367 00000 n
-0007415814 00000 n
-0007415862 00000 n
-0007415997 00000 n
-0007416045 00000 n
-0007416273 00000 n
-0007416321 00000 n
-0007416536 00000 n
-0007416671 00000 n
-0007416719 00000 n
-0007416939 00000 n
-0007417172 00000 n
-0007417400 00000 n
-0007431151 00000 n
-0007431629 00000 n
-0007431677 00000 n
-0007432322 00000 n
-0007432453 00000 n
-0007432588 00000 n
-0007432636 00000 n
-0007432821 00000 n
-0007433016 00000 n
-0007433247 00000 n
-0007433442 00000 n
-0007433608 00000 n
-0007433772 00000 n
-0007433899 00000 n
-0007433947 00000 n
-0007433995 00000 n
-0007434043 00000 n
-0007434091 00000 n
-0007434139 00000 n
-0007445016 00000 n
-0007445449 00000 n
-0007445497 00000 n
-0007445545 00000 n
-0007445775 00000 n
-0007445823 00000 n
-0007446016 00000 n
-0007446211 00000 n
-0007446407 00000 n
-0007453738 00000 n
-0007454118 00000 n
-0007454248 00000 n
-0007458604 00000 n
-0007459011 00000 n
-0007459059 00000 n
-0007459107 00000 n
-0007459232 00000 n
-0007459358 00000 n
-0007459627 00000 n
-0007459675 00000 n
-0007459938 00000 n
-0007474673 00000 n
-0007475165 00000 n
-0007475213 00000 n
-0007475338 00000 n
-0007475386 00000 n
-0007475576 00000 n
-0007475767 00000 n
-0007475815 00000 n
-0007476009 00000 n
-0007476207 00000 n
-0007476389 00000 n
-0007476571 00000 n
-0007476763 00000 n
-0007477032 00000 n
-0007477301 00000 n
-0007477551 00000 n
-0007477799 00000 n
-0007485982 00000 n
-0007486428 00000 n
-0007486621 00000 n
-0007486815 00000 n
-0007487010 00000 n
-0007487205 00000 n
-0007487254 00000 n
-0007489462 00000 n
-0007489810 00000 n
-0007489858 00000 n
-0007495043 00000 n
-0007495419 00000 n
-0007495467 00000 n
-0007495594 00000 n
-0007495718 00000 n
-0007496662 00000 n
-0007497029 00000 n
-0007497077 00000 n
-0007497205 00000 n
-0007497766 00000 n
-0007498114 00000 n
-0007498162 00000 n
-0007505422 00000 n
-0007505860 00000 n
-0007505908 00000 n
-0007506079 00000 n
-0007506198 00000 n
-0007506349 00000 n
-0007506499 00000 n
-0007506755 00000 n
-0007506879 00000 n
-0007516476 00000 n
-0007516850 00000 n
-0007516898 00000 n
-0007516946 00000 n
-0007516994 00000 n
-0007517042 00000 n
-0007517090 00000 n
-0007517761 00000 n
-0007517809 00000 n
-0007541496 00000 n
-0007541883 00000 n
-0007541931 00000 n
-0007636995 00000 n
-0007637356 00000 n
-0007667302 00000 n
-0007667691 00000 n
-0007667950 00000 n
-0007668072 00000 n
-0007674520 00000 n
-0007674932 00000 n
-0007674980 00000 n
-0007675028 00000 n
-0007675195 00000 n
-0007675243 00000 n
-0007675429 00000 n
-0007675575 00000 n
-0007675762 00000 n
-0007675810 00000 n
-0007675981 00000 n
-0007676029 00000 n
-0007676077 00000 n
-0007676262 00000 n
-0007681508 00000 n
-0007681888 00000 n
-0007681936 00000 n
-0007681984 00000 n
-0007682032 00000 n
-0007682080 00000 n
-0007682576 00000 n
-0007682704 00000 n
-0007682752 00000 n
-0007733123 00000 n
-0007733498 00000 n
-0007733546 00000 n
-0007733594 00000 n
-0007733642 00000 n
-0007745348 00000 n
-0007745741 00000 n
-0007745927 00000 n
-0007745975 00000 n
-0007775591 00000 n
-0007775952 00000 n
-0007776000 00000 n
-0007856438 00000 n
-0007856786 00000 n
-0007923243 00000 n
-0007923591 00000 n
-0007975235 00000 n
-0007975583 00000 n
-0008029560 00000 n
-0008029940 00000 n
-0008029988 00000 n
-0008030150 00000 n
-0008030198 00000 n
-0008044548 00000 n
-0008044986 00000 n
-0008045034 00000 n
-0008045170 00000 n
-0008045218 00000 n
-0008045356 00000 n
-0008045404 00000 n
-0008045547 00000 n
-0008045787 00000 n
-0008045835 00000 n
-0008045977 00000 n
-0008046261 00000 n
-0008046309 00000 n
-0008060321 00000 n
-0008060746 00000 n
-0008060794 00000 n
-0008060927 00000 n
-0008061062 00000 n
-0008061323 00000 n
-0008061371 00000 n
-0008061569 00000 n
-0008061767 00000 n
-0008061960 00000 n
-0008105755 00000 n
-0008106162 00000 n
-0008106210 00000 n
-0008106354 00000 n
-0008106402 00000 n
-0008106635 00000 n
-0008106910 00000 n
-0008107183 00000 n
-0008117662 00000 n
-0008118073 00000 n
-0008118121 00000 n
-0008118358 00000 n
-0008118581 00000 n
-0008118810 00000 n
-0008132303 00000 n
-0008132683 00000 n
-0008132731 00000 n
-0008132779 00000 n
-0008132916 00000 n
-0008137297 00000 n
-0008137718 00000 n
-0008137766 00000 n
-0008138465 00000 n
-0008138658 00000 n
-0008138849 00000 n
-0008139042 00000 n
-0008139236 00000 n
-0008139427 00000 n
-0008139619 00000 n
-0008139815 00000 n
-0008159138 00000 n
-0008159527 00000 n
-0008159575 00000 n
-0008159701 00000 n
-0008159749 00000 n
-0008159988 00000 n
-0008160036 00000 n
-0008175216 00000 n
-0008175609 00000 n
-0008175840 00000 n
-0008175888 00000 n
-0008175936 00000 n
-0008175984 00000 n
-0008176817 00000 n
-0008177165 00000 n
-0008180255 00000 n
-0008180644 00000 n
-0008180692 00000 n
-0008180740 00000 n
-0008180872 00000 n
-0008180920 00000 n
-0008180968 00000 n
-0008181389 00000 n
-0008181520 00000 n
-0008212229 00000 n
-0008212622 00000 n
-0008212670 00000 n
-0008212804 00000 n
-0008212852 00000 n
-0008212900 00000 n
-0008212948 00000 n
-0008212996 00000 n
-0008223571 00000 n
-0008223919 00000 n
-0008236690 00000 n
-0008237083 00000 n
-0008237211 00000 n
-0008237260 00000 n
-0008248086 00000 n
-0008248434 00000 n
-0008269925 00000 n
-0008270345 00000 n
-0008270522 00000 n
-0008270698 00000 n
-0008270747 00000 n
-0008270796 00000 n
-0008270991 00000 n
-0008271185 00000 n
-0008271234 00000 n
-0008271283 00000 n
-0008272110 00000 n
-0008293120 00000 n
-0008293481 00000 n
-0008293529 00000 n
-0008293577 00000 n
-0008293625 00000 n
-0008293673 00000 n
-0008338446 00000 n
-0008338807 00000 n
-0008349393 00000 n
-0008349791 00000 n
-0008349931 00000 n
-0008349979 00000 n
-0008350027 00000 n
-0008350219 00000 n
-0008350411 00000 n
-0008350459 00000 n
-0008350507 00000 n
-0008352179 00000 n
-0008352540 00000 n
-0008352588 00000 n
-0008358737 00000 n
-0008359122 00000 n
-0008359170 00000 n
-0008359306 00000 n
-0008359354 00000 n
-0008359402 00000 n
-0008359450 00000 n
-0008359643 00000 n
-0008359834 00000 n
-0008359882 00000 n
-0008367703 00000 n
-0008368083 00000 n
-0008368208 00000 n
-0008368256 00000 n
-0008374376 00000 n
-0008374778 00000 n
-0008374826 00000 n
-0008375544 00000 n
-0008375592 00000 n
-0008375640 00000 n
-0008375688 00000 n
-0008375890 00000 n
-0008376033 00000 n
-0008393096 00000 n
-0008393485 00000 n
-0008393533 00000 n
-0008393581 00000 n
-0008393629 00000 n
-0008393800 00000 n
-0008393848 00000 n
-0008394031 00000 n
-0008397153 00000 n
-0008397520 00000 n
-0008397568 00000 n
-0008397616 00000 n
-0008397750 00000 n
-0008410840 00000 n
-0008411233 00000 n
-0008411281 00000 n
-0008411454 00000 n
-0008423855 00000 n
-0008424270 00000 n
-0008424460 00000 n
-0008424701 00000 n
-0008426677 00000 n
-0008427025 00000 n
-0008449399 00000 n
-0008449788 00000 n
-0008449836 00000 n
-0008449884 00000 n
-0008450076 00000 n
-0008450265 00000 n
-0008451209 00000 n
-0008451576 00000 n
-0008451624 00000 n
-0008451752 00000 n
-0008465436 00000 n
-0008465810 00000 n
-0008465858 00000 n
-0008465906 00000 n
-0008473785 00000 n
-0008474200 00000 n
-0008474248 00000 n
-0008474296 00000 n
-0008474491 00000 n
-0008474708 00000 n
-0008498850 00000 n
-0008499239 00000 n
-0008499287 00000 n
-0008499335 00000 n
-0008499529 00000 n
-0008499722 00000 n
-0008500142 00000 n
-0008500490 00000 n
-0008500538 00000 n
-0008502561 00000 n
-0008502946 00000 n
-0008502994 00000 n
-0008503119 00000 n
-0008503242 00000 n
-0008503365 00000 n
-0008504159 00000 n
-0008504526 00000 n
-0008504574 00000 n
-0008504707 00000 n
-0008513832 00000 n
-0008514193 00000 n
-0008514241 00000 n
-0008514289 00000 n
-0008514337 00000 n
-0008514385 00000 n
-0008514434 00000 n
-0008514483 00000 n
-0008514532 00000 n
-0008527305 00000 n
-0008527666 00000 n
-0008527714 00000 n
-0008527761 00000 n
-0008527809 00000 n
-0008536510 00000 n
-0008536890 00000 n
-0008536938 00000 n
-0008537403 00000 n
-0008537451 00000 n
-0008537669 00000 n
-0008541259 00000 n
-0008541675 00000 n
-0008541723 00000 n
-0008542208 00000 n
-0008542395 00000 n
-0008542443 00000 n
-0008542652 00000 n
-0008542858 00000 n
-0008543009 00000 n
-0008543157 00000 n
-0008545372 00000 n
-0008545757 00000 n
-0008545805 00000 n
-0008546452 00000 n
-0008546575 00000 n
-0008546700 00000 n
-0008546830 00000 n
-0008560885 00000 n
-0008561305 00000 n
-0008561353 00000 n
-0008561470 00000 n
-0008561587 00000 n
-0008561711 00000 n
-0008561832 00000 n
-0008573214 00000 n
-0008573601 00000 n
-0008573649 00000 n
-0008595264 00000 n
-0008595625 00000 n
-0008595673 00000 n
-0008605260 00000 n
-0008605621 00000 n
-0008605669 00000 n
-0008605717 00000 n
-0008605765 00000 n
-0008605813 00000 n
-0008605861 00000 n
-0008617762 00000 n
-0008618136 00000 n
-0008618184 00000 n
-0008618232 00000 n
-0008618280 00000 n
-0008631632 00000 n
-0008632006 00000 n
-0008632055 00000 n
-0008642335 00000 n
-0008642728 00000 n
-0008642878 00000 n
-0008642926 00000 n
-0008642974 00000 n
-0008655456 00000 n
-0008655858 00000 n
-0008655906 00000 n
-0008656036 00000 n
-0008656084 00000 n
-0008657007 00000 n
-0008657131 00000 n
-0008657179 00000 n
-0008657227 00000 n
-0008657275 00000 n
-0008662046 00000 n
-0008662452 00000 n
-0008662501 00000 n
-0008662634 00000 n
-0008662683 00000 n
-0008672321 00000 n
-0008672695 00000 n
-0008691432 00000 n
-0008691838 00000 n
-0008692064 00000 n
-0008692113 00000 n
-0008706665 00000 n
-0008707054 00000 n
-0008707238 00000 n
-0008707286 00000 n
-0008707334 00000 n
-0008715129 00000 n
-0008715509 00000 n
-0008715642 00000 n
-0008715690 00000 n
-0008715738 00000 n
-0008724394 00000 n
-0008724796 00000 n
-0008724844 00000 n
-0008724892 00000 n
-0008725023 00000 n
-0008725071 00000 n
-0008725196 00000 n
-0008734302 00000 n
-0008734695 00000 n
-0008734744 00000 n
-0008735279 00000 n
-0008735412 00000 n
-0008735461 00000 n
-0008735510 00000 n
-0008747583 00000 n
-0008747986 00000 n
-0008748034 00000 n
-0008748524 00000 n
-0008748747 00000 n
-0008748795 00000 n
-0008749022 00000 n
-0008760054 00000 n
-0008760452 00000 n
-0008760500 00000 n
-0008760682 00000 n
-0008760874 00000 n
-0008760922 00000 n
-0008761161 00000 n
-0008761209 00000 n
-0008772092 00000 n
-0008772453 00000 n
-0008772501 00000 n
-0008772549 00000 n
-0008772597 00000 n
-0008772645 00000 n
-0008787473 00000 n
-0008787875 00000 n
-0008787923 00000 n
-0008788070 00000 n
-0008788217 00000 n
-0008800446 00000 n
-0008800820 00000 n
-0008800868 00000 n
-0008800916 00000 n
-0008811472 00000 n
-0008811839 00000 n
-0008812076 00000 n
-0008817131 00000 n
-0008817492 00000 n
-0008817540 00000 n
-0008823560 00000 n
-0008823967 00000 n
-0008824015 00000 n
-0008824063 00000 n
-0008824331 00000 n
-0008824458 00000 n
-0008824506 00000 n
-0008824757 00000 n
-0008824952 00000 n
-0008836934 00000 n
-0008837340 00000 n
-0008837388 00000 n
-0008837436 00000 n
-0008837556 00000 n
-0008857399 00000 n
-0008857786 00000 n
-0008857835 00000 n
-0008857884 00000 n
-0008870567 00000 n
-0008871004 00000 n
-0008871219 00000 n
-0008871267 00000 n
-0008871421 00000 n
-0008871709 00000 n
-0008871758 00000 n
-0008871807 00000 n
-0008885365 00000 n
-0008885758 00000 n
-0008885807 00000 n
-0008885937 00000 n
-0008885986 00000 n
-0008899330 00000 n
-0008899723 00000 n
-0008899842 00000 n
-0008899890 00000 n
-0008901889 00000 n
-0008902237 00000 n
-0008915526 00000 n
-0008915981 00000 n
-0008916029 00000 n
-0008916260 00000 n
-0008916308 00000 n
-0008916543 00000 n
-0008916776 00000 n
-0008917023 00000 n
-0008917269 00000 n
-0008917318 00000 n
-0008917367 00000 n
-0008933779 00000 n
-0008934181 00000 n
-0008934359 00000 n
-0008934408 00000 n
-0008934457 00000 n
-0008940758 00000 n
-0008941106 00000 n
-0008941154 00000 n
-0008948875 00000 n
-0008949223 00000 n
-0008950408 00000 n
-0008950756 00000 n
-0008961533 00000 n
-0008961931 00000 n
-0008961979 00000 n
-0008962027 00000 n
-0008962194 00000 n
-0008962320 00000 n
-0008962450 00000 n
-0008962498 00000 n
-0008962546 00000 n
-0008962594 00000 n
-0008997702 00000 n
-0008998063 00000 n
-0008998111 00000 n
-0008998159 00000 n
-0008998207 00000 n
-0009155348 00000 n
-0009158968 00000 n
-0009159663 00000 n
-0009160038 00000 n
-0009254188 00000 n
-0009340509 00000 n
-0009341529 00000 n
-0009341905 00000 n
-0009412422 00000 n
-0009424901 00000 n
-0009425299 00000 n
-0009425347 00000 n
-0009425540 00000 n
-0009425671 00000 n
-0009425719 00000 n
-0009425913 00000 n
-0009437420 00000 n
-0009437800 00000 n
-0009437937 00000 n
-0009490409 00000 n
-0009496073 00000 n
-0009496461 00000 n
-0009496511 00000 n
-0009505762 00000 n
-0009506168 00000 n
-0009506302 00000 n
-0009506351 00000 n
-0009518913 00000 n
-0009519315 00000 n
-0009519511 00000 n
-0009519706 00000 n
-0009519755 00000 n
-0009526422 00000 n
-0009526829 00000 n
-0009526877 00000 n
-0009682964 00000 n
-0009684985 00000 n
-0009685035 00000 n
-0009685733 00000 n
-0009685956 00000 n
-0009701316 00000 n
-0009701709 00000 n
-0009701758 00000 n
-0009701955 00000 n
-0009702004 00000 n
-0009716510 00000 n
-0009716903 00000 n
-0009716951 00000 n
-0009716999 00000 n
-0009717131 00000 n
-0009729255 00000 n
-0009729629 00000 n
-0009729677 00000 n
-0009729725 00000 n
-0009729773 00000 n
-0009739243 00000 n
-0009739591 00000 n
-0009748023 00000 n
-0009748384 00000 n
-0009748432 00000 n
-0009759080 00000 n
-0009759428 00000 n
-0009776399 00000 n
-0009776773 00000 n
-0009776821 00000 n
-0009776869 00000 n
-0009789914 00000 n
-0009790343 00000 n
-0009790391 00000 n
-0009790511 00000 n
-0009790641 00000 n
-0009790778 00000 n
-0009790826 00000 n
-0009791344 00000 n
-0009791471 00000 n
-0009791600 00000 n
-0009791649 00000 n
-0009799535 00000 n
-0009799883 00000 n
-0009809464 00000 n
-0009809838 00000 n
-0009809886 00000 n
-0009809935 00000 n
-0009824538 00000 n
-0009824912 00000 n
-0009824960 00000 n
-0009838945 00000 n
-0009839325 00000 n
-0009839372 00000 n
-0009839565 00000 n
-0009850225 00000 n
-0009850599 00000 n
-0009850648 00000 n
-0009867394 00000 n
-0009867774 00000 n
-0009867822 00000 n
-0009868015 00000 n
-0009869472 00000 n
-0009869820 00000 n
-0009878199 00000 n
-0009878584 00000 n
-0009878632 00000 n
-0009878836 00000 n
-0009878884 00000 n
-0009878932 00000 n
-0009879636 00000 n
-0009879684 00000 n
-0009879732 00000 n
-0009879780 00000 n
-0009879982 00000 n
-0009880030 00000 n
-0009880155 00000 n
-0009881914 00000 n
-0009882290 00000 n
-0009882338 00000 n
-0009882460 00000 n
-0009882578 00000 n
-0009896652 00000 n
-0009897026 00000 n
-0009897074 00000 n
-0009897122 00000 n
-0009897170 00000 n
-0009906419 00000 n
-0009906793 00000 n
-0009906841 00000 n
-0009906889 00000 n
-0009906937 00000 n
-0009906985 00000 n
-0009917718 00000 n
-0009918142 00000 n
-0009918190 00000 n
-0009918336 00000 n
-0009918384 00000 n
-0009918433 00000 n
-0009918565 00000 n
-0009918696 00000 n
-0009930692 00000 n
-0009931040 00000 n
-0009935336 00000 n
-0009935765 00000 n
-0009935813 00000 n
-0009935939 00000 n
-0009936065 00000 n
-0009936271 00000 n
-0009936400 00000 n
-0009936527 00000 n
-0009949080 00000 n
-0009949537 00000 n
-0009949585 00000 n
-0009949633 00000 n
-0009949681 00000 n
-0009949805 00000 n
-0009949929 00000 n
-0009950057 00000 n
-0009950184 00000 n
-0009950368 00000 n
-0009950485 00000 n
-0009950619 00000 n
-0009950667 00000 n
-0009950781 00000 n
-0009950908 00000 n
-0009950956 00000 n
-0009951074 00000 n
-0009951201 00000 n
-0009968906 00000 n
-0009969344 00000 n
-0009969392 00000 n
-0009970137 00000 n
-0009970268 00000 n
-0009970493 00000 n
-0009970637 00000 n
-0009970685 00000 n
-0009970733 00000 n
-0009970865 00000 n
-0009971015 00000 n
-0009971170 00000 n
-0009983041 00000 n
-0009983430 00000 n
-0009983478 00000 n
-0009983526 00000 n
-0009983668 00000 n
-0009983802 00000 n
-0009996712 00000 n
-0009997173 00000 n
-0009997300 00000 n
-0009997348 00000 n
-0009997396 00000 n
-0009997536 00000 n
-0009997681 00000 n
-0009997805 00000 n
-0009997853 00000 n
-0009997979 00000 n
-0009998127 00000 n
-0009998262 00000 n
-0009998310 00000 n
-0009998453 00000 n
-0009998601 00000 n
-0009998733 00000 n
-0010012584 00000 n
-0010012945 00000 n
-0010012993 00000 n
-0010013606 00000 n
-0010029809 00000 n
-0010030225 00000 n
-0010030273 00000 n
-0010030487 00000 n
-0010030698 00000 n
-0010061735 00000 n
-0010062122 00000 n
-0010073979 00000 n
-0010074353 00000 n
-0010074401 00000 n
-0010074449 00000 n
-0010074497 00000 n
-0010074545 00000 n
-0010074593 00000 n
-0010084517 00000 n
-0010084878 00000 n
-0010084926 00000 n
-0010095801 00000 n
-0010096190 00000 n
-0010096238 00000 n
-0010096460 00000 n
-0010096681 00000 n
-0010107134 00000 n
-0010107501 00000 n
-0010107752 00000 n
-0010117165 00000 n
-0010117513 00000 n
-0010130197 00000 n
-0010130545 00000 n
-0010141461 00000 n
-0010141823 00000 n
-0010143169 00000 n
-0010143517 00000 n
-0010143565 00000 n
-0010144265 00000 n
-0010155984 00000 n
-0010156436 00000 n
-0010156484 00000 n
-0010156800 00000 n
-0010156980 00000 n
-0010157107 00000 n
-0010157227 00000 n
-0010157275 00000 n
-0010157461 00000 n
-0010157509 00000 n
-0010158066 00000 n
-0010158241 00000 n
-0010158413 00000 n
-0010158461 00000 n
-0010158629 00000 n
-0010158677 00000 n
-0010159001 00000 n
-0010159198 00000 n
-0010171691 00000 n
-0010172065 00000 n
-0010172113 00000 n
-0010182125 00000 n
-0010182540 00000 n
-0010182588 00000 n
-0010182902 00000 n
-0010183215 00000 n
-0010185583 00000 n
-0010185968 00000 n
-0010186016 00000 n
-0010186208 00000 n
-0010186402 00000 n
-0010186571 00000 n
-0010200570 00000 n
-0010200986 00000 n
-0010201034 00000 n
-0010201082 00000 n
-0010201550 00000 n
-0010201598 00000 n
-0010201732 00000 n
-0010201780 00000 n
-0010201828 00000 n
-0010202002 00000 n
-0010212001 00000 n
-0010212375 00000 n
-0010212423 00000 n
-0010212470 00000 n
-0010212518 00000 n
-0010222095 00000 n
-0010222539 00000 n
-0010222587 00000 n
-0010222812 00000 n
-0010223036 00000 n
-0010223084 00000 n
-0010223225 00000 n
-0010223274 00000 n
-0010223400 00000 n
-0010223598 00000 n
-0010233601 00000 n
-0010234016 00000 n
-0010234064 00000 n
-0010234112 00000 n
-0010234232 00000 n
-0010234281 00000 n
-0010234330 00000 n
-0010234456 00000 n
-0010234505 00000 n
-0010235017 00000 n
-0010235066 00000 n
-0010246563 00000 n
-0010246965 00000 n
-0010247013 00000 n
-0010247146 00000 n
-0010247275 00000 n
-0010247323 00000 n
-0010247371 00000 n
-0010260552 00000 n
-0010260958 00000 n
-0010261005 00000 n
-0010261053 00000 n
-0010261179 00000 n
-0010263436 00000 n
-0010263825 00000 n
-0010263873 00000 n
-0010264391 00000 n
-0010264583 00000 n
-0010264772 00000 n
-0010266259 00000 n
-0010266652 00000 n
-0010266700 00000 n
-0010266823 00000 n
-0010266872 00000 n
-0010284051 00000 n
-0010284425 00000 n
-0010284474 00000 n
-0010301468 00000 n
-0010301919 00000 n
-0010302054 00000 n
-0010302188 00000 n
-0010302322 00000 n
-0010302511 00000 n
-0010302685 00000 n
-0010302880 00000 n
-0010314466 00000 n
-0010314855 00000 n
-0010315067 00000 n
-0010315270 00000 n
-0010329567 00000 n
-0010329978 00000 n
-0010330113 00000 n
-0010330248 00000 n
-0010330383 00000 n
-0010344249 00000 n
-0010344660 00000 n
-0010344838 00000 n
-0010345035 00000 n
-0010345237 00000 n
-0010358826 00000 n
-0010359313 00000 n
-0010359503 00000 n
-0010359692 00000 n
-0010359886 00000 n
-0010360079 00000 n
-0010360270 00000 n
-0010360463 00000 n
-0010360655 00000 n
-0010360703 00000 n
-0010360838 00000 n
-0010360973 00000 n
-0010361108 00000 n
-0010363618 00000 n
-0010363998 00000 n
-0010364128 00000 n
-0010367694 00000 n
-0010368079 00000 n
-0010368127 00000 n
-0010368332 00000 n
-0010368514 00000 n
-0010368694 00000 n
-0010377764 00000 n
-0010378176 00000 n
-0010378224 00000 n
-0010378397 00000 n
-0010378568 00000 n
-0010378738 00000 n
-0010380815 00000 n
-0010381191 00000 n
-0010381239 00000 n
-0010381438 00000 n
-0010381589 00000 n
-0010384141 00000 n
-0010384535 00000 n
-0010384583 00000 n
-0010384752 00000 n
-0010384800 00000 n
-0010385482 00000 n
-0010385636 00000 n
-0010385684 00000 n
-0010385853 00000 n
-0010385983 00000 n
-0010398856 00000 n
-0010399263 00000 n
-0010399311 00000 n
-0010399436 00000 n
-0010399484 00000 n
-0010399616 00000 n
-0010399664 00000 n
-0010399796 00000 n
-0010400010 00000 n
-0010410847 00000 n
-0010411227 00000 n
-0010411275 00000 n
-0010411412 00000 n
-0010411460 00000 n
-0010412022 00000 n
-0010436378 00000 n
-0010436811 00000 n
-0010437004 00000 n
-0010437138 00000 n
-0010437194 00000 n
-0010437378 00000 n
-0010437434 00000 n
-0010437617 00000 n
-0010437673 00000 n
-0010450513 00000 n
-0010450906 00000 n
-0010450961 00000 n
-0010451095 00000 n
-0010451143 00000 n
-0010451191 00000 n
-0010451239 00000 n
-0010451287 00000 n
-0010451335 00000 n
-0010463072 00000 n
-0010463446 00000 n
-0010463494 00000 n
-0010463542 00000 n
-0010463590 00000 n
-0010478054 00000 n
-0010478428 00000 n
-0010478476 00000 n
-0010478524 00000 n
-0010478572 00000 n
-0010479092 00000 n
-0010486432 00000 n
-0010486780 00000 n
-0010486828 00000 n
-0010486876 00000 n
-0010486924 00000 n
-0010486972 00000 n
-0010512647 00000 n
-0010513008 00000 n
-0010513056 00000 n
-0010513477 00000 n
-0010513701 00000 n
-0010530316 00000 n
-0010530692 00000 n
-0010546320 00000 n
-0010546713 00000 n
-0010546761 00000 n
-0010546961 00000 n
-0010547009 00000 n
-0010547057 00000 n
-0010563944 00000 n
-0010564364 00000 n
-0010564559 00000 n
-0010564742 00000 n
-0010564790 00000 n
-0010564973 00000 n
-0010565155 00000 n
-0010577335 00000 n
-0010577683 00000 n
-0010589837 00000 n
-0010590230 00000 n
-0010590279 00000 n
-0010590693 00000 n
-0010590742 00000 n
-0010590878 00000 n
-0010590927 00000 n
-0010591423 00000 n
-0010607254 00000 n
-0010607615 00000 n
-0010617592 00000 n
-0010617979 00000 n
-0010618027 00000 n
-0010618075 00000 n
-0010618123 00000 n
-0010618171 00000 n
-0010640557 00000 n
-0010640946 00000 n
-0010640994 00000 n
-0010641196 00000 n
-0010641335 00000 n
-0010641383 00000 n
-0010642075 00000 n
-0010642123 00000 n
-0010667539 00000 n
-0010667900 00000 n
-0010667948 00000 n
-0010667996 00000 n
-0010668044 00000 n
-0010668092 00000 n
-0010679351 00000 n
-0010679766 00000 n
-0010679814 00000 n
-0010679862 00000 n
-0010679910 00000 n
-0010679958 00000 n
-0010680007 00000 n
-0010680235 00000 n
-0010680462 00000 n
-0010690040 00000 n
-0010690446 00000 n
-0010690494 00000 n
-0010690542 00000 n
-0010690737 00000 n
-0010690785 00000 n
-0010702849 00000 n
-0010703242 00000 n
-0010703290 00000 n
-0010703501 00000 n
-0010703549 00000 n
-0010704327 00000 n
-0010704528 00000 n
-0010704576 00000 n
-0010704624 00000 n
-0010704672 00000 n
-0010705266 00000 n
-0010720173 00000 n
-0010720602 00000 n
-0010720650 00000 n
-0010720835 00000 n
-0010721007 00000 n
-0010721187 00000 n
-0010721365 00000 n
-0010721413 00000 n
-0010721551 00000 n
-0010736211 00000 n
-0010736678 00000 n
-0010736806 00000 n
-0010737025 00000 n
-0010737074 00000 n
-0010737200 00000 n
-0010737330 00000 n
-0010737379 00000 n
-0010737428 00000 n
-0010738100 00000 n
-0010738270 00000 n
-0010738440 00000 n
-0010751596 00000 n
-0010752049 00000 n
-0010752239 00000 n
-0010752287 00000 n
-0010752335 00000 n
-0010752530 00000 n
-0010752716 00000 n
-0010752764 00000 n
-0010752996 00000 n
-0010753044 00000 n
-0010753235 00000 n
-0010753430 00000 n
-0010753478 00000 n
-0010768590 00000 n
-0010768996 00000 n
-0010769187 00000 n
-0010777555 00000 n
-0010777903 00000 n
-0010788186 00000 n
-0010788547 00000 n
-0010788595 00000 n
-0010788643 00000 n
-0010799842 00000 n
-0010800280 00000 n
-0010800464 00000 n
-0010800512 00000 n
-0010800720 00000 n
-0010800927 00000 n
-0010800975 00000 n
-0010801022 00000 n
-0010801204 00000 n
-0010801385 00000 n
-0010801433 00000 n
-0010801481 00000 n
-0010801632 00000 n
-0010815203 00000 n
-0010815596 00000 n
-0010815644 00000 n
-0010815692 00000 n
-0010815954 00000 n
-0010816002 00000 n
-0010817990 00000 n
-0010818370 00000 n
-0010818418 00000 n
-0010819341 00000 n
-0010819536 00000 n
-0010821453 00000 n
-0010821838 00000 n
-0010821886 00000 n
-0010822120 00000 n
-0010822353 00000 n
-0010822481 00000 n
-0010848178 00000 n
-0010848558 00000 n
-0010848606 00000 n
-0010848767 00000 n
-0010874224 00000 n
-0010874591 00000 n
-0010874790 00000 n
-0010882430 00000 n
-0010882819 00000 n
-0010882867 00000 n
-0010883047 00000 n
-0010883173 00000 n
-0010927526 00000 n
-0010927874 00000 n
-0010960045 00000 n
-0010960425 00000 n
-0010960473 00000 n
-0010960643 00000 n
-0011005351 00000 n
-0011005699 00000 n
-0011012420 00000 n
-0011012813 00000 n
-0011012861 00000 n
-0011012987 00000 n
-0011060366 00000 n
-0011060746 00000 n
-0011061000 00000 n
-0011061404 00000 n
-0011061752 00000 n
-0011061800 00000 n
-0011077352 00000 n
-0011077772 00000 n
-0011077820 00000 n
-0011078013 00000 n
-0011078139 00000 n
-0011078254 00000 n
-0011078385 00000 n
-0011078433 00000 n
-0011101292 00000 n
-0011101640 00000 n
-0011107099 00000 n
-0011107503 00000 n
-0011107551 00000 n
-0011107744 00000 n
-0011107924 00000 n
-0011108156 00000 n
-0011124165 00000 n
-0011124554 00000 n
-0011124602 00000 n
-0011135454 00000 n
-0011135815 00000 n
-0011135863 00000 n
-0011135911 00000 n
-0011135959 00000 n
-0011136007 00000 n
-0011143312 00000 n
-0011143705 00000 n
-0011143753 00000 n
-0011143989 00000 n
-0011146770 00000 n
-0011147131 00000 n
-0011147179 00000 n
-0011152048 00000 n
-0011152409 00000 n
-0011152457 00000 n
-0011154153 00000 n
-0011154501 00000 n
-0011154549 00000 n
-0011157655 00000 n
-0011158003 00000 n
-0011158051 00000 n
-0011158505 00000 n
-0011165941 00000 n
-0011166302 00000 n
-0011166350 00000 n
-0011174756 00000 n
-0011175130 00000 n
-0011175178 00000 n
-0011175226 00000 n
-0011175274 00000 n
-0011177413 00000 n
-0011177789 00000 n
-0011177837 00000 n
-0011178055 00000 n
-0011178288 00000 n
-0011180612 00000 n
-0011180973 00000 n
-0011181021 00000 n
-0011192413 00000 n
-0011192842 00000 n
-0011192890 00000 n
-0011193086 00000 n
-0011193282 00000 n
-0011193401 00000 n
-0011193596 00000 n
-0011193715 00000 n
-0011200011 00000 n
-0011200372 00000 n
-0011200420 00000 n
-0011200963 00000 n
-0011234320 00000 n
-0011234694 00000 n
-0011234742 00000 n
-0011234790 00000 n
-0011292840 00000 n
-0011293188 00000 n
-0011295072 00000 n
-0011295420 00000 n
-0011295468 00000 n
-0011296471 00000 n
-0011296819 00000 n
-0011296867 00000 n
-0011303006 00000 n
-0011303367 00000 n
-0011303415 00000 n
-0011303463 00000 n
-0011303511 00000 n
-0011305767 00000 n
-0011306115 00000 n
-0011306163 00000 n
-0011306211 00000 n
-0011306259 00000 n
-0011306307 00000 n
-0011306355 00000 n
-0011312257 00000 n
-0011312646 00000 n
-0011312694 00000 n
-0011312889 00000 n
-0011313112 00000 n
-0011313160 00000 n
-0011332051 00000 n
-0011332457 00000 n
-0011332505 00000 n
-0011332650 00000 n
-0011351198 00000 n
-0011351604 00000 n
-0011351827 00000 n
-0011359840 00000 n
-0011360260 00000 n
-0011360308 00000 n
-0011360522 00000 n
-0011360735 00000 n
-0011360929 00000 n
-0011361157 00000 n
-0011381088 00000 n
-0011381490 00000 n
-0011381538 00000 n
-0011382121 00000 n
-0011382311 00000 n
-0011382506 00000 n
-0011382700 00000 n
-0011382748 00000 n
-0011402904 00000 n
-0011403297 00000 n
-0011403345 00000 n
-0011403590 00000 n
-0011434508 00000 n
-0011434882 00000 n
-0011434930 00000 n
-0011454117 00000 n
-0011454478 00000 n
-0011463440 00000 n
-0011463814 00000 n
-0011463861 00000 n
-0011463908 00000 n
-0011474101 00000 n
-0011474462 00000 n
-0011474510 00000 n
-0011474558 00000 n
-0011474606 00000 n
-0011477521 00000 n
-0011477901 00000 n
-0011477949 00000 n
-0011478145 00000 n
-0011478193 00000 n
-0011478581 00000 n
-0011478929 00000 n
-0011478977 00000 n
-0011487299 00000 n
-0011487710 00000 n
-0011487758 00000 n
-0011487946 00000 n
-0011487995 00000 n
-0011488182 00000 n
-0011488231 00000 n
-0011488416 00000 n
-0011488465 00000 n
-0011497060 00000 n
-0011497453 00000 n
-0011497501 00000 n
-0011497549 00000 n
-0011497735 00000 n
-0011501105 00000 n
-0011501485 00000 n
-0011501533 00000 n
-0011501718 00000 n
-0011502104 00000 n
-0011502452 00000 n
-0011502500 00000 n
-0011514424 00000 n
-0011514835 00000 n
-0011514883 00000 n
-0011515060 00000 n
-0011515227 00000 n
-0011515352 00000 n
-0011515400 00000 n
-0011515448 00000 n
-0011529114 00000 n
-0011529522 00000 n
-0011529570 00000 n
-0011530085 00000 n
-0011530306 00000 n
-0011550479 00000 n
-0011550890 00000 n
-0011551033 00000 n
-0011551080 00000 n
-0011551128 00000 n
-0011551176 00000 n
-0011551345 00000 n
-0011551530 00000 n
-0011577119 00000 n
-0011577517 00000 n
-0011577724 00000 n
-0011577932 00000 n
-0011578139 00000 n
-0011596273 00000 n
-0011596634 00000 n
-0011611324 00000 n
-0011611731 00000 n
-0011611936 00000 n
-0011612141 00000 n
-0011612344 00000 n
-0011612548 00000 n
-0011620922 00000 n
-0011621283 00000 n
-0011629634 00000 n
-0011630032 00000 n
-0011630240 00000 n
-0011630450 00000 n
-0011630659 00000 n
-0011644876 00000 n
-0011645278 00000 n
-0011645474 00000 n
-0011645670 00000 n
-0011662574 00000 n
-0011662981 00000 n
-0011663031 00000 n
-0011663164 00000 n
-0011663214 00000 n
-0011673797 00000 n
-0011674171 00000 n
-0011674219 00000 n
-0011674267 00000 n
-0011685358 00000 n
-0011685796 00000 n
-0011685844 00000 n
-0011686278 00000 n
-0011686326 00000 n
-0011686454 00000 n
-0011686640 00000 n
-0011686811 00000 n
-0011686936 00000 n
-0011687063 00000 n
-0011687191 00000 n
-0011687239 00000 n
-0011699167 00000 n
-0011699650 00000 n
-0011699699 00000 n
-0011699827 00000 n
-0011699876 00000 n
-0011700002 00000 n
-0011700132 00000 n
-0011700181 00000 n
-0011700306 00000 n
-0011700430 00000 n
-0011700564 00000 n
-0011700698 00000 n
-0011700833 00000 n
-0011700956 00000 n
-0011701092 00000 n
-0011701222 00000 n
-0011706795 00000 n
-0011707225 00000 n
-0011707273 00000 n
-0011707396 00000 n
-0011707444 00000 n
-0011707570 00000 n
-0011707690 00000 n
-0011707738 00000 n
-0011707864 00000 n
-0011707986 00000 n
-0011708034 00000 n
-0011708155 00000 n
-0011708279 00000 n
-0011708327 00000 n
-0011708451 00000 n
-0011719613 00000 n
-0011719987 00000 n
-0011720035 00000 n
-0011720083 00000 n
-0011720131 00000 n
-0011733375 00000 n
-0011733749 00000 n
-0011733797 00000 n
-0011747097 00000 n
-0011747458 00000 n
-0011747506 00000 n
-0011758994 00000 n
-0011759368 00000 n
-0011759416 00000 n
-0011759464 00000 n
-0011759512 00000 n
-0011759560 00000 n
-0011767556 00000 n
-0011767917 00000 n
-0011767965 00000 n
-0011768014 00000 n
-0011768063 00000 n
-0011789225 00000 n
-0011789599 00000 n
-0011827001 00000 n
-0011827349 00000 n
-0011864871 00000 n
-0011865219 00000 n
-0011897786 00000 n
-0011898134 00000 n
-0011928760 00000 n
-0011929108 00000 n
-0011940314 00000 n
-0011940752 00000 n
-0011940800 00000 n
-0011940949 00000 n
-0011941146 00000 n
-0011941281 00000 n
-0011941418 00000 n
-0011941557 00000 n
-0011941699 00000 n
-0011947083 00000 n
-0011947485 00000 n
-0011988142 00000 n
-0012015905 00000 n
-0012023769 00000 n
<TRUNCATED>
[08/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslAdaptor.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslAdaptor.html b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslAdaptor.html
index 40ef9f4..36b4e7f 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslAdaptor.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslAdaptor.html
@@ -375,455 +375,464 @@
<span class="sourceLineNo">367</span><a name="line.367"></a>
<span class="sourceLineNo">368</span> private final Promise<Void> promise;<a name="line.368"></a>
<span class="sourceLineNo">369</span><a name="line.369"></a>
-<span class="sourceLineNo">370</span> private int step = 0;<a name="line.370"></a>
+<span class="sourceLineNo">370</span> private final DFSClient dfsClient;<a name="line.370"></a>
<span class="sourceLineNo">371</span><a name="line.371"></a>
-<span class="sourceLineNo">372</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.372"></a>
-<span class="sourceLineNo">373</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {<a name="line.373"></a>
-<span class="sourceLineNo">374</span> this.conf = conf;<a name="line.374"></a>
-<span class="sourceLineNo">375</span> this.saslProps = saslProps;<a name="line.375"></a>
-<span class="sourceLineNo">376</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.376"></a>
-<span class="sourceLineNo">377</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.377"></a>
-<span class="sourceLineNo">378</span> this.timeoutMs = timeoutMs;<a name="line.378"></a>
-<span class="sourceLineNo">379</span> this.promise = promise;<a name="line.379"></a>
-<span class="sourceLineNo">380</span> }<a name="line.380"></a>
-<span class="sourceLineNo">381</span><a name="line.381"></a>
-<span class="sourceLineNo">382</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.382"></a>
-<span class="sourceLineNo">383</span> sendSaslMessage(ctx, payload, null);<a name="line.383"></a>
+<span class="sourceLineNo">372</span> private int step = 0;<a name="line.372"></a>
+<span class="sourceLineNo">373</span><a name="line.373"></a>
+<span class="sourceLineNo">374</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.374"></a>
+<span class="sourceLineNo">375</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,<a name="line.375"></a>
+<span class="sourceLineNo">376</span> DFSClient dfsClient) throws SaslException {<a name="line.376"></a>
+<span class="sourceLineNo">377</span> this.conf = conf;<a name="line.377"></a>
+<span class="sourceLineNo">378</span> this.saslProps = saslProps;<a name="line.378"></a>
+<span class="sourceLineNo">379</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.379"></a>
+<span class="sourceLineNo">380</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.380"></a>
+<span class="sourceLineNo">381</span> this.timeoutMs = timeoutMs;<a name="line.381"></a>
+<span class="sourceLineNo">382</span> this.promise = promise;<a name="line.382"></a>
+<span class="sourceLineNo">383</span> this.dfsClient = dfsClient;<a name="line.383"></a>
<span class="sourceLineNo">384</span> }<a name="line.384"></a>
<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.387"></a>
-<span class="sourceLineNo">388</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.388"></a>
-<span class="sourceLineNo">389</span> // values for future expansion.<a name="line.389"></a>
-<span class="sourceLineNo">390</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.390"></a>
-<span class="sourceLineNo">391</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.391"></a>
-<span class="sourceLineNo">392</span> return null;<a name="line.392"></a>
-<span class="sourceLineNo">393</span> }<a name="line.393"></a>
-<span class="sourceLineNo">394</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.394"></a>
-<span class="sourceLineNo">395</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.395"></a>
-<span class="sourceLineNo">396</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.396"></a>
+<span class="sourceLineNo">386</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.386"></a>
+<span class="sourceLineNo">387</span> sendSaslMessage(ctx, payload, null);<a name="line.387"></a>
+<span class="sourceLineNo">388</span> }<a name="line.388"></a>
+<span class="sourceLineNo">389</span><a name="line.389"></a>
+<span class="sourceLineNo">390</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.390"></a>
+<span class="sourceLineNo">391</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.391"></a>
+<span class="sourceLineNo">392</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.392"></a>
+<span class="sourceLineNo">393</span> // values for future expansion.<a name="line.393"></a>
+<span class="sourceLineNo">394</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.395"></a>
+<span class="sourceLineNo">396</span> return null;<a name="line.396"></a>
<span class="sourceLineNo">397</span> }<a name="line.397"></a>
-<span class="sourceLineNo">398</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.398"></a>
-<span class="sourceLineNo">399</span> }<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.401"></a>
-<span class="sourceLineNo">402</span> List<CipherOption> options) throws IOException {<a name="line.402"></a>
-<span class="sourceLineNo">403</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.403"></a>
-<span class="sourceLineNo">404</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.404"></a>
-<span class="sourceLineNo">405</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> if (payload != null) {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.407"></a>
-<span class="sourceLineNo">408</span> // and we want to keep that out of hbase-server.<a name="line.408"></a>
-<span class="sourceLineNo">409</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.409"></a>
-<span class="sourceLineNo">410</span> }<a name="line.410"></a>
-<span class="sourceLineNo">411</span> if (options != null) {<a name="line.411"></a>
-<span class="sourceLineNo">412</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.412"></a>
-<span class="sourceLineNo">413</span> }<a name="line.413"></a>
-<span class="sourceLineNo">414</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> int size = proto.getSerializedSize();<a name="line.415"></a>
-<span class="sourceLineNo">416</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.416"></a>
-<span class="sourceLineNo">417</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.417"></a>
-<span class="sourceLineNo">418</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.418"></a>
-<span class="sourceLineNo">419</span> ctx.write(buf);<a name="line.419"></a>
-<span class="sourceLineNo">420</span> }<a name="line.420"></a>
-<span class="sourceLineNo">421</span><a name="line.421"></a>
-<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
-<span class="sourceLineNo">423</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.423"></a>
-<span class="sourceLineNo">424</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.424"></a>
-<span class="sourceLineNo">425</span> sendSaslMessage(ctx, new byte[0]);<a name="line.425"></a>
-<span class="sourceLineNo">426</span> ctx.flush();<a name="line.426"></a>
-<span class="sourceLineNo">427</span> step++;<a name="line.427"></a>
-<span class="sourceLineNo">428</span> }<a name="line.428"></a>
-<span class="sourceLineNo">429</span><a name="line.429"></a>
-<span class="sourceLineNo">430</span> @Override<a name="line.430"></a>
-<span class="sourceLineNo">431</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.431"></a>
-<span class="sourceLineNo">432</span> saslClient.dispose();<a name="line.432"></a>
-<span class="sourceLineNo">433</span> }<a name="line.433"></a>
-<span class="sourceLineNo">434</span><a name="line.434"></a>
-<span class="sourceLineNo">435</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.435"></a>
-<span class="sourceLineNo">436</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.436"></a>
-<span class="sourceLineNo">437</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.437"></a>
-<span class="sourceLineNo">438</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.438"></a>
-<span class="sourceLineNo">439</span> throw new IOException(proto.getMessage());<a name="line.439"></a>
-<span class="sourceLineNo">440</span> }<a name="line.440"></a>
-<span class="sourceLineNo">441</span> }<a name="line.441"></a>
-<span class="sourceLineNo">442</span><a name="line.442"></a>
-<span class="sourceLineNo">443</span> private String getNegotiatedQop() {<a name="line.443"></a>
-<span class="sourceLineNo">444</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> }<a name="line.445"></a>
-<span class="sourceLineNo">446</span><a name="line.446"></a>
-<span class="sourceLineNo">447</span> private boolean isNegotiatedQopPrivacy() {<a name="line.447"></a>
-<span class="sourceLineNo">448</span> String qop = getNegotiatedQop();<a name="line.448"></a>
-<span class="sourceLineNo">449</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.449"></a>
+<span class="sourceLineNo">398</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.398"></a>
+<span class="sourceLineNo">399</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.399"></a>
+<span class="sourceLineNo">400</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.400"></a>
+<span class="sourceLineNo">401</span> }<a name="line.401"></a>
+<span class="sourceLineNo">402</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.402"></a>
+<span class="sourceLineNo">403</span> }<a name="line.403"></a>
+<span class="sourceLineNo">404</span><a name="line.404"></a>
+<span class="sourceLineNo">405</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.405"></a>
+<span class="sourceLineNo">406</span> List<CipherOption> options) throws IOException {<a name="line.406"></a>
+<span class="sourceLineNo">407</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.407"></a>
+<span class="sourceLineNo">408</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.408"></a>
+<span class="sourceLineNo">409</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> if (payload != null) {<a name="line.410"></a>
+<span class="sourceLineNo">411</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.411"></a>
+<span class="sourceLineNo">412</span> // and we want to keep that out of hbase-server.<a name="line.412"></a>
+<span class="sourceLineNo">413</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.413"></a>
+<span class="sourceLineNo">414</span> }<a name="line.414"></a>
+<span class="sourceLineNo">415</span> if (options != null) {<a name="line.415"></a>
+<span class="sourceLineNo">416</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.416"></a>
+<span class="sourceLineNo">417</span> }<a name="line.417"></a>
+<span class="sourceLineNo">418</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.418"></a>
+<span class="sourceLineNo">419</span> int size = proto.getSerializedSize();<a name="line.419"></a>
+<span class="sourceLineNo">420</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.420"></a>
+<span class="sourceLineNo">421</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.421"></a>
+<span class="sourceLineNo">422</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.422"></a>
+<span class="sourceLineNo">423</span> ctx.write(buf);<a name="line.423"></a>
+<span class="sourceLineNo">424</span> }<a name="line.424"></a>
+<span class="sourceLineNo">425</span><a name="line.425"></a>
+<span class="sourceLineNo">426</span> @Override<a name="line.426"></a>
+<span class="sourceLineNo">427</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.427"></a>
+<span class="sourceLineNo">428</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.428"></a>
+<span class="sourceLineNo">429</span> sendSaslMessage(ctx, new byte[0]);<a name="line.429"></a>
+<span class="sourceLineNo">430</span> ctx.flush();<a name="line.430"></a>
+<span class="sourceLineNo">431</span> step++;<a name="line.431"></a>
+<span class="sourceLineNo">432</span> }<a name="line.432"></a>
+<span class="sourceLineNo">433</span><a name="line.433"></a>
+<span class="sourceLineNo">434</span> @Override<a name="line.434"></a>
+<span class="sourceLineNo">435</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.435"></a>
+<span class="sourceLineNo">436</span> saslClient.dispose();<a name="line.436"></a>
+<span class="sourceLineNo">437</span> }<a name="line.437"></a>
+<span class="sourceLineNo">438</span><a name="line.438"></a>
+<span class="sourceLineNo">439</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.439"></a>
+<span class="sourceLineNo">440</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.440"></a>
+<span class="sourceLineNo">441</span> dfsClient.clearDataEncryptionKey();<a name="line.441"></a>
+<span class="sourceLineNo">442</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.442"></a>
+<span class="sourceLineNo">443</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> throw new IOException(proto.getMessage());<a name="line.444"></a>
+<span class="sourceLineNo">445</span> }<a name="line.445"></a>
+<span class="sourceLineNo">446</span> }<a name="line.446"></a>
+<span class="sourceLineNo">447</span><a name="line.447"></a>
+<span class="sourceLineNo">448</span> private String getNegotiatedQop() {<a name="line.448"></a>
+<span class="sourceLineNo">449</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.449"></a>
<span class="sourceLineNo">450</span> }<a name="line.450"></a>
<span class="sourceLineNo">451</span><a name="line.451"></a>
-<span class="sourceLineNo">452</span> private boolean requestedQopContainsPrivacy() {<a name="line.452"></a>
-<span class="sourceLineNo">453</span> Set<String> requestedQop =<a name="line.453"></a>
-<span class="sourceLineNo">454</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.454"></a>
-<span class="sourceLineNo">455</span> return requestedQop.contains("auth-conf");<a name="line.455"></a>
-<span class="sourceLineNo">456</span> }<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> private void checkSaslComplete() throws IOException {<a name="line.458"></a>
-<span class="sourceLineNo">459</span> if (!saslClient.isComplete()) {<a name="line.459"></a>
-<span class="sourceLineNo">460</span> throw new IOException("Failed to complete SASL handshake");<a name="line.460"></a>
-<span class="sourceLineNo">461</span> }<a name="line.461"></a>
-<span class="sourceLineNo">462</span> Set<String> requestedQop =<a name="line.462"></a>
-<span class="sourceLineNo">463</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.463"></a>
-<span class="sourceLineNo">464</span> String negotiatedQop = getNegotiatedQop();<a name="line.464"></a>
-<span class="sourceLineNo">465</span> LOG.debug(<a name="line.465"></a>
-<span class="sourceLineNo">466</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.466"></a>
-<span class="sourceLineNo">467</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.467"></a>
-<span class="sourceLineNo">468</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.468"></a>
-<span class="sourceLineNo">469</span> + "channel does not have acceptable quality of protection, "<a name="line.469"></a>
-<span class="sourceLineNo">470</span> + "requested = %s, negotiated = %s",<a name="line.470"></a>
-<span class="sourceLineNo">471</span> requestedQop, negotiatedQop));<a name="line.471"></a>
-<span class="sourceLineNo">472</span> }<a name="line.472"></a>
-<span class="sourceLineNo">473</span> }<a name="line.473"></a>
-<span class="sourceLineNo">474</span><a name="line.474"></a>
-<span class="sourceLineNo">475</span> private boolean useWrap() {<a name="line.475"></a>
-<span class="sourceLineNo">476</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.476"></a>
-<span class="sourceLineNo">477</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.477"></a>
+<span class="sourceLineNo">452</span> private boolean isNegotiatedQopPrivacy() {<a name="line.452"></a>
+<span class="sourceLineNo">453</span> String qop = getNegotiatedQop();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.454"></a>
+<span class="sourceLineNo">455</span> }<a name="line.455"></a>
+<span class="sourceLineNo">456</span><a name="line.456"></a>
+<span class="sourceLineNo">457</span> private boolean requestedQopContainsPrivacy() {<a name="line.457"></a>
+<span class="sourceLineNo">458</span> Set<String> requestedQop =<a name="line.458"></a>
+<span class="sourceLineNo">459</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.459"></a>
+<span class="sourceLineNo">460</span> return requestedQop.contains("auth-conf");<a name="line.460"></a>
+<span class="sourceLineNo">461</span> }<a name="line.461"></a>
+<span class="sourceLineNo">462</span><a name="line.462"></a>
+<span class="sourceLineNo">463</span> private void checkSaslComplete() throws IOException {<a name="line.463"></a>
+<span class="sourceLineNo">464</span> if (!saslClient.isComplete()) {<a name="line.464"></a>
+<span class="sourceLineNo">465</span> throw new IOException("Failed to complete SASL handshake");<a name="line.465"></a>
+<span class="sourceLineNo">466</span> }<a name="line.466"></a>
+<span class="sourceLineNo">467</span> Set<String> requestedQop =<a name="line.467"></a>
+<span class="sourceLineNo">468</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.468"></a>
+<span class="sourceLineNo">469</span> String negotiatedQop = getNegotiatedQop();<a name="line.469"></a>
+<span class="sourceLineNo">470</span> LOG.debug(<a name="line.470"></a>
+<span class="sourceLineNo">471</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.471"></a>
+<span class="sourceLineNo">472</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.472"></a>
+<span class="sourceLineNo">473</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.473"></a>
+<span class="sourceLineNo">474</span> + "channel does not have acceptable quality of protection, "<a name="line.474"></a>
+<span class="sourceLineNo">475</span> + "requested = %s, negotiated = %s",<a name="line.475"></a>
+<span class="sourceLineNo">476</span> requestedQop, negotiatedQop));<a name="line.476"></a>
+<span class="sourceLineNo">477</span> }<a name="line.477"></a>
<span class="sourceLineNo">478</span> }<a name="line.478"></a>
<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.480"></a>
-<span class="sourceLineNo">481</span> byte[] inKey = option.getInKey();<a name="line.481"></a>
-<span class="sourceLineNo">482</span> if (inKey != null) {<a name="line.482"></a>
-<span class="sourceLineNo">483</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.483"></a>
-<span class="sourceLineNo">484</span> }<a name="line.484"></a>
-<span class="sourceLineNo">485</span> byte[] outKey = option.getOutKey();<a name="line.485"></a>
-<span class="sourceLineNo">486</span> if (outKey != null) {<a name="line.486"></a>
-<span class="sourceLineNo">487</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.487"></a>
-<span class="sourceLineNo">488</span> }<a name="line.488"></a>
-<span class="sourceLineNo">489</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.489"></a>
-<span class="sourceLineNo">490</span> option.getOutIv());<a name="line.490"></a>
-<span class="sourceLineNo">491</span> }<a name="line.491"></a>
-<span class="sourceLineNo">492</span><a name="line.492"></a>
-<span class="sourceLineNo">493</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.493"></a>
-<span class="sourceLineNo">494</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.494"></a>
-<span class="sourceLineNo">495</span> List<CipherOption> cipherOptions =<a name="line.495"></a>
-<span class="sourceLineNo">496</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.496"></a>
-<span class="sourceLineNo">497</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.497"></a>
-<span class="sourceLineNo">498</span> return null;<a name="line.498"></a>
-<span class="sourceLineNo">499</span> }<a name="line.499"></a>
-<span class="sourceLineNo">500</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.501"></a>
-<span class="sourceLineNo">502</span> }<a name="line.502"></a>
-<span class="sourceLineNo">503</span><a name="line.503"></a>
-<span class="sourceLineNo">504</span> @Override<a name="line.504"></a>
-<span class="sourceLineNo">505</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.505"></a>
-<span class="sourceLineNo">506</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.506"></a>
-<span class="sourceLineNo">507</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.507"></a>
-<span class="sourceLineNo">508</span> check(proto);<a name="line.508"></a>
-<span class="sourceLineNo">509</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.509"></a>
-<span class="sourceLineNo">510</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.510"></a>
-<span class="sourceLineNo">511</span> switch (step) {<a name="line.511"></a>
-<span class="sourceLineNo">512</span> case 1: {<a name="line.512"></a>
-<span class="sourceLineNo">513</span> List<CipherOption> cipherOptions = null;<a name="line.513"></a>
-<span class="sourceLineNo">514</span> if (requestedQopContainsPrivacy()) {<a name="line.514"></a>
-<span class="sourceLineNo">515</span> cipherOptions = getCipherOptions();<a name="line.515"></a>
-<span class="sourceLineNo">516</span> }<a name="line.516"></a>
-<span class="sourceLineNo">517</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.517"></a>
-<span class="sourceLineNo">518</span> ctx.flush();<a name="line.518"></a>
-<span class="sourceLineNo">519</span> step++;<a name="line.519"></a>
-<span class="sourceLineNo">520</span> break;<a name="line.520"></a>
-<span class="sourceLineNo">521</span> }<a name="line.521"></a>
-<span class="sourceLineNo">522</span> case 2: {<a name="line.522"></a>
-<span class="sourceLineNo">523</span> assert response == null;<a name="line.523"></a>
-<span class="sourceLineNo">524</span> checkSaslComplete();<a name="line.524"></a>
-<span class="sourceLineNo">525</span> CipherOption cipherOption =<a name="line.525"></a>
-<span class="sourceLineNo">526</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.526"></a>
-<span class="sourceLineNo">527</span> ChannelPipeline p = ctx.pipeline();<a name="line.527"></a>
-<span class="sourceLineNo">528</span> while (p.first() != null) {<a name="line.528"></a>
-<span class="sourceLineNo">529</span> p.removeFirst();<a name="line.529"></a>
-<span class="sourceLineNo">530</span> }<a name="line.530"></a>
-<span class="sourceLineNo">531</span> if (cipherOption != null) {<a name="line.531"></a>
-<span class="sourceLineNo">532</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.532"></a>
-<span class="sourceLineNo">533</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.533"></a>
-<span class="sourceLineNo">534</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.534"></a>
-<span class="sourceLineNo">535</span> } else {<a name="line.535"></a>
-<span class="sourceLineNo">536</span> if (useWrap()) {<a name="line.536"></a>
-<span class="sourceLineNo">537</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.537"></a>
-<span class="sourceLineNo">538</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.538"></a>
-<span class="sourceLineNo">539</span> new SaslUnwrapHandler(saslClient));<a name="line.539"></a>
-<span class="sourceLineNo">540</span> }<a name="line.540"></a>
-<span class="sourceLineNo">541</span> }<a name="line.541"></a>
-<span class="sourceLineNo">542</span> promise.trySuccess(null);<a name="line.542"></a>
-<span class="sourceLineNo">543</span> break;<a name="line.543"></a>
-<span class="sourceLineNo">544</span> }<a name="line.544"></a>
-<span class="sourceLineNo">545</span> default:<a name="line.545"></a>
-<span class="sourceLineNo">546</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.546"></a>
-<span class="sourceLineNo">547</span> }<a name="line.547"></a>
-<span class="sourceLineNo">548</span> } else {<a name="line.548"></a>
-<span class="sourceLineNo">549</span> ctx.fireChannelRead(msg);<a name="line.549"></a>
-<span class="sourceLineNo">550</span> }<a name="line.550"></a>
-<span class="sourceLineNo">551</span> }<a name="line.551"></a>
-<span class="sourceLineNo">552</span><a name="line.552"></a>
-<span class="sourceLineNo">553</span> @Override<a name="line.553"></a>
-<span class="sourceLineNo">554</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.554"></a>
-<span class="sourceLineNo">555</span> promise.tryFailure(cause);<a name="line.555"></a>
+<span class="sourceLineNo">480</span> private boolean useWrap() {<a name="line.480"></a>
+<span class="sourceLineNo">481</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.481"></a>
+<span class="sourceLineNo">482</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> }<a name="line.483"></a>
+<span class="sourceLineNo">484</span><a name="line.484"></a>
+<span class="sourceLineNo">485</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.485"></a>
+<span class="sourceLineNo">486</span> byte[] inKey = option.getInKey();<a name="line.486"></a>
+<span class="sourceLineNo">487</span> if (inKey != null) {<a name="line.487"></a>
+<span class="sourceLineNo">488</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.488"></a>
+<span class="sourceLineNo">489</span> }<a name="line.489"></a>
+<span class="sourceLineNo">490</span> byte[] outKey = option.getOutKey();<a name="line.490"></a>
+<span class="sourceLineNo">491</span> if (outKey != null) {<a name="line.491"></a>
+<span class="sourceLineNo">492</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.492"></a>
+<span class="sourceLineNo">493</span> }<a name="line.493"></a>
+<span class="sourceLineNo">494</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.494"></a>
+<span class="sourceLineNo">495</span> option.getOutIv());<a name="line.495"></a>
+<span class="sourceLineNo">496</span> }<a name="line.496"></a>
+<span class="sourceLineNo">497</span><a name="line.497"></a>
+<span class="sourceLineNo">498</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.498"></a>
+<span class="sourceLineNo">499</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.499"></a>
+<span class="sourceLineNo">500</span> List<CipherOption> cipherOptions =<a name="line.500"></a>
+<span class="sourceLineNo">501</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.501"></a>
+<span class="sourceLineNo">502</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.502"></a>
+<span class="sourceLineNo">503</span> return null;<a name="line.503"></a>
+<span class="sourceLineNo">504</span> }<a name="line.504"></a>
+<span class="sourceLineNo">505</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.505"></a>
+<span class="sourceLineNo">506</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.506"></a>
+<span class="sourceLineNo">507</span> }<a name="line.507"></a>
+<span class="sourceLineNo">508</span><a name="line.508"></a>
+<span class="sourceLineNo">509</span> @Override<a name="line.509"></a>
+<span class="sourceLineNo">510</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.510"></a>
+<span class="sourceLineNo">511</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.511"></a>
+<span class="sourceLineNo">512</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.512"></a>
+<span class="sourceLineNo">513</span> check(proto);<a name="line.513"></a>
+<span class="sourceLineNo">514</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.514"></a>
+<span class="sourceLineNo">515</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.515"></a>
+<span class="sourceLineNo">516</span> switch (step) {<a name="line.516"></a>
+<span class="sourceLineNo">517</span> case 1: {<a name="line.517"></a>
+<span class="sourceLineNo">518</span> List<CipherOption> cipherOptions = null;<a name="line.518"></a>
+<span class="sourceLineNo">519</span> if (requestedQopContainsPrivacy()) {<a name="line.519"></a>
+<span class="sourceLineNo">520</span> cipherOptions = getCipherOptions();<a name="line.520"></a>
+<span class="sourceLineNo">521</span> }<a name="line.521"></a>
+<span class="sourceLineNo">522</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.522"></a>
+<span class="sourceLineNo">523</span> ctx.flush();<a name="line.523"></a>
+<span class="sourceLineNo">524</span> step++;<a name="line.524"></a>
+<span class="sourceLineNo">525</span> break;<a name="line.525"></a>
+<span class="sourceLineNo">526</span> }<a name="line.526"></a>
+<span class="sourceLineNo">527</span> case 2: {<a name="line.527"></a>
+<span class="sourceLineNo">528</span> assert response == null;<a name="line.528"></a>
+<span class="sourceLineNo">529</span> checkSaslComplete();<a name="line.529"></a>
+<span class="sourceLineNo">530</span> CipherOption cipherOption =<a name="line.530"></a>
+<span class="sourceLineNo">531</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.531"></a>
+<span class="sourceLineNo">532</span> ChannelPipeline p = ctx.pipeline();<a name="line.532"></a>
+<span class="sourceLineNo">533</span> while (p.first() != null) {<a name="line.533"></a>
+<span class="sourceLineNo">534</span> p.removeFirst();<a name="line.534"></a>
+<span class="sourceLineNo">535</span> }<a name="line.535"></a>
+<span class="sourceLineNo">536</span> if (cipherOption != null) {<a name="line.536"></a>
+<span class="sourceLineNo">537</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.537"></a>
+<span class="sourceLineNo">538</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.538"></a>
+<span class="sourceLineNo">539</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.539"></a>
+<span class="sourceLineNo">540</span> } else {<a name="line.540"></a>
+<span class="sourceLineNo">541</span> if (useWrap()) {<a name="line.541"></a>
+<span class="sourceLineNo">542</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.542"></a>
+<span class="sourceLineNo">543</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.543"></a>
+<span class="sourceLineNo">544</span> new SaslUnwrapHandler(saslClient));<a name="line.544"></a>
+<span class="sourceLineNo">545</span> }<a name="line.545"></a>
+<span class="sourceLineNo">546</span> }<a name="line.546"></a>
+<span class="sourceLineNo">547</span> promise.trySuccess(null);<a name="line.547"></a>
+<span class="sourceLineNo">548</span> break;<a name="line.548"></a>
+<span class="sourceLineNo">549</span> }<a name="line.549"></a>
+<span class="sourceLineNo">550</span> default:<a name="line.550"></a>
+<span class="sourceLineNo">551</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.551"></a>
+<span class="sourceLineNo">552</span> }<a name="line.552"></a>
+<span class="sourceLineNo">553</span> } else {<a name="line.553"></a>
+<span class="sourceLineNo">554</span> ctx.fireChannelRead(msg);<a name="line.554"></a>
+<span class="sourceLineNo">555</span> }<a name="line.555"></a>
<span class="sourceLineNo">556</span> }<a name="line.556"></a>
<span class="sourceLineNo">557</span><a name="line.557"></a>
<span class="sourceLineNo">558</span> @Override<a name="line.558"></a>
-<span class="sourceLineNo">559</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.559"></a>
-<span class="sourceLineNo">560</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.560"></a>
-<span class="sourceLineNo">561</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.561"></a>
-<span class="sourceLineNo">562</span> } else {<a name="line.562"></a>
-<span class="sourceLineNo">563</span> super.userEventTriggered(ctx, evt);<a name="line.563"></a>
-<span class="sourceLineNo">564</span> }<a name="line.564"></a>
-<span class="sourceLineNo">565</span> }<a name="line.565"></a>
-<span class="sourceLineNo">566</span> }<a name="line.566"></a>
-<span class="sourceLineNo">567</span><a name="line.567"></a>
-<span class="sourceLineNo">568</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.568"></a>
-<span class="sourceLineNo">569</span><a name="line.569"></a>
-<span class="sourceLineNo">570</span> private final SaslClient saslClient;<a name="line.570"></a>
-<span class="sourceLineNo">571</span><a name="line.571"></a>
-<span class="sourceLineNo">572</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.572"></a>
-<span class="sourceLineNo">573</span> this.saslClient = saslClient;<a name="line.573"></a>
-<span class="sourceLineNo">574</span> }<a name="line.574"></a>
-<span class="sourceLineNo">575</span><a name="line.575"></a>
-<span class="sourceLineNo">576</span> @Override<a name="line.576"></a>
-<span class="sourceLineNo">577</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.577"></a>
-<span class="sourceLineNo">578</span> saslClient.dispose();<a name="line.578"></a>
+<span class="sourceLineNo">559</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.559"></a>
+<span class="sourceLineNo">560</span> promise.tryFailure(cause);<a name="line.560"></a>
+<span class="sourceLineNo">561</span> }<a name="line.561"></a>
+<span class="sourceLineNo">562</span><a name="line.562"></a>
+<span class="sourceLineNo">563</span> @Override<a name="line.563"></a>
+<span class="sourceLineNo">564</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.564"></a>
+<span class="sourceLineNo">565</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.565"></a>
+<span class="sourceLineNo">566</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.566"></a>
+<span class="sourceLineNo">567</span> } else {<a name="line.567"></a>
+<span class="sourceLineNo">568</span> super.userEventTriggered(ctx, evt);<a name="line.568"></a>
+<span class="sourceLineNo">569</span> }<a name="line.569"></a>
+<span class="sourceLineNo">570</span> }<a name="line.570"></a>
+<span class="sourceLineNo">571</span> }<a name="line.571"></a>
+<span class="sourceLineNo">572</span><a name="line.572"></a>
+<span class="sourceLineNo">573</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.573"></a>
+<span class="sourceLineNo">574</span><a name="line.574"></a>
+<span class="sourceLineNo">575</span> private final SaslClient saslClient;<a name="line.575"></a>
+<span class="sourceLineNo">576</span><a name="line.576"></a>
+<span class="sourceLineNo">577</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.577"></a>
+<span class="sourceLineNo">578</span> this.saslClient = saslClient;<a name="line.578"></a>
<span class="sourceLineNo">579</span> }<a name="line.579"></a>
<span class="sourceLineNo">580</span><a name="line.580"></a>
<span class="sourceLineNo">581</span> @Override<a name="line.581"></a>
-<span class="sourceLineNo">582</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.582"></a>
-<span class="sourceLineNo">583</span> msg.skipBytes(4);<a name="line.583"></a>
-<span class="sourceLineNo">584</span> byte[] b = new byte[msg.readableBytes()];<a name="line.584"></a>
-<span class="sourceLineNo">585</span> msg.readBytes(b);<a name="line.585"></a>
-<span class="sourceLineNo">586</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.586"></a>
-<span class="sourceLineNo">587</span> }<a name="line.587"></a>
-<span class="sourceLineNo">588</span> }<a name="line.588"></a>
-<span class="sourceLineNo">589</span><a name="line.589"></a>
-<span class="sourceLineNo">590</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.590"></a>
-<span class="sourceLineNo">591</span><a name="line.591"></a>
-<span class="sourceLineNo">592</span> private final SaslClient saslClient;<a name="line.592"></a>
-<span class="sourceLineNo">593</span><a name="line.593"></a>
-<span class="sourceLineNo">594</span> private CompositeByteBuf cBuf;<a name="line.594"></a>
-<span class="sourceLineNo">595</span><a name="line.595"></a>
-<span class="sourceLineNo">596</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.596"></a>
-<span class="sourceLineNo">597</span> this.saslClient = saslClient;<a name="line.597"></a>
-<span class="sourceLineNo">598</span> }<a name="line.598"></a>
-<span class="sourceLineNo">599</span><a name="line.599"></a>
-<span class="sourceLineNo">600</span> @Override<a name="line.600"></a>
-<span class="sourceLineNo">601</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.601"></a>
-<span class="sourceLineNo">602</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.602"></a>
+<span class="sourceLineNo">582</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.582"></a>
+<span class="sourceLineNo">583</span> saslClient.dispose();<a name="line.583"></a>
+<span class="sourceLineNo">584</span> }<a name="line.584"></a>
+<span class="sourceLineNo">585</span><a name="line.585"></a>
+<span class="sourceLineNo">586</span> @Override<a name="line.586"></a>
+<span class="sourceLineNo">587</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.587"></a>
+<span class="sourceLineNo">588</span> msg.skipBytes(4);<a name="line.588"></a>
+<span class="sourceLineNo">589</span> byte[] b = new byte[msg.readableBytes()];<a name="line.589"></a>
+<span class="sourceLineNo">590</span> msg.readBytes(b);<a name="line.590"></a>
+<span class="sourceLineNo">591</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.591"></a>
+<span class="sourceLineNo">592</span> }<a name="line.592"></a>
+<span class="sourceLineNo">593</span> }<a name="line.593"></a>
+<span class="sourceLineNo">594</span><a name="line.594"></a>
+<span class="sourceLineNo">595</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.595"></a>
+<span class="sourceLineNo">596</span><a name="line.596"></a>
+<span class="sourceLineNo">597</span> private final SaslClient saslClient;<a name="line.597"></a>
+<span class="sourceLineNo">598</span><a name="line.598"></a>
+<span class="sourceLineNo">599</span> private CompositeByteBuf cBuf;<a name="line.599"></a>
+<span class="sourceLineNo">600</span><a name="line.600"></a>
+<span class="sourceLineNo">601</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.601"></a>
+<span class="sourceLineNo">602</span> this.saslClient = saslClient;<a name="line.602"></a>
<span class="sourceLineNo">603</span> }<a name="line.603"></a>
<span class="sourceLineNo">604</span><a name="line.604"></a>
<span class="sourceLineNo">605</span> @Override<a name="line.605"></a>
-<span class="sourceLineNo">606</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.606"></a>
-<span class="sourceLineNo">607</span> throws Exception {<a name="line.607"></a>
-<span class="sourceLineNo">608</span> if (msg instanceof ByteBuf) {<a name="line.608"></a>
-<span class="sourceLineNo">609</span> ByteBuf buf = (ByteBuf) msg;<a name="line.609"></a>
-<span class="sourceLineNo">610</span> cBuf.addComponent(buf);<a name="line.610"></a>
-<span class="sourceLineNo">611</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.611"></a>
-<span class="sourceLineNo">612</span> } else {<a name="line.612"></a>
-<span class="sourceLineNo">613</span> ctx.write(msg);<a name="line.613"></a>
-<span class="sourceLineNo">614</span> }<a name="line.614"></a>
-<span class="sourceLineNo">615</span> }<a name="line.615"></a>
-<span class="sourceLineNo">616</span><a name="line.616"></a>
-<span class="sourceLineNo">617</span> @Override<a name="line.617"></a>
-<span class="sourceLineNo">618</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.618"></a>
-<span class="sourceLineNo">619</span> if (cBuf.isReadable()) {<a name="line.619"></a>
-<span class="sourceLineNo">620</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.620"></a>
-<span class="sourceLineNo">621</span> cBuf.readBytes(b);<a name="line.621"></a>
-<span class="sourceLineNo">622</span> cBuf.discardReadComponents();<a name="line.622"></a>
-<span class="sourceLineNo">623</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.623"></a>
-<span class="sourceLineNo">624</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.624"></a>
-<span class="sourceLineNo">625</span> buf.writeInt(wrapped.length);<a name="line.625"></a>
-<span class="sourceLineNo">626</span> buf.writeBytes(wrapped);<a name="line.626"></a>
-<span class="sourceLineNo">627</span> ctx.write(buf);<a name="line.627"></a>
-<span class="sourceLineNo">628</span> }<a name="line.628"></a>
-<span class="sourceLineNo">629</span> ctx.flush();<a name="line.629"></a>
-<span class="sourceLineNo">630</span> }<a name="line.630"></a>
-<span class="sourceLineNo">631</span><a name="line.631"></a>
-<span class="sourceLineNo">632</span> @Override<a name="line.632"></a>
-<span class="sourceLineNo">633</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.633"></a>
-<span class="sourceLineNo">634</span> cBuf.release();<a name="line.634"></a>
-<span class="sourceLineNo">635</span> cBuf = null;<a name="line.635"></a>
-<span class="sourceLineNo">636</span> }<a name="line.636"></a>
-<span class="sourceLineNo">637</span> }<a name="line.637"></a>
-<span class="sourceLineNo">638</span><a name="line.638"></a>
-<span class="sourceLineNo">639</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.639"></a>
-<span class="sourceLineNo">640</span><a name="line.640"></a>
-<span class="sourceLineNo">641</span> private final Decryptor decryptor;<a name="line.641"></a>
-<span class="sourceLineNo">642</span><a name="line.642"></a>
-<span class="sourceLineNo">643</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.643"></a>
-<span class="sourceLineNo">644</span> throws GeneralSecurityException, IOException {<a name="line.644"></a>
-<span class="sourceLineNo">645</span> this.decryptor = codec.createDecryptor();<a name="line.645"></a>
-<span class="sourceLineNo">646</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.646"></a>
-<span class="sourceLineNo">647</span> }<a name="line.647"></a>
-<span class="sourceLineNo">648</span><a name="line.648"></a>
-<span class="sourceLineNo">649</span> @Override<a name="line.649"></a>
-<span class="sourceLineNo">650</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.650"></a>
-<span class="sourceLineNo">651</span> ByteBuf inBuf;<a name="line.651"></a>
-<span class="sourceLineNo">652</span> boolean release = false;<a name="line.652"></a>
-<span class="sourceLineNo">653</span> if (msg.nioBufferCount() == 1) {<a name="line.653"></a>
-<span class="sourceLineNo">654</span> inBuf = msg;<a name="line.654"></a>
-<span class="sourceLineNo">655</span> } else {<a name="line.655"></a>
-<span class="sourceLineNo">656</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.656"></a>
-<span class="sourceLineNo">657</span> msg.readBytes(inBuf);<a name="line.657"></a>
-<span class="sourceLineNo">658</span> release = true;<a name="line.658"></a>
-<span class="sourceLineNo">659</span> }<a name="line.659"></a>
-<span class="sourceLineNo">660</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.660"></a>
-<span class="sourceLineNo">661</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.661"></a>
-<span class="sourceLineNo">662</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.662"></a>
-<span class="sourceLineNo">663</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.663"></a>
-<span class="sourceLineNo">664</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.664"></a>
-<span class="sourceLineNo">665</span> if (release) {<a name="line.665"></a>
-<span class="sourceLineNo">666</span> inBuf.release();<a name="line.666"></a>
-<span class="sourceLineNo">667</span> }<a name="line.667"></a>
-<span class="sourceLineNo">668</span> ctx.fireChannelRead(outBuf);<a name="line.668"></a>
-<span class="sourceLineNo">669</span> }<a name="line.669"></a>
-<span class="sourceLineNo">670</span> }<a name="line.670"></a>
-<span class="sourceLineNo">671</span><a name="line.671"></a>
-<span class="sourceLineNo">672</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.672"></a>
-<span class="sourceLineNo">673</span><a name="line.673"></a>
-<span class="sourceLineNo">674</span> private final Encryptor encryptor;<a name="line.674"></a>
-<span class="sourceLineNo">675</span><a name="line.675"></a>
-<span class="sourceLineNo">676</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.676"></a>
-<span class="sourceLineNo">677</span> throws GeneralSecurityException, IOException {<a name="line.677"></a>
-<span class="sourceLineNo">678</span> this.encryptor = codec.createEncryptor();<a name="line.678"></a>
-<span class="sourceLineNo">679</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.679"></a>
-<span class="sourceLineNo">680</span> }<a name="line.680"></a>
-<span class="sourceLineNo">681</span><a name="line.681"></a>
-<span class="sourceLineNo">682</span> @Override<a name="line.682"></a>
-<span class="sourceLineNo">683</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.683"></a>
-<span class="sourceLineNo">684</span> throws Exception {<a name="line.684"></a>
-<span class="sourceLineNo">685</span> if (preferDirect) {<a name="line.685"></a>
-<span class="sourceLineNo">686</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.686"></a>
-<span class="sourceLineNo">687</span> } else {<a name="line.687"></a>
-<span class="sourceLineNo">688</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.688"></a>
-<span class="sourceLineNo">689</span> }<a name="line.689"></a>
-<span class="sourceLineNo">690</span> }<a name="line.690"></a>
-<span class="sourceLineNo">691</span><a name="line.691"></a>
-<span class="sourceLineNo">692</span> @Override<a name="line.692"></a>
-<span class="sourceLineNo">693</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.693"></a>
-<span class="sourceLineNo">694</span> ByteBuf inBuf;<a name="line.694"></a>
-<span class="sourceLineNo">695</span> boolean release = false;<a name="line.695"></a>
-<span class="sourceLineNo">696</span> if (msg.nioBufferCount() == 1) {<a name="line.696"></a>
-<span class="sourceLineNo">697</span> inBuf = msg;<a name="line.697"></a>
-<span class="sourceLineNo">698</span> } else {<a name="line.698"></a>
-<span class="sourceLineNo">699</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.699"></a>
-<span class="sourceLineNo">700</span> msg.readBytes(inBuf);<a name="line.700"></a>
-<span class="sourceLineNo">701</span> release = true;<a name="line.701"></a>
-<span class="sourceLineNo">702</span> }<a name="line.702"></a>
-<span class="sourceLineNo">703</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.703"></a>
-<span class="sourceLineNo">704</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.704"></a>
-<span class="sourceLineNo">705</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.705"></a>
-<span class="sourceLineNo">706</span> out.writerIndex(inBuf.readableBytes());<a name="line.706"></a>
-<span class="sourceLineNo">707</span> if (release) {<a name="line.707"></a>
-<span class="sourceLineNo">708</span> inBuf.release();<a name="line.708"></a>
-<span class="sourceLineNo">709</span> }<a name="line.709"></a>
-<span class="sourceLineNo">710</span> }<a name="line.710"></a>
-<span class="sourceLineNo">711</span> }<a name="line.711"></a>
-<span class="sourceLineNo">712</span><a name="line.712"></a>
-<span class="sourceLineNo">713</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.713"></a>
-<span class="sourceLineNo">714</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.714"></a>
-<span class="sourceLineNo">715</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.715"></a>
+<span class="sourceLineNo">606</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.606"></a>
+<span class="sourceLineNo">607</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.607"></a>
+<span class="sourceLineNo">608</span> }<a name="line.608"></a>
+<span class="sourceLineNo">609</span><a name="line.609"></a>
+<span class="sourceLineNo">610</span> @Override<a name="line.610"></a>
+<span class="sourceLineNo">611</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.611"></a>
+<span class="sourceLineNo">612</span> throws Exception {<a name="line.612"></a>
+<span class="sourceLineNo">613</span> if (msg instanceof ByteBuf) {<a name="line.613"></a>
+<span class="sourceLineNo">614</span> ByteBuf buf = (ByteBuf) msg;<a name="line.614"></a>
+<span class="sourceLineNo">615</span> cBuf.addComponent(buf);<a name="line.615"></a>
+<span class="sourceLineNo">616</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.616"></a>
+<span class="sourceLineNo">617</span> } else {<a name="line.617"></a>
+<span class="sourceLineNo">618</span> ctx.write(msg);<a name="line.618"></a>
+<span class="sourceLineNo">619</span> }<a name="line.619"></a>
+<span class="sourceLineNo">620</span> }<a name="line.620"></a>
+<span class="sourceLineNo">621</span><a name="line.621"></a>
+<span class="sourceLineNo">622</span> @Override<a name="line.622"></a>
+<span class="sourceLineNo">623</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.623"></a>
+<span class="sourceLineNo">624</span> if (cBuf.isReadable()) {<a name="line.624"></a>
+<span class="sourceLineNo">625</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.625"></a>
+<span class="sourceLineNo">626</span> cBuf.readBytes(b);<a name="line.626"></a>
+<span class="sourceLineNo">627</span> cBuf.discardReadComponents();<a name="line.627"></a>
+<span class="sourceLineNo">628</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.628"></a>
+<span class="sourceLineNo">629</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.629"></a>
+<span class="sourceLineNo">630</span> buf.writeInt(wrapped.length);<a name="line.630"></a>
+<span class="sourceLineNo">631</span> buf.writeBytes(wrapped);<a name="line.631"></a>
+<span class="sourceLineNo">632</span> ctx.write(buf);<a name="line.632"></a>
+<span class="sourceLineNo">633</span> }<a name="line.633"></a>
+<span class="sourceLineNo">634</span> ctx.flush();<a name="line.634"></a>
+<span class="sourceLineNo">635</span> }<a name="line.635"></a>
+<span class="sourceLineNo">636</span><a name="line.636"></a>
+<span class="sourceLineNo">637</span> @Override<a name="line.637"></a>
+<span class="sourceLineNo">638</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.638"></a>
+<span class="sourceLineNo">639</span> cBuf.release();<a name="line.639"></a>
+<span class="sourceLineNo">640</span> cBuf = null;<a name="line.640"></a>
+<span class="sourceLineNo">641</span> }<a name="line.641"></a>
+<span class="sourceLineNo">642</span> }<a name="line.642"></a>
+<span class="sourceLineNo">643</span><a name="line.643"></a>
+<span class="sourceLineNo">644</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.644"></a>
+<span class="sourceLineNo">645</span><a name="line.645"></a>
+<span class="sourceLineNo">646</span> private final Decryptor decryptor;<a name="line.646"></a>
+<span class="sourceLineNo">647</span><a name="line.647"></a>
+<span class="sourceLineNo">648</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.648"></a>
+<span class="sourceLineNo">649</span> throws GeneralSecurityException, IOException {<a name="line.649"></a>
+<span class="sourceLineNo">650</span> this.decryptor = codec.createDecryptor();<a name="line.650"></a>
+<span class="sourceLineNo">651</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.651"></a>
+<span class="sourceLineNo">652</span> }<a name="line.652"></a>
+<span class="sourceLineNo">653</span><a name="line.653"></a>
+<span class="sourceLineNo">654</span> @Override<a name="line.654"></a>
+<span class="sourceLineNo">655</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.655"></a>
+<span class="sourceLineNo">656</span> ByteBuf inBuf;<a name="line.656"></a>
+<span class="sourceLineNo">657</span> boolean release = false;<a name="line.657"></a>
+<span class="sourceLineNo">658</span> if (msg.nioBufferCount() == 1) {<a name="line.658"></a>
+<span class="sourceLineNo">659</span> inBuf = msg;<a name="line.659"></a>
+<span class="sourceLineNo">660</span> } else {<a name="line.660"></a>
+<span class="sourceLineNo">661</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.661"></a>
+<span class="sourceLineNo">662</span> msg.readBytes(inBuf);<a name="line.662"></a>
+<span class="sourceLineNo">663</span> release = true;<a name="line.663"></a>
+<span class="sourceLineNo">664</span> }<a name="line.664"></a>
+<span class="sourceLineNo">665</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.665"></a>
+<span class="sourceLineNo">666</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.666"></a>
+<span class="sourceLineNo">667</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.667"></a>
+<span class="sourceLineNo">668</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.668"></a>
+<span class="sourceLineNo">669</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.669"></a>
+<span class="sourceLineNo">670</span> if (release) {<a name="line.670"></a>
+<span class="sourceLineNo">671</span> inBuf.release();<a name="line.671"></a>
+<span class="sourceLineNo">672</span> }<a name="line.672"></a>
+<span class="sourceLineNo">673</span> ctx.fireChannelRead(outBuf);<a name="line.673"></a>
+<span class="sourceLineNo">674</span> }<a name="line.674"></a>
+<span class="sourceLineNo">675</span> }<a name="line.675"></a>
+<span class="sourceLineNo">676</span><a name="line.676"></a>
+<span class="sourceLineNo">677</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.677"></a>
+<span class="sourceLineNo">678</span><a name="line.678"></a>
+<span class="sourceLineNo">679</span> private final Encryptor encryptor;<a name="line.679"></a>
+<span class="sourceLineNo">680</span><a name="line.680"></a>
+<span class="sourceLineNo">681</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.681"></a>
+<span class="sourceLineNo">682</span> throws GeneralSecurityException, IOException {<a name="line.682"></a>
+<span class="sourceLineNo">683</span> this.encryptor = codec.createEncryptor();<a name="line.683"></a>
+<span class="sourceLineNo">684</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.684"></a>
+<span class="sourceLineNo">685</span> }<a name="line.685"></a>
+<span class="sourceLineNo">686</span><a name="line.686"></a>
+<span class="sourceLineNo">687</span> @Override<a name="line.687"></a>
+<span class="sourceLineNo">688</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.688"></a>
+<span class="sourceLineNo">689</span> throws Exception {<a name="line.689"></a>
+<span class="sourceLineNo">690</span> if (preferDirect) {<a name="line.690"></a>
+<span class="sourceLineNo">691</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.691"></a>
+<span class="sourceLineNo">692</span> } else {<a name="line.692"></a>
+<span class="sourceLineNo">693</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.693"></a>
+<span class="sourceLineNo">694</span> }<a name="line.694"></a>
+<span class="sourceLineNo">695</span> }<a name="line.695"></a>
+<span class="sourceLineNo">696</span><a name="line.696"></a>
+<span class="sourceLineNo">697</span> @Override<a name="line.697"></a>
+<span class="sourceLineNo">698</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.698"></a>
+<span class="sourceLineNo">699</span> ByteBuf inBuf;<a name="line.699"></a>
+<span class="sourceLineNo">700</span> boolean release = false;<a name="line.700"></a>
+<span class="sourceLineNo">701</span> if (msg.nioBufferCount() == 1) {<a name="line.701"></a>
+<span class="sourceLineNo">702</span> inBuf = msg;<a name="line.702"></a>
+<span class="sourceLineNo">703</span> } else {<a name="line.703"></a>
+<span class="sourceLineNo">704</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.704"></a>
+<span class="sourceLineNo">705</span> msg.readBytes(inBuf);<a name="line.705"></a>
+<span class="sourceLineNo">706</span> release = true;<a name="line.706"></a>
+<span class="sourceLineNo">707</span> }<a name="line.707"></a>
+<span class="sourceLineNo">708</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.708"></a>
+<span class="sourceLineNo">709</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.709"></a>
+<span class="sourceLineNo">710</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.710"></a>
+<span class="sourceLineNo">711</span> out.writerIndex(inBuf.readableBytes());<a name="line.711"></a>
+<span class="sourceLineNo">712</span> if (release) {<a name="line.712"></a>
+<span class="sourceLineNo">713</span> inBuf.release();<a name="line.713"></a>
+<span class="sourceLineNo">714</span> }<a name="line.714"></a>
+<span class="sourceLineNo">715</span> }<a name="line.715"></a>
<span class="sourceLineNo">716</span> }<a name="line.716"></a>
<span class="sourceLineNo">717</span><a name="line.717"></a>
-<span class="sourceLineNo">718</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.718"></a>
-<span class="sourceLineNo">719</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.719"></a>
-<span class="sourceLineNo">720</span> }<a name="line.720"></a>
-<span class="sourceLineNo">721</span><a name="line.721"></a>
-<span class="sourceLineNo">722</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.722"></a>
-<span class="sourceLineNo">723</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.723"></a>
-<span class="sourceLineNo">724</span> }<a name="line.724"></a>
-<span class="sourceLineNo">725</span><a name="line.725"></a>
-<span class="sourceLineNo">726</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.726"></a>
-<span class="sourceLineNo">727</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.727"></a>
-<span class="sourceLineNo">728</span> .toCharArray();<a name="line.728"></a>
+<span class="sourceLineNo">718</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.718"></a>
+<span class="sourceLineNo">719</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.719"></a>
+<span class="sourceLineNo">720</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.720"></a>
+<span class="sourceLineNo">721</span> }<a name="line.721"></a>
+<span class="sourceLineNo">722</span><a name="line.722"></a>
+<span class="sourceLineNo">723</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.723"></a>
+<span class="sourceLineNo">724</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.724"></a>
+<span class="sourceLineNo">725</span> }<a name="line.725"></a>
+<span class="sourceLineNo">726</span><a name="line.726"></a>
+<span class="sourceLineNo">727</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.727"></a>
+<span class="sourceLineNo">728</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.728"></a>
<span class="sourceLineNo">729</span> }<a name="line.729"></a>
<span class="sourceLineNo">730</span><a name="line.730"></a>
-<span class="sourceLineNo">731</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.731"></a>
-<span class="sourceLineNo">732</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.732"></a>
-<span class="sourceLineNo">733</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.733"></a>
-<span class="sourceLineNo">734</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.734"></a>
-<span class="sourceLineNo">735</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.735"></a>
-<span class="sourceLineNo">736</span> return saslProps;<a name="line.736"></a>
-<span class="sourceLineNo">737</span> }<a name="line.737"></a>
-<span class="sourceLineNo">738</span><a name="line.738"></a>
-<span class="sourceLineNo">739</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.739"></a>
-<span class="sourceLineNo">740</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {<a name="line.740"></a>
-<span class="sourceLineNo">741</span> try {<a name="line.741"></a>
-<span class="sourceLineNo">742</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.742"></a>
-<span class="sourceLineNo">743</span> new ProtobufVarint32FrameDecoder(),<a name="line.743"></a>
-<span class="sourceLineNo">744</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.744"></a>
-<span class="sourceLineNo">745</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));<a name="line.745"></a>
-<span class="sourceLineNo">746</span> } catch (SaslException e) {<a name="line.746"></a>
-<span class="sourceLineNo">747</span> saslPromise.tryFailure(e);<a name="line.747"></a>
-<span class="sourceLineNo">748</span> }<a name="line.748"></a>
-<span class="sourceLineNo">749</span> }<a name="line.749"></a>
-<span class="sourceLineNo">750</span><a name="line.750"></a>
-<span class="sourceLineNo">751</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.751"></a>
-<span class="sourceLineNo">752</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.752"></a>
-<span class="sourceLineNo">753</span> Promise<Void> saslPromise) throws IOException {<a name="line.753"></a>
-<span class="sourceLineNo">754</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.754"></a>
-<span class="sourceLineNo">755</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.755"></a>
-<span class="sourceLineNo">756</span> TrustedChannelResolver trustedChannelResolver =<a name="line.756"></a>
-<span class="sourceLineNo">757</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.757"></a>
-<span class="sourceLineNo">758</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.758"></a>
-<span class="sourceLineNo">759</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.759"></a>
-<span class="sourceLineNo">760</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.760"></a>
-<span class="sourceLineNo">761</span> saslPromise.trySuccess(null);<a name="line.761"></a>
-<span class="sourceLineNo">762</span> return;<a name="line.762"></a>
-<span class="sourceLineNo">763</span> }<a name="line.763"></a>
-<span class="sourceLineNo">764</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.764"></a>
-<span class="sourceLineNo">765</span> if (encryptionKey != null) {<a name="line.765"></a>
-<span class="sourceLineNo">766</span> if (LOG.isDebugEnabled()) {<a name="line.766"></a>
-<span class="sourceLineNo">767</span> LOG.debug(<a name="line.767"></a>
-<span class="sourceLineNo">768</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.768"></a>
-<span class="sourceLineNo">769</span> }<a name="line.769"></a>
-<span class="sourceLineNo">770</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.770"></a>
-<span class="sourceLineNo">771</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.771"></a>
-<span class="sourceLineNo">772</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);<a name="line.772"></a>
-<span class="sourceLineNo">773</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.773"></a>
-<span class="sourceLineNo">774</span> if (LOG.isDebugEnabled()) {<a name="line.774"></a>
-<span class="sourceLineNo">775</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.775"></a>
-<span class="sourceLineNo">776</span> + ", datanodeId = " + dnInfo);<a name="line.776"></a>
-<span class="sourceLineNo">777</span> }<a name="line.777"></a>
-<span class="sourceLineNo">778</span> saslPromise.trySuccess(null);<a name="line.778"></a>
-<span class="sourceLineNo">779</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.779"></a>
-<span class="sourceLineNo">780</span> if (LOG.isDebugEnabled()) {<a name="line.780"></a>
-<span class="sourceLineNo">781</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.781"></a>
-<span class="sourceLineNo">782</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.782"></a>
-<span class="sourceLineNo">783</span> }<a name="line.783"></a>
-<span class="sourceLineNo">784</span> saslPromise.trySuccess(null);<a name="line.784"></a>
-<span class="sourceLineNo">785</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.785"></a>
-<span class="sourceLineNo">786</span> if (LOG.isDebugEnabled()) {<a name="line.786"></a>
-<span class="sourceLineNo">787</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.787"></a>
-<span class="sourceLineNo">788</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.788"></a>
-<span class="sourceLineNo">789</span> }<a name="line.789"></a>
-<span class="sourceLineNo">790</span> saslPromise.trySuccess(null);<a name="line.790"></a>
-<span class="sourceLineNo">791</span> } else if (saslPropsResolver != null) {<a name="line.791"></a>
-<span class="sourceLineNo">792</span> if (LOG.isDebugEnabled()) {<a name="line.792"></a>
-<span class="sourceLineNo">793</span> LOG.debug(<a name="line.793"></a>
-<span class="sourceLineNo">794</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.794"></a>
-<span class="sourceLineNo">795</span> }<a name="line.795"></a>
-<span class="sourceLineNo">796</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.796"></a>
-<span class="sourceLineNo">797</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);<a name="line.797"></a>
-<span class="sourceLineNo">798</span> } else {<a name="line.798"></a>
-<span class="sourceLineNo">799</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.799"></a>
-<span class="sourceLineNo">800</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.800"></a>
-<span class="sourceLineNo">801</span> // edge case.<a name="line.801"></a>
-<span class="sourceLineNo">802</span> if (LOG.isDebugEnabled()) {<a name="line.802"></a>
-<span class="sourceLineNo">803</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.803"></a>
-<span class="sourceLineNo">804</span> + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.804"></a>
-<span class="sourceLineNo">805</span> }<a name="line.805"></a>
-<span class="sourceLineNo">806</span> saslPromise.trySuccess(null);<a name="line.806"></a>
-<span class="sourceLineNo">807</span> }<a name="line.807"></a>
-<span class="sourceLineNo">808</span> }<a name="line.808"></a>
-<span class="sourceLineNo">809</span><a name="line.809"></a>
-<span class="sourceLineNo">810</span> static Encryptor createEncryptor(Configuration conf, HdfsFileStatus stat, DFSClient client)<a name="line.810"></a>
-<span class="sourceLineNo">811</span> throws IOException {<a name="line.811"></a>
-<span class="sourceLineNo">812</span> FileEncryptionInfo feInfo = stat.getFileEncryptionInfo();<a name="line.812"></a>
-<span class="sourceLineNo">813</span> if (feInfo == null) {<a name="line.813"></a>
-<span class="sourceLineNo">814</span> return null;<a name="line.814"></a>
-<span class="sourceLineNo">815</span> }<a name="line.815"></a>
-<span class="sourceLineNo">816</span> return TRANSPARENT_CRYPTO_HELPER.createEncryptor(conf, feInfo, client);<a name="line.816"></a>
+<span class="sourceLineNo">731</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.731"></a>
+<span class="sourceLineNo">732</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.732"></a>
+<span class="sourceLineNo">733</span> .toCharArray();<a name="line.733"></a>
+<span class="sourceLineNo">734</span> }<a name="line.734"></a>
+<span class="sourceLineNo">735</span><a name="line.735"></a>
+<span class="sourceLineNo">736</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.736"></a>
+<span class="sourceLineNo">737</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.737"></a>
+<span class="sourceLineNo">738</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.738"></a>
+<span class="sourceLineNo">739</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.739"></a>
+<span class="sourceLineNo">740</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.740"></a>
+<span class="sourceLineNo">741</span> return saslProps;<a name="line.741"></a>
+<span class="sourceLineNo">742</span> }<a name="line.742"></a>
+<span class="sourceLineNo">743</span><a name="line.743"></a>
+<span class="sourceLineNo">744</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.744"></a>
+<span class="sourceLineNo">745</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,<a name="line.745"></a>
+<span class="sourceLineNo">746</span> DFSClient dfsClient) {<a name="line.746"></a>
+<span class="sourceLineNo">747</span> try {<a name="line.747"></a>
+<span class="sourceLineNo">748</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.748"></a>
+<span class="sourceLineNo">749</span> new ProtobufVarint32FrameDecoder(),<a name="line.749"></a>
+<span class="sourceLineNo">750</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.750"></a>
+<span class="sourceLineNo">751</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,<a name="line.751"></a>
+<span class="sourceLineNo">752</span> dfsClient));<a name="line.752"></a>
+<span class="sourceLineNo">753</span> } catch (SaslException e) {<a name="line.753"></a>
+<span class="sourceLineNo">754</span> saslPromise.tryFailure(e);<a name="line.754"></a>
+<span class="sourceLineNo">755</span> }<a name="line.755"></a>
+<span class="sourceLineNo">756</span> }<a name="line.756"></a>
+<span class="sourceLineNo">757</span><a name="line.757"></a>
+<span class="sourceLineNo">758</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.758"></a>
+<span class="sourceLineNo">759</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.759"></a>
+<span class="sourceLineNo">760</span> Promise<Void> saslPromise) throws IOException {<a name="line.760"></a>
+<span class="sourceLineNo">761</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.761"></a>
+<span class="sourceLineNo">762</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.762"></a>
+<span class="sourceLineNo">763</span> TrustedChannelResolver trustedChannelResolver =<a name="line.763"></a>
+<span class="sourceLineNo">764</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.764"></a>
+<span class="sourceLineNo">765</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.765"></a>
+<span class="sourceLineNo">766</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.766"></a>
+<span class="sourceLineNo">767</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.767"></a>
+<span class="sourceLineNo">768</span> saslPromise.trySuccess(null);<a name="line.768"></a>
+<span class="sourceLineNo">769</span> return;<a name="line.769"></a>
+<span class="sourceLineNo">770</span> }<a name="line.770"></a>
+<span class="sourceLineNo">771</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.771"></a>
+<span class="sourceLineNo">772</span> if (encryptionKey != null) {<a name="line.772"></a>
+<span class="sourceLineNo">773</span> if (LOG.isDebugEnabled()) {<a name="line.773"></a>
+<span class="sourceLineNo">774</span> LOG.debug(<a name="line.774"></a>
+<span class="sourceLineNo">775</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.775"></a>
+<span class="sourceLineNo">776</span> }<a name="line.776"></a>
+<span class="sourceLineNo">777</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.777"></a>
+<span class="sourceLineNo">778</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.778"></a>
+<span class="sourceLineNo">779</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,<a name="line.779"></a>
+<span class="sourceLineNo">780</span> client);<a name="line.780"></a>
+<span class="sourceLineNo">781</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.781"></a>
+<span class="sourceLineNo">782</span> if (LOG.isDebugEnabled()) {<a name="line.782"></a>
+<span class="sourceLineNo">783</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.783"></a>
+<span class="sourceLineNo">784</span> + ", datanodeId = " + dnInfo);<a name="line.784"></a>
+<span class="sourceLineNo">785</span> }<a name="line.785"></a>
+<span class="sourceLineNo">786</span> saslPromise.trySuccess(null);<a name="line.786"></a>
+<span class="sourceLineNo">787</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.787"></a>
+<span class="sourceLineNo">788</span> if (LOG.isDebugEnabled()) {<a name="line.788"></a>
+<span class="sourceLineNo">789</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.789"></a>
+<span class="sourceLineNo">790</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.790"></a>
+<span class="sourceLineNo">791</span> }<a name="line.791"></a>
+<span class="sourceLineNo">792</span> saslPromise.trySuccess(null);<a name="line.792"></a>
+<span class="sourceLineNo">793</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.793"></a>
+<span class="sourceLineNo">794</span> if (LOG.isDebugEnabled()) {<a name="line.794"></a>
+<span class="sourceLineNo">795</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.795"></a>
+<span class="sourceLineNo">796</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.796"></a>
+<span class="sourceLineNo">797</span> }<a name="line.797"></a>
+<span class="sourceLineNo">798</span> saslPromise.trySuccess(null);<a name="line.798"></a>
+<span class="sourceLineNo">799</span> } else if (saslPropsResolver != null) {<a name="line.799"></a>
+<span class="sourceLineNo">800</span> if (LOG.isDebugEnabled()) {<a name="line.800"></a>
+<span class="sourceLineNo">801</span> LOG.debug(<a name="line.801"></a>
+<span class="sourceLineNo">802</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.802"></a>
+<span class="sourceLineNo">803</span> }<a name="line.803"></a>
+<span class="sourceLineNo">804</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.804"></a>
+<span class="sourceLineNo">805</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,<a name="line.805"></a>
+<span class="sourceLineNo">806</span> client);<a name="line.806"></a>
+<span class="sourceLineNo">807</span> } else {<a name="line.807"></a>
+<span class="sourceLineNo">808</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.808"></a>
+<span class="sourceLineNo">809</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.809"></a>
+<span class="sourceLineNo">810</span> // edge case.<a name="line.810"></a>
+<span class="sourceLineNo">811</span> if (LOG.isDebugEnabled()) {<a name="line.811"></a>
+<span class="sourceLineNo">812</span> LOG.debug("SASL client skipping handshake
<TRUNCATED>
[15/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
Published site at a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Project: http://git-wip-us.apache.org/repos/asf/hbase-site/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase-site/commit/10a20a24
Tree: http://git-wip-us.apache.org/repos/asf/hbase-site/tree/10a20a24
Diff: http://git-wip-us.apache.org/repos/asf/hbase-site/diff/10a20a24
Branch: refs/heads/asf-site
Commit: 10a20a2451b06b5ee83f3318eb9f9ea81c19fef4
Parents: 828b7ec
Author: jenkins <bu...@apache.org>
Authored: Sat Aug 11 14:48:57 2018 +0000
Committer: jenkins <bu...@apache.org>
Committed: Sat Aug 11 14:48:57 2018 +0000
----------------------------------------------------------------------
acid-semantics.html | 4 +-
apache_hbase_reference_guide.pdf | 10578 ++++++++---------
book.html | 6 +-
bulk-loads.html | 4 +-
checkstyle-aggregate.html | 4 +-
coc.html | 4 +-
dependencies.html | 4 +-
dependency-convergence.html | 4 +-
dependency-info.html | 4 +-
dependency-management.html | 4 +-
devapidocs/constant-values.html | 6 +-
devapidocs/index-all.html | 6 +-
.../hadoop/hbase/backup/package-tree.html | 2 +-
.../hadoop/hbase/client/package-tree.html | 22 +-
.../hadoop/hbase/coprocessor/package-tree.html | 2 +-
.../hadoop/hbase/executor/package-tree.html | 2 +-
.../hadoop/hbase/filter/package-tree.html | 8 +-
...AsyncDFSOutputSaslHelper.DecryptHandler.html | 8 +-
...AsyncDFSOutputSaslHelper.EncryptHandler.html | 10 +-
...FSOutputSaslHelper.SaslNegotiateHandler.html | 67 +-
...ncDFSOutputSaslHelper.SaslUnwrapHandler.html | 10 +-
...syncDFSOutputSaslHelper.SaslWrapHandler.html | 16 +-
.../FanOutOneBlockAsyncDFSOutputSaslHelper.html | 26 +-
.../hadoop/hbase/io/hfile/package-tree.html | 8 +-
.../apache/hadoop/hbase/ipc/package-tree.html | 4 +-
.../hadoop/hbase/mapreduce/package-tree.html | 2 +-
.../hbase/master/balancer/package-tree.html | 2 +-
.../hadoop/hbase/master/package-tree.html | 4 +-
.../hbase/master/procedure/package-tree.html | 4 +-
.../org/apache/hadoop/hbase/package-tree.html | 14 +-
.../hadoop/hbase/procedure2/package-tree.html | 4 +-
.../hadoop/hbase/quotas/package-tree.html | 6 +-
.../hadoop/hbase/regionserver/package-tree.html | 16 +-
.../regionserver/querymatcher/package-tree.html | 2 +-
.../hbase/regionserver/wal/package-tree.html | 2 +-
.../replication/regionserver/package-tree.html | 2 +-
.../hbase/security/access/package-tree.html | 4 +-
.../hadoop/hbase/security/package-tree.html | 2 +-
.../hadoop/hbase/thrift/package-tree.html | 2 +-
.../apache/hadoop/hbase/util/package-tree.html | 10 +-
.../org/apache/hadoop/hbase/Version.html | 6 +-
...AsyncDFSOutputSaslHelper.DecryptHandler.html | 863 +-
...AsyncDFSOutputSaslHelper.EncryptHandler.html | 863 +-
...eBlockAsyncDFSOutputSaslHelper.PBHelper.html | 863 +-
...ockAsyncDFSOutputSaslHelper.SaslAdaptor.html | 863 +-
...putSaslHelper.SaslClientCallbackHandler.html | 863 +-
...FSOutputSaslHelper.SaslNegotiateHandler.html | 863 +-
...ncDFSOutputSaslHelper.SaslUnwrapHandler.html | 863 +-
...syncDFSOutputSaslHelper.SaslWrapHandler.html | 863 +-
...utputSaslHelper.TransparentCryptoHelper.html | 863 +-
.../FanOutOneBlockAsyncDFSOutputSaslHelper.html | 863 +-
downloads.html | 4 +-
export_control.html | 4 +-
index.html | 4 +-
integration.html | 4 +-
issue-tracking.html | 4 +-
license.html | 4 +-
mail-lists.html | 4 +-
metrics.html | 4 +-
old_news.html | 4 +-
plugin-management.html | 4 +-
plugins.html | 4 +-
poweredbyhbase.html | 4 +-
project-info.html | 4 +-
project-reports.html | 4 +-
project-summary.html | 4 +-
pseudo-distributed.html | 4 +-
replication.html | 4 +-
resources.html | 4 +-
source-repository.html | 4 +-
sponsors.html | 4 +-
supportingprojects.html | 4 +-
team-list.html | 4 +-
73 files changed, 9861 insertions(+), 9752 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/acid-semantics.html
----------------------------------------------------------------------
diff --git a/acid-semantics.html b/acid-semantics.html
index e848da8..a884382 100644
--- a/acid-semantics.html
+++ b/acid-semantics.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase –
Apache HBase (TM) ACID Properties
@@ -601,7 +601,7 @@ under the License. -->
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
[11/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html
index 40ef9f4..36b4e7f 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html
@@ -375,455 +375,464 @@
<span class="sourceLineNo">367</span><a name="line.367"></a>
<span class="sourceLineNo">368</span> private final Promise<Void> promise;<a name="line.368"></a>
<span class="sourceLineNo">369</span><a name="line.369"></a>
-<span class="sourceLineNo">370</span> private int step = 0;<a name="line.370"></a>
+<span class="sourceLineNo">370</span> private final DFSClient dfsClient;<a name="line.370"></a>
<span class="sourceLineNo">371</span><a name="line.371"></a>
-<span class="sourceLineNo">372</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.372"></a>
-<span class="sourceLineNo">373</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {<a name="line.373"></a>
-<span class="sourceLineNo">374</span> this.conf = conf;<a name="line.374"></a>
-<span class="sourceLineNo">375</span> this.saslProps = saslProps;<a name="line.375"></a>
-<span class="sourceLineNo">376</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.376"></a>
-<span class="sourceLineNo">377</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.377"></a>
-<span class="sourceLineNo">378</span> this.timeoutMs = timeoutMs;<a name="line.378"></a>
-<span class="sourceLineNo">379</span> this.promise = promise;<a name="line.379"></a>
-<span class="sourceLineNo">380</span> }<a name="line.380"></a>
-<span class="sourceLineNo">381</span><a name="line.381"></a>
-<span class="sourceLineNo">382</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.382"></a>
-<span class="sourceLineNo">383</span> sendSaslMessage(ctx, payload, null);<a name="line.383"></a>
+<span class="sourceLineNo">372</span> private int step = 0;<a name="line.372"></a>
+<span class="sourceLineNo">373</span><a name="line.373"></a>
+<span class="sourceLineNo">374</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.374"></a>
+<span class="sourceLineNo">375</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,<a name="line.375"></a>
+<span class="sourceLineNo">376</span> DFSClient dfsClient) throws SaslException {<a name="line.376"></a>
+<span class="sourceLineNo">377</span> this.conf = conf;<a name="line.377"></a>
+<span class="sourceLineNo">378</span> this.saslProps = saslProps;<a name="line.378"></a>
+<span class="sourceLineNo">379</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.379"></a>
+<span class="sourceLineNo">380</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.380"></a>
+<span class="sourceLineNo">381</span> this.timeoutMs = timeoutMs;<a name="line.381"></a>
+<span class="sourceLineNo">382</span> this.promise = promise;<a name="line.382"></a>
+<span class="sourceLineNo">383</span> this.dfsClient = dfsClient;<a name="line.383"></a>
<span class="sourceLineNo">384</span> }<a name="line.384"></a>
<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.387"></a>
-<span class="sourceLineNo">388</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.388"></a>
-<span class="sourceLineNo">389</span> // values for future expansion.<a name="line.389"></a>
-<span class="sourceLineNo">390</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.390"></a>
-<span class="sourceLineNo">391</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.391"></a>
-<span class="sourceLineNo">392</span> return null;<a name="line.392"></a>
-<span class="sourceLineNo">393</span> }<a name="line.393"></a>
-<span class="sourceLineNo">394</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.394"></a>
-<span class="sourceLineNo">395</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.395"></a>
-<span class="sourceLineNo">396</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.396"></a>
+<span class="sourceLineNo">386</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.386"></a>
+<span class="sourceLineNo">387</span> sendSaslMessage(ctx, payload, null);<a name="line.387"></a>
+<span class="sourceLineNo">388</span> }<a name="line.388"></a>
+<span class="sourceLineNo">389</span><a name="line.389"></a>
+<span class="sourceLineNo">390</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.390"></a>
+<span class="sourceLineNo">391</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.391"></a>
+<span class="sourceLineNo">392</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.392"></a>
+<span class="sourceLineNo">393</span> // values for future expansion.<a name="line.393"></a>
+<span class="sourceLineNo">394</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.395"></a>
+<span class="sourceLineNo">396</span> return null;<a name="line.396"></a>
<span class="sourceLineNo">397</span> }<a name="line.397"></a>
-<span class="sourceLineNo">398</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.398"></a>
-<span class="sourceLineNo">399</span> }<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.401"></a>
-<span class="sourceLineNo">402</span> List<CipherOption> options) throws IOException {<a name="line.402"></a>
-<span class="sourceLineNo">403</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.403"></a>
-<span class="sourceLineNo">404</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.404"></a>
-<span class="sourceLineNo">405</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> if (payload != null) {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.407"></a>
-<span class="sourceLineNo">408</span> // and we want to keep that out of hbase-server.<a name="line.408"></a>
-<span class="sourceLineNo">409</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.409"></a>
-<span class="sourceLineNo">410</span> }<a name="line.410"></a>
-<span class="sourceLineNo">411</span> if (options != null) {<a name="line.411"></a>
-<span class="sourceLineNo">412</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.412"></a>
-<span class="sourceLineNo">413</span> }<a name="line.413"></a>
-<span class="sourceLineNo">414</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> int size = proto.getSerializedSize();<a name="line.415"></a>
-<span class="sourceLineNo">416</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.416"></a>
-<span class="sourceLineNo">417</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.417"></a>
-<span class="sourceLineNo">418</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.418"></a>
-<span class="sourceLineNo">419</span> ctx.write(buf);<a name="line.419"></a>
-<span class="sourceLineNo">420</span> }<a name="line.420"></a>
-<span class="sourceLineNo">421</span><a name="line.421"></a>
-<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
-<span class="sourceLineNo">423</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.423"></a>
-<span class="sourceLineNo">424</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.424"></a>
-<span class="sourceLineNo">425</span> sendSaslMessage(ctx, new byte[0]);<a name="line.425"></a>
-<span class="sourceLineNo">426</span> ctx.flush();<a name="line.426"></a>
-<span class="sourceLineNo">427</span> step++;<a name="line.427"></a>
-<span class="sourceLineNo">428</span> }<a name="line.428"></a>
-<span class="sourceLineNo">429</span><a name="line.429"></a>
-<span class="sourceLineNo">430</span> @Override<a name="line.430"></a>
-<span class="sourceLineNo">431</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.431"></a>
-<span class="sourceLineNo">432</span> saslClient.dispose();<a name="line.432"></a>
-<span class="sourceLineNo">433</span> }<a name="line.433"></a>
-<span class="sourceLineNo">434</span><a name="line.434"></a>
-<span class="sourceLineNo">435</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.435"></a>
-<span class="sourceLineNo">436</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.436"></a>
-<span class="sourceLineNo">437</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.437"></a>
-<span class="sourceLineNo">438</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.438"></a>
-<span class="sourceLineNo">439</span> throw new IOException(proto.getMessage());<a name="line.439"></a>
-<span class="sourceLineNo">440</span> }<a name="line.440"></a>
-<span class="sourceLineNo">441</span> }<a name="line.441"></a>
-<span class="sourceLineNo">442</span><a name="line.442"></a>
-<span class="sourceLineNo">443</span> private String getNegotiatedQop() {<a name="line.443"></a>
-<span class="sourceLineNo">444</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> }<a name="line.445"></a>
-<span class="sourceLineNo">446</span><a name="line.446"></a>
-<span class="sourceLineNo">447</span> private boolean isNegotiatedQopPrivacy() {<a name="line.447"></a>
-<span class="sourceLineNo">448</span> String qop = getNegotiatedQop();<a name="line.448"></a>
-<span class="sourceLineNo">449</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.449"></a>
+<span class="sourceLineNo">398</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.398"></a>
+<span class="sourceLineNo">399</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.399"></a>
+<span class="sourceLineNo">400</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.400"></a>
+<span class="sourceLineNo">401</span> }<a name="line.401"></a>
+<span class="sourceLineNo">402</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.402"></a>
+<span class="sourceLineNo">403</span> }<a name="line.403"></a>
+<span class="sourceLineNo">404</span><a name="line.404"></a>
+<span class="sourceLineNo">405</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.405"></a>
+<span class="sourceLineNo">406</span> List<CipherOption> options) throws IOException {<a name="line.406"></a>
+<span class="sourceLineNo">407</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.407"></a>
+<span class="sourceLineNo">408</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.408"></a>
+<span class="sourceLineNo">409</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> if (payload != null) {<a name="line.410"></a>
+<span class="sourceLineNo">411</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.411"></a>
+<span class="sourceLineNo">412</span> // and we want to keep that out of hbase-server.<a name="line.412"></a>
+<span class="sourceLineNo">413</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.413"></a>
+<span class="sourceLineNo">414</span> }<a name="line.414"></a>
+<span class="sourceLineNo">415</span> if (options != null) {<a name="line.415"></a>
+<span class="sourceLineNo">416</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.416"></a>
+<span class="sourceLineNo">417</span> }<a name="line.417"></a>
+<span class="sourceLineNo">418</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.418"></a>
+<span class="sourceLineNo">419</span> int size = proto.getSerializedSize();<a name="line.419"></a>
+<span class="sourceLineNo">420</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.420"></a>
+<span class="sourceLineNo">421</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.421"></a>
+<span class="sourceLineNo">422</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.422"></a>
+<span class="sourceLineNo">423</span> ctx.write(buf);<a name="line.423"></a>
+<span class="sourceLineNo">424</span> }<a name="line.424"></a>
+<span class="sourceLineNo">425</span><a name="line.425"></a>
+<span class="sourceLineNo">426</span> @Override<a name="line.426"></a>
+<span class="sourceLineNo">427</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.427"></a>
+<span class="sourceLineNo">428</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.428"></a>
+<span class="sourceLineNo">429</span> sendSaslMessage(ctx, new byte[0]);<a name="line.429"></a>
+<span class="sourceLineNo">430</span> ctx.flush();<a name="line.430"></a>
+<span class="sourceLineNo">431</span> step++;<a name="line.431"></a>
+<span class="sourceLineNo">432</span> }<a name="line.432"></a>
+<span class="sourceLineNo">433</span><a name="line.433"></a>
+<span class="sourceLineNo">434</span> @Override<a name="line.434"></a>
+<span class="sourceLineNo">435</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.435"></a>
+<span class="sourceLineNo">436</span> saslClient.dispose();<a name="line.436"></a>
+<span class="sourceLineNo">437</span> }<a name="line.437"></a>
+<span class="sourceLineNo">438</span><a name="line.438"></a>
+<span class="sourceLineNo">439</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.439"></a>
+<span class="sourceLineNo">440</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.440"></a>
+<span class="sourceLineNo">441</span> dfsClient.clearDataEncryptionKey();<a name="line.441"></a>
+<span class="sourceLineNo">442</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.442"></a>
+<span class="sourceLineNo">443</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> throw new IOException(proto.getMessage());<a name="line.444"></a>
+<span class="sourceLineNo">445</span> }<a name="line.445"></a>
+<span class="sourceLineNo">446</span> }<a name="line.446"></a>
+<span class="sourceLineNo">447</span><a name="line.447"></a>
+<span class="sourceLineNo">448</span> private String getNegotiatedQop() {<a name="line.448"></a>
+<span class="sourceLineNo">449</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.449"></a>
<span class="sourceLineNo">450</span> }<a name="line.450"></a>
<span class="sourceLineNo">451</span><a name="line.451"></a>
-<span class="sourceLineNo">452</span> private boolean requestedQopContainsPrivacy() {<a name="line.452"></a>
-<span class="sourceLineNo">453</span> Set<String> requestedQop =<a name="line.453"></a>
-<span class="sourceLineNo">454</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.454"></a>
-<span class="sourceLineNo">455</span> return requestedQop.contains("auth-conf");<a name="line.455"></a>
-<span class="sourceLineNo">456</span> }<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> private void checkSaslComplete() throws IOException {<a name="line.458"></a>
-<span class="sourceLineNo">459</span> if (!saslClient.isComplete()) {<a name="line.459"></a>
-<span class="sourceLineNo">460</span> throw new IOException("Failed to complete SASL handshake");<a name="line.460"></a>
-<span class="sourceLineNo">461</span> }<a name="line.461"></a>
-<span class="sourceLineNo">462</span> Set<String> requestedQop =<a name="line.462"></a>
-<span class="sourceLineNo">463</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.463"></a>
-<span class="sourceLineNo">464</span> String negotiatedQop = getNegotiatedQop();<a name="line.464"></a>
-<span class="sourceLineNo">465</span> LOG.debug(<a name="line.465"></a>
-<span class="sourceLineNo">466</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.466"></a>
-<span class="sourceLineNo">467</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.467"></a>
-<span class="sourceLineNo">468</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.468"></a>
-<span class="sourceLineNo">469</span> + "channel does not have acceptable quality of protection, "<a name="line.469"></a>
-<span class="sourceLineNo">470</span> + "requested = %s, negotiated = %s",<a name="line.470"></a>
-<span class="sourceLineNo">471</span> requestedQop, negotiatedQop));<a name="line.471"></a>
-<span class="sourceLineNo">472</span> }<a name="line.472"></a>
-<span class="sourceLineNo">473</span> }<a name="line.473"></a>
-<span class="sourceLineNo">474</span><a name="line.474"></a>
-<span class="sourceLineNo">475</span> private boolean useWrap() {<a name="line.475"></a>
-<span class="sourceLineNo">476</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.476"></a>
-<span class="sourceLineNo">477</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.477"></a>
+<span class="sourceLineNo">452</span> private boolean isNegotiatedQopPrivacy() {<a name="line.452"></a>
+<span class="sourceLineNo">453</span> String qop = getNegotiatedQop();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.454"></a>
+<span class="sourceLineNo">455</span> }<a name="line.455"></a>
+<span class="sourceLineNo">456</span><a name="line.456"></a>
+<span class="sourceLineNo">457</span> private boolean requestedQopContainsPrivacy() {<a name="line.457"></a>
+<span class="sourceLineNo">458</span> Set<String> requestedQop =<a name="line.458"></a>
+<span class="sourceLineNo">459</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.459"></a>
+<span class="sourceLineNo">460</span> return requestedQop.contains("auth-conf");<a name="line.460"></a>
+<span class="sourceLineNo">461</span> }<a name="line.461"></a>
+<span class="sourceLineNo">462</span><a name="line.462"></a>
+<span class="sourceLineNo">463</span> private void checkSaslComplete() throws IOException {<a name="line.463"></a>
+<span class="sourceLineNo">464</span> if (!saslClient.isComplete()) {<a name="line.464"></a>
+<span class="sourceLineNo">465</span> throw new IOException("Failed to complete SASL handshake");<a name="line.465"></a>
+<span class="sourceLineNo">466</span> }<a name="line.466"></a>
+<span class="sourceLineNo">467</span> Set<String> requestedQop =<a name="line.467"></a>
+<span class="sourceLineNo">468</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.468"></a>
+<span class="sourceLineNo">469</span> String negotiatedQop = getNegotiatedQop();<a name="line.469"></a>
+<span class="sourceLineNo">470</span> LOG.debug(<a name="line.470"></a>
+<span class="sourceLineNo">471</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.471"></a>
+<span class="sourceLineNo">472</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.472"></a>
+<span class="sourceLineNo">473</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.473"></a>
+<span class="sourceLineNo">474</span> + "channel does not have acceptable quality of protection, "<a name="line.474"></a>
+<span class="sourceLineNo">475</span> + "requested = %s, negotiated = %s",<a name="line.475"></a>
+<span class="sourceLineNo">476</span> requestedQop, negotiatedQop));<a name="line.476"></a>
+<span class="sourceLineNo">477</span> }<a name="line.477"></a>
<span class="sourceLineNo">478</span> }<a name="line.478"></a>
<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.480"></a>
-<span class="sourceLineNo">481</span> byte[] inKey = option.getInKey();<a name="line.481"></a>
-<span class="sourceLineNo">482</span> if (inKey != null) {<a name="line.482"></a>
-<span class="sourceLineNo">483</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.483"></a>
-<span class="sourceLineNo">484</span> }<a name="line.484"></a>
-<span class="sourceLineNo">485</span> byte[] outKey = option.getOutKey();<a name="line.485"></a>
-<span class="sourceLineNo">486</span> if (outKey != null) {<a name="line.486"></a>
-<span class="sourceLineNo">487</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.487"></a>
-<span class="sourceLineNo">488</span> }<a name="line.488"></a>
-<span class="sourceLineNo">489</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.489"></a>
-<span class="sourceLineNo">490</span> option.getOutIv());<a name="line.490"></a>
-<span class="sourceLineNo">491</span> }<a name="line.491"></a>
-<span class="sourceLineNo">492</span><a name="line.492"></a>
-<span class="sourceLineNo">493</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.493"></a>
-<span class="sourceLineNo">494</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.494"></a>
-<span class="sourceLineNo">495</span> List<CipherOption> cipherOptions =<a name="line.495"></a>
-<span class="sourceLineNo">496</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.496"></a>
-<span class="sourceLineNo">497</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.497"></a>
-<span class="sourceLineNo">498</span> return null;<a name="line.498"></a>
-<span class="sourceLineNo">499</span> }<a name="line.499"></a>
-<span class="sourceLineNo">500</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.501"></a>
-<span class="sourceLineNo">502</span> }<a name="line.502"></a>
-<span class="sourceLineNo">503</span><a name="line.503"></a>
-<span class="sourceLineNo">504</span> @Override<a name="line.504"></a>
-<span class="sourceLineNo">505</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.505"></a>
-<span class="sourceLineNo">506</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.506"></a>
-<span class="sourceLineNo">507</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.507"></a>
-<span class="sourceLineNo">508</span> check(proto);<a name="line.508"></a>
-<span class="sourceLineNo">509</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.509"></a>
-<span class="sourceLineNo">510</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.510"></a>
-<span class="sourceLineNo">511</span> switch (step) {<a name="line.511"></a>
-<span class="sourceLineNo">512</span> case 1: {<a name="line.512"></a>
-<span class="sourceLineNo">513</span> List<CipherOption> cipherOptions = null;<a name="line.513"></a>
-<span class="sourceLineNo">514</span> if (requestedQopContainsPrivacy()) {<a name="line.514"></a>
-<span class="sourceLineNo">515</span> cipherOptions = getCipherOptions();<a name="line.515"></a>
-<span class="sourceLineNo">516</span> }<a name="line.516"></a>
-<span class="sourceLineNo">517</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.517"></a>
-<span class="sourceLineNo">518</span> ctx.flush();<a name="line.518"></a>
-<span class="sourceLineNo">519</span> step++;<a name="line.519"></a>
-<span class="sourceLineNo">520</span> break;<a name="line.520"></a>
-<span class="sourceLineNo">521</span> }<a name="line.521"></a>
-<span class="sourceLineNo">522</span> case 2: {<a name="line.522"></a>
-<span class="sourceLineNo">523</span> assert response == null;<a name="line.523"></a>
-<span class="sourceLineNo">524</span> checkSaslComplete();<a name="line.524"></a>
-<span class="sourceLineNo">525</span> CipherOption cipherOption =<a name="line.525"></a>
-<span class="sourceLineNo">526</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.526"></a>
-<span class="sourceLineNo">527</span> ChannelPipeline p = ctx.pipeline();<a name="line.527"></a>
-<span class="sourceLineNo">528</span> while (p.first() != null) {<a name="line.528"></a>
-<span class="sourceLineNo">529</span> p.removeFirst();<a name="line.529"></a>
-<span class="sourceLineNo">530</span> }<a name="line.530"></a>
-<span class="sourceLineNo">531</span> if (cipherOption != null) {<a name="line.531"></a>
-<span class="sourceLineNo">532</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.532"></a>
-<span class="sourceLineNo">533</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.533"></a>
-<span class="sourceLineNo">534</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.534"></a>
-<span class="sourceLineNo">535</span> } else {<a name="line.535"></a>
-<span class="sourceLineNo">536</span> if (useWrap()) {<a name="line.536"></a>
-<span class="sourceLineNo">537</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.537"></a>
-<span class="sourceLineNo">538</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.538"></a>
-<span class="sourceLineNo">539</span> new SaslUnwrapHandler(saslClient));<a name="line.539"></a>
-<span class="sourceLineNo">540</span> }<a name="line.540"></a>
-<span class="sourceLineNo">541</span> }<a name="line.541"></a>
-<span class="sourceLineNo">542</span> promise.trySuccess(null);<a name="line.542"></a>
-<span class="sourceLineNo">543</span> break;<a name="line.543"></a>
-<span class="sourceLineNo">544</span> }<a name="line.544"></a>
-<span class="sourceLineNo">545</span> default:<a name="line.545"></a>
-<span class="sourceLineNo">546</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.546"></a>
-<span class="sourceLineNo">547</span> }<a name="line.547"></a>
-<span class="sourceLineNo">548</span> } else {<a name="line.548"></a>
-<span class="sourceLineNo">549</span> ctx.fireChannelRead(msg);<a name="line.549"></a>
-<span class="sourceLineNo">550</span> }<a name="line.550"></a>
-<span class="sourceLineNo">551</span> }<a name="line.551"></a>
-<span class="sourceLineNo">552</span><a name="line.552"></a>
-<span class="sourceLineNo">553</span> @Override<a name="line.553"></a>
-<span class="sourceLineNo">554</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.554"></a>
-<span class="sourceLineNo">555</span> promise.tryFailure(cause);<a name="line.555"></a>
+<span class="sourceLineNo">480</span> private boolean useWrap() {<a name="line.480"></a>
+<span class="sourceLineNo">481</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.481"></a>
+<span class="sourceLineNo">482</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> }<a name="line.483"></a>
+<span class="sourceLineNo">484</span><a name="line.484"></a>
+<span class="sourceLineNo">485</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.485"></a>
+<span class="sourceLineNo">486</span> byte[] inKey = option.getInKey();<a name="line.486"></a>
+<span class="sourceLineNo">487</span> if (inKey != null) {<a name="line.487"></a>
+<span class="sourceLineNo">488</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.488"></a>
+<span class="sourceLineNo">489</span> }<a name="line.489"></a>
+<span class="sourceLineNo">490</span> byte[] outKey = option.getOutKey();<a name="line.490"></a>
+<span class="sourceLineNo">491</span> if (outKey != null) {<a name="line.491"></a>
+<span class="sourceLineNo">492</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.492"></a>
+<span class="sourceLineNo">493</span> }<a name="line.493"></a>
+<span class="sourceLineNo">494</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.494"></a>
+<span class="sourceLineNo">495</span> option.getOutIv());<a name="line.495"></a>
+<span class="sourceLineNo">496</span> }<a name="line.496"></a>
+<span class="sourceLineNo">497</span><a name="line.497"></a>
+<span class="sourceLineNo">498</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.498"></a>
+<span class="sourceLineNo">499</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.499"></a>
+<span class="sourceLineNo">500</span> List<CipherOption> cipherOptions =<a name="line.500"></a>
+<span class="sourceLineNo">501</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.501"></a>
+<span class="sourceLineNo">502</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.502"></a>
+<span class="sourceLineNo">503</span> return null;<a name="line.503"></a>
+<span class="sourceLineNo">504</span> }<a name="line.504"></a>
+<span class="sourceLineNo">505</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.505"></a>
+<span class="sourceLineNo">506</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.506"></a>
+<span class="sourceLineNo">507</span> }<a name="line.507"></a>
+<span class="sourceLineNo">508</span><a name="line.508"></a>
+<span class="sourceLineNo">509</span> @Override<a name="line.509"></a>
+<span class="sourceLineNo">510</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.510"></a>
+<span class="sourceLineNo">511</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.511"></a>
+<span class="sourceLineNo">512</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.512"></a>
+<span class="sourceLineNo">513</span> check(proto);<a name="line.513"></a>
+<span class="sourceLineNo">514</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.514"></a>
+<span class="sourceLineNo">515</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.515"></a>
+<span class="sourceLineNo">516</span> switch (step) {<a name="line.516"></a>
+<span class="sourceLineNo">517</span> case 1: {<a name="line.517"></a>
+<span class="sourceLineNo">518</span> List<CipherOption> cipherOptions = null;<a name="line.518"></a>
+<span class="sourceLineNo">519</span> if (requestedQopContainsPrivacy()) {<a name="line.519"></a>
+<span class="sourceLineNo">520</span> cipherOptions = getCipherOptions();<a name="line.520"></a>
+<span class="sourceLineNo">521</span> }<a name="line.521"></a>
+<span class="sourceLineNo">522</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.522"></a>
+<span class="sourceLineNo">523</span> ctx.flush();<a name="line.523"></a>
+<span class="sourceLineNo">524</span> step++;<a name="line.524"></a>
+<span class="sourceLineNo">525</span> break;<a name="line.525"></a>
+<span class="sourceLineNo">526</span> }<a name="line.526"></a>
+<span class="sourceLineNo">527</span> case 2: {<a name="line.527"></a>
+<span class="sourceLineNo">528</span> assert response == null;<a name="line.528"></a>
+<span class="sourceLineNo">529</span> checkSaslComplete();<a name="line.529"></a>
+<span class="sourceLineNo">530</span> CipherOption cipherOption =<a name="line.530"></a>
+<span class="sourceLineNo">531</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.531"></a>
+<span class="sourceLineNo">532</span> ChannelPipeline p = ctx.pipeline();<a name="line.532"></a>
+<span class="sourceLineNo">533</span> while (p.first() != null) {<a name="line.533"></a>
+<span class="sourceLineNo">534</span> p.removeFirst();<a name="line.534"></a>
+<span class="sourceLineNo">535</span> }<a name="line.535"></a>
+<span class="sourceLineNo">536</span> if (cipherOption != null) {<a name="line.536"></a>
+<span class="sourceLineNo">537</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.537"></a>
+<span class="sourceLineNo">538</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.538"></a>
+<span class="sourceLineNo">539</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.539"></a>
+<span class="sourceLineNo">540</span> } else {<a name="line.540"></a>
+<span class="sourceLineNo">541</span> if (useWrap()) {<a name="line.541"></a>
+<span class="sourceLineNo">542</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.542"></a>
+<span class="sourceLineNo">543</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.543"></a>
+<span class="sourceLineNo">544</span> new SaslUnwrapHandler(saslClient));<a name="line.544"></a>
+<span class="sourceLineNo">545</span> }<a name="line.545"></a>
+<span class="sourceLineNo">546</span> }<a name="line.546"></a>
+<span class="sourceLineNo">547</span> promise.trySuccess(null);<a name="line.547"></a>
+<span class="sourceLineNo">548</span> break;<a name="line.548"></a>
+<span class="sourceLineNo">549</span> }<a name="line.549"></a>
+<span class="sourceLineNo">550</span> default:<a name="line.550"></a>
+<span class="sourceLineNo">551</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.551"></a>
+<span class="sourceLineNo">552</span> }<a name="line.552"></a>
+<span class="sourceLineNo">553</span> } else {<a name="line.553"></a>
+<span class="sourceLineNo">554</span> ctx.fireChannelRead(msg);<a name="line.554"></a>
+<span class="sourceLineNo">555</span> }<a name="line.555"></a>
<span class="sourceLineNo">556</span> }<a name="line.556"></a>
<span class="sourceLineNo">557</span><a name="line.557"></a>
<span class="sourceLineNo">558</span> @Override<a name="line.558"></a>
-<span class="sourceLineNo">559</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.559"></a>
-<span class="sourceLineNo">560</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.560"></a>
-<span class="sourceLineNo">561</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.561"></a>
-<span class="sourceLineNo">562</span> } else {<a name="line.562"></a>
-<span class="sourceLineNo">563</span> super.userEventTriggered(ctx, evt);<a name="line.563"></a>
-<span class="sourceLineNo">564</span> }<a name="line.564"></a>
-<span class="sourceLineNo">565</span> }<a name="line.565"></a>
-<span class="sourceLineNo">566</span> }<a name="line.566"></a>
-<span class="sourceLineNo">567</span><a name="line.567"></a>
-<span class="sourceLineNo">568</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.568"></a>
-<span class="sourceLineNo">569</span><a name="line.569"></a>
-<span class="sourceLineNo">570</span> private final SaslClient saslClient;<a name="line.570"></a>
-<span class="sourceLineNo">571</span><a name="line.571"></a>
-<span class="sourceLineNo">572</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.572"></a>
-<span class="sourceLineNo">573</span> this.saslClient = saslClient;<a name="line.573"></a>
-<span class="sourceLineNo">574</span> }<a name="line.574"></a>
-<span class="sourceLineNo">575</span><a name="line.575"></a>
-<span class="sourceLineNo">576</span> @Override<a name="line.576"></a>
-<span class="sourceLineNo">577</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.577"></a>
-<span class="sourceLineNo">578</span> saslClient.dispose();<a name="line.578"></a>
+<span class="sourceLineNo">559</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.559"></a>
+<span class="sourceLineNo">560</span> promise.tryFailure(cause);<a name="line.560"></a>
+<span class="sourceLineNo">561</span> }<a name="line.561"></a>
+<span class="sourceLineNo">562</span><a name="line.562"></a>
+<span class="sourceLineNo">563</span> @Override<a name="line.563"></a>
+<span class="sourceLineNo">564</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.564"></a>
+<span class="sourceLineNo">565</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.565"></a>
+<span class="sourceLineNo">566</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.566"></a>
+<span class="sourceLineNo">567</span> } else {<a name="line.567"></a>
+<span class="sourceLineNo">568</span> super.userEventTriggered(ctx, evt);<a name="line.568"></a>
+<span class="sourceLineNo">569</span> }<a name="line.569"></a>
+<span class="sourceLineNo">570</span> }<a name="line.570"></a>
+<span class="sourceLineNo">571</span> }<a name="line.571"></a>
+<span class="sourceLineNo">572</span><a name="line.572"></a>
+<span class="sourceLineNo">573</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.573"></a>
+<span class="sourceLineNo">574</span><a name="line.574"></a>
+<span class="sourceLineNo">575</span> private final SaslClient saslClient;<a name="line.575"></a>
+<span class="sourceLineNo">576</span><a name="line.576"></a>
+<span class="sourceLineNo">577</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.577"></a>
+<span class="sourceLineNo">578</span> this.saslClient = saslClient;<a name="line.578"></a>
<span class="sourceLineNo">579</span> }<a name="line.579"></a>
<span class="sourceLineNo">580</span><a name="line.580"></a>
<span class="sourceLineNo">581</span> @Override<a name="line.581"></a>
-<span class="sourceLineNo">582</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.582"></a>
-<span class="sourceLineNo">583</span> msg.skipBytes(4);<a name="line.583"></a>
-<span class="sourceLineNo">584</span> byte[] b = new byte[msg.readableBytes()];<a name="line.584"></a>
-<span class="sourceLineNo">585</span> msg.readBytes(b);<a name="line.585"></a>
-<span class="sourceLineNo">586</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.586"></a>
-<span class="sourceLineNo">587</span> }<a name="line.587"></a>
-<span class="sourceLineNo">588</span> }<a name="line.588"></a>
-<span class="sourceLineNo">589</span><a name="line.589"></a>
-<span class="sourceLineNo">590</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.590"></a>
-<span class="sourceLineNo">591</span><a name="line.591"></a>
-<span class="sourceLineNo">592</span> private final SaslClient saslClient;<a name="line.592"></a>
-<span class="sourceLineNo">593</span><a name="line.593"></a>
-<span class="sourceLineNo">594</span> private CompositeByteBuf cBuf;<a name="line.594"></a>
-<span class="sourceLineNo">595</span><a name="line.595"></a>
-<span class="sourceLineNo">596</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.596"></a>
-<span class="sourceLineNo">597</span> this.saslClient = saslClient;<a name="line.597"></a>
-<span class="sourceLineNo">598</span> }<a name="line.598"></a>
-<span class="sourceLineNo">599</span><a name="line.599"></a>
-<span class="sourceLineNo">600</span> @Override<a name="line.600"></a>
-<span class="sourceLineNo">601</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.601"></a>
-<span class="sourceLineNo">602</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.602"></a>
+<span class="sourceLineNo">582</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.582"></a>
+<span class="sourceLineNo">583</span> saslClient.dispose();<a name="line.583"></a>
+<span class="sourceLineNo">584</span> }<a name="line.584"></a>
+<span class="sourceLineNo">585</span><a name="line.585"></a>
+<span class="sourceLineNo">586</span> @Override<a name="line.586"></a>
+<span class="sourceLineNo">587</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.587"></a>
+<span class="sourceLineNo">588</span> msg.skipBytes(4);<a name="line.588"></a>
+<span class="sourceLineNo">589</span> byte[] b = new byte[msg.readableBytes()];<a name="line.589"></a>
+<span class="sourceLineNo">590</span> msg.readBytes(b);<a name="line.590"></a>
+<span class="sourceLineNo">591</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.591"></a>
+<span class="sourceLineNo">592</span> }<a name="line.592"></a>
+<span class="sourceLineNo">593</span> }<a name="line.593"></a>
+<span class="sourceLineNo">594</span><a name="line.594"></a>
+<span class="sourceLineNo">595</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.595"></a>
+<span class="sourceLineNo">596</span><a name="line.596"></a>
+<span class="sourceLineNo">597</span> private final SaslClient saslClient;<a name="line.597"></a>
+<span class="sourceLineNo">598</span><a name="line.598"></a>
+<span class="sourceLineNo">599</span> private CompositeByteBuf cBuf;<a name="line.599"></a>
+<span class="sourceLineNo">600</span><a name="line.600"></a>
+<span class="sourceLineNo">601</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.601"></a>
+<span class="sourceLineNo">602</span> this.saslClient = saslClient;<a name="line.602"></a>
<span class="sourceLineNo">603</span> }<a name="line.603"></a>
<span class="sourceLineNo">604</span><a name="line.604"></a>
<span class="sourceLineNo">605</span> @Override<a name="line.605"></a>
-<span class="sourceLineNo">606</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.606"></a>
-<span class="sourceLineNo">607</span> throws Exception {<a name="line.607"></a>
-<span class="sourceLineNo">608</span> if (msg instanceof ByteBuf) {<a name="line.608"></a>
-<span class="sourceLineNo">609</span> ByteBuf buf = (ByteBuf) msg;<a name="line.609"></a>
-<span class="sourceLineNo">610</span> cBuf.addComponent(buf);<a name="line.610"></a>
-<span class="sourceLineNo">611</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.611"></a>
-<span class="sourceLineNo">612</span> } else {<a name="line.612"></a>
-<span class="sourceLineNo">613</span> ctx.write(msg);<a name="line.613"></a>
-<span class="sourceLineNo">614</span> }<a name="line.614"></a>
-<span class="sourceLineNo">615</span> }<a name="line.615"></a>
-<span class="sourceLineNo">616</span><a name="line.616"></a>
-<span class="sourceLineNo">617</span> @Override<a name="line.617"></a>
-<span class="sourceLineNo">618</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.618"></a>
-<span class="sourceLineNo">619</span> if (cBuf.isReadable()) {<a name="line.619"></a>
-<span class="sourceLineNo">620</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.620"></a>
-<span class="sourceLineNo">621</span> cBuf.readBytes(b);<a name="line.621"></a>
-<span class="sourceLineNo">622</span> cBuf.discardReadComponents();<a name="line.622"></a>
-<span class="sourceLineNo">623</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.623"></a>
-<span class="sourceLineNo">624</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.624"></a>
-<span class="sourceLineNo">625</span> buf.writeInt(wrapped.length);<a name="line.625"></a>
-<span class="sourceLineNo">626</span> buf.writeBytes(wrapped);<a name="line.626"></a>
-<span class="sourceLineNo">627</span> ctx.write(buf);<a name="line.627"></a>
-<span class="sourceLineNo">628</span> }<a name="line.628"></a>
-<span class="sourceLineNo">629</span> ctx.flush();<a name="line.629"></a>
-<span class="sourceLineNo">630</span> }<a name="line.630"></a>
-<span class="sourceLineNo">631</span><a name="line.631"></a>
-<span class="sourceLineNo">632</span> @Override<a name="line.632"></a>
-<span class="sourceLineNo">633</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.633"></a>
-<span class="sourceLineNo">634</span> cBuf.release();<a name="line.634"></a>
-<span class="sourceLineNo">635</span> cBuf = null;<a name="line.635"></a>
-<span class="sourceLineNo">636</span> }<a name="line.636"></a>
-<span class="sourceLineNo">637</span> }<a name="line.637"></a>
-<span class="sourceLineNo">638</span><a name="line.638"></a>
-<span class="sourceLineNo">639</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.639"></a>
-<span class="sourceLineNo">640</span><a name="line.640"></a>
-<span class="sourceLineNo">641</span> private final Decryptor decryptor;<a name="line.641"></a>
-<span class="sourceLineNo">642</span><a name="line.642"></a>
-<span class="sourceLineNo">643</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.643"></a>
-<span class="sourceLineNo">644</span> throws GeneralSecurityException, IOException {<a name="line.644"></a>
-<span class="sourceLineNo">645</span> this.decryptor = codec.createDecryptor();<a name="line.645"></a>
-<span class="sourceLineNo">646</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.646"></a>
-<span class="sourceLineNo">647</span> }<a name="line.647"></a>
-<span class="sourceLineNo">648</span><a name="line.648"></a>
-<span class="sourceLineNo">649</span> @Override<a name="line.649"></a>
-<span class="sourceLineNo">650</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.650"></a>
-<span class="sourceLineNo">651</span> ByteBuf inBuf;<a name="line.651"></a>
-<span class="sourceLineNo">652</span> boolean release = false;<a name="line.652"></a>
-<span class="sourceLineNo">653</span> if (msg.nioBufferCount() == 1) {<a name="line.653"></a>
-<span class="sourceLineNo">654</span> inBuf = msg;<a name="line.654"></a>
-<span class="sourceLineNo">655</span> } else {<a name="line.655"></a>
-<span class="sourceLineNo">656</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.656"></a>
-<span class="sourceLineNo">657</span> msg.readBytes(inBuf);<a name="line.657"></a>
-<span class="sourceLineNo">658</span> release = true;<a name="line.658"></a>
-<span class="sourceLineNo">659</span> }<a name="line.659"></a>
-<span class="sourceLineNo">660</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.660"></a>
-<span class="sourceLineNo">661</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.661"></a>
-<span class="sourceLineNo">662</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.662"></a>
-<span class="sourceLineNo">663</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.663"></a>
-<span class="sourceLineNo">664</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.664"></a>
-<span class="sourceLineNo">665</span> if (release) {<a name="line.665"></a>
-<span class="sourceLineNo">666</span> inBuf.release();<a name="line.666"></a>
-<span class="sourceLineNo">667</span> }<a name="line.667"></a>
-<span class="sourceLineNo">668</span> ctx.fireChannelRead(outBuf);<a name="line.668"></a>
-<span class="sourceLineNo">669</span> }<a name="line.669"></a>
-<span class="sourceLineNo">670</span> }<a name="line.670"></a>
-<span class="sourceLineNo">671</span><a name="line.671"></a>
-<span class="sourceLineNo">672</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.672"></a>
-<span class="sourceLineNo">673</span><a name="line.673"></a>
-<span class="sourceLineNo">674</span> private final Encryptor encryptor;<a name="line.674"></a>
-<span class="sourceLineNo">675</span><a name="line.675"></a>
-<span class="sourceLineNo">676</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.676"></a>
-<span class="sourceLineNo">677</span> throws GeneralSecurityException, IOException {<a name="line.677"></a>
-<span class="sourceLineNo">678</span> this.encryptor = codec.createEncryptor();<a name="line.678"></a>
-<span class="sourceLineNo">679</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.679"></a>
-<span class="sourceLineNo">680</span> }<a name="line.680"></a>
-<span class="sourceLineNo">681</span><a name="line.681"></a>
-<span class="sourceLineNo">682</span> @Override<a name="line.682"></a>
-<span class="sourceLineNo">683</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.683"></a>
-<span class="sourceLineNo">684</span> throws Exception {<a name="line.684"></a>
-<span class="sourceLineNo">685</span> if (preferDirect) {<a name="line.685"></a>
-<span class="sourceLineNo">686</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.686"></a>
-<span class="sourceLineNo">687</span> } else {<a name="line.687"></a>
-<span class="sourceLineNo">688</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.688"></a>
-<span class="sourceLineNo">689</span> }<a name="line.689"></a>
-<span class="sourceLineNo">690</span> }<a name="line.690"></a>
-<span class="sourceLineNo">691</span><a name="line.691"></a>
-<span class="sourceLineNo">692</span> @Override<a name="line.692"></a>
-<span class="sourceLineNo">693</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.693"></a>
-<span class="sourceLineNo">694</span> ByteBuf inBuf;<a name="line.694"></a>
-<span class="sourceLineNo">695</span> boolean release = false;<a name="line.695"></a>
-<span class="sourceLineNo">696</span> if (msg.nioBufferCount() == 1) {<a name="line.696"></a>
-<span class="sourceLineNo">697</span> inBuf = msg;<a name="line.697"></a>
-<span class="sourceLineNo">698</span> } else {<a name="line.698"></a>
-<span class="sourceLineNo">699</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.699"></a>
-<span class="sourceLineNo">700</span> msg.readBytes(inBuf);<a name="line.700"></a>
-<span class="sourceLineNo">701</span> release = true;<a name="line.701"></a>
-<span class="sourceLineNo">702</span> }<a name="line.702"></a>
-<span class="sourceLineNo">703</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.703"></a>
-<span class="sourceLineNo">704</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.704"></a>
-<span class="sourceLineNo">705</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.705"></a>
-<span class="sourceLineNo">706</span> out.writerIndex(inBuf.readableBytes());<a name="line.706"></a>
-<span class="sourceLineNo">707</span> if (release) {<a name="line.707"></a>
-<span class="sourceLineNo">708</span> inBuf.release();<a name="line.708"></a>
-<span class="sourceLineNo">709</span> }<a name="line.709"></a>
-<span class="sourceLineNo">710</span> }<a name="line.710"></a>
-<span class="sourceLineNo">711</span> }<a name="line.711"></a>
-<span class="sourceLineNo">712</span><a name="line.712"></a>
-<span class="sourceLineNo">713</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.713"></a>
-<span class="sourceLineNo">714</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.714"></a>
-<span class="sourceLineNo">715</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.715"></a>
+<span class="sourceLineNo">606</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.606"></a>
+<span class="sourceLineNo">607</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.607"></a>
+<span class="sourceLineNo">608</span> }<a name="line.608"></a>
+<span class="sourceLineNo">609</span><a name="line.609"></a>
+<span class="sourceLineNo">610</span> @Override<a name="line.610"></a>
+<span class="sourceLineNo">611</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.611"></a>
+<span class="sourceLineNo">612</span> throws Exception {<a name="line.612"></a>
+<span class="sourceLineNo">613</span> if (msg instanceof ByteBuf) {<a name="line.613"></a>
+<span class="sourceLineNo">614</span> ByteBuf buf = (ByteBuf) msg;<a name="line.614"></a>
+<span class="sourceLineNo">615</span> cBuf.addComponent(buf);<a name="line.615"></a>
+<span class="sourceLineNo">616</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.616"></a>
+<span class="sourceLineNo">617</span> } else {<a name="line.617"></a>
+<span class="sourceLineNo">618</span> ctx.write(msg);<a name="line.618"></a>
+<span class="sourceLineNo">619</span> }<a name="line.619"></a>
+<span class="sourceLineNo">620</span> }<a name="line.620"></a>
+<span class="sourceLineNo">621</span><a name="line.621"></a>
+<span class="sourceLineNo">622</span> @Override<a name="line.622"></a>
+<span class="sourceLineNo">623</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.623"></a>
+<span class="sourceLineNo">624</span> if (cBuf.isReadable()) {<a name="line.624"></a>
+<span class="sourceLineNo">625</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.625"></a>
+<span class="sourceLineNo">626</span> cBuf.readBytes(b);<a name="line.626"></a>
+<span class="sourceLineNo">627</span> cBuf.discardReadComponents();<a name="line.627"></a>
+<span class="sourceLineNo">628</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.628"></a>
+<span class="sourceLineNo">629</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.629"></a>
+<span class="sourceLineNo">630</span> buf.writeInt(wrapped.length);<a name="line.630"></a>
+<span class="sourceLineNo">631</span> buf.writeBytes(wrapped);<a name="line.631"></a>
+<span class="sourceLineNo">632</span> ctx.write(buf);<a name="line.632"></a>
+<span class="sourceLineNo">633</span> }<a name="line.633"></a>
+<span class="sourceLineNo">634</span> ctx.flush();<a name="line.634"></a>
+<span class="sourceLineNo">635</span> }<a name="line.635"></a>
+<span class="sourceLineNo">636</span><a name="line.636"></a>
+<span class="sourceLineNo">637</span> @Override<a name="line.637"></a>
+<span class="sourceLineNo">638</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.638"></a>
+<span class="sourceLineNo">639</span> cBuf.release();<a name="line.639"></a>
+<span class="sourceLineNo">640</span> cBuf = null;<a name="line.640"></a>
+<span class="sourceLineNo">641</span> }<a name="line.641"></a>
+<span class="sourceLineNo">642</span> }<a name="line.642"></a>
+<span class="sourceLineNo">643</span><a name="line.643"></a>
+<span class="sourceLineNo">644</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.644"></a>
+<span class="sourceLineNo">645</span><a name="line.645"></a>
+<span class="sourceLineNo">646</span> private final Decryptor decryptor;<a name="line.646"></a>
+<span class="sourceLineNo">647</span><a name="line.647"></a>
+<span class="sourceLineNo">648</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.648"></a>
+<span class="sourceLineNo">649</span> throws GeneralSecurityException, IOException {<a name="line.649"></a>
+<span class="sourceLineNo">650</span> this.decryptor = codec.createDecryptor();<a name="line.650"></a>
+<span class="sourceLineNo">651</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.651"></a>
+<span class="sourceLineNo">652</span> }<a name="line.652"></a>
+<span class="sourceLineNo">653</span><a name="line.653"></a>
+<span class="sourceLineNo">654</span> @Override<a name="line.654"></a>
+<span class="sourceLineNo">655</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.655"></a>
+<span class="sourceLineNo">656</span> ByteBuf inBuf;<a name="line.656"></a>
+<span class="sourceLineNo">657</span> boolean release = false;<a name="line.657"></a>
+<span class="sourceLineNo">658</span> if (msg.nioBufferCount() == 1) {<a name="line.658"></a>
+<span class="sourceLineNo">659</span> inBuf = msg;<a name="line.659"></a>
+<span class="sourceLineNo">660</span> } else {<a name="line.660"></a>
+<span class="sourceLineNo">661</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.661"></a>
+<span class="sourceLineNo">662</span> msg.readBytes(inBuf);<a name="line.662"></a>
+<span class="sourceLineNo">663</span> release = true;<a name="line.663"></a>
+<span class="sourceLineNo">664</span> }<a name="line.664"></a>
+<span class="sourceLineNo">665</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.665"></a>
+<span class="sourceLineNo">666</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.666"></a>
+<span class="sourceLineNo">667</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.667"></a>
+<span class="sourceLineNo">668</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.668"></a>
+<span class="sourceLineNo">669</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.669"></a>
+<span class="sourceLineNo">670</span> if (release) {<a name="line.670"></a>
+<span class="sourceLineNo">671</span> inBuf.release();<a name="line.671"></a>
+<span class="sourceLineNo">672</span> }<a name="line.672"></a>
+<span class="sourceLineNo">673</span> ctx.fireChannelRead(outBuf);<a name="line.673"></a>
+<span class="sourceLineNo">674</span> }<a name="line.674"></a>
+<span class="sourceLineNo">675</span> }<a name="line.675"></a>
+<span class="sourceLineNo">676</span><a name="line.676"></a>
+<span class="sourceLineNo">677</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.677"></a>
+<span class="sourceLineNo">678</span><a name="line.678"></a>
+<span class="sourceLineNo">679</span> private final Encryptor encryptor;<a name="line.679"></a>
+<span class="sourceLineNo">680</span><a name="line.680"></a>
+<span class="sourceLineNo">681</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.681"></a>
+<span class="sourceLineNo">682</span> throws GeneralSecurityException, IOException {<a name="line.682"></a>
+<span class="sourceLineNo">683</span> this.encryptor = codec.createEncryptor();<a name="line.683"></a>
+<span class="sourceLineNo">684</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.684"></a>
+<span class="sourceLineNo">685</span> }<a name="line.685"></a>
+<span class="sourceLineNo">686</span><a name="line.686"></a>
+<span class="sourceLineNo">687</span> @Override<a name="line.687"></a>
+<span class="sourceLineNo">688</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.688"></a>
+<span class="sourceLineNo">689</span> throws Exception {<a name="line.689"></a>
+<span class="sourceLineNo">690</span> if (preferDirect) {<a name="line.690"></a>
+<span class="sourceLineNo">691</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.691"></a>
+<span class="sourceLineNo">692</span> } else {<a name="line.692"></a>
+<span class="sourceLineNo">693</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.693"></a>
+<span class="sourceLineNo">694</span> }<a name="line.694"></a>
+<span class="sourceLineNo">695</span> }<a name="line.695"></a>
+<span class="sourceLineNo">696</span><a name="line.696"></a>
+<span class="sourceLineNo">697</span> @Override<a name="line.697"></a>
+<span class="sourceLineNo">698</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.698"></a>
+<span class="sourceLineNo">699</span> ByteBuf inBuf;<a name="line.699"></a>
+<span class="sourceLineNo">700</span> boolean release = false;<a name="line.700"></a>
+<span class="sourceLineNo">701</span> if (msg.nioBufferCount() == 1) {<a name="line.701"></a>
+<span class="sourceLineNo">702</span> inBuf = msg;<a name="line.702"></a>
+<span class="sourceLineNo">703</span> } else {<a name="line.703"></a>
+<span class="sourceLineNo">704</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.704"></a>
+<span class="sourceLineNo">705</span> msg.readBytes(inBuf);<a name="line.705"></a>
+<span class="sourceLineNo">706</span> release = true;<a name="line.706"></a>
+<span class="sourceLineNo">707</span> }<a name="line.707"></a>
+<span class="sourceLineNo">708</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.708"></a>
+<span class="sourceLineNo">709</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.709"></a>
+<span class="sourceLineNo">710</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.710"></a>
+<span class="sourceLineNo">711</span> out.writerIndex(inBuf.readableBytes());<a name="line.711"></a>
+<span class="sourceLineNo">712</span> if (release) {<a name="line.712"></a>
+<span class="sourceLineNo">713</span> inBuf.release();<a name="line.713"></a>
+<span class="sourceLineNo">714</span> }<a name="line.714"></a>
+<span class="sourceLineNo">715</span> }<a name="line.715"></a>
<span class="sourceLineNo">716</span> }<a name="line.716"></a>
<span class="sourceLineNo">717</span><a name="line.717"></a>
-<span class="sourceLineNo">718</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.718"></a>
-<span class="sourceLineNo">719</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.719"></a>
-<span class="sourceLineNo">720</span> }<a name="line.720"></a>
-<span class="sourceLineNo">721</span><a name="line.721"></a>
-<span class="sourceLineNo">722</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.722"></a>
-<span class="sourceLineNo">723</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.723"></a>
-<span class="sourceLineNo">724</span> }<a name="line.724"></a>
-<span class="sourceLineNo">725</span><a name="line.725"></a>
-<span class="sourceLineNo">726</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.726"></a>
-<span class="sourceLineNo">727</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.727"></a>
-<span class="sourceLineNo">728</span> .toCharArray();<a name="line.728"></a>
+<span class="sourceLineNo">718</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.718"></a>
+<span class="sourceLineNo">719</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.719"></a>
+<span class="sourceLineNo">720</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.720"></a>
+<span class="sourceLineNo">721</span> }<a name="line.721"></a>
+<span class="sourceLineNo">722</span><a name="line.722"></a>
+<span class="sourceLineNo">723</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.723"></a>
+<span class="sourceLineNo">724</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.724"></a>
+<span class="sourceLineNo">725</span> }<a name="line.725"></a>
+<span class="sourceLineNo">726</span><a name="line.726"></a>
+<span class="sourceLineNo">727</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.727"></a>
+<span class="sourceLineNo">728</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.728"></a>
<span class="sourceLineNo">729</span> }<a name="line.729"></a>
<span class="sourceLineNo">730</span><a name="line.730"></a>
-<span class="sourceLineNo">731</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.731"></a>
-<span class="sourceLineNo">732</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.732"></a>
-<span class="sourceLineNo">733</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.733"></a>
-<span class="sourceLineNo">734</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.734"></a>
-<span class="sourceLineNo">735</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.735"></a>
-<span class="sourceLineNo">736</span> return saslProps;<a name="line.736"></a>
-<span class="sourceLineNo">737</span> }<a name="line.737"></a>
-<span class="sourceLineNo">738</span><a name="line.738"></a>
-<span class="sourceLineNo">739</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.739"></a>
-<span class="sourceLineNo">740</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {<a name="line.740"></a>
-<span class="sourceLineNo">741</span> try {<a name="line.741"></a>
-<span class="sourceLineNo">742</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.742"></a>
-<span class="sourceLineNo">743</span> new ProtobufVarint32FrameDecoder(),<a name="line.743"></a>
-<span class="sourceLineNo">744</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.744"></a>
-<span class="sourceLineNo">745</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));<a name="line.745"></a>
-<span class="sourceLineNo">746</span> } catch (SaslException e) {<a name="line.746"></a>
-<span class="sourceLineNo">747</span> saslPromise.tryFailure(e);<a name="line.747"></a>
-<span class="sourceLineNo">748</span> }<a name="line.748"></a>
-<span class="sourceLineNo">749</span> }<a name="line.749"></a>
-<span class="sourceLineNo">750</span><a name="line.750"></a>
-<span class="sourceLineNo">751</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.751"></a>
-<span class="sourceLineNo">752</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.752"></a>
-<span class="sourceLineNo">753</span> Promise<Void> saslPromise) throws IOException {<a name="line.753"></a>
-<span class="sourceLineNo">754</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.754"></a>
-<span class="sourceLineNo">755</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.755"></a>
-<span class="sourceLineNo">756</span> TrustedChannelResolver trustedChannelResolver =<a name="line.756"></a>
-<span class="sourceLineNo">757</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.757"></a>
-<span class="sourceLineNo">758</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.758"></a>
-<span class="sourceLineNo">759</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.759"></a>
-<span class="sourceLineNo">760</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.760"></a>
-<span class="sourceLineNo">761</span> saslPromise.trySuccess(null);<a name="line.761"></a>
-<span class="sourceLineNo">762</span> return;<a name="line.762"></a>
-<span class="sourceLineNo">763</span> }<a name="line.763"></a>
-<span class="sourceLineNo">764</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.764"></a>
-<span class="sourceLineNo">765</span> if (encryptionKey != null) {<a name="line.765"></a>
-<span class="sourceLineNo">766</span> if (LOG.isDebugEnabled()) {<a name="line.766"></a>
-<span class="sourceLineNo">767</span> LOG.debug(<a name="line.767"></a>
-<span class="sourceLineNo">768</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.768"></a>
-<span class="sourceLineNo">769</span> }<a name="line.769"></a>
-<span class="sourceLineNo">770</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.770"></a>
-<span class="sourceLineNo">771</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.771"></a>
-<span class="sourceLineNo">772</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);<a name="line.772"></a>
-<span class="sourceLineNo">773</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.773"></a>
-<span class="sourceLineNo">774</span> if (LOG.isDebugEnabled()) {<a name="line.774"></a>
-<span class="sourceLineNo">775</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.775"></a>
-<span class="sourceLineNo">776</span> + ", datanodeId = " + dnInfo);<a name="line.776"></a>
-<span class="sourceLineNo">777</span> }<a name="line.777"></a>
-<span class="sourceLineNo">778</span> saslPromise.trySuccess(null);<a name="line.778"></a>
-<span class="sourceLineNo">779</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.779"></a>
-<span class="sourceLineNo">780</span> if (LOG.isDebugEnabled()) {<a name="line.780"></a>
-<span class="sourceLineNo">781</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.781"></a>
-<span class="sourceLineNo">782</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.782"></a>
-<span class="sourceLineNo">783</span> }<a name="line.783"></a>
-<span class="sourceLineNo">784</span> saslPromise.trySuccess(null);<a name="line.784"></a>
-<span class="sourceLineNo">785</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.785"></a>
-<span class="sourceLineNo">786</span> if (LOG.isDebugEnabled()) {<a name="line.786"></a>
-<span class="sourceLineNo">787</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.787"></a>
-<span class="sourceLineNo">788</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.788"></a>
-<span class="sourceLineNo">789</span> }<a name="line.789"></a>
-<span class="sourceLineNo">790</span> saslPromise.trySuccess(null);<a name="line.790"></a>
-<span class="sourceLineNo">791</span> } else if (saslPropsResolver != null) {<a name="line.791"></a>
-<span class="sourceLineNo">792</span> if (LOG.isDebugEnabled()) {<a name="line.792"></a>
-<span class="sourceLineNo">793</span> LOG.debug(<a name="line.793"></a>
-<span class="sourceLineNo">794</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.794"></a>
-<span class="sourceLineNo">795</span> }<a name="line.795"></a>
-<span class="sourceLineNo">796</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.796"></a>
-<span class="sourceLineNo">797</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);<a name="line.797"></a>
-<span class="sourceLineNo">798</span> } else {<a name="line.798"></a>
-<span class="sourceLineNo">799</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.799"></a>
-<span class="sourceLineNo">800</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.800"></a>
-<span class="sourceLineNo">801</span> // edge case.<a name="line.801"></a>
-<span class="sourceLineNo">802</span> if (LOG.isDebugEnabled()) {<a name="line.802"></a>
-<span class="sourceLineNo">803</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.803"></a>
-<span class="sourceLineNo">804</span> + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.804"></a>
-<span class="sourceLineNo">805</span> }<a name="line.805"></a>
-<span class="sourceLineNo">806</span> saslPromise.trySuccess(null);<a name="line.806"></a>
-<span class="sourceLineNo">807</span> }<a name="line.807"></a>
-<span class="sourceLineNo">808</span> }<a name="line.808"></a>
-<span class="sourceLineNo">809</span><a name="line.809"></a>
-<span class="sourceLineNo">810</span> static Encryptor createEncryptor(Configuration conf, HdfsFileStatus stat, DFSClient client)<a name="line.810"></a>
-<span class="sourceLineNo">811</span> throws IOException {<a name="line.811"></a>
-<span class="sourceLineNo">812</span> FileEncryptionInfo feInfo = stat.getFileEncryptionInfo();<a name="line.812"></a>
-<span class="sourceLineNo">813</span> if (feInfo == null) {<a name="line.813"></a>
-<span class="sourceLineNo">814</span> return null;<a name="line.814"></a>
-<span class="sourceLineNo">815</span> }<a name="line.815"></a>
-<span class="sourceLineNo">816</span> return TRANSPARENT_CRYPTO_HELPER.createEncryptor(conf, feInfo, client);<a name="line.816"></a>
+<span class="sourceLineNo">731</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.731"></a>
+<span class="sourceLineNo">732</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.732"></a>
+<span class="sourceLineNo">733</span> .toCharArray();<a name="line.733"></a>
+<span class="sourceLineNo">734</span> }<a name="line.734"></a>
+<span class="sourceLineNo">735</span><a name="line.735"></a>
+<span class="sourceLineNo">736</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.736"></a>
+<span class="sourceLineNo">737</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.737"></a>
+<span class="sourceLineNo">738</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.738"></a>
+<span class="sourceLineNo">739</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.739"></a>
+<span class="sourceLineNo">740</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.740"></a>
+<span class="sourceLineNo">741</span> return saslProps;<a name="line.741"></a>
+<span class="sourceLineNo">742</span> }<a name="line.742"></a>
+<span class="sourceLineNo">743</span><a name="line.743"></a>
+<span class="sourceLineNo">744</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.744"></a>
+<span class="sourceLineNo">745</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,<a name="line.745"></a>
+<span class="sourceLineNo">746</span> DFSClient dfsClient) {<a name="line.746"></a>
+<span class="sourceLineNo">747</span> try {<a name="line.747"></a>
+<span class="sourceLineNo">748</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.748"></a>
+<span class="sourceLineNo">749</span> new ProtobufVarint32FrameDecoder(),<a name="line.749"></a>
+<span class="sourceLineNo">750</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.750"></a>
+<span class="sourceLineNo">751</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,<a name="line.751"></a>
+<span class="sourceLineNo">752</span> dfsClient));<a name="line.752"></a>
+<span class="sourceLineNo">753</span> } catch (SaslException e) {<a name="line.753"></a>
+<span class="sourceLineNo">754</span> saslPromise.tryFailure(e);<a name="line.754"></a>
+<span class="sourceLineNo">755</span> }<a name="line.755"></a>
+<span class="sourceLineNo">756</span> }<a name="line.756"></a>
+<span class="sourceLineNo">757</span><a name="line.757"></a>
+<span class="sourceLineNo">758</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.758"></a>
+<span class="sourceLineNo">759</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.759"></a>
+<span class="sourceLineNo">760</span> Promise<Void> saslPromise) throws IOException {<a name="line.760"></a>
+<span class="sourceLineNo">761</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.761"></a>
+<span class="sourceLineNo">762</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.762"></a>
+<span class="sourceLineNo">763</span> TrustedChannelResolver trustedChannelResolver =<a name="line.763"></a>
+<span class="sourceLineNo">764</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.764"></a>
+<span class="sourceLineNo">765</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.765"></a>
+<span class="sourceLineNo">766</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.766"></a>
+<span class="sourceLineNo">767</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.767"></a>
+<span class="sourceLineNo">768</span> saslPromise.trySuccess(null);<a name="line.768"></a>
+<span class="sourceLineNo">769</span> return;<a name="line.769"></a>
+<span class="sourceLineNo">770</span> }<a name="line.770"></a>
+<span class="sourceLineNo">771</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.771"></a>
+<span class="sourceLineNo">772</span> if (encryptionKey != null) {<a name="line.772"></a>
+<span class="sourceLineNo">773</span> if (LOG.isDebugEnabled()) {<a name="line.773"></a>
+<span class="sourceLineNo">774</span> LOG.debug(<a name="line.774"></a>
+<span class="sourceLineNo">775</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.775"></a>
+<span class="sourceLineNo">776</span> }<a name="line.776"></a>
+<span class="sourceLineNo">777</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.777"></a>
+<span class="sourceLineNo">778</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.778"></a>
+<span class="sourceLineNo">779</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,<a name="line.779"></a>
+<span class="sourceLineNo">780</span> client);<a name="line.780"></a>
+<span class="sourceLineNo">781</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.781"></a>
+<span class="sourceLineNo">782</span> if (LOG.isDebugEnabled()) {<a name="line.782"></a>
+<span class="sourceLineNo">783</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.783"></a>
+<span class="sourceLineNo">784</span> + ", datanodeId = " + dnInfo);<a name="line.784"></a>
+<span class="sourceLineNo">785</span> }<a name="line.785"></a>
+<span class="sourceLineNo">786</span> saslPromise.trySuccess(null);<a name="line.786"></a>
+<span class="sourceLineNo">787</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.787"></a>
+<span class="sourceLineNo">788</span> if (LOG.isDebugEnabled()) {<a name="line.788"></a>
+<span class="sourceLineNo">789</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.789"></a>
+<span class="sourceLineNo">790</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.790"></a>
+<span class="sourceLineNo">791</span> }<a name="line.791"></a>
+<span class="sourceLineNo">792</span> saslPromise.trySuccess(null);<a name="line.792"></a>
+<span class="sourceLineNo">793</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.793"></a>
+<span class="sourceLineNo">794</span> if (LOG.isDebugEnabled()) {<a name="line.794"></a>
+<span class="sourceLineNo">795</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.795"></a>
+<span class="sourceLineNo">796</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.796"></a>
+<span class="sourceLineNo">797</span> }<a name="line.797"></a>
+<span class="sourceLineNo">798</span> saslPromise.trySuccess(null);<a name="line.798"></a>
+<span class="sourceLineNo">799</span> } else if (saslPropsResolver != null) {<a name="line.799"></a>
+<span class="sourceLineNo">800</span> if (LOG.isDebugEnabled()) {<a name="line.800"></a>
+<span class="sourceLineNo">801</span> LOG.debug(<a name="line.801"></a>
+<span class="sourceLineNo">802</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.802"></a>
+<span class="sourceLineNo">803</span> }<a name="line.803"></a>
+<span class="sourceLineNo">804</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.804"></a>
+<span class="sourceLineNo">805</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,<a name="line.805"></a>
+<span class="sourceLineNo">806</span> client);<a name="line.806"></a>
+<span class="sourceLineNo">807</span> } else {<a name="line.807"></a>
+<span class="sourceLineNo">808</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.808"></a>
+<span class="sourceLineNo">809</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.809"></a>
+<span class="sourceLineNo">810</span> // edge case.<a name="line.810"></a>
+<span class="sourceLineNo">811</span> if (LOG.isDebugEnabled()) {<a name="line.811"></a>
+<span class="sourceLineNo">812</span> LOG.debug("SASL client skip
<TRUNCATED>
[07/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslClientCallbackHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslClientCallbackHandler.html b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslClientCallbackHandler.html
index 40ef9f4..36b4e7f 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslClientCallbackHandler.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslClientCallbackHandler.html
@@ -375,455 +375,464 @@
<span class="sourceLineNo">367</span><a name="line.367"></a>
<span class="sourceLineNo">368</span> private final Promise<Void> promise;<a name="line.368"></a>
<span class="sourceLineNo">369</span><a name="line.369"></a>
-<span class="sourceLineNo">370</span> private int step = 0;<a name="line.370"></a>
+<span class="sourceLineNo">370</span> private final DFSClient dfsClient;<a name="line.370"></a>
<span class="sourceLineNo">371</span><a name="line.371"></a>
-<span class="sourceLineNo">372</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.372"></a>
-<span class="sourceLineNo">373</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {<a name="line.373"></a>
-<span class="sourceLineNo">374</span> this.conf = conf;<a name="line.374"></a>
-<span class="sourceLineNo">375</span> this.saslProps = saslProps;<a name="line.375"></a>
-<span class="sourceLineNo">376</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.376"></a>
-<span class="sourceLineNo">377</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.377"></a>
-<span class="sourceLineNo">378</span> this.timeoutMs = timeoutMs;<a name="line.378"></a>
-<span class="sourceLineNo">379</span> this.promise = promise;<a name="line.379"></a>
-<span class="sourceLineNo">380</span> }<a name="line.380"></a>
-<span class="sourceLineNo">381</span><a name="line.381"></a>
-<span class="sourceLineNo">382</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.382"></a>
-<span class="sourceLineNo">383</span> sendSaslMessage(ctx, payload, null);<a name="line.383"></a>
+<span class="sourceLineNo">372</span> private int step = 0;<a name="line.372"></a>
+<span class="sourceLineNo">373</span><a name="line.373"></a>
+<span class="sourceLineNo">374</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.374"></a>
+<span class="sourceLineNo">375</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,<a name="line.375"></a>
+<span class="sourceLineNo">376</span> DFSClient dfsClient) throws SaslException {<a name="line.376"></a>
+<span class="sourceLineNo">377</span> this.conf = conf;<a name="line.377"></a>
+<span class="sourceLineNo">378</span> this.saslProps = saslProps;<a name="line.378"></a>
+<span class="sourceLineNo">379</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.379"></a>
+<span class="sourceLineNo">380</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.380"></a>
+<span class="sourceLineNo">381</span> this.timeoutMs = timeoutMs;<a name="line.381"></a>
+<span class="sourceLineNo">382</span> this.promise = promise;<a name="line.382"></a>
+<span class="sourceLineNo">383</span> this.dfsClient = dfsClient;<a name="line.383"></a>
<span class="sourceLineNo">384</span> }<a name="line.384"></a>
<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.387"></a>
-<span class="sourceLineNo">388</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.388"></a>
-<span class="sourceLineNo">389</span> // values for future expansion.<a name="line.389"></a>
-<span class="sourceLineNo">390</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.390"></a>
-<span class="sourceLineNo">391</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.391"></a>
-<span class="sourceLineNo">392</span> return null;<a name="line.392"></a>
-<span class="sourceLineNo">393</span> }<a name="line.393"></a>
-<span class="sourceLineNo">394</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.394"></a>
-<span class="sourceLineNo">395</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.395"></a>
-<span class="sourceLineNo">396</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.396"></a>
+<span class="sourceLineNo">386</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.386"></a>
+<span class="sourceLineNo">387</span> sendSaslMessage(ctx, payload, null);<a name="line.387"></a>
+<span class="sourceLineNo">388</span> }<a name="line.388"></a>
+<span class="sourceLineNo">389</span><a name="line.389"></a>
+<span class="sourceLineNo">390</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.390"></a>
+<span class="sourceLineNo">391</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.391"></a>
+<span class="sourceLineNo">392</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.392"></a>
+<span class="sourceLineNo">393</span> // values for future expansion.<a name="line.393"></a>
+<span class="sourceLineNo">394</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.395"></a>
+<span class="sourceLineNo">396</span> return null;<a name="line.396"></a>
<span class="sourceLineNo">397</span> }<a name="line.397"></a>
-<span class="sourceLineNo">398</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.398"></a>
-<span class="sourceLineNo">399</span> }<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.401"></a>
-<span class="sourceLineNo">402</span> List<CipherOption> options) throws IOException {<a name="line.402"></a>
-<span class="sourceLineNo">403</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.403"></a>
-<span class="sourceLineNo">404</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.404"></a>
-<span class="sourceLineNo">405</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> if (payload != null) {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.407"></a>
-<span class="sourceLineNo">408</span> // and we want to keep that out of hbase-server.<a name="line.408"></a>
-<span class="sourceLineNo">409</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.409"></a>
-<span class="sourceLineNo">410</span> }<a name="line.410"></a>
-<span class="sourceLineNo">411</span> if (options != null) {<a name="line.411"></a>
-<span class="sourceLineNo">412</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.412"></a>
-<span class="sourceLineNo">413</span> }<a name="line.413"></a>
-<span class="sourceLineNo">414</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> int size = proto.getSerializedSize();<a name="line.415"></a>
-<span class="sourceLineNo">416</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.416"></a>
-<span class="sourceLineNo">417</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.417"></a>
-<span class="sourceLineNo">418</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.418"></a>
-<span class="sourceLineNo">419</span> ctx.write(buf);<a name="line.419"></a>
-<span class="sourceLineNo">420</span> }<a name="line.420"></a>
-<span class="sourceLineNo">421</span><a name="line.421"></a>
-<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
-<span class="sourceLineNo">423</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.423"></a>
-<span class="sourceLineNo">424</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.424"></a>
-<span class="sourceLineNo">425</span> sendSaslMessage(ctx, new byte[0]);<a name="line.425"></a>
-<span class="sourceLineNo">426</span> ctx.flush();<a name="line.426"></a>
-<span class="sourceLineNo">427</span> step++;<a name="line.427"></a>
-<span class="sourceLineNo">428</span> }<a name="line.428"></a>
-<span class="sourceLineNo">429</span><a name="line.429"></a>
-<span class="sourceLineNo">430</span> @Override<a name="line.430"></a>
-<span class="sourceLineNo">431</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.431"></a>
-<span class="sourceLineNo">432</span> saslClient.dispose();<a name="line.432"></a>
-<span class="sourceLineNo">433</span> }<a name="line.433"></a>
-<span class="sourceLineNo">434</span><a name="line.434"></a>
-<span class="sourceLineNo">435</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.435"></a>
-<span class="sourceLineNo">436</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.436"></a>
-<span class="sourceLineNo">437</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.437"></a>
-<span class="sourceLineNo">438</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.438"></a>
-<span class="sourceLineNo">439</span> throw new IOException(proto.getMessage());<a name="line.439"></a>
-<span class="sourceLineNo">440</span> }<a name="line.440"></a>
-<span class="sourceLineNo">441</span> }<a name="line.441"></a>
-<span class="sourceLineNo">442</span><a name="line.442"></a>
-<span class="sourceLineNo">443</span> private String getNegotiatedQop() {<a name="line.443"></a>
-<span class="sourceLineNo">444</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> }<a name="line.445"></a>
-<span class="sourceLineNo">446</span><a name="line.446"></a>
-<span class="sourceLineNo">447</span> private boolean isNegotiatedQopPrivacy() {<a name="line.447"></a>
-<span class="sourceLineNo">448</span> String qop = getNegotiatedQop();<a name="line.448"></a>
-<span class="sourceLineNo">449</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.449"></a>
+<span class="sourceLineNo">398</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.398"></a>
+<span class="sourceLineNo">399</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.399"></a>
+<span class="sourceLineNo">400</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.400"></a>
+<span class="sourceLineNo">401</span> }<a name="line.401"></a>
+<span class="sourceLineNo">402</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.402"></a>
+<span class="sourceLineNo">403</span> }<a name="line.403"></a>
+<span class="sourceLineNo">404</span><a name="line.404"></a>
+<span class="sourceLineNo">405</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.405"></a>
+<span class="sourceLineNo">406</span> List<CipherOption> options) throws IOException {<a name="line.406"></a>
+<span class="sourceLineNo">407</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.407"></a>
+<span class="sourceLineNo">408</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.408"></a>
+<span class="sourceLineNo">409</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> if (payload != null) {<a name="line.410"></a>
+<span class="sourceLineNo">411</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.411"></a>
+<span class="sourceLineNo">412</span> // and we want to keep that out of hbase-server.<a name="line.412"></a>
+<span class="sourceLineNo">413</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.413"></a>
+<span class="sourceLineNo">414</span> }<a name="line.414"></a>
+<span class="sourceLineNo">415</span> if (options != null) {<a name="line.415"></a>
+<span class="sourceLineNo">416</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.416"></a>
+<span class="sourceLineNo">417</span> }<a name="line.417"></a>
+<span class="sourceLineNo">418</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.418"></a>
+<span class="sourceLineNo">419</span> int size = proto.getSerializedSize();<a name="line.419"></a>
+<span class="sourceLineNo">420</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.420"></a>
+<span class="sourceLineNo">421</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.421"></a>
+<span class="sourceLineNo">422</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.422"></a>
+<span class="sourceLineNo">423</span> ctx.write(buf);<a name="line.423"></a>
+<span class="sourceLineNo">424</span> }<a name="line.424"></a>
+<span class="sourceLineNo">425</span><a name="line.425"></a>
+<span class="sourceLineNo">426</span> @Override<a name="line.426"></a>
+<span class="sourceLineNo">427</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.427"></a>
+<span class="sourceLineNo">428</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.428"></a>
+<span class="sourceLineNo">429</span> sendSaslMessage(ctx, new byte[0]);<a name="line.429"></a>
+<span class="sourceLineNo">430</span> ctx.flush();<a name="line.430"></a>
+<span class="sourceLineNo">431</span> step++;<a name="line.431"></a>
+<span class="sourceLineNo">432</span> }<a name="line.432"></a>
+<span class="sourceLineNo">433</span><a name="line.433"></a>
+<span class="sourceLineNo">434</span> @Override<a name="line.434"></a>
+<span class="sourceLineNo">435</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.435"></a>
+<span class="sourceLineNo">436</span> saslClient.dispose();<a name="line.436"></a>
+<span class="sourceLineNo">437</span> }<a name="line.437"></a>
+<span class="sourceLineNo">438</span><a name="line.438"></a>
+<span class="sourceLineNo">439</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.439"></a>
+<span class="sourceLineNo">440</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.440"></a>
+<span class="sourceLineNo">441</span> dfsClient.clearDataEncryptionKey();<a name="line.441"></a>
+<span class="sourceLineNo">442</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.442"></a>
+<span class="sourceLineNo">443</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> throw new IOException(proto.getMessage());<a name="line.444"></a>
+<span class="sourceLineNo">445</span> }<a name="line.445"></a>
+<span class="sourceLineNo">446</span> }<a name="line.446"></a>
+<span class="sourceLineNo">447</span><a name="line.447"></a>
+<span class="sourceLineNo">448</span> private String getNegotiatedQop() {<a name="line.448"></a>
+<span class="sourceLineNo">449</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.449"></a>
<span class="sourceLineNo">450</span> }<a name="line.450"></a>
<span class="sourceLineNo">451</span><a name="line.451"></a>
-<span class="sourceLineNo">452</span> private boolean requestedQopContainsPrivacy() {<a name="line.452"></a>
-<span class="sourceLineNo">453</span> Set<String> requestedQop =<a name="line.453"></a>
-<span class="sourceLineNo">454</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.454"></a>
-<span class="sourceLineNo">455</span> return requestedQop.contains("auth-conf");<a name="line.455"></a>
-<span class="sourceLineNo">456</span> }<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> private void checkSaslComplete() throws IOException {<a name="line.458"></a>
-<span class="sourceLineNo">459</span> if (!saslClient.isComplete()) {<a name="line.459"></a>
-<span class="sourceLineNo">460</span> throw new IOException("Failed to complete SASL handshake");<a name="line.460"></a>
-<span class="sourceLineNo">461</span> }<a name="line.461"></a>
-<span class="sourceLineNo">462</span> Set<String> requestedQop =<a name="line.462"></a>
-<span class="sourceLineNo">463</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.463"></a>
-<span class="sourceLineNo">464</span> String negotiatedQop = getNegotiatedQop();<a name="line.464"></a>
-<span class="sourceLineNo">465</span> LOG.debug(<a name="line.465"></a>
-<span class="sourceLineNo">466</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.466"></a>
-<span class="sourceLineNo">467</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.467"></a>
-<span class="sourceLineNo">468</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.468"></a>
-<span class="sourceLineNo">469</span> + "channel does not have acceptable quality of protection, "<a name="line.469"></a>
-<span class="sourceLineNo">470</span> + "requested = %s, negotiated = %s",<a name="line.470"></a>
-<span class="sourceLineNo">471</span> requestedQop, negotiatedQop));<a name="line.471"></a>
-<span class="sourceLineNo">472</span> }<a name="line.472"></a>
-<span class="sourceLineNo">473</span> }<a name="line.473"></a>
-<span class="sourceLineNo">474</span><a name="line.474"></a>
-<span class="sourceLineNo">475</span> private boolean useWrap() {<a name="line.475"></a>
-<span class="sourceLineNo">476</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.476"></a>
-<span class="sourceLineNo">477</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.477"></a>
+<span class="sourceLineNo">452</span> private boolean isNegotiatedQopPrivacy() {<a name="line.452"></a>
+<span class="sourceLineNo">453</span> String qop = getNegotiatedQop();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.454"></a>
+<span class="sourceLineNo">455</span> }<a name="line.455"></a>
+<span class="sourceLineNo">456</span><a name="line.456"></a>
+<span class="sourceLineNo">457</span> private boolean requestedQopContainsPrivacy() {<a name="line.457"></a>
+<span class="sourceLineNo">458</span> Set<String> requestedQop =<a name="line.458"></a>
+<span class="sourceLineNo">459</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.459"></a>
+<span class="sourceLineNo">460</span> return requestedQop.contains("auth-conf");<a name="line.460"></a>
+<span class="sourceLineNo">461</span> }<a name="line.461"></a>
+<span class="sourceLineNo">462</span><a name="line.462"></a>
+<span class="sourceLineNo">463</span> private void checkSaslComplete() throws IOException {<a name="line.463"></a>
+<span class="sourceLineNo">464</span> if (!saslClient.isComplete()) {<a name="line.464"></a>
+<span class="sourceLineNo">465</span> throw new IOException("Failed to complete SASL handshake");<a name="line.465"></a>
+<span class="sourceLineNo">466</span> }<a name="line.466"></a>
+<span class="sourceLineNo">467</span> Set<String> requestedQop =<a name="line.467"></a>
+<span class="sourceLineNo">468</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.468"></a>
+<span class="sourceLineNo">469</span> String negotiatedQop = getNegotiatedQop();<a name="line.469"></a>
+<span class="sourceLineNo">470</span> LOG.debug(<a name="line.470"></a>
+<span class="sourceLineNo">471</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.471"></a>
+<span class="sourceLineNo">472</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.472"></a>
+<span class="sourceLineNo">473</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.473"></a>
+<span class="sourceLineNo">474</span> + "channel does not have acceptable quality of protection, "<a name="line.474"></a>
+<span class="sourceLineNo">475</span> + "requested = %s, negotiated = %s",<a name="line.475"></a>
+<span class="sourceLineNo">476</span> requestedQop, negotiatedQop));<a name="line.476"></a>
+<span class="sourceLineNo">477</span> }<a name="line.477"></a>
<span class="sourceLineNo">478</span> }<a name="line.478"></a>
<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.480"></a>
-<span class="sourceLineNo">481</span> byte[] inKey = option.getInKey();<a name="line.481"></a>
-<span class="sourceLineNo">482</span> if (inKey != null) {<a name="line.482"></a>
-<span class="sourceLineNo">483</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.483"></a>
-<span class="sourceLineNo">484</span> }<a name="line.484"></a>
-<span class="sourceLineNo">485</span> byte[] outKey = option.getOutKey();<a name="line.485"></a>
-<span class="sourceLineNo">486</span> if (outKey != null) {<a name="line.486"></a>
-<span class="sourceLineNo">487</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.487"></a>
-<span class="sourceLineNo">488</span> }<a name="line.488"></a>
-<span class="sourceLineNo">489</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.489"></a>
-<span class="sourceLineNo">490</span> option.getOutIv());<a name="line.490"></a>
-<span class="sourceLineNo">491</span> }<a name="line.491"></a>
-<span class="sourceLineNo">492</span><a name="line.492"></a>
-<span class="sourceLineNo">493</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.493"></a>
-<span class="sourceLineNo">494</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.494"></a>
-<span class="sourceLineNo">495</span> List<CipherOption> cipherOptions =<a name="line.495"></a>
-<span class="sourceLineNo">496</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.496"></a>
-<span class="sourceLineNo">497</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.497"></a>
-<span class="sourceLineNo">498</span> return null;<a name="line.498"></a>
-<span class="sourceLineNo">499</span> }<a name="line.499"></a>
-<span class="sourceLineNo">500</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.501"></a>
-<span class="sourceLineNo">502</span> }<a name="line.502"></a>
-<span class="sourceLineNo">503</span><a name="line.503"></a>
-<span class="sourceLineNo">504</span> @Override<a name="line.504"></a>
-<span class="sourceLineNo">505</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.505"></a>
-<span class="sourceLineNo">506</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.506"></a>
-<span class="sourceLineNo">507</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.507"></a>
-<span class="sourceLineNo">508</span> check(proto);<a name="line.508"></a>
-<span class="sourceLineNo">509</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.509"></a>
-<span class="sourceLineNo">510</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.510"></a>
-<span class="sourceLineNo">511</span> switch (step) {<a name="line.511"></a>
-<span class="sourceLineNo">512</span> case 1: {<a name="line.512"></a>
-<span class="sourceLineNo">513</span> List<CipherOption> cipherOptions = null;<a name="line.513"></a>
-<span class="sourceLineNo">514</span> if (requestedQopContainsPrivacy()) {<a name="line.514"></a>
-<span class="sourceLineNo">515</span> cipherOptions = getCipherOptions();<a name="line.515"></a>
-<span class="sourceLineNo">516</span> }<a name="line.516"></a>
-<span class="sourceLineNo">517</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.517"></a>
-<span class="sourceLineNo">518</span> ctx.flush();<a name="line.518"></a>
-<span class="sourceLineNo">519</span> step++;<a name="line.519"></a>
-<span class="sourceLineNo">520</span> break;<a name="line.520"></a>
-<span class="sourceLineNo">521</span> }<a name="line.521"></a>
-<span class="sourceLineNo">522</span> case 2: {<a name="line.522"></a>
-<span class="sourceLineNo">523</span> assert response == null;<a name="line.523"></a>
-<span class="sourceLineNo">524</span> checkSaslComplete();<a name="line.524"></a>
-<span class="sourceLineNo">525</span> CipherOption cipherOption =<a name="line.525"></a>
-<span class="sourceLineNo">526</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.526"></a>
-<span class="sourceLineNo">527</span> ChannelPipeline p = ctx.pipeline();<a name="line.527"></a>
-<span class="sourceLineNo">528</span> while (p.first() != null) {<a name="line.528"></a>
-<span class="sourceLineNo">529</span> p.removeFirst();<a name="line.529"></a>
-<span class="sourceLineNo">530</span> }<a name="line.530"></a>
-<span class="sourceLineNo">531</span> if (cipherOption != null) {<a name="line.531"></a>
-<span class="sourceLineNo">532</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.532"></a>
-<span class="sourceLineNo">533</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.533"></a>
-<span class="sourceLineNo">534</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.534"></a>
-<span class="sourceLineNo">535</span> } else {<a name="line.535"></a>
-<span class="sourceLineNo">536</span> if (useWrap()) {<a name="line.536"></a>
-<span class="sourceLineNo">537</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.537"></a>
-<span class="sourceLineNo">538</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.538"></a>
-<span class="sourceLineNo">539</span> new SaslUnwrapHandler(saslClient));<a name="line.539"></a>
-<span class="sourceLineNo">540</span> }<a name="line.540"></a>
-<span class="sourceLineNo">541</span> }<a name="line.541"></a>
-<span class="sourceLineNo">542</span> promise.trySuccess(null);<a name="line.542"></a>
-<span class="sourceLineNo">543</span> break;<a name="line.543"></a>
-<span class="sourceLineNo">544</span> }<a name="line.544"></a>
-<span class="sourceLineNo">545</span> default:<a name="line.545"></a>
-<span class="sourceLineNo">546</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.546"></a>
-<span class="sourceLineNo">547</span> }<a name="line.547"></a>
-<span class="sourceLineNo">548</span> } else {<a name="line.548"></a>
-<span class="sourceLineNo">549</span> ctx.fireChannelRead(msg);<a name="line.549"></a>
-<span class="sourceLineNo">550</span> }<a name="line.550"></a>
-<span class="sourceLineNo">551</span> }<a name="line.551"></a>
-<span class="sourceLineNo">552</span><a name="line.552"></a>
-<span class="sourceLineNo">553</span> @Override<a name="line.553"></a>
-<span class="sourceLineNo">554</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.554"></a>
-<span class="sourceLineNo">555</span> promise.tryFailure(cause);<a name="line.555"></a>
+<span class="sourceLineNo">480</span> private boolean useWrap() {<a name="line.480"></a>
+<span class="sourceLineNo">481</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.481"></a>
+<span class="sourceLineNo">482</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> }<a name="line.483"></a>
+<span class="sourceLineNo">484</span><a name="line.484"></a>
+<span class="sourceLineNo">485</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.485"></a>
+<span class="sourceLineNo">486</span> byte[] inKey = option.getInKey();<a name="line.486"></a>
+<span class="sourceLineNo">487</span> if (inKey != null) {<a name="line.487"></a>
+<span class="sourceLineNo">488</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.488"></a>
+<span class="sourceLineNo">489</span> }<a name="line.489"></a>
+<span class="sourceLineNo">490</span> byte[] outKey = option.getOutKey();<a name="line.490"></a>
+<span class="sourceLineNo">491</span> if (outKey != null) {<a name="line.491"></a>
+<span class="sourceLineNo">492</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.492"></a>
+<span class="sourceLineNo">493</span> }<a name="line.493"></a>
+<span class="sourceLineNo">494</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.494"></a>
+<span class="sourceLineNo">495</span> option.getOutIv());<a name="line.495"></a>
+<span class="sourceLineNo">496</span> }<a name="line.496"></a>
+<span class="sourceLineNo">497</span><a name="line.497"></a>
+<span class="sourceLineNo">498</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.498"></a>
+<span class="sourceLineNo">499</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.499"></a>
+<span class="sourceLineNo">500</span> List<CipherOption> cipherOptions =<a name="line.500"></a>
+<span class="sourceLineNo">501</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.501"></a>
+<span class="sourceLineNo">502</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.502"></a>
+<span class="sourceLineNo">503</span> return null;<a name="line.503"></a>
+<span class="sourceLineNo">504</span> }<a name="line.504"></a>
+<span class="sourceLineNo">505</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.505"></a>
+<span class="sourceLineNo">506</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.506"></a>
+<span class="sourceLineNo">507</span> }<a name="line.507"></a>
+<span class="sourceLineNo">508</span><a name="line.508"></a>
+<span class="sourceLineNo">509</span> @Override<a name="line.509"></a>
+<span class="sourceLineNo">510</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.510"></a>
+<span class="sourceLineNo">511</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.511"></a>
+<span class="sourceLineNo">512</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.512"></a>
+<span class="sourceLineNo">513</span> check(proto);<a name="line.513"></a>
+<span class="sourceLineNo">514</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.514"></a>
+<span class="sourceLineNo">515</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.515"></a>
+<span class="sourceLineNo">516</span> switch (step) {<a name="line.516"></a>
+<span class="sourceLineNo">517</span> case 1: {<a name="line.517"></a>
+<span class="sourceLineNo">518</span> List<CipherOption> cipherOptions = null;<a name="line.518"></a>
+<span class="sourceLineNo">519</span> if (requestedQopContainsPrivacy()) {<a name="line.519"></a>
+<span class="sourceLineNo">520</span> cipherOptions = getCipherOptions();<a name="line.520"></a>
+<span class="sourceLineNo">521</span> }<a name="line.521"></a>
+<span class="sourceLineNo">522</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.522"></a>
+<span class="sourceLineNo">523</span> ctx.flush();<a name="line.523"></a>
+<span class="sourceLineNo">524</span> step++;<a name="line.524"></a>
+<span class="sourceLineNo">525</span> break;<a name="line.525"></a>
+<span class="sourceLineNo">526</span> }<a name="line.526"></a>
+<span class="sourceLineNo">527</span> case 2: {<a name="line.527"></a>
+<span class="sourceLineNo">528</span> assert response == null;<a name="line.528"></a>
+<span class="sourceLineNo">529</span> checkSaslComplete();<a name="line.529"></a>
+<span class="sourceLineNo">530</span> CipherOption cipherOption =<a name="line.530"></a>
+<span class="sourceLineNo">531</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.531"></a>
+<span class="sourceLineNo">532</span> ChannelPipeline p = ctx.pipeline();<a name="line.532"></a>
+<span class="sourceLineNo">533</span> while (p.first() != null) {<a name="line.533"></a>
+<span class="sourceLineNo">534</span> p.removeFirst();<a name="line.534"></a>
+<span class="sourceLineNo">535</span> }<a name="line.535"></a>
+<span class="sourceLineNo">536</span> if (cipherOption != null) {<a name="line.536"></a>
+<span class="sourceLineNo">537</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.537"></a>
+<span class="sourceLineNo">538</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.538"></a>
+<span class="sourceLineNo">539</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.539"></a>
+<span class="sourceLineNo">540</span> } else {<a name="line.540"></a>
+<span class="sourceLineNo">541</span> if (useWrap()) {<a name="line.541"></a>
+<span class="sourceLineNo">542</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.542"></a>
+<span class="sourceLineNo">543</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.543"></a>
+<span class="sourceLineNo">544</span> new SaslUnwrapHandler(saslClient));<a name="line.544"></a>
+<span class="sourceLineNo">545</span> }<a name="line.545"></a>
+<span class="sourceLineNo">546</span> }<a name="line.546"></a>
+<span class="sourceLineNo">547</span> promise.trySuccess(null);<a name="line.547"></a>
+<span class="sourceLineNo">548</span> break;<a name="line.548"></a>
+<span class="sourceLineNo">549</span> }<a name="line.549"></a>
+<span class="sourceLineNo">550</span> default:<a name="line.550"></a>
+<span class="sourceLineNo">551</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.551"></a>
+<span class="sourceLineNo">552</span> }<a name="line.552"></a>
+<span class="sourceLineNo">553</span> } else {<a name="line.553"></a>
+<span class="sourceLineNo">554</span> ctx.fireChannelRead(msg);<a name="line.554"></a>
+<span class="sourceLineNo">555</span> }<a name="line.555"></a>
<span class="sourceLineNo">556</span> }<a name="line.556"></a>
<span class="sourceLineNo">557</span><a name="line.557"></a>
<span class="sourceLineNo">558</span> @Override<a name="line.558"></a>
-<span class="sourceLineNo">559</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.559"></a>
-<span class="sourceLineNo">560</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.560"></a>
-<span class="sourceLineNo">561</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.561"></a>
-<span class="sourceLineNo">562</span> } else {<a name="line.562"></a>
-<span class="sourceLineNo">563</span> super.userEventTriggered(ctx, evt);<a name="line.563"></a>
-<span class="sourceLineNo">564</span> }<a name="line.564"></a>
-<span class="sourceLineNo">565</span> }<a name="line.565"></a>
-<span class="sourceLineNo">566</span> }<a name="line.566"></a>
-<span class="sourceLineNo">567</span><a name="line.567"></a>
-<span class="sourceLineNo">568</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.568"></a>
-<span class="sourceLineNo">569</span><a name="line.569"></a>
-<span class="sourceLineNo">570</span> private final SaslClient saslClient;<a name="line.570"></a>
-<span class="sourceLineNo">571</span><a name="line.571"></a>
-<span class="sourceLineNo">572</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.572"></a>
-<span class="sourceLineNo">573</span> this.saslClient = saslClient;<a name="line.573"></a>
-<span class="sourceLineNo">574</span> }<a name="line.574"></a>
-<span class="sourceLineNo">575</span><a name="line.575"></a>
-<span class="sourceLineNo">576</span> @Override<a name="line.576"></a>
-<span class="sourceLineNo">577</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.577"></a>
-<span class="sourceLineNo">578</span> saslClient.dispose();<a name="line.578"></a>
+<span class="sourceLineNo">559</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.559"></a>
+<span class="sourceLineNo">560</span> promise.tryFailure(cause);<a name="line.560"></a>
+<span class="sourceLineNo">561</span> }<a name="line.561"></a>
+<span class="sourceLineNo">562</span><a name="line.562"></a>
+<span class="sourceLineNo">563</span> @Override<a name="line.563"></a>
+<span class="sourceLineNo">564</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.564"></a>
+<span class="sourceLineNo">565</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.565"></a>
+<span class="sourceLineNo">566</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.566"></a>
+<span class="sourceLineNo">567</span> } else {<a name="line.567"></a>
+<span class="sourceLineNo">568</span> super.userEventTriggered(ctx, evt);<a name="line.568"></a>
+<span class="sourceLineNo">569</span> }<a name="line.569"></a>
+<span class="sourceLineNo">570</span> }<a name="line.570"></a>
+<span class="sourceLineNo">571</span> }<a name="line.571"></a>
+<span class="sourceLineNo">572</span><a name="line.572"></a>
+<span class="sourceLineNo">573</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.573"></a>
+<span class="sourceLineNo">574</span><a name="line.574"></a>
+<span class="sourceLineNo">575</span> private final SaslClient saslClient;<a name="line.575"></a>
+<span class="sourceLineNo">576</span><a name="line.576"></a>
+<span class="sourceLineNo">577</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.577"></a>
+<span class="sourceLineNo">578</span> this.saslClient = saslClient;<a name="line.578"></a>
<span class="sourceLineNo">579</span> }<a name="line.579"></a>
<span class="sourceLineNo">580</span><a name="line.580"></a>
<span class="sourceLineNo">581</span> @Override<a name="line.581"></a>
-<span class="sourceLineNo">582</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.582"></a>
-<span class="sourceLineNo">583</span> msg.skipBytes(4);<a name="line.583"></a>
-<span class="sourceLineNo">584</span> byte[] b = new byte[msg.readableBytes()];<a name="line.584"></a>
-<span class="sourceLineNo">585</span> msg.readBytes(b);<a name="line.585"></a>
-<span class="sourceLineNo">586</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.586"></a>
-<span class="sourceLineNo">587</span> }<a name="line.587"></a>
-<span class="sourceLineNo">588</span> }<a name="line.588"></a>
-<span class="sourceLineNo">589</span><a name="line.589"></a>
-<span class="sourceLineNo">590</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.590"></a>
-<span class="sourceLineNo">591</span><a name="line.591"></a>
-<span class="sourceLineNo">592</span> private final SaslClient saslClient;<a name="line.592"></a>
-<span class="sourceLineNo">593</span><a name="line.593"></a>
-<span class="sourceLineNo">594</span> private CompositeByteBuf cBuf;<a name="line.594"></a>
-<span class="sourceLineNo">595</span><a name="line.595"></a>
-<span class="sourceLineNo">596</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.596"></a>
-<span class="sourceLineNo">597</span> this.saslClient = saslClient;<a name="line.597"></a>
-<span class="sourceLineNo">598</span> }<a name="line.598"></a>
-<span class="sourceLineNo">599</span><a name="line.599"></a>
-<span class="sourceLineNo">600</span> @Override<a name="line.600"></a>
-<span class="sourceLineNo">601</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.601"></a>
-<span class="sourceLineNo">602</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.602"></a>
+<span class="sourceLineNo">582</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.582"></a>
+<span class="sourceLineNo">583</span> saslClient.dispose();<a name="line.583"></a>
+<span class="sourceLineNo">584</span> }<a name="line.584"></a>
+<span class="sourceLineNo">585</span><a name="line.585"></a>
+<span class="sourceLineNo">586</span> @Override<a name="line.586"></a>
+<span class="sourceLineNo">587</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.587"></a>
+<span class="sourceLineNo">588</span> msg.skipBytes(4);<a name="line.588"></a>
+<span class="sourceLineNo">589</span> byte[] b = new byte[msg.readableBytes()];<a name="line.589"></a>
+<span class="sourceLineNo">590</span> msg.readBytes(b);<a name="line.590"></a>
+<span class="sourceLineNo">591</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.591"></a>
+<span class="sourceLineNo">592</span> }<a name="line.592"></a>
+<span class="sourceLineNo">593</span> }<a name="line.593"></a>
+<span class="sourceLineNo">594</span><a name="line.594"></a>
+<span class="sourceLineNo">595</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.595"></a>
+<span class="sourceLineNo">596</span><a name="line.596"></a>
+<span class="sourceLineNo">597</span> private final SaslClient saslClient;<a name="line.597"></a>
+<span class="sourceLineNo">598</span><a name="line.598"></a>
+<span class="sourceLineNo">599</span> private CompositeByteBuf cBuf;<a name="line.599"></a>
+<span class="sourceLineNo">600</span><a name="line.600"></a>
+<span class="sourceLineNo">601</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.601"></a>
+<span class="sourceLineNo">602</span> this.saslClient = saslClient;<a name="line.602"></a>
<span class="sourceLineNo">603</span> }<a name="line.603"></a>
<span class="sourceLineNo">604</span><a name="line.604"></a>
<span class="sourceLineNo">605</span> @Override<a name="line.605"></a>
-<span class="sourceLineNo">606</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.606"></a>
-<span class="sourceLineNo">607</span> throws Exception {<a name="line.607"></a>
-<span class="sourceLineNo">608</span> if (msg instanceof ByteBuf) {<a name="line.608"></a>
-<span class="sourceLineNo">609</span> ByteBuf buf = (ByteBuf) msg;<a name="line.609"></a>
-<span class="sourceLineNo">610</span> cBuf.addComponent(buf);<a name="line.610"></a>
-<span class="sourceLineNo">611</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.611"></a>
-<span class="sourceLineNo">612</span> } else {<a name="line.612"></a>
-<span class="sourceLineNo">613</span> ctx.write(msg);<a name="line.613"></a>
-<span class="sourceLineNo">614</span> }<a name="line.614"></a>
-<span class="sourceLineNo">615</span> }<a name="line.615"></a>
-<span class="sourceLineNo">616</span><a name="line.616"></a>
-<span class="sourceLineNo">617</span> @Override<a name="line.617"></a>
-<span class="sourceLineNo">618</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.618"></a>
-<span class="sourceLineNo">619</span> if (cBuf.isReadable()) {<a name="line.619"></a>
-<span class="sourceLineNo">620</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.620"></a>
-<span class="sourceLineNo">621</span> cBuf.readBytes(b);<a name="line.621"></a>
-<span class="sourceLineNo">622</span> cBuf.discardReadComponents();<a name="line.622"></a>
-<span class="sourceLineNo">623</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.623"></a>
-<span class="sourceLineNo">624</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.624"></a>
-<span class="sourceLineNo">625</span> buf.writeInt(wrapped.length);<a name="line.625"></a>
-<span class="sourceLineNo">626</span> buf.writeBytes(wrapped);<a name="line.626"></a>
-<span class="sourceLineNo">627</span> ctx.write(buf);<a name="line.627"></a>
-<span class="sourceLineNo">628</span> }<a name="line.628"></a>
-<span class="sourceLineNo">629</span> ctx.flush();<a name="line.629"></a>
-<span class="sourceLineNo">630</span> }<a name="line.630"></a>
-<span class="sourceLineNo">631</span><a name="line.631"></a>
-<span class="sourceLineNo">632</span> @Override<a name="line.632"></a>
-<span class="sourceLineNo">633</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.633"></a>
-<span class="sourceLineNo">634</span> cBuf.release();<a name="line.634"></a>
-<span class="sourceLineNo">635</span> cBuf = null;<a name="line.635"></a>
-<span class="sourceLineNo">636</span> }<a name="line.636"></a>
-<span class="sourceLineNo">637</span> }<a name="line.637"></a>
-<span class="sourceLineNo">638</span><a name="line.638"></a>
-<span class="sourceLineNo">639</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.639"></a>
-<span class="sourceLineNo">640</span><a name="line.640"></a>
-<span class="sourceLineNo">641</span> private final Decryptor decryptor;<a name="line.641"></a>
-<span class="sourceLineNo">642</span><a name="line.642"></a>
-<span class="sourceLineNo">643</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.643"></a>
-<span class="sourceLineNo">644</span> throws GeneralSecurityException, IOException {<a name="line.644"></a>
-<span class="sourceLineNo">645</span> this.decryptor = codec.createDecryptor();<a name="line.645"></a>
-<span class="sourceLineNo">646</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.646"></a>
-<span class="sourceLineNo">647</span> }<a name="line.647"></a>
-<span class="sourceLineNo">648</span><a name="line.648"></a>
-<span class="sourceLineNo">649</span> @Override<a name="line.649"></a>
-<span class="sourceLineNo">650</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.650"></a>
-<span class="sourceLineNo">651</span> ByteBuf inBuf;<a name="line.651"></a>
-<span class="sourceLineNo">652</span> boolean release = false;<a name="line.652"></a>
-<span class="sourceLineNo">653</span> if (msg.nioBufferCount() == 1) {<a name="line.653"></a>
-<span class="sourceLineNo">654</span> inBuf = msg;<a name="line.654"></a>
-<span class="sourceLineNo">655</span> } else {<a name="line.655"></a>
-<span class="sourceLineNo">656</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.656"></a>
-<span class="sourceLineNo">657</span> msg.readBytes(inBuf);<a name="line.657"></a>
-<span class="sourceLineNo">658</span> release = true;<a name="line.658"></a>
-<span class="sourceLineNo">659</span> }<a name="line.659"></a>
-<span class="sourceLineNo">660</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.660"></a>
-<span class="sourceLineNo">661</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.661"></a>
-<span class="sourceLineNo">662</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.662"></a>
-<span class="sourceLineNo">663</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.663"></a>
-<span class="sourceLineNo">664</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.664"></a>
-<span class="sourceLineNo">665</span> if (release) {<a name="line.665"></a>
-<span class="sourceLineNo">666</span> inBuf.release();<a name="line.666"></a>
-<span class="sourceLineNo">667</span> }<a name="line.667"></a>
-<span class="sourceLineNo">668</span> ctx.fireChannelRead(outBuf);<a name="line.668"></a>
-<span class="sourceLineNo">669</span> }<a name="line.669"></a>
-<span class="sourceLineNo">670</span> }<a name="line.670"></a>
-<span class="sourceLineNo">671</span><a name="line.671"></a>
-<span class="sourceLineNo">672</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.672"></a>
-<span class="sourceLineNo">673</span><a name="line.673"></a>
-<span class="sourceLineNo">674</span> private final Encryptor encryptor;<a name="line.674"></a>
-<span class="sourceLineNo">675</span><a name="line.675"></a>
-<span class="sourceLineNo">676</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.676"></a>
-<span class="sourceLineNo">677</span> throws GeneralSecurityException, IOException {<a name="line.677"></a>
-<span class="sourceLineNo">678</span> this.encryptor = codec.createEncryptor();<a name="line.678"></a>
-<span class="sourceLineNo">679</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.679"></a>
-<span class="sourceLineNo">680</span> }<a name="line.680"></a>
-<span class="sourceLineNo">681</span><a name="line.681"></a>
-<span class="sourceLineNo">682</span> @Override<a name="line.682"></a>
-<span class="sourceLineNo">683</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.683"></a>
-<span class="sourceLineNo">684</span> throws Exception {<a name="line.684"></a>
-<span class="sourceLineNo">685</span> if (preferDirect) {<a name="line.685"></a>
-<span class="sourceLineNo">686</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.686"></a>
-<span class="sourceLineNo">687</span> } else {<a name="line.687"></a>
-<span class="sourceLineNo">688</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.688"></a>
-<span class="sourceLineNo">689</span> }<a name="line.689"></a>
-<span class="sourceLineNo">690</span> }<a name="line.690"></a>
-<span class="sourceLineNo">691</span><a name="line.691"></a>
-<span class="sourceLineNo">692</span> @Override<a name="line.692"></a>
-<span class="sourceLineNo">693</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.693"></a>
-<span class="sourceLineNo">694</span> ByteBuf inBuf;<a name="line.694"></a>
-<span class="sourceLineNo">695</span> boolean release = false;<a name="line.695"></a>
-<span class="sourceLineNo">696</span> if (msg.nioBufferCount() == 1) {<a name="line.696"></a>
-<span class="sourceLineNo">697</span> inBuf = msg;<a name="line.697"></a>
-<span class="sourceLineNo">698</span> } else {<a name="line.698"></a>
-<span class="sourceLineNo">699</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.699"></a>
-<span class="sourceLineNo">700</span> msg.readBytes(inBuf);<a name="line.700"></a>
-<span class="sourceLineNo">701</span> release = true;<a name="line.701"></a>
-<span class="sourceLineNo">702</span> }<a name="line.702"></a>
-<span class="sourceLineNo">703</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.703"></a>
-<span class="sourceLineNo">704</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.704"></a>
-<span class="sourceLineNo">705</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.705"></a>
-<span class="sourceLineNo">706</span> out.writerIndex(inBuf.readableBytes());<a name="line.706"></a>
-<span class="sourceLineNo">707</span> if (release) {<a name="line.707"></a>
-<span class="sourceLineNo">708</span> inBuf.release();<a name="line.708"></a>
-<span class="sourceLineNo">709</span> }<a name="line.709"></a>
-<span class="sourceLineNo">710</span> }<a name="line.710"></a>
-<span class="sourceLineNo">711</span> }<a name="line.711"></a>
-<span class="sourceLineNo">712</span><a name="line.712"></a>
-<span class="sourceLineNo">713</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.713"></a>
-<span class="sourceLineNo">714</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.714"></a>
-<span class="sourceLineNo">715</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.715"></a>
+<span class="sourceLineNo">606</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.606"></a>
+<span class="sourceLineNo">607</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.607"></a>
+<span class="sourceLineNo">608</span> }<a name="line.608"></a>
+<span class="sourceLineNo">609</span><a name="line.609"></a>
+<span class="sourceLineNo">610</span> @Override<a name="line.610"></a>
+<span class="sourceLineNo">611</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.611"></a>
+<span class="sourceLineNo">612</span> throws Exception {<a name="line.612"></a>
+<span class="sourceLineNo">613</span> if (msg instanceof ByteBuf) {<a name="line.613"></a>
+<span class="sourceLineNo">614</span> ByteBuf buf = (ByteBuf) msg;<a name="line.614"></a>
+<span class="sourceLineNo">615</span> cBuf.addComponent(buf);<a name="line.615"></a>
+<span class="sourceLineNo">616</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.616"></a>
+<span class="sourceLineNo">617</span> } else {<a name="line.617"></a>
+<span class="sourceLineNo">618</span> ctx.write(msg);<a name="line.618"></a>
+<span class="sourceLineNo">619</span> }<a name="line.619"></a>
+<span class="sourceLineNo">620</span> }<a name="line.620"></a>
+<span class="sourceLineNo">621</span><a name="line.621"></a>
+<span class="sourceLineNo">622</span> @Override<a name="line.622"></a>
+<span class="sourceLineNo">623</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.623"></a>
+<span class="sourceLineNo">624</span> if (cBuf.isReadable()) {<a name="line.624"></a>
+<span class="sourceLineNo">625</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.625"></a>
+<span class="sourceLineNo">626</span> cBuf.readBytes(b);<a name="line.626"></a>
+<span class="sourceLineNo">627</span> cBuf.discardReadComponents();<a name="line.627"></a>
+<span class="sourceLineNo">628</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.628"></a>
+<span class="sourceLineNo">629</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.629"></a>
+<span class="sourceLineNo">630</span> buf.writeInt(wrapped.length);<a name="line.630"></a>
+<span class="sourceLineNo">631</span> buf.writeBytes(wrapped);<a name="line.631"></a>
+<span class="sourceLineNo">632</span> ctx.write(buf);<a name="line.632"></a>
+<span class="sourceLineNo">633</span> }<a name="line.633"></a>
+<span class="sourceLineNo">634</span> ctx.flush();<a name="line.634"></a>
+<span class="sourceLineNo">635</span> }<a name="line.635"></a>
+<span class="sourceLineNo">636</span><a name="line.636"></a>
+<span class="sourceLineNo">637</span> @Override<a name="line.637"></a>
+<span class="sourceLineNo">638</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.638"></a>
+<span class="sourceLineNo">639</span> cBuf.release();<a name="line.639"></a>
+<span class="sourceLineNo">640</span> cBuf = null;<a name="line.640"></a>
+<span class="sourceLineNo">641</span> }<a name="line.641"></a>
+<span class="sourceLineNo">642</span> }<a name="line.642"></a>
+<span class="sourceLineNo">643</span><a name="line.643"></a>
+<span class="sourceLineNo">644</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.644"></a>
+<span class="sourceLineNo">645</span><a name="line.645"></a>
+<span class="sourceLineNo">646</span> private final Decryptor decryptor;<a name="line.646"></a>
+<span class="sourceLineNo">647</span><a name="line.647"></a>
+<span class="sourceLineNo">648</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.648"></a>
+<span class="sourceLineNo">649</span> throws GeneralSecurityException, IOException {<a name="line.649"></a>
+<span class="sourceLineNo">650</span> this.decryptor = codec.createDecryptor();<a name="line.650"></a>
+<span class="sourceLineNo">651</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.651"></a>
+<span class="sourceLineNo">652</span> }<a name="line.652"></a>
+<span class="sourceLineNo">653</span><a name="line.653"></a>
+<span class="sourceLineNo">654</span> @Override<a name="line.654"></a>
+<span class="sourceLineNo">655</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.655"></a>
+<span class="sourceLineNo">656</span> ByteBuf inBuf;<a name="line.656"></a>
+<span class="sourceLineNo">657</span> boolean release = false;<a name="line.657"></a>
+<span class="sourceLineNo">658</span> if (msg.nioBufferCount() == 1) {<a name="line.658"></a>
+<span class="sourceLineNo">659</span> inBuf = msg;<a name="line.659"></a>
+<span class="sourceLineNo">660</span> } else {<a name="line.660"></a>
+<span class="sourceLineNo">661</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.661"></a>
+<span class="sourceLineNo">662</span> msg.readBytes(inBuf);<a name="line.662"></a>
+<span class="sourceLineNo">663</span> release = true;<a name="line.663"></a>
+<span class="sourceLineNo">664</span> }<a name="line.664"></a>
+<span class="sourceLineNo">665</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.665"></a>
+<span class="sourceLineNo">666</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.666"></a>
+<span class="sourceLineNo">667</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.667"></a>
+<span class="sourceLineNo">668</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.668"></a>
+<span class="sourceLineNo">669</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.669"></a>
+<span class="sourceLineNo">670</span> if (release) {<a name="line.670"></a>
+<span class="sourceLineNo">671</span> inBuf.release();<a name="line.671"></a>
+<span class="sourceLineNo">672</span> }<a name="line.672"></a>
+<span class="sourceLineNo">673</span> ctx.fireChannelRead(outBuf);<a name="line.673"></a>
+<span class="sourceLineNo">674</span> }<a name="line.674"></a>
+<span class="sourceLineNo">675</span> }<a name="line.675"></a>
+<span class="sourceLineNo">676</span><a name="line.676"></a>
+<span class="sourceLineNo">677</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.677"></a>
+<span class="sourceLineNo">678</span><a name="line.678"></a>
+<span class="sourceLineNo">679</span> private final Encryptor encryptor;<a name="line.679"></a>
+<span class="sourceLineNo">680</span><a name="line.680"></a>
+<span class="sourceLineNo">681</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.681"></a>
+<span class="sourceLineNo">682</span> throws GeneralSecurityException, IOException {<a name="line.682"></a>
+<span class="sourceLineNo">683</span> this.encryptor = codec.createEncryptor();<a name="line.683"></a>
+<span class="sourceLineNo">684</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.684"></a>
+<span class="sourceLineNo">685</span> }<a name="line.685"></a>
+<span class="sourceLineNo">686</span><a name="line.686"></a>
+<span class="sourceLineNo">687</span> @Override<a name="line.687"></a>
+<span class="sourceLineNo">688</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.688"></a>
+<span class="sourceLineNo">689</span> throws Exception {<a name="line.689"></a>
+<span class="sourceLineNo">690</span> if (preferDirect) {<a name="line.690"></a>
+<span class="sourceLineNo">691</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.691"></a>
+<span class="sourceLineNo">692</span> } else {<a name="line.692"></a>
+<span class="sourceLineNo">693</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.693"></a>
+<span class="sourceLineNo">694</span> }<a name="line.694"></a>
+<span class="sourceLineNo">695</span> }<a name="line.695"></a>
+<span class="sourceLineNo">696</span><a name="line.696"></a>
+<span class="sourceLineNo">697</span> @Override<a name="line.697"></a>
+<span class="sourceLineNo">698</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.698"></a>
+<span class="sourceLineNo">699</span> ByteBuf inBuf;<a name="line.699"></a>
+<span class="sourceLineNo">700</span> boolean release = false;<a name="line.700"></a>
+<span class="sourceLineNo">701</span> if (msg.nioBufferCount() == 1) {<a name="line.701"></a>
+<span class="sourceLineNo">702</span> inBuf = msg;<a name="line.702"></a>
+<span class="sourceLineNo">703</span> } else {<a name="line.703"></a>
+<span class="sourceLineNo">704</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.704"></a>
+<span class="sourceLineNo">705</span> msg.readBytes(inBuf);<a name="line.705"></a>
+<span class="sourceLineNo">706</span> release = true;<a name="line.706"></a>
+<span class="sourceLineNo">707</span> }<a name="line.707"></a>
+<span class="sourceLineNo">708</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.708"></a>
+<span class="sourceLineNo">709</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.709"></a>
+<span class="sourceLineNo">710</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.710"></a>
+<span class="sourceLineNo">711</span> out.writerIndex(inBuf.readableBytes());<a name="line.711"></a>
+<span class="sourceLineNo">712</span> if (release) {<a name="line.712"></a>
+<span class="sourceLineNo">713</span> inBuf.release();<a name="line.713"></a>
+<span class="sourceLineNo">714</span> }<a name="line.714"></a>
+<span class="sourceLineNo">715</span> }<a name="line.715"></a>
<span class="sourceLineNo">716</span> }<a name="line.716"></a>
<span class="sourceLineNo">717</span><a name="line.717"></a>
-<span class="sourceLineNo">718</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.718"></a>
-<span class="sourceLineNo">719</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.719"></a>
-<span class="sourceLineNo">720</span> }<a name="line.720"></a>
-<span class="sourceLineNo">721</span><a name="line.721"></a>
-<span class="sourceLineNo">722</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.722"></a>
-<span class="sourceLineNo">723</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.723"></a>
-<span class="sourceLineNo">724</span> }<a name="line.724"></a>
-<span class="sourceLineNo">725</span><a name="line.725"></a>
-<span class="sourceLineNo">726</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.726"></a>
-<span class="sourceLineNo">727</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.727"></a>
-<span class="sourceLineNo">728</span> .toCharArray();<a name="line.728"></a>
+<span class="sourceLineNo">718</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.718"></a>
+<span class="sourceLineNo">719</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.719"></a>
+<span class="sourceLineNo">720</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.720"></a>
+<span class="sourceLineNo">721</span> }<a name="line.721"></a>
+<span class="sourceLineNo">722</span><a name="line.722"></a>
+<span class="sourceLineNo">723</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.723"></a>
+<span class="sourceLineNo">724</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.724"></a>
+<span class="sourceLineNo">725</span> }<a name="line.725"></a>
+<span class="sourceLineNo">726</span><a name="line.726"></a>
+<span class="sourceLineNo">727</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.727"></a>
+<span class="sourceLineNo">728</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.728"></a>
<span class="sourceLineNo">729</span> }<a name="line.729"></a>
<span class="sourceLineNo">730</span><a name="line.730"></a>
-<span class="sourceLineNo">731</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.731"></a>
-<span class="sourceLineNo">732</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.732"></a>
-<span class="sourceLineNo">733</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.733"></a>
-<span class="sourceLineNo">734</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.734"></a>
-<span class="sourceLineNo">735</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.735"></a>
-<span class="sourceLineNo">736</span> return saslProps;<a name="line.736"></a>
-<span class="sourceLineNo">737</span> }<a name="line.737"></a>
-<span class="sourceLineNo">738</span><a name="line.738"></a>
-<span class="sourceLineNo">739</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.739"></a>
-<span class="sourceLineNo">740</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {<a name="line.740"></a>
-<span class="sourceLineNo">741</span> try {<a name="line.741"></a>
-<span class="sourceLineNo">742</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.742"></a>
-<span class="sourceLineNo">743</span> new ProtobufVarint32FrameDecoder(),<a name="line.743"></a>
-<span class="sourceLineNo">744</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.744"></a>
-<span class="sourceLineNo">745</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));<a name="line.745"></a>
-<span class="sourceLineNo">746</span> } catch (SaslException e) {<a name="line.746"></a>
-<span class="sourceLineNo">747</span> saslPromise.tryFailure(e);<a name="line.747"></a>
-<span class="sourceLineNo">748</span> }<a name="line.748"></a>
-<span class="sourceLineNo">749</span> }<a name="line.749"></a>
-<span class="sourceLineNo">750</span><a name="line.750"></a>
-<span class="sourceLineNo">751</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.751"></a>
-<span class="sourceLineNo">752</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.752"></a>
-<span class="sourceLineNo">753</span> Promise<Void> saslPromise) throws IOException {<a name="line.753"></a>
-<span class="sourceLineNo">754</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.754"></a>
-<span class="sourceLineNo">755</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.755"></a>
-<span class="sourceLineNo">756</span> TrustedChannelResolver trustedChannelResolver =<a name="line.756"></a>
-<span class="sourceLineNo">757</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.757"></a>
-<span class="sourceLineNo">758</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.758"></a>
-<span class="sourceLineNo">759</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.759"></a>
-<span class="sourceLineNo">760</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.760"></a>
-<span class="sourceLineNo">761</span> saslPromise.trySuccess(null);<a name="line.761"></a>
-<span class="sourceLineNo">762</span> return;<a name="line.762"></a>
-<span class="sourceLineNo">763</span> }<a name="line.763"></a>
-<span class="sourceLineNo">764</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.764"></a>
-<span class="sourceLineNo">765</span> if (encryptionKey != null) {<a name="line.765"></a>
-<span class="sourceLineNo">766</span> if (LOG.isDebugEnabled()) {<a name="line.766"></a>
-<span class="sourceLineNo">767</span> LOG.debug(<a name="line.767"></a>
-<span class="sourceLineNo">768</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.768"></a>
-<span class="sourceLineNo">769</span> }<a name="line.769"></a>
-<span class="sourceLineNo">770</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.770"></a>
-<span class="sourceLineNo">771</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.771"></a>
-<span class="sourceLineNo">772</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);<a name="line.772"></a>
-<span class="sourceLineNo">773</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.773"></a>
-<span class="sourceLineNo">774</span> if (LOG.isDebugEnabled()) {<a name="line.774"></a>
-<span class="sourceLineNo">775</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.775"></a>
-<span class="sourceLineNo">776</span> + ", datanodeId = " + dnInfo);<a name="line.776"></a>
-<span class="sourceLineNo">777</span> }<a name="line.777"></a>
-<span class="sourceLineNo">778</span> saslPromise.trySuccess(null);<a name="line.778"></a>
-<span class="sourceLineNo">779</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.779"></a>
-<span class="sourceLineNo">780</span> if (LOG.isDebugEnabled()) {<a name="line.780"></a>
-<span class="sourceLineNo">781</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.781"></a>
-<span class="sourceLineNo">782</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.782"></a>
-<span class="sourceLineNo">783</span> }<a name="line.783"></a>
-<span class="sourceLineNo">784</span> saslPromise.trySuccess(null);<a name="line.784"></a>
-<span class="sourceLineNo">785</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.785"></a>
-<span class="sourceLineNo">786</span> if (LOG.isDebugEnabled()) {<a name="line.786"></a>
-<span class="sourceLineNo">787</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.787"></a>
-<span class="sourceLineNo">788</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.788"></a>
-<span class="sourceLineNo">789</span> }<a name="line.789"></a>
-<span class="sourceLineNo">790</span> saslPromise.trySuccess(null);<a name="line.790"></a>
-<span class="sourceLineNo">791</span> } else if (saslPropsResolver != null) {<a name="line.791"></a>
-<span class="sourceLineNo">792</span> if (LOG.isDebugEnabled()) {<a name="line.792"></a>
-<span class="sourceLineNo">793</span> LOG.debug(<a name="line.793"></a>
-<span class="sourceLineNo">794</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.794"></a>
-<span class="sourceLineNo">795</span> }<a name="line.795"></a>
-<span class="sourceLineNo">796</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.796"></a>
-<span class="sourceLineNo">797</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);<a name="line.797"></a>
-<span class="sourceLineNo">798</span> } else {<a name="line.798"></a>
-<span class="sourceLineNo">799</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.799"></a>
-<span class="sourceLineNo">800</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.800"></a>
-<span class="sourceLineNo">801</span> // edge case.<a name="line.801"></a>
-<span class="sourceLineNo">802</span> if (LOG.isDebugEnabled()) {<a name="line.802"></a>
-<span class="sourceLineNo">803</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.803"></a>
-<span class="sourceLineNo">804</span> + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.804"></a>
-<span class="sourceLineNo">805</span> }<a name="line.805"></a>
-<span class="sourceLineNo">806</span> saslPromise.trySuccess(null);<a name="line.806"></a>
-<span class="sourceLineNo">807</span> }<a name="line.807"></a>
-<span class="sourceLineNo">808</span> }<a name="line.808"></a>
-<span class="sourceLineNo">809</span><a name="line.809"></a>
-<span class="sourceLineNo">810</span> static Encryptor createEncryptor(Configuration conf, HdfsFileStatus stat, DFSClient client)<a name="line.810"></a>
-<span class="sourceLineNo">811</span> throws IOException {<a name="line.811"></a>
-<span class="sourceLineNo">812</span> FileEncryptionInfo feInfo = stat.getFileEncryptionInfo();<a name="line.812"></a>
-<span class="sourceLineNo">813</span> if (feInfo == null) {<a name="line.813"></a>
-<span class="sourceLineNo">814</span> return null;<a name="line.814"></a>
-<span class="sourceLineNo">815</span> }<a name="line.815"></a>
-<span class="sourceLineNo">816</span> return TRANSPARENT_CRYPTO_HELPER.createEncryptor(conf, feInfo, client);<a name="line.816"></a>
+<span class="sourceLineNo">731</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.731"></a>
+<span class="sourceLineNo">732</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.732"></a>
+<span class="sourceLineNo">733</span> .toCharArray();<a name="line.733"></a>
+<span class="sourceLineNo">734</span> }<a name="line.734"></a>
+<span class="sourceLineNo">735</span><a name="line.735"></a>
+<span class="sourceLineNo">736</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.736"></a>
+<span class="sourceLineNo">737</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.737"></a>
+<span class="sourceLineNo">738</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.738"></a>
+<span class="sourceLineNo">739</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.739"></a>
+<span class="sourceLineNo">740</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.740"></a>
+<span class="sourceLineNo">741</span> return saslProps;<a name="line.741"></a>
+<span class="sourceLineNo">742</span> }<a name="line.742"></a>
+<span class="sourceLineNo">743</span><a name="line.743"></a>
+<span class="sourceLineNo">744</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.744"></a>
+<span class="sourceLineNo">745</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,<a name="line.745"></a>
+<span class="sourceLineNo">746</span> DFSClient dfsClient) {<a name="line.746"></a>
+<span class="sourceLineNo">747</span> try {<a name="line.747"></a>
+<span class="sourceLineNo">748</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.748"></a>
+<span class="sourceLineNo">749</span> new ProtobufVarint32FrameDecoder(),<a name="line.749"></a>
+<span class="sourceLineNo">750</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.750"></a>
+<span class="sourceLineNo">751</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,<a name="line.751"></a>
+<span class="sourceLineNo">752</span> dfsClient));<a name="line.752"></a>
+<span class="sourceLineNo">753</span> } catch (SaslException e) {<a name="line.753"></a>
+<span class="sourceLineNo">754</span> saslPromise.tryFailure(e);<a name="line.754"></a>
+<span class="sourceLineNo">755</span> }<a name="line.755"></a>
+<span class="sourceLineNo">756</span> }<a name="line.756"></a>
+<span class="sourceLineNo">757</span><a name="line.757"></a>
+<span class="sourceLineNo">758</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.758"></a>
+<span class="sourceLineNo">759</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.759"></a>
+<span class="sourceLineNo">760</span> Promise<Void> saslPromise) throws IOException {<a name="line.760"></a>
+<span class="sourceLineNo">761</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.761"></a>
+<span class="sourceLineNo">762</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.762"></a>
+<span class="sourceLineNo">763</span> TrustedChannelResolver trustedChannelResolver =<a name="line.763"></a>
+<span class="sourceLineNo">764</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.764"></a>
+<span class="sourceLineNo">765</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.765"></a>
+<span class="sourceLineNo">766</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.766"></a>
+<span class="sourceLineNo">767</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.767"></a>
+<span class="sourceLineNo">768</span> saslPromise.trySuccess(null);<a name="line.768"></a>
+<span class="sourceLineNo">769</span> return;<a name="line.769"></a>
+<span class="sourceLineNo">770</span> }<a name="line.770"></a>
+<span class="sourceLineNo">771</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.771"></a>
+<span class="sourceLineNo">772</span> if (encryptionKey != null) {<a name="line.772"></a>
+<span class="sourceLineNo">773</span> if (LOG.isDebugEnabled()) {<a name="line.773"></a>
+<span class="sourceLineNo">774</span> LOG.debug(<a name="line.774"></a>
+<span class="sourceLineNo">775</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.775"></a>
+<span class="sourceLineNo">776</span> }<a name="line.776"></a>
+<span class="sourceLineNo">777</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.777"></a>
+<span class="sourceLineNo">778</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.778"></a>
+<span class="sourceLineNo">779</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,<a name="line.779"></a>
+<span class="sourceLineNo">780</span> client);<a name="line.780"></a>
+<span class="sourceLineNo">781</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.781"></a>
+<span class="sourceLineNo">782</span> if (LOG.isDebugEnabled()) {<a name="line.782"></a>
+<span class="sourceLineNo">783</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.783"></a>
+<span class="sourceLineNo">784</span> + ", datanodeId = " + dnInfo);<a name="line.784"></a>
+<span class="sourceLineNo">785</span> }<a name="line.785"></a>
+<span class="sourceLineNo">786</span> saslPromise.trySuccess(null);<a name="line.786"></a>
+<span class="sourceLineNo">787</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.787"></a>
+<span class="sourceLineNo">788</span> if (LOG.isDebugEnabled()) {<a name="line.788"></a>
+<span class="sourceLineNo">789</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.789"></a>
+<span class="sourceLineNo">790</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.790"></a>
+<span class="sourceLineNo">791</span> }<a name="line.791"></a>
+<span class="sourceLineNo">792</span> saslPromise.trySuccess(null);<a name="line.792"></a>
+<span class="sourceLineNo">793</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.793"></a>
+<span class="sourceLineNo">794</span> if (LOG.isDebugEnabled()) {<a name="line.794"></a>
+<span class="sourceLineNo">795</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.795"></a>
+<span class="sourceLineNo">796</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.796"></a>
+<span class="sourceLineNo">797</span> }<a name="line.797"></a>
+<span class="sourceLineNo">798</span> saslPromise.trySuccess(null);<a name="line.798"></a>
+<span class="sourceLineNo">799</span> } else if (saslPropsResolver != null) {<a name="line.799"></a>
+<span class="sourceLineNo">800</span> if (LOG.isDebugEnabled()) {<a name="line.800"></a>
+<span class="sourceLineNo">801</span> LOG.debug(<a name="line.801"></a>
+<span class="sourceLineNo">802</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.802"></a>
+<span class="sourceLineNo">803</span> }<a name="line.803"></a>
+<span class="sourceLineNo">804</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.804"></a>
+<span class="sourceLineNo">805</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,<a name="line.805"></a>
+<span class="sourceLineNo">806</span> client);<a name="line.806"></a>
+<span class="sourceLineNo">807</span> } else {<a name="line.807"></a>
+<span class="sourceLineNo">808</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.808"></a>
+<span class="sourceLineNo">809</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.809"></a>
+<span class="sourceLineNo">810</span> // edge case.<a name="line.810"></a>
+<span class="sourceLineNo">811</span> if (LOG.isDebugEnabled()) {<a name="line.811"></a>
+<span class="sour
<TRUNCATED>
[10/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html
index 40ef9f4..36b4e7f 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html
@@ -375,455 +375,464 @@
<span class="sourceLineNo">367</span><a name="line.367"></a>
<span class="sourceLineNo">368</span> private final Promise<Void> promise;<a name="line.368"></a>
<span class="sourceLineNo">369</span><a name="line.369"></a>
-<span class="sourceLineNo">370</span> private int step = 0;<a name="line.370"></a>
+<span class="sourceLineNo">370</span> private final DFSClient dfsClient;<a name="line.370"></a>
<span class="sourceLineNo">371</span><a name="line.371"></a>
-<span class="sourceLineNo">372</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.372"></a>
-<span class="sourceLineNo">373</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {<a name="line.373"></a>
-<span class="sourceLineNo">374</span> this.conf = conf;<a name="line.374"></a>
-<span class="sourceLineNo">375</span> this.saslProps = saslProps;<a name="line.375"></a>
-<span class="sourceLineNo">376</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.376"></a>
-<span class="sourceLineNo">377</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.377"></a>
-<span class="sourceLineNo">378</span> this.timeoutMs = timeoutMs;<a name="line.378"></a>
-<span class="sourceLineNo">379</span> this.promise = promise;<a name="line.379"></a>
-<span class="sourceLineNo">380</span> }<a name="line.380"></a>
-<span class="sourceLineNo">381</span><a name="line.381"></a>
-<span class="sourceLineNo">382</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.382"></a>
-<span class="sourceLineNo">383</span> sendSaslMessage(ctx, payload, null);<a name="line.383"></a>
+<span class="sourceLineNo">372</span> private int step = 0;<a name="line.372"></a>
+<span class="sourceLineNo">373</span><a name="line.373"></a>
+<span class="sourceLineNo">374</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.374"></a>
+<span class="sourceLineNo">375</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,<a name="line.375"></a>
+<span class="sourceLineNo">376</span> DFSClient dfsClient) throws SaslException {<a name="line.376"></a>
+<span class="sourceLineNo">377</span> this.conf = conf;<a name="line.377"></a>
+<span class="sourceLineNo">378</span> this.saslProps = saslProps;<a name="line.378"></a>
+<span class="sourceLineNo">379</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.379"></a>
+<span class="sourceLineNo">380</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.380"></a>
+<span class="sourceLineNo">381</span> this.timeoutMs = timeoutMs;<a name="line.381"></a>
+<span class="sourceLineNo">382</span> this.promise = promise;<a name="line.382"></a>
+<span class="sourceLineNo">383</span> this.dfsClient = dfsClient;<a name="line.383"></a>
<span class="sourceLineNo">384</span> }<a name="line.384"></a>
<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.387"></a>
-<span class="sourceLineNo">388</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.388"></a>
-<span class="sourceLineNo">389</span> // values for future expansion.<a name="line.389"></a>
-<span class="sourceLineNo">390</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.390"></a>
-<span class="sourceLineNo">391</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.391"></a>
-<span class="sourceLineNo">392</span> return null;<a name="line.392"></a>
-<span class="sourceLineNo">393</span> }<a name="line.393"></a>
-<span class="sourceLineNo">394</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.394"></a>
-<span class="sourceLineNo">395</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.395"></a>
-<span class="sourceLineNo">396</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.396"></a>
+<span class="sourceLineNo">386</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.386"></a>
+<span class="sourceLineNo">387</span> sendSaslMessage(ctx, payload, null);<a name="line.387"></a>
+<span class="sourceLineNo">388</span> }<a name="line.388"></a>
+<span class="sourceLineNo">389</span><a name="line.389"></a>
+<span class="sourceLineNo">390</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.390"></a>
+<span class="sourceLineNo">391</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.391"></a>
+<span class="sourceLineNo">392</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.392"></a>
+<span class="sourceLineNo">393</span> // values for future expansion.<a name="line.393"></a>
+<span class="sourceLineNo">394</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.395"></a>
+<span class="sourceLineNo">396</span> return null;<a name="line.396"></a>
<span class="sourceLineNo">397</span> }<a name="line.397"></a>
-<span class="sourceLineNo">398</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.398"></a>
-<span class="sourceLineNo">399</span> }<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.401"></a>
-<span class="sourceLineNo">402</span> List<CipherOption> options) throws IOException {<a name="line.402"></a>
-<span class="sourceLineNo">403</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.403"></a>
-<span class="sourceLineNo">404</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.404"></a>
-<span class="sourceLineNo">405</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> if (payload != null) {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.407"></a>
-<span class="sourceLineNo">408</span> // and we want to keep that out of hbase-server.<a name="line.408"></a>
-<span class="sourceLineNo">409</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.409"></a>
-<span class="sourceLineNo">410</span> }<a name="line.410"></a>
-<span class="sourceLineNo">411</span> if (options != null) {<a name="line.411"></a>
-<span class="sourceLineNo">412</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.412"></a>
-<span class="sourceLineNo">413</span> }<a name="line.413"></a>
-<span class="sourceLineNo">414</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> int size = proto.getSerializedSize();<a name="line.415"></a>
-<span class="sourceLineNo">416</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.416"></a>
-<span class="sourceLineNo">417</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.417"></a>
-<span class="sourceLineNo">418</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.418"></a>
-<span class="sourceLineNo">419</span> ctx.write(buf);<a name="line.419"></a>
-<span class="sourceLineNo">420</span> }<a name="line.420"></a>
-<span class="sourceLineNo">421</span><a name="line.421"></a>
-<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
-<span class="sourceLineNo">423</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.423"></a>
-<span class="sourceLineNo">424</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.424"></a>
-<span class="sourceLineNo">425</span> sendSaslMessage(ctx, new byte[0]);<a name="line.425"></a>
-<span class="sourceLineNo">426</span> ctx.flush();<a name="line.426"></a>
-<span class="sourceLineNo">427</span> step++;<a name="line.427"></a>
-<span class="sourceLineNo">428</span> }<a name="line.428"></a>
-<span class="sourceLineNo">429</span><a name="line.429"></a>
-<span class="sourceLineNo">430</span> @Override<a name="line.430"></a>
-<span class="sourceLineNo">431</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.431"></a>
-<span class="sourceLineNo">432</span> saslClient.dispose();<a name="line.432"></a>
-<span class="sourceLineNo">433</span> }<a name="line.433"></a>
-<span class="sourceLineNo">434</span><a name="line.434"></a>
-<span class="sourceLineNo">435</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.435"></a>
-<span class="sourceLineNo">436</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.436"></a>
-<span class="sourceLineNo">437</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.437"></a>
-<span class="sourceLineNo">438</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.438"></a>
-<span class="sourceLineNo">439</span> throw new IOException(proto.getMessage());<a name="line.439"></a>
-<span class="sourceLineNo">440</span> }<a name="line.440"></a>
-<span class="sourceLineNo">441</span> }<a name="line.441"></a>
-<span class="sourceLineNo">442</span><a name="line.442"></a>
-<span class="sourceLineNo">443</span> private String getNegotiatedQop() {<a name="line.443"></a>
-<span class="sourceLineNo">444</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> }<a name="line.445"></a>
-<span class="sourceLineNo">446</span><a name="line.446"></a>
-<span class="sourceLineNo">447</span> private boolean isNegotiatedQopPrivacy() {<a name="line.447"></a>
-<span class="sourceLineNo">448</span> String qop = getNegotiatedQop();<a name="line.448"></a>
-<span class="sourceLineNo">449</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.449"></a>
+<span class="sourceLineNo">398</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.398"></a>
+<span class="sourceLineNo">399</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.399"></a>
+<span class="sourceLineNo">400</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.400"></a>
+<span class="sourceLineNo">401</span> }<a name="line.401"></a>
+<span class="sourceLineNo">402</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.402"></a>
+<span class="sourceLineNo">403</span> }<a name="line.403"></a>
+<span class="sourceLineNo">404</span><a name="line.404"></a>
+<span class="sourceLineNo">405</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.405"></a>
+<span class="sourceLineNo">406</span> List<CipherOption> options) throws IOException {<a name="line.406"></a>
+<span class="sourceLineNo">407</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.407"></a>
+<span class="sourceLineNo">408</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.408"></a>
+<span class="sourceLineNo">409</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> if (payload != null) {<a name="line.410"></a>
+<span class="sourceLineNo">411</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.411"></a>
+<span class="sourceLineNo">412</span> // and we want to keep that out of hbase-server.<a name="line.412"></a>
+<span class="sourceLineNo">413</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.413"></a>
+<span class="sourceLineNo">414</span> }<a name="line.414"></a>
+<span class="sourceLineNo">415</span> if (options != null) {<a name="line.415"></a>
+<span class="sourceLineNo">416</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.416"></a>
+<span class="sourceLineNo">417</span> }<a name="line.417"></a>
+<span class="sourceLineNo">418</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.418"></a>
+<span class="sourceLineNo">419</span> int size = proto.getSerializedSize();<a name="line.419"></a>
+<span class="sourceLineNo">420</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.420"></a>
+<span class="sourceLineNo">421</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.421"></a>
+<span class="sourceLineNo">422</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.422"></a>
+<span class="sourceLineNo">423</span> ctx.write(buf);<a name="line.423"></a>
+<span class="sourceLineNo">424</span> }<a name="line.424"></a>
+<span class="sourceLineNo">425</span><a name="line.425"></a>
+<span class="sourceLineNo">426</span> @Override<a name="line.426"></a>
+<span class="sourceLineNo">427</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.427"></a>
+<span class="sourceLineNo">428</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.428"></a>
+<span class="sourceLineNo">429</span> sendSaslMessage(ctx, new byte[0]);<a name="line.429"></a>
+<span class="sourceLineNo">430</span> ctx.flush();<a name="line.430"></a>
+<span class="sourceLineNo">431</span> step++;<a name="line.431"></a>
+<span class="sourceLineNo">432</span> }<a name="line.432"></a>
+<span class="sourceLineNo">433</span><a name="line.433"></a>
+<span class="sourceLineNo">434</span> @Override<a name="line.434"></a>
+<span class="sourceLineNo">435</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.435"></a>
+<span class="sourceLineNo">436</span> saslClient.dispose();<a name="line.436"></a>
+<span class="sourceLineNo">437</span> }<a name="line.437"></a>
+<span class="sourceLineNo">438</span><a name="line.438"></a>
+<span class="sourceLineNo">439</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.439"></a>
+<span class="sourceLineNo">440</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.440"></a>
+<span class="sourceLineNo">441</span> dfsClient.clearDataEncryptionKey();<a name="line.441"></a>
+<span class="sourceLineNo">442</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.442"></a>
+<span class="sourceLineNo">443</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> throw new IOException(proto.getMessage());<a name="line.444"></a>
+<span class="sourceLineNo">445</span> }<a name="line.445"></a>
+<span class="sourceLineNo">446</span> }<a name="line.446"></a>
+<span class="sourceLineNo">447</span><a name="line.447"></a>
+<span class="sourceLineNo">448</span> private String getNegotiatedQop() {<a name="line.448"></a>
+<span class="sourceLineNo">449</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.449"></a>
<span class="sourceLineNo">450</span> }<a name="line.450"></a>
<span class="sourceLineNo">451</span><a name="line.451"></a>
-<span class="sourceLineNo">452</span> private boolean requestedQopContainsPrivacy() {<a name="line.452"></a>
-<span class="sourceLineNo">453</span> Set<String> requestedQop =<a name="line.453"></a>
-<span class="sourceLineNo">454</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.454"></a>
-<span class="sourceLineNo">455</span> return requestedQop.contains("auth-conf");<a name="line.455"></a>
-<span class="sourceLineNo">456</span> }<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> private void checkSaslComplete() throws IOException {<a name="line.458"></a>
-<span class="sourceLineNo">459</span> if (!saslClient.isComplete()) {<a name="line.459"></a>
-<span class="sourceLineNo">460</span> throw new IOException("Failed to complete SASL handshake");<a name="line.460"></a>
-<span class="sourceLineNo">461</span> }<a name="line.461"></a>
-<span class="sourceLineNo">462</span> Set<String> requestedQop =<a name="line.462"></a>
-<span class="sourceLineNo">463</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.463"></a>
-<span class="sourceLineNo">464</span> String negotiatedQop = getNegotiatedQop();<a name="line.464"></a>
-<span class="sourceLineNo">465</span> LOG.debug(<a name="line.465"></a>
-<span class="sourceLineNo">466</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.466"></a>
-<span class="sourceLineNo">467</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.467"></a>
-<span class="sourceLineNo">468</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.468"></a>
-<span class="sourceLineNo">469</span> + "channel does not have acceptable quality of protection, "<a name="line.469"></a>
-<span class="sourceLineNo">470</span> + "requested = %s, negotiated = %s",<a name="line.470"></a>
-<span class="sourceLineNo">471</span> requestedQop, negotiatedQop));<a name="line.471"></a>
-<span class="sourceLineNo">472</span> }<a name="line.472"></a>
-<span class="sourceLineNo">473</span> }<a name="line.473"></a>
-<span class="sourceLineNo">474</span><a name="line.474"></a>
-<span class="sourceLineNo">475</span> private boolean useWrap() {<a name="line.475"></a>
-<span class="sourceLineNo">476</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.476"></a>
-<span class="sourceLineNo">477</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.477"></a>
+<span class="sourceLineNo">452</span> private boolean isNegotiatedQopPrivacy() {<a name="line.452"></a>
+<span class="sourceLineNo">453</span> String qop = getNegotiatedQop();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.454"></a>
+<span class="sourceLineNo">455</span> }<a name="line.455"></a>
+<span class="sourceLineNo">456</span><a name="line.456"></a>
+<span class="sourceLineNo">457</span> private boolean requestedQopContainsPrivacy() {<a name="line.457"></a>
+<span class="sourceLineNo">458</span> Set<String> requestedQop =<a name="line.458"></a>
+<span class="sourceLineNo">459</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.459"></a>
+<span class="sourceLineNo">460</span> return requestedQop.contains("auth-conf");<a name="line.460"></a>
+<span class="sourceLineNo">461</span> }<a name="line.461"></a>
+<span class="sourceLineNo">462</span><a name="line.462"></a>
+<span class="sourceLineNo">463</span> private void checkSaslComplete() throws IOException {<a name="line.463"></a>
+<span class="sourceLineNo">464</span> if (!saslClient.isComplete()) {<a name="line.464"></a>
+<span class="sourceLineNo">465</span> throw new IOException("Failed to complete SASL handshake");<a name="line.465"></a>
+<span class="sourceLineNo">466</span> }<a name="line.466"></a>
+<span class="sourceLineNo">467</span> Set<String> requestedQop =<a name="line.467"></a>
+<span class="sourceLineNo">468</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.468"></a>
+<span class="sourceLineNo">469</span> String negotiatedQop = getNegotiatedQop();<a name="line.469"></a>
+<span class="sourceLineNo">470</span> LOG.debug(<a name="line.470"></a>
+<span class="sourceLineNo">471</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.471"></a>
+<span class="sourceLineNo">472</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.472"></a>
+<span class="sourceLineNo">473</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.473"></a>
+<span class="sourceLineNo">474</span> + "channel does not have acceptable quality of protection, "<a name="line.474"></a>
+<span class="sourceLineNo">475</span> + "requested = %s, negotiated = %s",<a name="line.475"></a>
+<span class="sourceLineNo">476</span> requestedQop, negotiatedQop));<a name="line.476"></a>
+<span class="sourceLineNo">477</span> }<a name="line.477"></a>
<span class="sourceLineNo">478</span> }<a name="line.478"></a>
<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.480"></a>
-<span class="sourceLineNo">481</span> byte[] inKey = option.getInKey();<a name="line.481"></a>
-<span class="sourceLineNo">482</span> if (inKey != null) {<a name="line.482"></a>
-<span class="sourceLineNo">483</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.483"></a>
-<span class="sourceLineNo">484</span> }<a name="line.484"></a>
-<span class="sourceLineNo">485</span> byte[] outKey = option.getOutKey();<a name="line.485"></a>
-<span class="sourceLineNo">486</span> if (outKey != null) {<a name="line.486"></a>
-<span class="sourceLineNo">487</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.487"></a>
-<span class="sourceLineNo">488</span> }<a name="line.488"></a>
-<span class="sourceLineNo">489</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.489"></a>
-<span class="sourceLineNo">490</span> option.getOutIv());<a name="line.490"></a>
-<span class="sourceLineNo">491</span> }<a name="line.491"></a>
-<span class="sourceLineNo">492</span><a name="line.492"></a>
-<span class="sourceLineNo">493</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.493"></a>
-<span class="sourceLineNo">494</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.494"></a>
-<span class="sourceLineNo">495</span> List<CipherOption> cipherOptions =<a name="line.495"></a>
-<span class="sourceLineNo">496</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.496"></a>
-<span class="sourceLineNo">497</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.497"></a>
-<span class="sourceLineNo">498</span> return null;<a name="line.498"></a>
-<span class="sourceLineNo">499</span> }<a name="line.499"></a>
-<span class="sourceLineNo">500</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.501"></a>
-<span class="sourceLineNo">502</span> }<a name="line.502"></a>
-<span class="sourceLineNo">503</span><a name="line.503"></a>
-<span class="sourceLineNo">504</span> @Override<a name="line.504"></a>
-<span class="sourceLineNo">505</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.505"></a>
-<span class="sourceLineNo">506</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.506"></a>
-<span class="sourceLineNo">507</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.507"></a>
-<span class="sourceLineNo">508</span> check(proto);<a name="line.508"></a>
-<span class="sourceLineNo">509</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.509"></a>
-<span class="sourceLineNo">510</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.510"></a>
-<span class="sourceLineNo">511</span> switch (step) {<a name="line.511"></a>
-<span class="sourceLineNo">512</span> case 1: {<a name="line.512"></a>
-<span class="sourceLineNo">513</span> List<CipherOption> cipherOptions = null;<a name="line.513"></a>
-<span class="sourceLineNo">514</span> if (requestedQopContainsPrivacy()) {<a name="line.514"></a>
-<span class="sourceLineNo">515</span> cipherOptions = getCipherOptions();<a name="line.515"></a>
-<span class="sourceLineNo">516</span> }<a name="line.516"></a>
-<span class="sourceLineNo">517</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.517"></a>
-<span class="sourceLineNo">518</span> ctx.flush();<a name="line.518"></a>
-<span class="sourceLineNo">519</span> step++;<a name="line.519"></a>
-<span class="sourceLineNo">520</span> break;<a name="line.520"></a>
-<span class="sourceLineNo">521</span> }<a name="line.521"></a>
-<span class="sourceLineNo">522</span> case 2: {<a name="line.522"></a>
-<span class="sourceLineNo">523</span> assert response == null;<a name="line.523"></a>
-<span class="sourceLineNo">524</span> checkSaslComplete();<a name="line.524"></a>
-<span class="sourceLineNo">525</span> CipherOption cipherOption =<a name="line.525"></a>
-<span class="sourceLineNo">526</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.526"></a>
-<span class="sourceLineNo">527</span> ChannelPipeline p = ctx.pipeline();<a name="line.527"></a>
-<span class="sourceLineNo">528</span> while (p.first() != null) {<a name="line.528"></a>
-<span class="sourceLineNo">529</span> p.removeFirst();<a name="line.529"></a>
-<span class="sourceLineNo">530</span> }<a name="line.530"></a>
-<span class="sourceLineNo">531</span> if (cipherOption != null) {<a name="line.531"></a>
-<span class="sourceLineNo">532</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.532"></a>
-<span class="sourceLineNo">533</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.533"></a>
-<span class="sourceLineNo">534</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.534"></a>
-<span class="sourceLineNo">535</span> } else {<a name="line.535"></a>
-<span class="sourceLineNo">536</span> if (useWrap()) {<a name="line.536"></a>
-<span class="sourceLineNo">537</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.537"></a>
-<span class="sourceLineNo">538</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.538"></a>
-<span class="sourceLineNo">539</span> new SaslUnwrapHandler(saslClient));<a name="line.539"></a>
-<span class="sourceLineNo">540</span> }<a name="line.540"></a>
-<span class="sourceLineNo">541</span> }<a name="line.541"></a>
-<span class="sourceLineNo">542</span> promise.trySuccess(null);<a name="line.542"></a>
-<span class="sourceLineNo">543</span> break;<a name="line.543"></a>
-<span class="sourceLineNo">544</span> }<a name="line.544"></a>
-<span class="sourceLineNo">545</span> default:<a name="line.545"></a>
-<span class="sourceLineNo">546</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.546"></a>
-<span class="sourceLineNo">547</span> }<a name="line.547"></a>
-<span class="sourceLineNo">548</span> } else {<a name="line.548"></a>
-<span class="sourceLineNo">549</span> ctx.fireChannelRead(msg);<a name="line.549"></a>
-<span class="sourceLineNo">550</span> }<a name="line.550"></a>
-<span class="sourceLineNo">551</span> }<a name="line.551"></a>
-<span class="sourceLineNo">552</span><a name="line.552"></a>
-<span class="sourceLineNo">553</span> @Override<a name="line.553"></a>
-<span class="sourceLineNo">554</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.554"></a>
-<span class="sourceLineNo">555</span> promise.tryFailure(cause);<a name="line.555"></a>
+<span class="sourceLineNo">480</span> private boolean useWrap() {<a name="line.480"></a>
+<span class="sourceLineNo">481</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.481"></a>
+<span class="sourceLineNo">482</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> }<a name="line.483"></a>
+<span class="sourceLineNo">484</span><a name="line.484"></a>
+<span class="sourceLineNo">485</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.485"></a>
+<span class="sourceLineNo">486</span> byte[] inKey = option.getInKey();<a name="line.486"></a>
+<span class="sourceLineNo">487</span> if (inKey != null) {<a name="line.487"></a>
+<span class="sourceLineNo">488</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.488"></a>
+<span class="sourceLineNo">489</span> }<a name="line.489"></a>
+<span class="sourceLineNo">490</span> byte[] outKey = option.getOutKey();<a name="line.490"></a>
+<span class="sourceLineNo">491</span> if (outKey != null) {<a name="line.491"></a>
+<span class="sourceLineNo">492</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.492"></a>
+<span class="sourceLineNo">493</span> }<a name="line.493"></a>
+<span class="sourceLineNo">494</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.494"></a>
+<span class="sourceLineNo">495</span> option.getOutIv());<a name="line.495"></a>
+<span class="sourceLineNo">496</span> }<a name="line.496"></a>
+<span class="sourceLineNo">497</span><a name="line.497"></a>
+<span class="sourceLineNo">498</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.498"></a>
+<span class="sourceLineNo">499</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.499"></a>
+<span class="sourceLineNo">500</span> List<CipherOption> cipherOptions =<a name="line.500"></a>
+<span class="sourceLineNo">501</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.501"></a>
+<span class="sourceLineNo">502</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.502"></a>
+<span class="sourceLineNo">503</span> return null;<a name="line.503"></a>
+<span class="sourceLineNo">504</span> }<a name="line.504"></a>
+<span class="sourceLineNo">505</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.505"></a>
+<span class="sourceLineNo">506</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.506"></a>
+<span class="sourceLineNo">507</span> }<a name="line.507"></a>
+<span class="sourceLineNo">508</span><a name="line.508"></a>
+<span class="sourceLineNo">509</span> @Override<a name="line.509"></a>
+<span class="sourceLineNo">510</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.510"></a>
+<span class="sourceLineNo">511</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.511"></a>
+<span class="sourceLineNo">512</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.512"></a>
+<span class="sourceLineNo">513</span> check(proto);<a name="line.513"></a>
+<span class="sourceLineNo">514</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.514"></a>
+<span class="sourceLineNo">515</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.515"></a>
+<span class="sourceLineNo">516</span> switch (step) {<a name="line.516"></a>
+<span class="sourceLineNo">517</span> case 1: {<a name="line.517"></a>
+<span class="sourceLineNo">518</span> List<CipherOption> cipherOptions = null;<a name="line.518"></a>
+<span class="sourceLineNo">519</span> if (requestedQopContainsPrivacy()) {<a name="line.519"></a>
+<span class="sourceLineNo">520</span> cipherOptions = getCipherOptions();<a name="line.520"></a>
+<span class="sourceLineNo">521</span> }<a name="line.521"></a>
+<span class="sourceLineNo">522</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.522"></a>
+<span class="sourceLineNo">523</span> ctx.flush();<a name="line.523"></a>
+<span class="sourceLineNo">524</span> step++;<a name="line.524"></a>
+<span class="sourceLineNo">525</span> break;<a name="line.525"></a>
+<span class="sourceLineNo">526</span> }<a name="line.526"></a>
+<span class="sourceLineNo">527</span> case 2: {<a name="line.527"></a>
+<span class="sourceLineNo">528</span> assert response == null;<a name="line.528"></a>
+<span class="sourceLineNo">529</span> checkSaslComplete();<a name="line.529"></a>
+<span class="sourceLineNo">530</span> CipherOption cipherOption =<a name="line.530"></a>
+<span class="sourceLineNo">531</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.531"></a>
+<span class="sourceLineNo">532</span> ChannelPipeline p = ctx.pipeline();<a name="line.532"></a>
+<span class="sourceLineNo">533</span> while (p.first() != null) {<a name="line.533"></a>
+<span class="sourceLineNo">534</span> p.removeFirst();<a name="line.534"></a>
+<span class="sourceLineNo">535</span> }<a name="line.535"></a>
+<span class="sourceLineNo">536</span> if (cipherOption != null) {<a name="line.536"></a>
+<span class="sourceLineNo">537</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.537"></a>
+<span class="sourceLineNo">538</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.538"></a>
+<span class="sourceLineNo">539</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.539"></a>
+<span class="sourceLineNo">540</span> } else {<a name="line.540"></a>
+<span class="sourceLineNo">541</span> if (useWrap()) {<a name="line.541"></a>
+<span class="sourceLineNo">542</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.542"></a>
+<span class="sourceLineNo">543</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.543"></a>
+<span class="sourceLineNo">544</span> new SaslUnwrapHandler(saslClient));<a name="line.544"></a>
+<span class="sourceLineNo">545</span> }<a name="line.545"></a>
+<span class="sourceLineNo">546</span> }<a name="line.546"></a>
+<span class="sourceLineNo">547</span> promise.trySuccess(null);<a name="line.547"></a>
+<span class="sourceLineNo">548</span> break;<a name="line.548"></a>
+<span class="sourceLineNo">549</span> }<a name="line.549"></a>
+<span class="sourceLineNo">550</span> default:<a name="line.550"></a>
+<span class="sourceLineNo">551</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.551"></a>
+<span class="sourceLineNo">552</span> }<a name="line.552"></a>
+<span class="sourceLineNo">553</span> } else {<a name="line.553"></a>
+<span class="sourceLineNo">554</span> ctx.fireChannelRead(msg);<a name="line.554"></a>
+<span class="sourceLineNo">555</span> }<a name="line.555"></a>
<span class="sourceLineNo">556</span> }<a name="line.556"></a>
<span class="sourceLineNo">557</span><a name="line.557"></a>
<span class="sourceLineNo">558</span> @Override<a name="line.558"></a>
-<span class="sourceLineNo">559</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.559"></a>
-<span class="sourceLineNo">560</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.560"></a>
-<span class="sourceLineNo">561</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.561"></a>
-<span class="sourceLineNo">562</span> } else {<a name="line.562"></a>
-<span class="sourceLineNo">563</span> super.userEventTriggered(ctx, evt);<a name="line.563"></a>
-<span class="sourceLineNo">564</span> }<a name="line.564"></a>
-<span class="sourceLineNo">565</span> }<a name="line.565"></a>
-<span class="sourceLineNo">566</span> }<a name="line.566"></a>
-<span class="sourceLineNo">567</span><a name="line.567"></a>
-<span class="sourceLineNo">568</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.568"></a>
-<span class="sourceLineNo">569</span><a name="line.569"></a>
-<span class="sourceLineNo">570</span> private final SaslClient saslClient;<a name="line.570"></a>
-<span class="sourceLineNo">571</span><a name="line.571"></a>
-<span class="sourceLineNo">572</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.572"></a>
-<span class="sourceLineNo">573</span> this.saslClient = saslClient;<a name="line.573"></a>
-<span class="sourceLineNo">574</span> }<a name="line.574"></a>
-<span class="sourceLineNo">575</span><a name="line.575"></a>
-<span class="sourceLineNo">576</span> @Override<a name="line.576"></a>
-<span class="sourceLineNo">577</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.577"></a>
-<span class="sourceLineNo">578</span> saslClient.dispose();<a name="line.578"></a>
+<span class="sourceLineNo">559</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.559"></a>
+<span class="sourceLineNo">560</span> promise.tryFailure(cause);<a name="line.560"></a>
+<span class="sourceLineNo">561</span> }<a name="line.561"></a>
+<span class="sourceLineNo">562</span><a name="line.562"></a>
+<span class="sourceLineNo">563</span> @Override<a name="line.563"></a>
+<span class="sourceLineNo">564</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.564"></a>
+<span class="sourceLineNo">565</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.565"></a>
+<span class="sourceLineNo">566</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.566"></a>
+<span class="sourceLineNo">567</span> } else {<a name="line.567"></a>
+<span class="sourceLineNo">568</span> super.userEventTriggered(ctx, evt);<a name="line.568"></a>
+<span class="sourceLineNo">569</span> }<a name="line.569"></a>
+<span class="sourceLineNo">570</span> }<a name="line.570"></a>
+<span class="sourceLineNo">571</span> }<a name="line.571"></a>
+<span class="sourceLineNo">572</span><a name="line.572"></a>
+<span class="sourceLineNo">573</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.573"></a>
+<span class="sourceLineNo">574</span><a name="line.574"></a>
+<span class="sourceLineNo">575</span> private final SaslClient saslClient;<a name="line.575"></a>
+<span class="sourceLineNo">576</span><a name="line.576"></a>
+<span class="sourceLineNo">577</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.577"></a>
+<span class="sourceLineNo">578</span> this.saslClient = saslClient;<a name="line.578"></a>
<span class="sourceLineNo">579</span> }<a name="line.579"></a>
<span class="sourceLineNo">580</span><a name="line.580"></a>
<span class="sourceLineNo">581</span> @Override<a name="line.581"></a>
-<span class="sourceLineNo">582</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.582"></a>
-<span class="sourceLineNo">583</span> msg.skipBytes(4);<a name="line.583"></a>
-<span class="sourceLineNo">584</span> byte[] b = new byte[msg.readableBytes()];<a name="line.584"></a>
-<span class="sourceLineNo">585</span> msg.readBytes(b);<a name="line.585"></a>
-<span class="sourceLineNo">586</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.586"></a>
-<span class="sourceLineNo">587</span> }<a name="line.587"></a>
-<span class="sourceLineNo">588</span> }<a name="line.588"></a>
-<span class="sourceLineNo">589</span><a name="line.589"></a>
-<span class="sourceLineNo">590</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.590"></a>
-<span class="sourceLineNo">591</span><a name="line.591"></a>
-<span class="sourceLineNo">592</span> private final SaslClient saslClient;<a name="line.592"></a>
-<span class="sourceLineNo">593</span><a name="line.593"></a>
-<span class="sourceLineNo">594</span> private CompositeByteBuf cBuf;<a name="line.594"></a>
-<span class="sourceLineNo">595</span><a name="line.595"></a>
-<span class="sourceLineNo">596</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.596"></a>
-<span class="sourceLineNo">597</span> this.saslClient = saslClient;<a name="line.597"></a>
-<span class="sourceLineNo">598</span> }<a name="line.598"></a>
-<span class="sourceLineNo">599</span><a name="line.599"></a>
-<span class="sourceLineNo">600</span> @Override<a name="line.600"></a>
-<span class="sourceLineNo">601</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.601"></a>
-<span class="sourceLineNo">602</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.602"></a>
+<span class="sourceLineNo">582</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.582"></a>
+<span class="sourceLineNo">583</span> saslClient.dispose();<a name="line.583"></a>
+<span class="sourceLineNo">584</span> }<a name="line.584"></a>
+<span class="sourceLineNo">585</span><a name="line.585"></a>
+<span class="sourceLineNo">586</span> @Override<a name="line.586"></a>
+<span class="sourceLineNo">587</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.587"></a>
+<span class="sourceLineNo">588</span> msg.skipBytes(4);<a name="line.588"></a>
+<span class="sourceLineNo">589</span> byte[] b = new byte[msg.readableBytes()];<a name="line.589"></a>
+<span class="sourceLineNo">590</span> msg.readBytes(b);<a name="line.590"></a>
+<span class="sourceLineNo">591</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.591"></a>
+<span class="sourceLineNo">592</span> }<a name="line.592"></a>
+<span class="sourceLineNo">593</span> }<a name="line.593"></a>
+<span class="sourceLineNo">594</span><a name="line.594"></a>
+<span class="sourceLineNo">595</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.595"></a>
+<span class="sourceLineNo">596</span><a name="line.596"></a>
+<span class="sourceLineNo">597</span> private final SaslClient saslClient;<a name="line.597"></a>
+<span class="sourceLineNo">598</span><a name="line.598"></a>
+<span class="sourceLineNo">599</span> private CompositeByteBuf cBuf;<a name="line.599"></a>
+<span class="sourceLineNo">600</span><a name="line.600"></a>
+<span class="sourceLineNo">601</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.601"></a>
+<span class="sourceLineNo">602</span> this.saslClient = saslClient;<a name="line.602"></a>
<span class="sourceLineNo">603</span> }<a name="line.603"></a>
<span class="sourceLineNo">604</span><a name="line.604"></a>
<span class="sourceLineNo">605</span> @Override<a name="line.605"></a>
-<span class="sourceLineNo">606</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.606"></a>
-<span class="sourceLineNo">607</span> throws Exception {<a name="line.607"></a>
-<span class="sourceLineNo">608</span> if (msg instanceof ByteBuf) {<a name="line.608"></a>
-<span class="sourceLineNo">609</span> ByteBuf buf = (ByteBuf) msg;<a name="line.609"></a>
-<span class="sourceLineNo">610</span> cBuf.addComponent(buf);<a name="line.610"></a>
-<span class="sourceLineNo">611</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.611"></a>
-<span class="sourceLineNo">612</span> } else {<a name="line.612"></a>
-<span class="sourceLineNo">613</span> ctx.write(msg);<a name="line.613"></a>
-<span class="sourceLineNo">614</span> }<a name="line.614"></a>
-<span class="sourceLineNo">615</span> }<a name="line.615"></a>
-<span class="sourceLineNo">616</span><a name="line.616"></a>
-<span class="sourceLineNo">617</span> @Override<a name="line.617"></a>
-<span class="sourceLineNo">618</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.618"></a>
-<span class="sourceLineNo">619</span> if (cBuf.isReadable()) {<a name="line.619"></a>
-<span class="sourceLineNo">620</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.620"></a>
-<span class="sourceLineNo">621</span> cBuf.readBytes(b);<a name="line.621"></a>
-<span class="sourceLineNo">622</span> cBuf.discardReadComponents();<a name="line.622"></a>
-<span class="sourceLineNo">623</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.623"></a>
-<span class="sourceLineNo">624</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.624"></a>
-<span class="sourceLineNo">625</span> buf.writeInt(wrapped.length);<a name="line.625"></a>
-<span class="sourceLineNo">626</span> buf.writeBytes(wrapped);<a name="line.626"></a>
-<span class="sourceLineNo">627</span> ctx.write(buf);<a name="line.627"></a>
-<span class="sourceLineNo">628</span> }<a name="line.628"></a>
-<span class="sourceLineNo">629</span> ctx.flush();<a name="line.629"></a>
-<span class="sourceLineNo">630</span> }<a name="line.630"></a>
-<span class="sourceLineNo">631</span><a name="line.631"></a>
-<span class="sourceLineNo">632</span> @Override<a name="line.632"></a>
-<span class="sourceLineNo">633</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.633"></a>
-<span class="sourceLineNo">634</span> cBuf.release();<a name="line.634"></a>
-<span class="sourceLineNo">635</span> cBuf = null;<a name="line.635"></a>
-<span class="sourceLineNo">636</span> }<a name="line.636"></a>
-<span class="sourceLineNo">637</span> }<a name="line.637"></a>
-<span class="sourceLineNo">638</span><a name="line.638"></a>
-<span class="sourceLineNo">639</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.639"></a>
-<span class="sourceLineNo">640</span><a name="line.640"></a>
-<span class="sourceLineNo">641</span> private final Decryptor decryptor;<a name="line.641"></a>
-<span class="sourceLineNo">642</span><a name="line.642"></a>
-<span class="sourceLineNo">643</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.643"></a>
-<span class="sourceLineNo">644</span> throws GeneralSecurityException, IOException {<a name="line.644"></a>
-<span class="sourceLineNo">645</span> this.decryptor = codec.createDecryptor();<a name="line.645"></a>
-<span class="sourceLineNo">646</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.646"></a>
-<span class="sourceLineNo">647</span> }<a name="line.647"></a>
-<span class="sourceLineNo">648</span><a name="line.648"></a>
-<span class="sourceLineNo">649</span> @Override<a name="line.649"></a>
-<span class="sourceLineNo">650</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.650"></a>
-<span class="sourceLineNo">651</span> ByteBuf inBuf;<a name="line.651"></a>
-<span class="sourceLineNo">652</span> boolean release = false;<a name="line.652"></a>
-<span class="sourceLineNo">653</span> if (msg.nioBufferCount() == 1) {<a name="line.653"></a>
-<span class="sourceLineNo">654</span> inBuf = msg;<a name="line.654"></a>
-<span class="sourceLineNo">655</span> } else {<a name="line.655"></a>
-<span class="sourceLineNo">656</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.656"></a>
-<span class="sourceLineNo">657</span> msg.readBytes(inBuf);<a name="line.657"></a>
-<span class="sourceLineNo">658</span> release = true;<a name="line.658"></a>
-<span class="sourceLineNo">659</span> }<a name="line.659"></a>
-<span class="sourceLineNo">660</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.660"></a>
-<span class="sourceLineNo">661</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.661"></a>
-<span class="sourceLineNo">662</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.662"></a>
-<span class="sourceLineNo">663</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.663"></a>
-<span class="sourceLineNo">664</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.664"></a>
-<span class="sourceLineNo">665</span> if (release) {<a name="line.665"></a>
-<span class="sourceLineNo">666</span> inBuf.release();<a name="line.666"></a>
-<span class="sourceLineNo">667</span> }<a name="line.667"></a>
-<span class="sourceLineNo">668</span> ctx.fireChannelRead(outBuf);<a name="line.668"></a>
-<span class="sourceLineNo">669</span> }<a name="line.669"></a>
-<span class="sourceLineNo">670</span> }<a name="line.670"></a>
-<span class="sourceLineNo">671</span><a name="line.671"></a>
-<span class="sourceLineNo">672</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.672"></a>
-<span class="sourceLineNo">673</span><a name="line.673"></a>
-<span class="sourceLineNo">674</span> private final Encryptor encryptor;<a name="line.674"></a>
-<span class="sourceLineNo">675</span><a name="line.675"></a>
-<span class="sourceLineNo">676</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.676"></a>
-<span class="sourceLineNo">677</span> throws GeneralSecurityException, IOException {<a name="line.677"></a>
-<span class="sourceLineNo">678</span> this.encryptor = codec.createEncryptor();<a name="line.678"></a>
-<span class="sourceLineNo">679</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.679"></a>
-<span class="sourceLineNo">680</span> }<a name="line.680"></a>
-<span class="sourceLineNo">681</span><a name="line.681"></a>
-<span class="sourceLineNo">682</span> @Override<a name="line.682"></a>
-<span class="sourceLineNo">683</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.683"></a>
-<span class="sourceLineNo">684</span> throws Exception {<a name="line.684"></a>
-<span class="sourceLineNo">685</span> if (preferDirect) {<a name="line.685"></a>
-<span class="sourceLineNo">686</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.686"></a>
-<span class="sourceLineNo">687</span> } else {<a name="line.687"></a>
-<span class="sourceLineNo">688</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.688"></a>
-<span class="sourceLineNo">689</span> }<a name="line.689"></a>
-<span class="sourceLineNo">690</span> }<a name="line.690"></a>
-<span class="sourceLineNo">691</span><a name="line.691"></a>
-<span class="sourceLineNo">692</span> @Override<a name="line.692"></a>
-<span class="sourceLineNo">693</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.693"></a>
-<span class="sourceLineNo">694</span> ByteBuf inBuf;<a name="line.694"></a>
-<span class="sourceLineNo">695</span> boolean release = false;<a name="line.695"></a>
-<span class="sourceLineNo">696</span> if (msg.nioBufferCount() == 1) {<a name="line.696"></a>
-<span class="sourceLineNo">697</span> inBuf = msg;<a name="line.697"></a>
-<span class="sourceLineNo">698</span> } else {<a name="line.698"></a>
-<span class="sourceLineNo">699</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.699"></a>
-<span class="sourceLineNo">700</span> msg.readBytes(inBuf);<a name="line.700"></a>
-<span class="sourceLineNo">701</span> release = true;<a name="line.701"></a>
-<span class="sourceLineNo">702</span> }<a name="line.702"></a>
-<span class="sourceLineNo">703</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.703"></a>
-<span class="sourceLineNo">704</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.704"></a>
-<span class="sourceLineNo">705</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.705"></a>
-<span class="sourceLineNo">706</span> out.writerIndex(inBuf.readableBytes());<a name="line.706"></a>
-<span class="sourceLineNo">707</span> if (release) {<a name="line.707"></a>
-<span class="sourceLineNo">708</span> inBuf.release();<a name="line.708"></a>
-<span class="sourceLineNo">709</span> }<a name="line.709"></a>
-<span class="sourceLineNo">710</span> }<a name="line.710"></a>
-<span class="sourceLineNo">711</span> }<a name="line.711"></a>
-<span class="sourceLineNo">712</span><a name="line.712"></a>
-<span class="sourceLineNo">713</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.713"></a>
-<span class="sourceLineNo">714</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.714"></a>
-<span class="sourceLineNo">715</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.715"></a>
+<span class="sourceLineNo">606</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.606"></a>
+<span class="sourceLineNo">607</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.607"></a>
+<span class="sourceLineNo">608</span> }<a name="line.608"></a>
+<span class="sourceLineNo">609</span><a name="line.609"></a>
+<span class="sourceLineNo">610</span> @Override<a name="line.610"></a>
+<span class="sourceLineNo">611</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.611"></a>
+<span class="sourceLineNo">612</span> throws Exception {<a name="line.612"></a>
+<span class="sourceLineNo">613</span> if (msg instanceof ByteBuf) {<a name="line.613"></a>
+<span class="sourceLineNo">614</span> ByteBuf buf = (ByteBuf) msg;<a name="line.614"></a>
+<span class="sourceLineNo">615</span> cBuf.addComponent(buf);<a name="line.615"></a>
+<span class="sourceLineNo">616</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.616"></a>
+<span class="sourceLineNo">617</span> } else {<a name="line.617"></a>
+<span class="sourceLineNo">618</span> ctx.write(msg);<a name="line.618"></a>
+<span class="sourceLineNo">619</span> }<a name="line.619"></a>
+<span class="sourceLineNo">620</span> }<a name="line.620"></a>
+<span class="sourceLineNo">621</span><a name="line.621"></a>
+<span class="sourceLineNo">622</span> @Override<a name="line.622"></a>
+<span class="sourceLineNo">623</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.623"></a>
+<span class="sourceLineNo">624</span> if (cBuf.isReadable()) {<a name="line.624"></a>
+<span class="sourceLineNo">625</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.625"></a>
+<span class="sourceLineNo">626</span> cBuf.readBytes(b);<a name="line.626"></a>
+<span class="sourceLineNo">627</span> cBuf.discardReadComponents();<a name="line.627"></a>
+<span class="sourceLineNo">628</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.628"></a>
+<span class="sourceLineNo">629</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.629"></a>
+<span class="sourceLineNo">630</span> buf.writeInt(wrapped.length);<a name="line.630"></a>
+<span class="sourceLineNo">631</span> buf.writeBytes(wrapped);<a name="line.631"></a>
+<span class="sourceLineNo">632</span> ctx.write(buf);<a name="line.632"></a>
+<span class="sourceLineNo">633</span> }<a name="line.633"></a>
+<span class="sourceLineNo">634</span> ctx.flush();<a name="line.634"></a>
+<span class="sourceLineNo">635</span> }<a name="line.635"></a>
+<span class="sourceLineNo">636</span><a name="line.636"></a>
+<span class="sourceLineNo">637</span> @Override<a name="line.637"></a>
+<span class="sourceLineNo">638</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.638"></a>
+<span class="sourceLineNo">639</span> cBuf.release();<a name="line.639"></a>
+<span class="sourceLineNo">640</span> cBuf = null;<a name="line.640"></a>
+<span class="sourceLineNo">641</span> }<a name="line.641"></a>
+<span class="sourceLineNo">642</span> }<a name="line.642"></a>
+<span class="sourceLineNo">643</span><a name="line.643"></a>
+<span class="sourceLineNo">644</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.644"></a>
+<span class="sourceLineNo">645</span><a name="line.645"></a>
+<span class="sourceLineNo">646</span> private final Decryptor decryptor;<a name="line.646"></a>
+<span class="sourceLineNo">647</span><a name="line.647"></a>
+<span class="sourceLineNo">648</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.648"></a>
+<span class="sourceLineNo">649</span> throws GeneralSecurityException, IOException {<a name="line.649"></a>
+<span class="sourceLineNo">650</span> this.decryptor = codec.createDecryptor();<a name="line.650"></a>
+<span class="sourceLineNo">651</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.651"></a>
+<span class="sourceLineNo">652</span> }<a name="line.652"></a>
+<span class="sourceLineNo">653</span><a name="line.653"></a>
+<span class="sourceLineNo">654</span> @Override<a name="line.654"></a>
+<span class="sourceLineNo">655</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.655"></a>
+<span class="sourceLineNo">656</span> ByteBuf inBuf;<a name="line.656"></a>
+<span class="sourceLineNo">657</span> boolean release = false;<a name="line.657"></a>
+<span class="sourceLineNo">658</span> if (msg.nioBufferCount() == 1) {<a name="line.658"></a>
+<span class="sourceLineNo">659</span> inBuf = msg;<a name="line.659"></a>
+<span class="sourceLineNo">660</span> } else {<a name="line.660"></a>
+<span class="sourceLineNo">661</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.661"></a>
+<span class="sourceLineNo">662</span> msg.readBytes(inBuf);<a name="line.662"></a>
+<span class="sourceLineNo">663</span> release = true;<a name="line.663"></a>
+<span class="sourceLineNo">664</span> }<a name="line.664"></a>
+<span class="sourceLineNo">665</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.665"></a>
+<span class="sourceLineNo">666</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.666"></a>
+<span class="sourceLineNo">667</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.667"></a>
+<span class="sourceLineNo">668</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.668"></a>
+<span class="sourceLineNo">669</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.669"></a>
+<span class="sourceLineNo">670</span> if (release) {<a name="line.670"></a>
+<span class="sourceLineNo">671</span> inBuf.release();<a name="line.671"></a>
+<span class="sourceLineNo">672</span> }<a name="line.672"></a>
+<span class="sourceLineNo">673</span> ctx.fireChannelRead(outBuf);<a name="line.673"></a>
+<span class="sourceLineNo">674</span> }<a name="line.674"></a>
+<span class="sourceLineNo">675</span> }<a name="line.675"></a>
+<span class="sourceLineNo">676</span><a name="line.676"></a>
+<span class="sourceLineNo">677</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.677"></a>
+<span class="sourceLineNo">678</span><a name="line.678"></a>
+<span class="sourceLineNo">679</span> private final Encryptor encryptor;<a name="line.679"></a>
+<span class="sourceLineNo">680</span><a name="line.680"></a>
+<span class="sourceLineNo">681</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.681"></a>
+<span class="sourceLineNo">682</span> throws GeneralSecurityException, IOException {<a name="line.682"></a>
+<span class="sourceLineNo">683</span> this.encryptor = codec.createEncryptor();<a name="line.683"></a>
+<span class="sourceLineNo">684</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.684"></a>
+<span class="sourceLineNo">685</span> }<a name="line.685"></a>
+<span class="sourceLineNo">686</span><a name="line.686"></a>
+<span class="sourceLineNo">687</span> @Override<a name="line.687"></a>
+<span class="sourceLineNo">688</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.688"></a>
+<span class="sourceLineNo">689</span> throws Exception {<a name="line.689"></a>
+<span class="sourceLineNo">690</span> if (preferDirect) {<a name="line.690"></a>
+<span class="sourceLineNo">691</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.691"></a>
+<span class="sourceLineNo">692</span> } else {<a name="line.692"></a>
+<span class="sourceLineNo">693</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.693"></a>
+<span class="sourceLineNo">694</span> }<a name="line.694"></a>
+<span class="sourceLineNo">695</span> }<a name="line.695"></a>
+<span class="sourceLineNo">696</span><a name="line.696"></a>
+<span class="sourceLineNo">697</span> @Override<a name="line.697"></a>
+<span class="sourceLineNo">698</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.698"></a>
+<span class="sourceLineNo">699</span> ByteBuf inBuf;<a name="line.699"></a>
+<span class="sourceLineNo">700</span> boolean release = false;<a name="line.700"></a>
+<span class="sourceLineNo">701</span> if (msg.nioBufferCount() == 1) {<a name="line.701"></a>
+<span class="sourceLineNo">702</span> inBuf = msg;<a name="line.702"></a>
+<span class="sourceLineNo">703</span> } else {<a name="line.703"></a>
+<span class="sourceLineNo">704</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.704"></a>
+<span class="sourceLineNo">705</span> msg.readBytes(inBuf);<a name="line.705"></a>
+<span class="sourceLineNo">706</span> release = true;<a name="line.706"></a>
+<span class="sourceLineNo">707</span> }<a name="line.707"></a>
+<span class="sourceLineNo">708</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.708"></a>
+<span class="sourceLineNo">709</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.709"></a>
+<span class="sourceLineNo">710</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.710"></a>
+<span class="sourceLineNo">711</span> out.writerIndex(inBuf.readableBytes());<a name="line.711"></a>
+<span class="sourceLineNo">712</span> if (release) {<a name="line.712"></a>
+<span class="sourceLineNo">713</span> inBuf.release();<a name="line.713"></a>
+<span class="sourceLineNo">714</span> }<a name="line.714"></a>
+<span class="sourceLineNo">715</span> }<a name="line.715"></a>
<span class="sourceLineNo">716</span> }<a name="line.716"></a>
<span class="sourceLineNo">717</span><a name="line.717"></a>
-<span class="sourceLineNo">718</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.718"></a>
-<span class="sourceLineNo">719</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.719"></a>
-<span class="sourceLineNo">720</span> }<a name="line.720"></a>
-<span class="sourceLineNo">721</span><a name="line.721"></a>
-<span class="sourceLineNo">722</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.722"></a>
-<span class="sourceLineNo">723</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.723"></a>
-<span class="sourceLineNo">724</span> }<a name="line.724"></a>
-<span class="sourceLineNo">725</span><a name="line.725"></a>
-<span class="sourceLineNo">726</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.726"></a>
-<span class="sourceLineNo">727</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.727"></a>
-<span class="sourceLineNo">728</span> .toCharArray();<a name="line.728"></a>
+<span class="sourceLineNo">718</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.718"></a>
+<span class="sourceLineNo">719</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.719"></a>
+<span class="sourceLineNo">720</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.720"></a>
+<span class="sourceLineNo">721</span> }<a name="line.721"></a>
+<span class="sourceLineNo">722</span><a name="line.722"></a>
+<span class="sourceLineNo">723</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.723"></a>
+<span class="sourceLineNo">724</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.724"></a>
+<span class="sourceLineNo">725</span> }<a name="line.725"></a>
+<span class="sourceLineNo">726</span><a name="line.726"></a>
+<span class="sourceLineNo">727</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.727"></a>
+<span class="sourceLineNo">728</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.728"></a>
<span class="sourceLineNo">729</span> }<a name="line.729"></a>
<span class="sourceLineNo">730</span><a name="line.730"></a>
-<span class="sourceLineNo">731</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.731"></a>
-<span class="sourceLineNo">732</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.732"></a>
-<span class="sourceLineNo">733</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.733"></a>
-<span class="sourceLineNo">734</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.734"></a>
-<span class="sourceLineNo">735</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.735"></a>
-<span class="sourceLineNo">736</span> return saslProps;<a name="line.736"></a>
-<span class="sourceLineNo">737</span> }<a name="line.737"></a>
-<span class="sourceLineNo">738</span><a name="line.738"></a>
-<span class="sourceLineNo">739</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.739"></a>
-<span class="sourceLineNo">740</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {<a name="line.740"></a>
-<span class="sourceLineNo">741</span> try {<a name="line.741"></a>
-<span class="sourceLineNo">742</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.742"></a>
-<span class="sourceLineNo">743</span> new ProtobufVarint32FrameDecoder(),<a name="line.743"></a>
-<span class="sourceLineNo">744</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.744"></a>
-<span class="sourceLineNo">745</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));<a name="line.745"></a>
-<span class="sourceLineNo">746</span> } catch (SaslException e) {<a name="line.746"></a>
-<span class="sourceLineNo">747</span> saslPromise.tryFailure(e);<a name="line.747"></a>
-<span class="sourceLineNo">748</span> }<a name="line.748"></a>
-<span class="sourceLineNo">749</span> }<a name="line.749"></a>
-<span class="sourceLineNo">750</span><a name="line.750"></a>
-<span class="sourceLineNo">751</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.751"></a>
-<span class="sourceLineNo">752</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.752"></a>
-<span class="sourceLineNo">753</span> Promise<Void> saslPromise) throws IOException {<a name="line.753"></a>
-<span class="sourceLineNo">754</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.754"></a>
-<span class="sourceLineNo">755</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.755"></a>
-<span class="sourceLineNo">756</span> TrustedChannelResolver trustedChannelResolver =<a name="line.756"></a>
-<span class="sourceLineNo">757</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.757"></a>
-<span class="sourceLineNo">758</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.758"></a>
-<span class="sourceLineNo">759</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.759"></a>
-<span class="sourceLineNo">760</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.760"></a>
-<span class="sourceLineNo">761</span> saslPromise.trySuccess(null);<a name="line.761"></a>
-<span class="sourceLineNo">762</span> return;<a name="line.762"></a>
-<span class="sourceLineNo">763</span> }<a name="line.763"></a>
-<span class="sourceLineNo">764</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.764"></a>
-<span class="sourceLineNo">765</span> if (encryptionKey != null) {<a name="line.765"></a>
-<span class="sourceLineNo">766</span> if (LOG.isDebugEnabled()) {<a name="line.766"></a>
-<span class="sourceLineNo">767</span> LOG.debug(<a name="line.767"></a>
-<span class="sourceLineNo">768</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.768"></a>
-<span class="sourceLineNo">769</span> }<a name="line.769"></a>
-<span class="sourceLineNo">770</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.770"></a>
-<span class="sourceLineNo">771</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.771"></a>
-<span class="sourceLineNo">772</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);<a name="line.772"></a>
-<span class="sourceLineNo">773</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.773"></a>
-<span class="sourceLineNo">774</span> if (LOG.isDebugEnabled()) {<a name="line.774"></a>
-<span class="sourceLineNo">775</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.775"></a>
-<span class="sourceLineNo">776</span> + ", datanodeId = " + dnInfo);<a name="line.776"></a>
-<span class="sourceLineNo">777</span> }<a name="line.777"></a>
-<span class="sourceLineNo">778</span> saslPromise.trySuccess(null);<a name="line.778"></a>
-<span class="sourceLineNo">779</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.779"></a>
-<span class="sourceLineNo">780</span> if (LOG.isDebugEnabled()) {<a name="line.780"></a>
-<span class="sourceLineNo">781</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.781"></a>
-<span class="sourceLineNo">782</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.782"></a>
-<span class="sourceLineNo">783</span> }<a name="line.783"></a>
-<span class="sourceLineNo">784</span> saslPromise.trySuccess(null);<a name="line.784"></a>
-<span class="sourceLineNo">785</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.785"></a>
-<span class="sourceLineNo">786</span> if (LOG.isDebugEnabled()) {<a name="line.786"></a>
-<span class="sourceLineNo">787</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.787"></a>
-<span class="sourceLineNo">788</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.788"></a>
-<span class="sourceLineNo">789</span> }<a name="line.789"></a>
-<span class="sourceLineNo">790</span> saslPromise.trySuccess(null);<a name="line.790"></a>
-<span class="sourceLineNo">791</span> } else if (saslPropsResolver != null) {<a name="line.791"></a>
-<span class="sourceLineNo">792</span> if (LOG.isDebugEnabled()) {<a name="line.792"></a>
-<span class="sourceLineNo">793</span> LOG.debug(<a name="line.793"></a>
-<span class="sourceLineNo">794</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.794"></a>
-<span class="sourceLineNo">795</span> }<a name="line.795"></a>
-<span class="sourceLineNo">796</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.796"></a>
-<span class="sourceLineNo">797</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);<a name="line.797"></a>
-<span class="sourceLineNo">798</span> } else {<a name="line.798"></a>
-<span class="sourceLineNo">799</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.799"></a>
-<span class="sourceLineNo">800</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.800"></a>
-<span class="sourceLineNo">801</span> // edge case.<a name="line.801"></a>
-<span class="sourceLineNo">802</span> if (LOG.isDebugEnabled()) {<a name="line.802"></a>
-<span class="sourceLineNo">803</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.803"></a>
-<span class="sourceLineNo">804</span> + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.804"></a>
-<span class="sourceLineNo">805</span> }<a name="line.805"></a>
-<span class="sourceLineNo">806</span> saslPromise.trySuccess(null);<a name="line.806"></a>
-<span class="sourceLineNo">807</span> }<a name="line.807"></a>
-<span class="sourceLineNo">808</span> }<a name="line.808"></a>
-<span class="sourceLineNo">809</span><a name="line.809"></a>
-<span class="sourceLineNo">810</span> static Encryptor createEncryptor(Configuration conf, HdfsFileStatus stat, DFSClient client)<a name="line.810"></a>
-<span class="sourceLineNo">811</span> throws IOException {<a name="line.811"></a>
-<span class="sourceLineNo">812</span> FileEncryptionInfo feInfo = stat.getFileEncryptionInfo();<a name="line.812"></a>
-<span class="sourceLineNo">813</span> if (feInfo == null) {<a name="line.813"></a>
-<span class="sourceLineNo">814</span> return null;<a name="line.814"></a>
-<span class="sourceLineNo">815</span> }<a name="line.815"></a>
-<span class="sourceLineNo">816</span> return TRANSPARENT_CRYPTO_HELPER.createEncryptor(conf, feInfo, client);<a name="line.816"></a>
+<span class="sourceLineNo">731</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.731"></a>
+<span class="sourceLineNo">732</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.732"></a>
+<span class="sourceLineNo">733</span> .toCharArray();<a name="line.733"></a>
+<span class="sourceLineNo">734</span> }<a name="line.734"></a>
+<span class="sourceLineNo">735</span><a name="line.735"></a>
+<span class="sourceLineNo">736</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.736"></a>
+<span class="sourceLineNo">737</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.737"></a>
+<span class="sourceLineNo">738</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.738"></a>
+<span class="sourceLineNo">739</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.739"></a>
+<span class="sourceLineNo">740</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.740"></a>
+<span class="sourceLineNo">741</span> return saslProps;<a name="line.741"></a>
+<span class="sourceLineNo">742</span> }<a name="line.742"></a>
+<span class="sourceLineNo">743</span><a name="line.743"></a>
+<span class="sourceLineNo">744</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.744"></a>
+<span class="sourceLineNo">745</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,<a name="line.745"></a>
+<span class="sourceLineNo">746</span> DFSClient dfsClient) {<a name="line.746"></a>
+<span class="sourceLineNo">747</span> try {<a name="line.747"></a>
+<span class="sourceLineNo">748</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.748"></a>
+<span class="sourceLineNo">749</span> new ProtobufVarint32FrameDecoder(),<a name="line.749"></a>
+<span class="sourceLineNo">750</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.750"></a>
+<span class="sourceLineNo">751</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,<a name="line.751"></a>
+<span class="sourceLineNo">752</span> dfsClient));<a name="line.752"></a>
+<span class="sourceLineNo">753</span> } catch (SaslException e) {<a name="line.753"></a>
+<span class="sourceLineNo">754</span> saslPromise.tryFailure(e);<a name="line.754"></a>
+<span class="sourceLineNo">755</span> }<a name="line.755"></a>
+<span class="sourceLineNo">756</span> }<a name="line.756"></a>
+<span class="sourceLineNo">757</span><a name="line.757"></a>
+<span class="sourceLineNo">758</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.758"></a>
+<span class="sourceLineNo">759</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.759"></a>
+<span class="sourceLineNo">760</span> Promise<Void> saslPromise) throws IOException {<a name="line.760"></a>
+<span class="sourceLineNo">761</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.761"></a>
+<span class="sourceLineNo">762</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.762"></a>
+<span class="sourceLineNo">763</span> TrustedChannelResolver trustedChannelResolver =<a name="line.763"></a>
+<span class="sourceLineNo">764</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.764"></a>
+<span class="sourceLineNo">765</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.765"></a>
+<span class="sourceLineNo">766</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.766"></a>
+<span class="sourceLineNo">767</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.767"></a>
+<span class="sourceLineNo">768</span> saslPromise.trySuccess(null);<a name="line.768"></a>
+<span class="sourceLineNo">769</span> return;<a name="line.769"></a>
+<span class="sourceLineNo">770</span> }<a name="line.770"></a>
+<span class="sourceLineNo">771</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.771"></a>
+<span class="sourceLineNo">772</span> if (encryptionKey != null) {<a name="line.772"></a>
+<span class="sourceLineNo">773</span> if (LOG.isDebugEnabled()) {<a name="line.773"></a>
+<span class="sourceLineNo">774</span> LOG.debug(<a name="line.774"></a>
+<span class="sourceLineNo">775</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.775"></a>
+<span class="sourceLineNo">776</span> }<a name="line.776"></a>
+<span class="sourceLineNo">777</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.777"></a>
+<span class="sourceLineNo">778</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.778"></a>
+<span class="sourceLineNo">779</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,<a name="line.779"></a>
+<span class="sourceLineNo">780</span> client);<a name="line.780"></a>
+<span class="sourceLineNo">781</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.781"></a>
+<span class="sourceLineNo">782</span> if (LOG.isDebugEnabled()) {<a name="line.782"></a>
+<span class="sourceLineNo">783</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.783"></a>
+<span class="sourceLineNo">784</span> + ", datanodeId = " + dnInfo);<a name="line.784"></a>
+<span class="sourceLineNo">785</span> }<a name="line.785"></a>
+<span class="sourceLineNo">786</span> saslPromise.trySuccess(null);<a name="line.786"></a>
+<span class="sourceLineNo">787</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.787"></a>
+<span class="sourceLineNo">788</span> if (LOG.isDebugEnabled()) {<a name="line.788"></a>
+<span class="sourceLineNo">789</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.789"></a>
+<span class="sourceLineNo">790</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.790"></a>
+<span class="sourceLineNo">791</span> }<a name="line.791"></a>
+<span class="sourceLineNo">792</span> saslPromise.trySuccess(null);<a name="line.792"></a>
+<span class="sourceLineNo">793</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.793"></a>
+<span class="sourceLineNo">794</span> if (LOG.isDebugEnabled()) {<a name="line.794"></a>
+<span class="sourceLineNo">795</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.795"></a>
+<span class="sourceLineNo">796</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.796"></a>
+<span class="sourceLineNo">797</span> }<a name="line.797"></a>
+<span class="sourceLineNo">798</span> saslPromise.trySuccess(null);<a name="line.798"></a>
+<span class="sourceLineNo">799</span> } else if (saslPropsResolver != null) {<a name="line.799"></a>
+<span class="sourceLineNo">800</span> if (LOG.isDebugEnabled()) {<a name="line.800"></a>
+<span class="sourceLineNo">801</span> LOG.debug(<a name="line.801"></a>
+<span class="sourceLineNo">802</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.802"></a>
+<span class="sourceLineNo">803</span> }<a name="line.803"></a>
+<span class="sourceLineNo">804</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.804"></a>
+<span class="sourceLineNo">805</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,<a name="line.805"></a>
+<span class="sourceLineNo">806</span> client);<a name="line.806"></a>
+<span class="sourceLineNo">807</span> } else {<a name="line.807"></a>
+<span class="sourceLineNo">808</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.808"></a>
+<span class="sourceLineNo">809</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.809"></a>
+<span class="sourceLineNo">810</span> // edge case.<a name="line.810"></a>
+<span class="sourceLineNo">811</span> if (LOG.isDebugEnabled()) {<a name="line.811"></a>
+<span class="sourceLineNo">812</span> LOG.debug("SASL client skip
<TRUNCATED>
[02/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html
index 40ef9f4..36b4e7f 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html
@@ -375,455 +375,464 @@
<span class="sourceLineNo">367</span><a name="line.367"></a>
<span class="sourceLineNo">368</span> private final Promise<Void> promise;<a name="line.368"></a>
<span class="sourceLineNo">369</span><a name="line.369"></a>
-<span class="sourceLineNo">370</span> private int step = 0;<a name="line.370"></a>
+<span class="sourceLineNo">370</span> private final DFSClient dfsClient;<a name="line.370"></a>
<span class="sourceLineNo">371</span><a name="line.371"></a>
-<span class="sourceLineNo">372</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.372"></a>
-<span class="sourceLineNo">373</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {<a name="line.373"></a>
-<span class="sourceLineNo">374</span> this.conf = conf;<a name="line.374"></a>
-<span class="sourceLineNo">375</span> this.saslProps = saslProps;<a name="line.375"></a>
-<span class="sourceLineNo">376</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.376"></a>
-<span class="sourceLineNo">377</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.377"></a>
-<span class="sourceLineNo">378</span> this.timeoutMs = timeoutMs;<a name="line.378"></a>
-<span class="sourceLineNo">379</span> this.promise = promise;<a name="line.379"></a>
-<span class="sourceLineNo">380</span> }<a name="line.380"></a>
-<span class="sourceLineNo">381</span><a name="line.381"></a>
-<span class="sourceLineNo">382</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.382"></a>
-<span class="sourceLineNo">383</span> sendSaslMessage(ctx, payload, null);<a name="line.383"></a>
+<span class="sourceLineNo">372</span> private int step = 0;<a name="line.372"></a>
+<span class="sourceLineNo">373</span><a name="line.373"></a>
+<span class="sourceLineNo">374</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.374"></a>
+<span class="sourceLineNo">375</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,<a name="line.375"></a>
+<span class="sourceLineNo">376</span> DFSClient dfsClient) throws SaslException {<a name="line.376"></a>
+<span class="sourceLineNo">377</span> this.conf = conf;<a name="line.377"></a>
+<span class="sourceLineNo">378</span> this.saslProps = saslProps;<a name="line.378"></a>
+<span class="sourceLineNo">379</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.379"></a>
+<span class="sourceLineNo">380</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.380"></a>
+<span class="sourceLineNo">381</span> this.timeoutMs = timeoutMs;<a name="line.381"></a>
+<span class="sourceLineNo">382</span> this.promise = promise;<a name="line.382"></a>
+<span class="sourceLineNo">383</span> this.dfsClient = dfsClient;<a name="line.383"></a>
<span class="sourceLineNo">384</span> }<a name="line.384"></a>
<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.387"></a>
-<span class="sourceLineNo">388</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.388"></a>
-<span class="sourceLineNo">389</span> // values for future expansion.<a name="line.389"></a>
-<span class="sourceLineNo">390</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.390"></a>
-<span class="sourceLineNo">391</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.391"></a>
-<span class="sourceLineNo">392</span> return null;<a name="line.392"></a>
-<span class="sourceLineNo">393</span> }<a name="line.393"></a>
-<span class="sourceLineNo">394</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.394"></a>
-<span class="sourceLineNo">395</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.395"></a>
-<span class="sourceLineNo">396</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.396"></a>
+<span class="sourceLineNo">386</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.386"></a>
+<span class="sourceLineNo">387</span> sendSaslMessage(ctx, payload, null);<a name="line.387"></a>
+<span class="sourceLineNo">388</span> }<a name="line.388"></a>
+<span class="sourceLineNo">389</span><a name="line.389"></a>
+<span class="sourceLineNo">390</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.390"></a>
+<span class="sourceLineNo">391</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.391"></a>
+<span class="sourceLineNo">392</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.392"></a>
+<span class="sourceLineNo">393</span> // values for future expansion.<a name="line.393"></a>
+<span class="sourceLineNo">394</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.395"></a>
+<span class="sourceLineNo">396</span> return null;<a name="line.396"></a>
<span class="sourceLineNo">397</span> }<a name="line.397"></a>
-<span class="sourceLineNo">398</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.398"></a>
-<span class="sourceLineNo">399</span> }<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.401"></a>
-<span class="sourceLineNo">402</span> List<CipherOption> options) throws IOException {<a name="line.402"></a>
-<span class="sourceLineNo">403</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.403"></a>
-<span class="sourceLineNo">404</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.404"></a>
-<span class="sourceLineNo">405</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> if (payload != null) {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.407"></a>
-<span class="sourceLineNo">408</span> // and we want to keep that out of hbase-server.<a name="line.408"></a>
-<span class="sourceLineNo">409</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.409"></a>
-<span class="sourceLineNo">410</span> }<a name="line.410"></a>
-<span class="sourceLineNo">411</span> if (options != null) {<a name="line.411"></a>
-<span class="sourceLineNo">412</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.412"></a>
-<span class="sourceLineNo">413</span> }<a name="line.413"></a>
-<span class="sourceLineNo">414</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> int size = proto.getSerializedSize();<a name="line.415"></a>
-<span class="sourceLineNo">416</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.416"></a>
-<span class="sourceLineNo">417</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.417"></a>
-<span class="sourceLineNo">418</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.418"></a>
-<span class="sourceLineNo">419</span> ctx.write(buf);<a name="line.419"></a>
-<span class="sourceLineNo">420</span> }<a name="line.420"></a>
-<span class="sourceLineNo">421</span><a name="line.421"></a>
-<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
-<span class="sourceLineNo">423</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.423"></a>
-<span class="sourceLineNo">424</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.424"></a>
-<span class="sourceLineNo">425</span> sendSaslMessage(ctx, new byte[0]);<a name="line.425"></a>
-<span class="sourceLineNo">426</span> ctx.flush();<a name="line.426"></a>
-<span class="sourceLineNo">427</span> step++;<a name="line.427"></a>
-<span class="sourceLineNo">428</span> }<a name="line.428"></a>
-<span class="sourceLineNo">429</span><a name="line.429"></a>
-<span class="sourceLineNo">430</span> @Override<a name="line.430"></a>
-<span class="sourceLineNo">431</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.431"></a>
-<span class="sourceLineNo">432</span> saslClient.dispose();<a name="line.432"></a>
-<span class="sourceLineNo">433</span> }<a name="line.433"></a>
-<span class="sourceLineNo">434</span><a name="line.434"></a>
-<span class="sourceLineNo">435</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.435"></a>
-<span class="sourceLineNo">436</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.436"></a>
-<span class="sourceLineNo">437</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.437"></a>
-<span class="sourceLineNo">438</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.438"></a>
-<span class="sourceLineNo">439</span> throw new IOException(proto.getMessage());<a name="line.439"></a>
-<span class="sourceLineNo">440</span> }<a name="line.440"></a>
-<span class="sourceLineNo">441</span> }<a name="line.441"></a>
-<span class="sourceLineNo">442</span><a name="line.442"></a>
-<span class="sourceLineNo">443</span> private String getNegotiatedQop() {<a name="line.443"></a>
-<span class="sourceLineNo">444</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> }<a name="line.445"></a>
-<span class="sourceLineNo">446</span><a name="line.446"></a>
-<span class="sourceLineNo">447</span> private boolean isNegotiatedQopPrivacy() {<a name="line.447"></a>
-<span class="sourceLineNo">448</span> String qop = getNegotiatedQop();<a name="line.448"></a>
-<span class="sourceLineNo">449</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.449"></a>
+<span class="sourceLineNo">398</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.398"></a>
+<span class="sourceLineNo">399</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.399"></a>
+<span class="sourceLineNo">400</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.400"></a>
+<span class="sourceLineNo">401</span> }<a name="line.401"></a>
+<span class="sourceLineNo">402</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.402"></a>
+<span class="sourceLineNo">403</span> }<a name="line.403"></a>
+<span class="sourceLineNo">404</span><a name="line.404"></a>
+<span class="sourceLineNo">405</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.405"></a>
+<span class="sourceLineNo">406</span> List<CipherOption> options) throws IOException {<a name="line.406"></a>
+<span class="sourceLineNo">407</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.407"></a>
+<span class="sourceLineNo">408</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.408"></a>
+<span class="sourceLineNo">409</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> if (payload != null) {<a name="line.410"></a>
+<span class="sourceLineNo">411</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.411"></a>
+<span class="sourceLineNo">412</span> // and we want to keep that out of hbase-server.<a name="line.412"></a>
+<span class="sourceLineNo">413</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.413"></a>
+<span class="sourceLineNo">414</span> }<a name="line.414"></a>
+<span class="sourceLineNo">415</span> if (options != null) {<a name="line.415"></a>
+<span class="sourceLineNo">416</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.416"></a>
+<span class="sourceLineNo">417</span> }<a name="line.417"></a>
+<span class="sourceLineNo">418</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.418"></a>
+<span class="sourceLineNo">419</span> int size = proto.getSerializedSize();<a name="line.419"></a>
+<span class="sourceLineNo">420</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.420"></a>
+<span class="sourceLineNo">421</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.421"></a>
+<span class="sourceLineNo">422</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.422"></a>
+<span class="sourceLineNo">423</span> ctx.write(buf);<a name="line.423"></a>
+<span class="sourceLineNo">424</span> }<a name="line.424"></a>
+<span class="sourceLineNo">425</span><a name="line.425"></a>
+<span class="sourceLineNo">426</span> @Override<a name="line.426"></a>
+<span class="sourceLineNo">427</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.427"></a>
+<span class="sourceLineNo">428</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.428"></a>
+<span class="sourceLineNo">429</span> sendSaslMessage(ctx, new byte[0]);<a name="line.429"></a>
+<span class="sourceLineNo">430</span> ctx.flush();<a name="line.430"></a>
+<span class="sourceLineNo">431</span> step++;<a name="line.431"></a>
+<span class="sourceLineNo">432</span> }<a name="line.432"></a>
+<span class="sourceLineNo">433</span><a name="line.433"></a>
+<span class="sourceLineNo">434</span> @Override<a name="line.434"></a>
+<span class="sourceLineNo">435</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.435"></a>
+<span class="sourceLineNo">436</span> saslClient.dispose();<a name="line.436"></a>
+<span class="sourceLineNo">437</span> }<a name="line.437"></a>
+<span class="sourceLineNo">438</span><a name="line.438"></a>
+<span class="sourceLineNo">439</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.439"></a>
+<span class="sourceLineNo">440</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.440"></a>
+<span class="sourceLineNo">441</span> dfsClient.clearDataEncryptionKey();<a name="line.441"></a>
+<span class="sourceLineNo">442</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.442"></a>
+<span class="sourceLineNo">443</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> throw new IOException(proto.getMessage());<a name="line.444"></a>
+<span class="sourceLineNo">445</span> }<a name="line.445"></a>
+<span class="sourceLineNo">446</span> }<a name="line.446"></a>
+<span class="sourceLineNo">447</span><a name="line.447"></a>
+<span class="sourceLineNo">448</span> private String getNegotiatedQop() {<a name="line.448"></a>
+<span class="sourceLineNo">449</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.449"></a>
<span class="sourceLineNo">450</span> }<a name="line.450"></a>
<span class="sourceLineNo">451</span><a name="line.451"></a>
-<span class="sourceLineNo">452</span> private boolean requestedQopContainsPrivacy() {<a name="line.452"></a>
-<span class="sourceLineNo">453</span> Set<String> requestedQop =<a name="line.453"></a>
-<span class="sourceLineNo">454</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.454"></a>
-<span class="sourceLineNo">455</span> return requestedQop.contains("auth-conf");<a name="line.455"></a>
-<span class="sourceLineNo">456</span> }<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> private void checkSaslComplete() throws IOException {<a name="line.458"></a>
-<span class="sourceLineNo">459</span> if (!saslClient.isComplete()) {<a name="line.459"></a>
-<span class="sourceLineNo">460</span> throw new IOException("Failed to complete SASL handshake");<a name="line.460"></a>
-<span class="sourceLineNo">461</span> }<a name="line.461"></a>
-<span class="sourceLineNo">462</span> Set<String> requestedQop =<a name="line.462"></a>
-<span class="sourceLineNo">463</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.463"></a>
-<span class="sourceLineNo">464</span> String negotiatedQop = getNegotiatedQop();<a name="line.464"></a>
-<span class="sourceLineNo">465</span> LOG.debug(<a name="line.465"></a>
-<span class="sourceLineNo">466</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.466"></a>
-<span class="sourceLineNo">467</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.467"></a>
-<span class="sourceLineNo">468</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.468"></a>
-<span class="sourceLineNo">469</span> + "channel does not have acceptable quality of protection, "<a name="line.469"></a>
-<span class="sourceLineNo">470</span> + "requested = %s, negotiated = %s",<a name="line.470"></a>
-<span class="sourceLineNo">471</span> requestedQop, negotiatedQop));<a name="line.471"></a>
-<span class="sourceLineNo">472</span> }<a name="line.472"></a>
-<span class="sourceLineNo">473</span> }<a name="line.473"></a>
-<span class="sourceLineNo">474</span><a name="line.474"></a>
-<span class="sourceLineNo">475</span> private boolean useWrap() {<a name="line.475"></a>
-<span class="sourceLineNo">476</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.476"></a>
-<span class="sourceLineNo">477</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.477"></a>
+<span class="sourceLineNo">452</span> private boolean isNegotiatedQopPrivacy() {<a name="line.452"></a>
+<span class="sourceLineNo">453</span> String qop = getNegotiatedQop();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.454"></a>
+<span class="sourceLineNo">455</span> }<a name="line.455"></a>
+<span class="sourceLineNo">456</span><a name="line.456"></a>
+<span class="sourceLineNo">457</span> private boolean requestedQopContainsPrivacy() {<a name="line.457"></a>
+<span class="sourceLineNo">458</span> Set<String> requestedQop =<a name="line.458"></a>
+<span class="sourceLineNo">459</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.459"></a>
+<span class="sourceLineNo">460</span> return requestedQop.contains("auth-conf");<a name="line.460"></a>
+<span class="sourceLineNo">461</span> }<a name="line.461"></a>
+<span class="sourceLineNo">462</span><a name="line.462"></a>
+<span class="sourceLineNo">463</span> private void checkSaslComplete() throws IOException {<a name="line.463"></a>
+<span class="sourceLineNo">464</span> if (!saslClient.isComplete()) {<a name="line.464"></a>
+<span class="sourceLineNo">465</span> throw new IOException("Failed to complete SASL handshake");<a name="line.465"></a>
+<span class="sourceLineNo">466</span> }<a name="line.466"></a>
+<span class="sourceLineNo">467</span> Set<String> requestedQop =<a name="line.467"></a>
+<span class="sourceLineNo">468</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.468"></a>
+<span class="sourceLineNo">469</span> String negotiatedQop = getNegotiatedQop();<a name="line.469"></a>
+<span class="sourceLineNo">470</span> LOG.debug(<a name="line.470"></a>
+<span class="sourceLineNo">471</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.471"></a>
+<span class="sourceLineNo">472</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.472"></a>
+<span class="sourceLineNo">473</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.473"></a>
+<span class="sourceLineNo">474</span> + "channel does not have acceptable quality of protection, "<a name="line.474"></a>
+<span class="sourceLineNo">475</span> + "requested = %s, negotiated = %s",<a name="line.475"></a>
+<span class="sourceLineNo">476</span> requestedQop, negotiatedQop));<a name="line.476"></a>
+<span class="sourceLineNo">477</span> }<a name="line.477"></a>
<span class="sourceLineNo">478</span> }<a name="line.478"></a>
<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.480"></a>
-<span class="sourceLineNo">481</span> byte[] inKey = option.getInKey();<a name="line.481"></a>
-<span class="sourceLineNo">482</span> if (inKey != null) {<a name="line.482"></a>
-<span class="sourceLineNo">483</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.483"></a>
-<span class="sourceLineNo">484</span> }<a name="line.484"></a>
-<span class="sourceLineNo">485</span> byte[] outKey = option.getOutKey();<a name="line.485"></a>
-<span class="sourceLineNo">486</span> if (outKey != null) {<a name="line.486"></a>
-<span class="sourceLineNo">487</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.487"></a>
-<span class="sourceLineNo">488</span> }<a name="line.488"></a>
-<span class="sourceLineNo">489</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.489"></a>
-<span class="sourceLineNo">490</span> option.getOutIv());<a name="line.490"></a>
-<span class="sourceLineNo">491</span> }<a name="line.491"></a>
-<span class="sourceLineNo">492</span><a name="line.492"></a>
-<span class="sourceLineNo">493</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.493"></a>
-<span class="sourceLineNo">494</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.494"></a>
-<span class="sourceLineNo">495</span> List<CipherOption> cipherOptions =<a name="line.495"></a>
-<span class="sourceLineNo">496</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.496"></a>
-<span class="sourceLineNo">497</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.497"></a>
-<span class="sourceLineNo">498</span> return null;<a name="line.498"></a>
-<span class="sourceLineNo">499</span> }<a name="line.499"></a>
-<span class="sourceLineNo">500</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.501"></a>
-<span class="sourceLineNo">502</span> }<a name="line.502"></a>
-<span class="sourceLineNo">503</span><a name="line.503"></a>
-<span class="sourceLineNo">504</span> @Override<a name="line.504"></a>
-<span class="sourceLineNo">505</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.505"></a>
-<span class="sourceLineNo">506</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.506"></a>
-<span class="sourceLineNo">507</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.507"></a>
-<span class="sourceLineNo">508</span> check(proto);<a name="line.508"></a>
-<span class="sourceLineNo">509</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.509"></a>
-<span class="sourceLineNo">510</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.510"></a>
-<span class="sourceLineNo">511</span> switch (step) {<a name="line.511"></a>
-<span class="sourceLineNo">512</span> case 1: {<a name="line.512"></a>
-<span class="sourceLineNo">513</span> List<CipherOption> cipherOptions = null;<a name="line.513"></a>
-<span class="sourceLineNo">514</span> if (requestedQopContainsPrivacy()) {<a name="line.514"></a>
-<span class="sourceLineNo">515</span> cipherOptions = getCipherOptions();<a name="line.515"></a>
-<span class="sourceLineNo">516</span> }<a name="line.516"></a>
-<span class="sourceLineNo">517</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.517"></a>
-<span class="sourceLineNo">518</span> ctx.flush();<a name="line.518"></a>
-<span class="sourceLineNo">519</span> step++;<a name="line.519"></a>
-<span class="sourceLineNo">520</span> break;<a name="line.520"></a>
-<span class="sourceLineNo">521</span> }<a name="line.521"></a>
-<span class="sourceLineNo">522</span> case 2: {<a name="line.522"></a>
-<span class="sourceLineNo">523</span> assert response == null;<a name="line.523"></a>
-<span class="sourceLineNo">524</span> checkSaslComplete();<a name="line.524"></a>
-<span class="sourceLineNo">525</span> CipherOption cipherOption =<a name="line.525"></a>
-<span class="sourceLineNo">526</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.526"></a>
-<span class="sourceLineNo">527</span> ChannelPipeline p = ctx.pipeline();<a name="line.527"></a>
-<span class="sourceLineNo">528</span> while (p.first() != null) {<a name="line.528"></a>
-<span class="sourceLineNo">529</span> p.removeFirst();<a name="line.529"></a>
-<span class="sourceLineNo">530</span> }<a name="line.530"></a>
-<span class="sourceLineNo">531</span> if (cipherOption != null) {<a name="line.531"></a>
-<span class="sourceLineNo">532</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.532"></a>
-<span class="sourceLineNo">533</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.533"></a>
-<span class="sourceLineNo">534</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.534"></a>
-<span class="sourceLineNo">535</span> } else {<a name="line.535"></a>
-<span class="sourceLineNo">536</span> if (useWrap()) {<a name="line.536"></a>
-<span class="sourceLineNo">537</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.537"></a>
-<span class="sourceLineNo">538</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.538"></a>
-<span class="sourceLineNo">539</span> new SaslUnwrapHandler(saslClient));<a name="line.539"></a>
-<span class="sourceLineNo">540</span> }<a name="line.540"></a>
-<span class="sourceLineNo">541</span> }<a name="line.541"></a>
-<span class="sourceLineNo">542</span> promise.trySuccess(null);<a name="line.542"></a>
-<span class="sourceLineNo">543</span> break;<a name="line.543"></a>
-<span class="sourceLineNo">544</span> }<a name="line.544"></a>
-<span class="sourceLineNo">545</span> default:<a name="line.545"></a>
-<span class="sourceLineNo">546</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.546"></a>
-<span class="sourceLineNo">547</span> }<a name="line.547"></a>
-<span class="sourceLineNo">548</span> } else {<a name="line.548"></a>
-<span class="sourceLineNo">549</span> ctx.fireChannelRead(msg);<a name="line.549"></a>
-<span class="sourceLineNo">550</span> }<a name="line.550"></a>
-<span class="sourceLineNo">551</span> }<a name="line.551"></a>
-<span class="sourceLineNo">552</span><a name="line.552"></a>
-<span class="sourceLineNo">553</span> @Override<a name="line.553"></a>
-<span class="sourceLineNo">554</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.554"></a>
-<span class="sourceLineNo">555</span> promise.tryFailure(cause);<a name="line.555"></a>
+<span class="sourceLineNo">480</span> private boolean useWrap() {<a name="line.480"></a>
+<span class="sourceLineNo">481</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.481"></a>
+<span class="sourceLineNo">482</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> }<a name="line.483"></a>
+<span class="sourceLineNo">484</span><a name="line.484"></a>
+<span class="sourceLineNo">485</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.485"></a>
+<span class="sourceLineNo">486</span> byte[] inKey = option.getInKey();<a name="line.486"></a>
+<span class="sourceLineNo">487</span> if (inKey != null) {<a name="line.487"></a>
+<span class="sourceLineNo">488</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.488"></a>
+<span class="sourceLineNo">489</span> }<a name="line.489"></a>
+<span class="sourceLineNo">490</span> byte[] outKey = option.getOutKey();<a name="line.490"></a>
+<span class="sourceLineNo">491</span> if (outKey != null) {<a name="line.491"></a>
+<span class="sourceLineNo">492</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.492"></a>
+<span class="sourceLineNo">493</span> }<a name="line.493"></a>
+<span class="sourceLineNo">494</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.494"></a>
+<span class="sourceLineNo">495</span> option.getOutIv());<a name="line.495"></a>
+<span class="sourceLineNo">496</span> }<a name="line.496"></a>
+<span class="sourceLineNo">497</span><a name="line.497"></a>
+<span class="sourceLineNo">498</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.498"></a>
+<span class="sourceLineNo">499</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.499"></a>
+<span class="sourceLineNo">500</span> List<CipherOption> cipherOptions =<a name="line.500"></a>
+<span class="sourceLineNo">501</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.501"></a>
+<span class="sourceLineNo">502</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.502"></a>
+<span class="sourceLineNo">503</span> return null;<a name="line.503"></a>
+<span class="sourceLineNo">504</span> }<a name="line.504"></a>
+<span class="sourceLineNo">505</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.505"></a>
+<span class="sourceLineNo">506</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.506"></a>
+<span class="sourceLineNo">507</span> }<a name="line.507"></a>
+<span class="sourceLineNo">508</span><a name="line.508"></a>
+<span class="sourceLineNo">509</span> @Override<a name="line.509"></a>
+<span class="sourceLineNo">510</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.510"></a>
+<span class="sourceLineNo">511</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.511"></a>
+<span class="sourceLineNo">512</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.512"></a>
+<span class="sourceLineNo">513</span> check(proto);<a name="line.513"></a>
+<span class="sourceLineNo">514</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.514"></a>
+<span class="sourceLineNo">515</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.515"></a>
+<span class="sourceLineNo">516</span> switch (step) {<a name="line.516"></a>
+<span class="sourceLineNo">517</span> case 1: {<a name="line.517"></a>
+<span class="sourceLineNo">518</span> List<CipherOption> cipherOptions = null;<a name="line.518"></a>
+<span class="sourceLineNo">519</span> if (requestedQopContainsPrivacy()) {<a name="line.519"></a>
+<span class="sourceLineNo">520</span> cipherOptions = getCipherOptions();<a name="line.520"></a>
+<span class="sourceLineNo">521</span> }<a name="line.521"></a>
+<span class="sourceLineNo">522</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.522"></a>
+<span class="sourceLineNo">523</span> ctx.flush();<a name="line.523"></a>
+<span class="sourceLineNo">524</span> step++;<a name="line.524"></a>
+<span class="sourceLineNo">525</span> break;<a name="line.525"></a>
+<span class="sourceLineNo">526</span> }<a name="line.526"></a>
+<span class="sourceLineNo">527</span> case 2: {<a name="line.527"></a>
+<span class="sourceLineNo">528</span> assert response == null;<a name="line.528"></a>
+<span class="sourceLineNo">529</span> checkSaslComplete();<a name="line.529"></a>
+<span class="sourceLineNo">530</span> CipherOption cipherOption =<a name="line.530"></a>
+<span class="sourceLineNo">531</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.531"></a>
+<span class="sourceLineNo">532</span> ChannelPipeline p = ctx.pipeline();<a name="line.532"></a>
+<span class="sourceLineNo">533</span> while (p.first() != null) {<a name="line.533"></a>
+<span class="sourceLineNo">534</span> p.removeFirst();<a name="line.534"></a>
+<span class="sourceLineNo">535</span> }<a name="line.535"></a>
+<span class="sourceLineNo">536</span> if (cipherOption != null) {<a name="line.536"></a>
+<span class="sourceLineNo">537</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.537"></a>
+<span class="sourceLineNo">538</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.538"></a>
+<span class="sourceLineNo">539</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.539"></a>
+<span class="sourceLineNo">540</span> } else {<a name="line.540"></a>
+<span class="sourceLineNo">541</span> if (useWrap()) {<a name="line.541"></a>
+<span class="sourceLineNo">542</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.542"></a>
+<span class="sourceLineNo">543</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.543"></a>
+<span class="sourceLineNo">544</span> new SaslUnwrapHandler(saslClient));<a name="line.544"></a>
+<span class="sourceLineNo">545</span> }<a name="line.545"></a>
+<span class="sourceLineNo">546</span> }<a name="line.546"></a>
+<span class="sourceLineNo">547</span> promise.trySuccess(null);<a name="line.547"></a>
+<span class="sourceLineNo">548</span> break;<a name="line.548"></a>
+<span class="sourceLineNo">549</span> }<a name="line.549"></a>
+<span class="sourceLineNo">550</span> default:<a name="line.550"></a>
+<span class="sourceLineNo">551</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.551"></a>
+<span class="sourceLineNo">552</span> }<a name="line.552"></a>
+<span class="sourceLineNo">553</span> } else {<a name="line.553"></a>
+<span class="sourceLineNo">554</span> ctx.fireChannelRead(msg);<a name="line.554"></a>
+<span class="sourceLineNo">555</span> }<a name="line.555"></a>
<span class="sourceLineNo">556</span> }<a name="line.556"></a>
<span class="sourceLineNo">557</span><a name="line.557"></a>
<span class="sourceLineNo">558</span> @Override<a name="line.558"></a>
-<span class="sourceLineNo">559</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.559"></a>
-<span class="sourceLineNo">560</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.560"></a>
-<span class="sourceLineNo">561</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.561"></a>
-<span class="sourceLineNo">562</span> } else {<a name="line.562"></a>
-<span class="sourceLineNo">563</span> super.userEventTriggered(ctx, evt);<a name="line.563"></a>
-<span class="sourceLineNo">564</span> }<a name="line.564"></a>
-<span class="sourceLineNo">565</span> }<a name="line.565"></a>
-<span class="sourceLineNo">566</span> }<a name="line.566"></a>
-<span class="sourceLineNo">567</span><a name="line.567"></a>
-<span class="sourceLineNo">568</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.568"></a>
-<span class="sourceLineNo">569</span><a name="line.569"></a>
-<span class="sourceLineNo">570</span> private final SaslClient saslClient;<a name="line.570"></a>
-<span class="sourceLineNo">571</span><a name="line.571"></a>
-<span class="sourceLineNo">572</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.572"></a>
-<span class="sourceLineNo">573</span> this.saslClient = saslClient;<a name="line.573"></a>
-<span class="sourceLineNo">574</span> }<a name="line.574"></a>
-<span class="sourceLineNo">575</span><a name="line.575"></a>
-<span class="sourceLineNo">576</span> @Override<a name="line.576"></a>
-<span class="sourceLineNo">577</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.577"></a>
-<span class="sourceLineNo">578</span> saslClient.dispose();<a name="line.578"></a>
+<span class="sourceLineNo">559</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.559"></a>
+<span class="sourceLineNo">560</span> promise.tryFailure(cause);<a name="line.560"></a>
+<span class="sourceLineNo">561</span> }<a name="line.561"></a>
+<span class="sourceLineNo">562</span><a name="line.562"></a>
+<span class="sourceLineNo">563</span> @Override<a name="line.563"></a>
+<span class="sourceLineNo">564</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.564"></a>
+<span class="sourceLineNo">565</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.565"></a>
+<span class="sourceLineNo">566</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.566"></a>
+<span class="sourceLineNo">567</span> } else {<a name="line.567"></a>
+<span class="sourceLineNo">568</span> super.userEventTriggered(ctx, evt);<a name="line.568"></a>
+<span class="sourceLineNo">569</span> }<a name="line.569"></a>
+<span class="sourceLineNo">570</span> }<a name="line.570"></a>
+<span class="sourceLineNo">571</span> }<a name="line.571"></a>
+<span class="sourceLineNo">572</span><a name="line.572"></a>
+<span class="sourceLineNo">573</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.573"></a>
+<span class="sourceLineNo">574</span><a name="line.574"></a>
+<span class="sourceLineNo">575</span> private final SaslClient saslClient;<a name="line.575"></a>
+<span class="sourceLineNo">576</span><a name="line.576"></a>
+<span class="sourceLineNo">577</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.577"></a>
+<span class="sourceLineNo">578</span> this.saslClient = saslClient;<a name="line.578"></a>
<span class="sourceLineNo">579</span> }<a name="line.579"></a>
<span class="sourceLineNo">580</span><a name="line.580"></a>
<span class="sourceLineNo">581</span> @Override<a name="line.581"></a>
-<span class="sourceLineNo">582</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.582"></a>
-<span class="sourceLineNo">583</span> msg.skipBytes(4);<a name="line.583"></a>
-<span class="sourceLineNo">584</span> byte[] b = new byte[msg.readableBytes()];<a name="line.584"></a>
-<span class="sourceLineNo">585</span> msg.readBytes(b);<a name="line.585"></a>
-<span class="sourceLineNo">586</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.586"></a>
-<span class="sourceLineNo">587</span> }<a name="line.587"></a>
-<span class="sourceLineNo">588</span> }<a name="line.588"></a>
-<span class="sourceLineNo">589</span><a name="line.589"></a>
-<span class="sourceLineNo">590</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.590"></a>
-<span class="sourceLineNo">591</span><a name="line.591"></a>
-<span class="sourceLineNo">592</span> private final SaslClient saslClient;<a name="line.592"></a>
-<span class="sourceLineNo">593</span><a name="line.593"></a>
-<span class="sourceLineNo">594</span> private CompositeByteBuf cBuf;<a name="line.594"></a>
-<span class="sourceLineNo">595</span><a name="line.595"></a>
-<span class="sourceLineNo">596</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.596"></a>
-<span class="sourceLineNo">597</span> this.saslClient = saslClient;<a name="line.597"></a>
-<span class="sourceLineNo">598</span> }<a name="line.598"></a>
-<span class="sourceLineNo">599</span><a name="line.599"></a>
-<span class="sourceLineNo">600</span> @Override<a name="line.600"></a>
-<span class="sourceLineNo">601</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.601"></a>
-<span class="sourceLineNo">602</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.602"></a>
+<span class="sourceLineNo">582</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.582"></a>
+<span class="sourceLineNo">583</span> saslClient.dispose();<a name="line.583"></a>
+<span class="sourceLineNo">584</span> }<a name="line.584"></a>
+<span class="sourceLineNo">585</span><a name="line.585"></a>
+<span class="sourceLineNo">586</span> @Override<a name="line.586"></a>
+<span class="sourceLineNo">587</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.587"></a>
+<span class="sourceLineNo">588</span> msg.skipBytes(4);<a name="line.588"></a>
+<span class="sourceLineNo">589</span> byte[] b = new byte[msg.readableBytes()];<a name="line.589"></a>
+<span class="sourceLineNo">590</span> msg.readBytes(b);<a name="line.590"></a>
+<span class="sourceLineNo">591</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.591"></a>
+<span class="sourceLineNo">592</span> }<a name="line.592"></a>
+<span class="sourceLineNo">593</span> }<a name="line.593"></a>
+<span class="sourceLineNo">594</span><a name="line.594"></a>
+<span class="sourceLineNo">595</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.595"></a>
+<span class="sourceLineNo">596</span><a name="line.596"></a>
+<span class="sourceLineNo">597</span> private final SaslClient saslClient;<a name="line.597"></a>
+<span class="sourceLineNo">598</span><a name="line.598"></a>
+<span class="sourceLineNo">599</span> private CompositeByteBuf cBuf;<a name="line.599"></a>
+<span class="sourceLineNo">600</span><a name="line.600"></a>
+<span class="sourceLineNo">601</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.601"></a>
+<span class="sourceLineNo">602</span> this.saslClient = saslClient;<a name="line.602"></a>
<span class="sourceLineNo">603</span> }<a name="line.603"></a>
<span class="sourceLineNo">604</span><a name="line.604"></a>
<span class="sourceLineNo">605</span> @Override<a name="line.605"></a>
-<span class="sourceLineNo">606</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.606"></a>
-<span class="sourceLineNo">607</span> throws Exception {<a name="line.607"></a>
-<span class="sourceLineNo">608</span> if (msg instanceof ByteBuf) {<a name="line.608"></a>
-<span class="sourceLineNo">609</span> ByteBuf buf = (ByteBuf) msg;<a name="line.609"></a>
-<span class="sourceLineNo">610</span> cBuf.addComponent(buf);<a name="line.610"></a>
-<span class="sourceLineNo">611</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.611"></a>
-<span class="sourceLineNo">612</span> } else {<a name="line.612"></a>
-<span class="sourceLineNo">613</span> ctx.write(msg);<a name="line.613"></a>
-<span class="sourceLineNo">614</span> }<a name="line.614"></a>
-<span class="sourceLineNo">615</span> }<a name="line.615"></a>
-<span class="sourceLineNo">616</span><a name="line.616"></a>
-<span class="sourceLineNo">617</span> @Override<a name="line.617"></a>
-<span class="sourceLineNo">618</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.618"></a>
-<span class="sourceLineNo">619</span> if (cBuf.isReadable()) {<a name="line.619"></a>
-<span class="sourceLineNo">620</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.620"></a>
-<span class="sourceLineNo">621</span> cBuf.readBytes(b);<a name="line.621"></a>
-<span class="sourceLineNo">622</span> cBuf.discardReadComponents();<a name="line.622"></a>
-<span class="sourceLineNo">623</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.623"></a>
-<span class="sourceLineNo">624</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.624"></a>
-<span class="sourceLineNo">625</span> buf.writeInt(wrapped.length);<a name="line.625"></a>
-<span class="sourceLineNo">626</span> buf.writeBytes(wrapped);<a name="line.626"></a>
-<span class="sourceLineNo">627</span> ctx.write(buf);<a name="line.627"></a>
-<span class="sourceLineNo">628</span> }<a name="line.628"></a>
-<span class="sourceLineNo">629</span> ctx.flush();<a name="line.629"></a>
-<span class="sourceLineNo">630</span> }<a name="line.630"></a>
-<span class="sourceLineNo">631</span><a name="line.631"></a>
-<span class="sourceLineNo">632</span> @Override<a name="line.632"></a>
-<span class="sourceLineNo">633</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.633"></a>
-<span class="sourceLineNo">634</span> cBuf.release();<a name="line.634"></a>
-<span class="sourceLineNo">635</span> cBuf = null;<a name="line.635"></a>
-<span class="sourceLineNo">636</span> }<a name="line.636"></a>
-<span class="sourceLineNo">637</span> }<a name="line.637"></a>
-<span class="sourceLineNo">638</span><a name="line.638"></a>
-<span class="sourceLineNo">639</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.639"></a>
-<span class="sourceLineNo">640</span><a name="line.640"></a>
-<span class="sourceLineNo">641</span> private final Decryptor decryptor;<a name="line.641"></a>
-<span class="sourceLineNo">642</span><a name="line.642"></a>
-<span class="sourceLineNo">643</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.643"></a>
-<span class="sourceLineNo">644</span> throws GeneralSecurityException, IOException {<a name="line.644"></a>
-<span class="sourceLineNo">645</span> this.decryptor = codec.createDecryptor();<a name="line.645"></a>
-<span class="sourceLineNo">646</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.646"></a>
-<span class="sourceLineNo">647</span> }<a name="line.647"></a>
-<span class="sourceLineNo">648</span><a name="line.648"></a>
-<span class="sourceLineNo">649</span> @Override<a name="line.649"></a>
-<span class="sourceLineNo">650</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.650"></a>
-<span class="sourceLineNo">651</span> ByteBuf inBuf;<a name="line.651"></a>
-<span class="sourceLineNo">652</span> boolean release = false;<a name="line.652"></a>
-<span class="sourceLineNo">653</span> if (msg.nioBufferCount() == 1) {<a name="line.653"></a>
-<span class="sourceLineNo">654</span> inBuf = msg;<a name="line.654"></a>
-<span class="sourceLineNo">655</span> } else {<a name="line.655"></a>
-<span class="sourceLineNo">656</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.656"></a>
-<span class="sourceLineNo">657</span> msg.readBytes(inBuf);<a name="line.657"></a>
-<span class="sourceLineNo">658</span> release = true;<a name="line.658"></a>
-<span class="sourceLineNo">659</span> }<a name="line.659"></a>
-<span class="sourceLineNo">660</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.660"></a>
-<span class="sourceLineNo">661</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.661"></a>
-<span class="sourceLineNo">662</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.662"></a>
-<span class="sourceLineNo">663</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.663"></a>
-<span class="sourceLineNo">664</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.664"></a>
-<span class="sourceLineNo">665</span> if (release) {<a name="line.665"></a>
-<span class="sourceLineNo">666</span> inBuf.release();<a name="line.666"></a>
-<span class="sourceLineNo">667</span> }<a name="line.667"></a>
-<span class="sourceLineNo">668</span> ctx.fireChannelRead(outBuf);<a name="line.668"></a>
-<span class="sourceLineNo">669</span> }<a name="line.669"></a>
-<span class="sourceLineNo">670</span> }<a name="line.670"></a>
-<span class="sourceLineNo">671</span><a name="line.671"></a>
-<span class="sourceLineNo">672</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.672"></a>
-<span class="sourceLineNo">673</span><a name="line.673"></a>
-<span class="sourceLineNo">674</span> private final Encryptor encryptor;<a name="line.674"></a>
-<span class="sourceLineNo">675</span><a name="line.675"></a>
-<span class="sourceLineNo">676</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.676"></a>
-<span class="sourceLineNo">677</span> throws GeneralSecurityException, IOException {<a name="line.677"></a>
-<span class="sourceLineNo">678</span> this.encryptor = codec.createEncryptor();<a name="line.678"></a>
-<span class="sourceLineNo">679</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.679"></a>
-<span class="sourceLineNo">680</span> }<a name="line.680"></a>
-<span class="sourceLineNo">681</span><a name="line.681"></a>
-<span class="sourceLineNo">682</span> @Override<a name="line.682"></a>
-<span class="sourceLineNo">683</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.683"></a>
-<span class="sourceLineNo">684</span> throws Exception {<a name="line.684"></a>
-<span class="sourceLineNo">685</span> if (preferDirect) {<a name="line.685"></a>
-<span class="sourceLineNo">686</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.686"></a>
-<span class="sourceLineNo">687</span> } else {<a name="line.687"></a>
-<span class="sourceLineNo">688</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.688"></a>
-<span class="sourceLineNo">689</span> }<a name="line.689"></a>
-<span class="sourceLineNo">690</span> }<a name="line.690"></a>
-<span class="sourceLineNo">691</span><a name="line.691"></a>
-<span class="sourceLineNo">692</span> @Override<a name="line.692"></a>
-<span class="sourceLineNo">693</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.693"></a>
-<span class="sourceLineNo">694</span> ByteBuf inBuf;<a name="line.694"></a>
-<span class="sourceLineNo">695</span> boolean release = false;<a name="line.695"></a>
-<span class="sourceLineNo">696</span> if (msg.nioBufferCount() == 1) {<a name="line.696"></a>
-<span class="sourceLineNo">697</span> inBuf = msg;<a name="line.697"></a>
-<span class="sourceLineNo">698</span> } else {<a name="line.698"></a>
-<span class="sourceLineNo">699</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.699"></a>
-<span class="sourceLineNo">700</span> msg.readBytes(inBuf);<a name="line.700"></a>
-<span class="sourceLineNo">701</span> release = true;<a name="line.701"></a>
-<span class="sourceLineNo">702</span> }<a name="line.702"></a>
-<span class="sourceLineNo">703</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.703"></a>
-<span class="sourceLineNo">704</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.704"></a>
-<span class="sourceLineNo">705</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.705"></a>
-<span class="sourceLineNo">706</span> out.writerIndex(inBuf.readableBytes());<a name="line.706"></a>
-<span class="sourceLineNo">707</span> if (release) {<a name="line.707"></a>
-<span class="sourceLineNo">708</span> inBuf.release();<a name="line.708"></a>
-<span class="sourceLineNo">709</span> }<a name="line.709"></a>
-<span class="sourceLineNo">710</span> }<a name="line.710"></a>
-<span class="sourceLineNo">711</span> }<a name="line.711"></a>
-<span class="sourceLineNo">712</span><a name="line.712"></a>
-<span class="sourceLineNo">713</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.713"></a>
-<span class="sourceLineNo">714</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.714"></a>
-<span class="sourceLineNo">715</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.715"></a>
+<span class="sourceLineNo">606</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.606"></a>
+<span class="sourceLineNo">607</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.607"></a>
+<span class="sourceLineNo">608</span> }<a name="line.608"></a>
+<span class="sourceLineNo">609</span><a name="line.609"></a>
+<span class="sourceLineNo">610</span> @Override<a name="line.610"></a>
+<span class="sourceLineNo">611</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.611"></a>
+<span class="sourceLineNo">612</span> throws Exception {<a name="line.612"></a>
+<span class="sourceLineNo">613</span> if (msg instanceof ByteBuf) {<a name="line.613"></a>
+<span class="sourceLineNo">614</span> ByteBuf buf = (ByteBuf) msg;<a name="line.614"></a>
+<span class="sourceLineNo">615</span> cBuf.addComponent(buf);<a name="line.615"></a>
+<span class="sourceLineNo">616</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.616"></a>
+<span class="sourceLineNo">617</span> } else {<a name="line.617"></a>
+<span class="sourceLineNo">618</span> ctx.write(msg);<a name="line.618"></a>
+<span class="sourceLineNo">619</span> }<a name="line.619"></a>
+<span class="sourceLineNo">620</span> }<a name="line.620"></a>
+<span class="sourceLineNo">621</span><a name="line.621"></a>
+<span class="sourceLineNo">622</span> @Override<a name="line.622"></a>
+<span class="sourceLineNo">623</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.623"></a>
+<span class="sourceLineNo">624</span> if (cBuf.isReadable()) {<a name="line.624"></a>
+<span class="sourceLineNo">625</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.625"></a>
+<span class="sourceLineNo">626</span> cBuf.readBytes(b);<a name="line.626"></a>
+<span class="sourceLineNo">627</span> cBuf.discardReadComponents();<a name="line.627"></a>
+<span class="sourceLineNo">628</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.628"></a>
+<span class="sourceLineNo">629</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.629"></a>
+<span class="sourceLineNo">630</span> buf.writeInt(wrapped.length);<a name="line.630"></a>
+<span class="sourceLineNo">631</span> buf.writeBytes(wrapped);<a name="line.631"></a>
+<span class="sourceLineNo">632</span> ctx.write(buf);<a name="line.632"></a>
+<span class="sourceLineNo">633</span> }<a name="line.633"></a>
+<span class="sourceLineNo">634</span> ctx.flush();<a name="line.634"></a>
+<span class="sourceLineNo">635</span> }<a name="line.635"></a>
+<span class="sourceLineNo">636</span><a name="line.636"></a>
+<span class="sourceLineNo">637</span> @Override<a name="line.637"></a>
+<span class="sourceLineNo">638</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.638"></a>
+<span class="sourceLineNo">639</span> cBuf.release();<a name="line.639"></a>
+<span class="sourceLineNo">640</span> cBuf = null;<a name="line.640"></a>
+<span class="sourceLineNo">641</span> }<a name="line.641"></a>
+<span class="sourceLineNo">642</span> }<a name="line.642"></a>
+<span class="sourceLineNo">643</span><a name="line.643"></a>
+<span class="sourceLineNo">644</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.644"></a>
+<span class="sourceLineNo">645</span><a name="line.645"></a>
+<span class="sourceLineNo">646</span> private final Decryptor decryptor;<a name="line.646"></a>
+<span class="sourceLineNo">647</span><a name="line.647"></a>
+<span class="sourceLineNo">648</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.648"></a>
+<span class="sourceLineNo">649</span> throws GeneralSecurityException, IOException {<a name="line.649"></a>
+<span class="sourceLineNo">650</span> this.decryptor = codec.createDecryptor();<a name="line.650"></a>
+<span class="sourceLineNo">651</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.651"></a>
+<span class="sourceLineNo">652</span> }<a name="line.652"></a>
+<span class="sourceLineNo">653</span><a name="line.653"></a>
+<span class="sourceLineNo">654</span> @Override<a name="line.654"></a>
+<span class="sourceLineNo">655</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.655"></a>
+<span class="sourceLineNo">656</span> ByteBuf inBuf;<a name="line.656"></a>
+<span class="sourceLineNo">657</span> boolean release = false;<a name="line.657"></a>
+<span class="sourceLineNo">658</span> if (msg.nioBufferCount() == 1) {<a name="line.658"></a>
+<span class="sourceLineNo">659</span> inBuf = msg;<a name="line.659"></a>
+<span class="sourceLineNo">660</span> } else {<a name="line.660"></a>
+<span class="sourceLineNo">661</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.661"></a>
+<span class="sourceLineNo">662</span> msg.readBytes(inBuf);<a name="line.662"></a>
+<span class="sourceLineNo">663</span> release = true;<a name="line.663"></a>
+<span class="sourceLineNo">664</span> }<a name="line.664"></a>
+<span class="sourceLineNo">665</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.665"></a>
+<span class="sourceLineNo">666</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.666"></a>
+<span class="sourceLineNo">667</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.667"></a>
+<span class="sourceLineNo">668</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.668"></a>
+<span class="sourceLineNo">669</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.669"></a>
+<span class="sourceLineNo">670</span> if (release) {<a name="line.670"></a>
+<span class="sourceLineNo">671</span> inBuf.release();<a name="line.671"></a>
+<span class="sourceLineNo">672</span> }<a name="line.672"></a>
+<span class="sourceLineNo">673</span> ctx.fireChannelRead(outBuf);<a name="line.673"></a>
+<span class="sourceLineNo">674</span> }<a name="line.674"></a>
+<span class="sourceLineNo">675</span> }<a name="line.675"></a>
+<span class="sourceLineNo">676</span><a name="line.676"></a>
+<span class="sourceLineNo">677</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.677"></a>
+<span class="sourceLineNo">678</span><a name="line.678"></a>
+<span class="sourceLineNo">679</span> private final Encryptor encryptor;<a name="line.679"></a>
+<span class="sourceLineNo">680</span><a name="line.680"></a>
+<span class="sourceLineNo">681</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.681"></a>
+<span class="sourceLineNo">682</span> throws GeneralSecurityException, IOException {<a name="line.682"></a>
+<span class="sourceLineNo">683</span> this.encryptor = codec.createEncryptor();<a name="line.683"></a>
+<span class="sourceLineNo">684</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.684"></a>
+<span class="sourceLineNo">685</span> }<a name="line.685"></a>
+<span class="sourceLineNo">686</span><a name="line.686"></a>
+<span class="sourceLineNo">687</span> @Override<a name="line.687"></a>
+<span class="sourceLineNo">688</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.688"></a>
+<span class="sourceLineNo">689</span> throws Exception {<a name="line.689"></a>
+<span class="sourceLineNo">690</span> if (preferDirect) {<a name="line.690"></a>
+<span class="sourceLineNo">691</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.691"></a>
+<span class="sourceLineNo">692</span> } else {<a name="line.692"></a>
+<span class="sourceLineNo">693</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.693"></a>
+<span class="sourceLineNo">694</span> }<a name="line.694"></a>
+<span class="sourceLineNo">695</span> }<a name="line.695"></a>
+<span class="sourceLineNo">696</span><a name="line.696"></a>
+<span class="sourceLineNo">697</span> @Override<a name="line.697"></a>
+<span class="sourceLineNo">698</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.698"></a>
+<span class="sourceLineNo">699</span> ByteBuf inBuf;<a name="line.699"></a>
+<span class="sourceLineNo">700</span> boolean release = false;<a name="line.700"></a>
+<span class="sourceLineNo">701</span> if (msg.nioBufferCount() == 1) {<a name="line.701"></a>
+<span class="sourceLineNo">702</span> inBuf = msg;<a name="line.702"></a>
+<span class="sourceLineNo">703</span> } else {<a name="line.703"></a>
+<span class="sourceLineNo">704</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.704"></a>
+<span class="sourceLineNo">705</span> msg.readBytes(inBuf);<a name="line.705"></a>
+<span class="sourceLineNo">706</span> release = true;<a name="line.706"></a>
+<span class="sourceLineNo">707</span> }<a name="line.707"></a>
+<span class="sourceLineNo">708</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.708"></a>
+<span class="sourceLineNo">709</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.709"></a>
+<span class="sourceLineNo">710</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.710"></a>
+<span class="sourceLineNo">711</span> out.writerIndex(inBuf.readableBytes());<a name="line.711"></a>
+<span class="sourceLineNo">712</span> if (release) {<a name="line.712"></a>
+<span class="sourceLineNo">713</span> inBuf.release();<a name="line.713"></a>
+<span class="sourceLineNo">714</span> }<a name="line.714"></a>
+<span class="sourceLineNo">715</span> }<a name="line.715"></a>
<span class="sourceLineNo">716</span> }<a name="line.716"></a>
<span class="sourceLineNo">717</span><a name="line.717"></a>
-<span class="sourceLineNo">718</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.718"></a>
-<span class="sourceLineNo">719</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.719"></a>
-<span class="sourceLineNo">720</span> }<a name="line.720"></a>
-<span class="sourceLineNo">721</span><a name="line.721"></a>
-<span class="sourceLineNo">722</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.722"></a>
-<span class="sourceLineNo">723</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.723"></a>
-<span class="sourceLineNo">724</span> }<a name="line.724"></a>
-<span class="sourceLineNo">725</span><a name="line.725"></a>
-<span class="sourceLineNo">726</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.726"></a>
-<span class="sourceLineNo">727</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.727"></a>
-<span class="sourceLineNo">728</span> .toCharArray();<a name="line.728"></a>
+<span class="sourceLineNo">718</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.718"></a>
+<span class="sourceLineNo">719</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.719"></a>
+<span class="sourceLineNo">720</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.720"></a>
+<span class="sourceLineNo">721</span> }<a name="line.721"></a>
+<span class="sourceLineNo">722</span><a name="line.722"></a>
+<span class="sourceLineNo">723</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.723"></a>
+<span class="sourceLineNo">724</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.724"></a>
+<span class="sourceLineNo">725</span> }<a name="line.725"></a>
+<span class="sourceLineNo">726</span><a name="line.726"></a>
+<span class="sourceLineNo">727</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.727"></a>
+<span class="sourceLineNo">728</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.728"></a>
<span class="sourceLineNo">729</span> }<a name="line.729"></a>
<span class="sourceLineNo">730</span><a name="line.730"></a>
-<span class="sourceLineNo">731</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.731"></a>
-<span class="sourceLineNo">732</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.732"></a>
-<span class="sourceLineNo">733</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.733"></a>
-<span class="sourceLineNo">734</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.734"></a>
-<span class="sourceLineNo">735</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.735"></a>
-<span class="sourceLineNo">736</span> return saslProps;<a name="line.736"></a>
-<span class="sourceLineNo">737</span> }<a name="line.737"></a>
-<span class="sourceLineNo">738</span><a name="line.738"></a>
-<span class="sourceLineNo">739</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.739"></a>
-<span class="sourceLineNo">740</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {<a name="line.740"></a>
-<span class="sourceLineNo">741</span> try {<a name="line.741"></a>
-<span class="sourceLineNo">742</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.742"></a>
-<span class="sourceLineNo">743</span> new ProtobufVarint32FrameDecoder(),<a name="line.743"></a>
-<span class="sourceLineNo">744</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.744"></a>
-<span class="sourceLineNo">745</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));<a name="line.745"></a>
-<span class="sourceLineNo">746</span> } catch (SaslException e) {<a name="line.746"></a>
-<span class="sourceLineNo">747</span> saslPromise.tryFailure(e);<a name="line.747"></a>
-<span class="sourceLineNo">748</span> }<a name="line.748"></a>
-<span class="sourceLineNo">749</span> }<a name="line.749"></a>
-<span class="sourceLineNo">750</span><a name="line.750"></a>
-<span class="sourceLineNo">751</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.751"></a>
-<span class="sourceLineNo">752</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.752"></a>
-<span class="sourceLineNo">753</span> Promise<Void> saslPromise) throws IOException {<a name="line.753"></a>
-<span class="sourceLineNo">754</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.754"></a>
-<span class="sourceLineNo">755</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.755"></a>
-<span class="sourceLineNo">756</span> TrustedChannelResolver trustedChannelResolver =<a name="line.756"></a>
-<span class="sourceLineNo">757</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.757"></a>
-<span class="sourceLineNo">758</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.758"></a>
-<span class="sourceLineNo">759</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.759"></a>
-<span class="sourceLineNo">760</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.760"></a>
-<span class="sourceLineNo">761</span> saslPromise.trySuccess(null);<a name="line.761"></a>
-<span class="sourceLineNo">762</span> return;<a name="line.762"></a>
-<span class="sourceLineNo">763</span> }<a name="line.763"></a>
-<span class="sourceLineNo">764</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.764"></a>
-<span class="sourceLineNo">765</span> if (encryptionKey != null) {<a name="line.765"></a>
-<span class="sourceLineNo">766</span> if (LOG.isDebugEnabled()) {<a name="line.766"></a>
-<span class="sourceLineNo">767</span> LOG.debug(<a name="line.767"></a>
-<span class="sourceLineNo">768</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.768"></a>
-<span class="sourceLineNo">769</span> }<a name="line.769"></a>
-<span class="sourceLineNo">770</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.770"></a>
-<span class="sourceLineNo">771</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.771"></a>
-<span class="sourceLineNo">772</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);<a name="line.772"></a>
-<span class="sourceLineNo">773</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.773"></a>
-<span class="sourceLineNo">774</span> if (LOG.isDebugEnabled()) {<a name="line.774"></a>
-<span class="sourceLineNo">775</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.775"></a>
-<span class="sourceLineNo">776</span> + ", datanodeId = " + dnInfo);<a name="line.776"></a>
-<span class="sourceLineNo">777</span> }<a name="line.777"></a>
-<span class="sourceLineNo">778</span> saslPromise.trySuccess(null);<a name="line.778"></a>
-<span class="sourceLineNo">779</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.779"></a>
-<span class="sourceLineNo">780</span> if (LOG.isDebugEnabled()) {<a name="line.780"></a>
-<span class="sourceLineNo">781</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.781"></a>
-<span class="sourceLineNo">782</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.782"></a>
-<span class="sourceLineNo">783</span> }<a name="line.783"></a>
-<span class="sourceLineNo">784</span> saslPromise.trySuccess(null);<a name="line.784"></a>
-<span class="sourceLineNo">785</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.785"></a>
-<span class="sourceLineNo">786</span> if (LOG.isDebugEnabled()) {<a name="line.786"></a>
-<span class="sourceLineNo">787</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.787"></a>
-<span class="sourceLineNo">788</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.788"></a>
-<span class="sourceLineNo">789</span> }<a name="line.789"></a>
-<span class="sourceLineNo">790</span> saslPromise.trySuccess(null);<a name="line.790"></a>
-<span class="sourceLineNo">791</span> } else if (saslPropsResolver != null) {<a name="line.791"></a>
-<span class="sourceLineNo">792</span> if (LOG.isDebugEnabled()) {<a name="line.792"></a>
-<span class="sourceLineNo">793</span> LOG.debug(<a name="line.793"></a>
-<span class="sourceLineNo">794</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.794"></a>
-<span class="sourceLineNo">795</span> }<a name="line.795"></a>
-<span class="sourceLineNo">796</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.796"></a>
-<span class="sourceLineNo">797</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);<a name="line.797"></a>
-<span class="sourceLineNo">798</span> } else {<a name="line.798"></a>
-<span class="sourceLineNo">799</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.799"></a>
-<span class="sourceLineNo">800</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.800"></a>
-<span class="sourceLineNo">801</span> // edge case.<a name="line.801"></a>
-<span class="sourceLineNo">802</span> if (LOG.isDebugEnabled()) {<a name="line.802"></a>
-<span class="sourceLineNo">803</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.803"></a>
-<span class="sourceLineNo">804</span> + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.804"></a>
-<span class="sourceLineNo">805</span> }<a name="line.805"></a>
-<span class="sourceLineNo">806</span> saslPromise.trySuccess(null);<a name="line.806"></a>
-<span class="sourceLineNo">807</span> }<a name="line.807"></a>
-<span class="sourceLineNo">808</span> }<a name="line.808"></a>
-<span class="sourceLineNo">809</span><a name="line.809"></a>
-<span class="sourceLineNo">810</span> static Encryptor createEncryptor(Configuration conf, HdfsFileStatus stat, DFSClient client)<a name="line.810"></a>
-<span class="sourceLineNo">811</span> throws IOException {<a name="line.811"></a>
-<span class="sourceLineNo">812</span> FileEncryptionInfo feInfo = stat.getFileEncryptionInfo();<a name="line.812"></a>
-<span class="sourceLineNo">813</span> if (feInfo == null) {<a name="line.813"></a>
-<span class="sourceLineNo">814</span> return null;<a name="line.814"></a>
-<span class="sourceLineNo">815</span> }<a name="line.815"></a>
-<span class="sourceLineNo">816</span> return TRANSPARENT_CRYPTO_HELPER.createEncryptor(conf, feInfo, client);<a name="line.816"></a>
+<span class="sourceLineNo">731</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.731"></a>
+<span class="sourceLineNo">732</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.732"></a>
+<span class="sourceLineNo">733</span> .toCharArray();<a name="line.733"></a>
+<span class="sourceLineNo">734</span> }<a name="line.734"></a>
+<span class="sourceLineNo">735</span><a name="line.735"></a>
+<span class="sourceLineNo">736</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.736"></a>
+<span class="sourceLineNo">737</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.737"></a>
+<span class="sourceLineNo">738</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.738"></a>
+<span class="sourceLineNo">739</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.739"></a>
+<span class="sourceLineNo">740</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.740"></a>
+<span class="sourceLineNo">741</span> return saslProps;<a name="line.741"></a>
+<span class="sourceLineNo">742</span> }<a name="line.742"></a>
+<span class="sourceLineNo">743</span><a name="line.743"></a>
+<span class="sourceLineNo">744</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.744"></a>
+<span class="sourceLineNo">745</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,<a name="line.745"></a>
+<span class="sourceLineNo">746</span> DFSClient dfsClient) {<a name="line.746"></a>
+<span class="sourceLineNo">747</span> try {<a name="line.747"></a>
+<span class="sourceLineNo">748</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.748"></a>
+<span class="sourceLineNo">749</span> new ProtobufVarint32FrameDecoder(),<a name="line.749"></a>
+<span class="sourceLineNo">750</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.750"></a>
+<span class="sourceLineNo">751</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,<a name="line.751"></a>
+<span class="sourceLineNo">752</span> dfsClient));<a name="line.752"></a>
+<span class="sourceLineNo">753</span> } catch (SaslException e) {<a name="line.753"></a>
+<span class="sourceLineNo">754</span> saslPromise.tryFailure(e);<a name="line.754"></a>
+<span class="sourceLineNo">755</span> }<a name="line.755"></a>
+<span class="sourceLineNo">756</span> }<a name="line.756"></a>
+<span class="sourceLineNo">757</span><a name="line.757"></a>
+<span class="sourceLineNo">758</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.758"></a>
+<span class="sourceLineNo">759</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.759"></a>
+<span class="sourceLineNo">760</span> Promise<Void> saslPromise) throws IOException {<a name="line.760"></a>
+<span class="sourceLineNo">761</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.761"></a>
+<span class="sourceLineNo">762</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.762"></a>
+<span class="sourceLineNo">763</span> TrustedChannelResolver trustedChannelResolver =<a name="line.763"></a>
+<span class="sourceLineNo">764</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.764"></a>
+<span class="sourceLineNo">765</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.765"></a>
+<span class="sourceLineNo">766</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.766"></a>
+<span class="sourceLineNo">767</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.767"></a>
+<span class="sourceLineNo">768</span> saslPromise.trySuccess(null);<a name="line.768"></a>
+<span class="sourceLineNo">769</span> return;<a name="line.769"></a>
+<span class="sourceLineNo">770</span> }<a name="line.770"></a>
+<span class="sourceLineNo">771</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.771"></a>
+<span class="sourceLineNo">772</span> if (encryptionKey != null) {<a name="line.772"></a>
+<span class="sourceLineNo">773</span> if (LOG.isDebugEnabled()) {<a name="line.773"></a>
+<span class="sourceLineNo">774</span> LOG.debug(<a name="line.774"></a>
+<span class="sourceLineNo">775</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.775"></a>
+<span class="sourceLineNo">776</span> }<a name="line.776"></a>
+<span class="sourceLineNo">777</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.777"></a>
+<span class="sourceLineNo">778</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.778"></a>
+<span class="sourceLineNo">779</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,<a name="line.779"></a>
+<span class="sourceLineNo">780</span> client);<a name="line.780"></a>
+<span class="sourceLineNo">781</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.781"></a>
+<span class="sourceLineNo">782</span> if (LOG.isDebugEnabled()) {<a name="line.782"></a>
+<span class="sourceLineNo">783</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.783"></a>
+<span class="sourceLineNo">784</span> + ", datanodeId = " + dnInfo);<a name="line.784"></a>
+<span class="sourceLineNo">785</span> }<a name="line.785"></a>
+<span class="sourceLineNo">786</span> saslPromise.trySuccess(null);<a name="line.786"></a>
+<span class="sourceLineNo">787</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.787"></a>
+<span class="sourceLineNo">788</span> if (LOG.isDebugEnabled()) {<a name="line.788"></a>
+<span class="sourceLineNo">789</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.789"></a>
+<span class="sourceLineNo">790</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.790"></a>
+<span class="sourceLineNo">791</span> }<a name="line.791"></a>
+<span class="sourceLineNo">792</span> saslPromise.trySuccess(null);<a name="line.792"></a>
+<span class="sourceLineNo">793</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.793"></a>
+<span class="sourceLineNo">794</span> if (LOG.isDebugEnabled()) {<a name="line.794"></a>
+<span class="sourceLineNo">795</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.795"></a>
+<span class="sourceLineNo">796</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.796"></a>
+<span class="sourceLineNo">797</span> }<a name="line.797"></a>
+<span class="sourceLineNo">798</span> saslPromise.trySuccess(null);<a name="line.798"></a>
+<span class="sourceLineNo">799</span> } else if (saslPropsResolver != null) {<a name="line.799"></a>
+<span class="sourceLineNo">800</span> if (LOG.isDebugEnabled()) {<a name="line.800"></a>
+<span class="sourceLineNo">801</span> LOG.debug(<a name="line.801"></a>
+<span class="sourceLineNo">802</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.802"></a>
+<span class="sourceLineNo">803</span> }<a name="line.803"></a>
+<span class="sourceLineNo">804</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.804"></a>
+<span class="sourceLineNo">805</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,<a name="line.805"></a>
+<span class="sourceLineNo">806</span> client);<a name="line.806"></a>
+<span class="sourceLineNo">807</span> } else {<a name="line.807"></a>
+<span class="sourceLineNo">808</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.808"></a>
+<span class="sourceLineNo">809</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.809"></a>
+<span class="sourceLineNo">810</span> // edge case.<a name="line.810"></a>
+<span class="sourceLineNo">811</span> if (LOG.isDebugEnabled()) {<a name="line.811"></a>
+<span class="sourceLineNo">812</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.812"></
<TRUNCATED>
[13/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/book.html
----------------------------------------------------------------------
diff --git a/book.html b/book.html
index ba03840..55edee8 100644
--- a/book.html
+++ b/book.html
@@ -426,7 +426,7 @@ Yours, the HBase Community.</p>
<p>Please use <a href="https://issues.apache.org/jira/browse/hbase">JIRA</a> to report non-security-related bugs.</p>
</div>
<div class="paragraph">
-<p>To protect existing HBase installations from new vulnerabilities, please <strong>do not</strong> use JIRA to report security-related bugs. Instead, send your report to the mailing list <a href="mailto:private@apache.org">private@apache.org</a>, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report.</p>
+<p>To protect existing HBase installations from new vulnerabilities, please <strong>do not</strong> use JIRA to report security-related bugs. Instead, send your report to the mailing list <a href="mailto:private@hbase.apache.org">private@hbase.apache.org</a>, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report.</p>
</div>
<div id="hbase_supported_tested_definitions" class="paragraph">
<div class="title">Support and Testing Expectations</div>
@@ -11462,7 +11462,7 @@ iterator.close();</code></pre>
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
-To protect existing HBase installations from exploitation, please <strong>do not</strong> use JIRA to report security-related bugs. Instead, send your report to the mailing list <a href="mailto:private@apache.org">private@apache.org</a>, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report.
+To protect existing HBase installations from exploitation, please <strong>do not</strong> use JIRA to report security-related bugs. Instead, send your report to the mailing list <a href="mailto:private@hbase.apache.org">private@hbase.apache.org</a>, which allows anyone to send messages, but restricts who can read them. Someone on that list will contact you to follow up on your report.
</td>
</tr>
</table>
@@ -41119,7 +41119,7 @@ org/apache/hadoop/hbase/security/access/AccessControlClient.revoke:(Lorg/apache/
<div id="footer">
<div id="footer-text">
Version 3.0.0-SNAPSHOT<br>
-Last updated 2018-08-10 14:29:54 UTC
+Last updated 2018-08-11 14:29:54 UTC
</div>
</div>
</body>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/bulk-loads.html
----------------------------------------------------------------------
diff --git a/bulk-loads.html b/bulk-loads.html
index 4ef359e..34b01aa 100644
--- a/bulk-loads.html
+++ b/bulk-loads.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase –
Bulk Loads in Apache HBase (TM)
@@ -306,7 +306,7 @@ under the License. -->
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/checkstyle-aggregate.html
----------------------------------------------------------------------
diff --git a/checkstyle-aggregate.html b/checkstyle-aggregate.html
index be7e687..8ccdba0 100644
--- a/checkstyle-aggregate.html
+++ b/checkstyle-aggregate.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Checkstyle Results</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -120357,7 +120357,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/coc.html
----------------------------------------------------------------------
diff --git a/coc.html b/coc.html
index 5db2f32..b8354cf 100644
--- a/coc.html
+++ b/coc.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase –
Code of Conduct Policy
@@ -375,7 +375,7 @@ email to <a class="externalLink" href="mailto:private@hbase.apache.org">the priv
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/dependencies.html
----------------------------------------------------------------------
diff --git a/dependencies.html b/dependencies.html
index 18bef4a..5eabd61 100644
--- a/dependencies.html
+++ b/dependencies.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Project Dependencies</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -440,7 +440,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/dependency-convergence.html
----------------------------------------------------------------------
diff --git a/dependency-convergence.html b/dependency-convergence.html
index fc57352..81f1b61 100644
--- a/dependency-convergence.html
+++ b/dependency-convergence.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Reactor Dependency Convergence</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -905,7 +905,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/dependency-info.html
----------------------------------------------------------------------
diff --git a/dependency-info.html b/dependency-info.html
index 55fef24..2345d94 100644
--- a/dependency-info.html
+++ b/dependency-info.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Dependency Information</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -313,7 +313,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/dependency-management.html
----------------------------------------------------------------------
diff --git a/dependency-management.html b/dependency-management.html
index 0e99925..4525fc8 100644
--- a/dependency-management.html
+++ b/dependency-management.html
@@ -7,7 +7,7 @@
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20180810" />
+ <meta name="Date-Revision-yyyymmdd" content="20180811" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache HBase – Project Dependency Management</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.5-HBASE.min.css" />
@@ -1005,7 +1005,7 @@
<a href="https://www.apache.org/">The Apache Software Foundation</a>.
All rights reserved.
- <li id="publishDate" class="pull-right">Last Published: 2018-08-10</li>
+ <li id="publishDate" class="pull-right">Last Published: 2018-08-11</li>
</p>
</div>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/constant-values.html
----------------------------------------------------------------------
diff --git a/devapidocs/constant-values.html b/devapidocs/constant-values.html
index ee14a6a..67e3846 100644
--- a/devapidocs/constant-values.html
+++ b/devapidocs/constant-values.html
@@ -3803,21 +3803,21 @@
<!-- -->
</a><code>public static final <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td><code><a href="org/apache/hadoop/hbase/Version.html#date">date</a></code></td>
-<td class="colLast"><code>"Fri Aug 10 14:39:22 UTC 2018"</code></td>
+<td class="colLast"><code>"Sat Aug 11 14:39:49 UTC 2018"</code></td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a name="org.apache.hadoop.hbase.Version.revision">
<!-- -->
</a><code>public static final <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td><code><a href="org/apache/hadoop/hbase/Version.html#revision">revision</a></code></td>
-<td class="colLast"><code>"397388316ead020d005a33e233364d166d4add00"</code></td>
+<td class="colLast"><code>"a3ab9306a6a1b044a8558814c5e21a38e0cb8b03"</code></td>
</tr>
<tr class="altColor">
<td class="colFirst"><a name="org.apache.hadoop.hbase.Version.srcChecksum">
<!-- -->
</a><code>public static final <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td>
<td><code><a href="org/apache/hadoop/hbase/Version.html#srcChecksum">srcChecksum</a></code></td>
-<td class="colLast"><code>"6c3f408e84717bc608f6c4ea62a7de50"</code></td>
+<td class="colLast"><code>"66b521015c9059ec6f0addb39f4b146d"</code></td>
</tr>
<tr class="rowColor">
<td class="colFirst"><a name="org.apache.hadoop.hbase.Version.url">
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/index-all.html
----------------------------------------------------------------------
diff --git a/devapidocs/index-all.html b/devapidocs/index-all.html
index 3e12d01..585c71c 100644
--- a/devapidocs/index-all.html
+++ b/devapidocs/index-all.html
@@ -25564,6 +25564,8 @@
<dd> </dd>
<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/util/CommonFSUtils.DfsBuilderUtility.html#dfsClass">dfsClass</a></span> - Static variable in class org.apache.hadoop.hbase.util.<a href="org/apache/hadoop/hbase/util/CommonFSUtils.DfsBuilderUtility.html" title="class in org.apache.hadoop.hbase.util">CommonFSUtils.DfsBuilderUtility</a></dt>
<dd> </dd>
+<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#dfsClient">dfsClient</a></span> - Variable in class org.apache.hadoop.hbase.io.asyncfs.<a href="org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html" title="class in org.apache.hadoop.hbase.io.asyncfs">FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler</a></dt>
+<dd> </dd>
<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/regionserver/MetricsRegionServerWrapperImpl.html#dfsHedgedReadMetrics">dfsHedgedReadMetrics</a></span> - Variable in class org.apache.hadoop.hbase.regionserver.<a href="org/apache/hadoop/hbase/regionserver/MetricsRegionServerWrapperImpl.html" title="class in org.apache.hadoop.hbase.regionserver">MetricsRegionServerWrapperImpl</a></dt>
<dd>
<div class="block">Can be null if not on hdfs.</div>
@@ -26468,7 +26470,7 @@
<dd> </dd>
<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/mapreduce/CellSerialization.CellSerializer.html#dos">dos</a></span> - Variable in class org.apache.hadoop.hbase.mapreduce.<a href="org/apache/hadoop/hbase/mapreduce/CellSerialization.CellSerializer.html" title="class in org.apache.hadoop.hbase.mapreduce">CellSerialization.CellSerializer</a></dt>
<dd> </dd>
-<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#doSaslNegotiation-org.apache.hadoop.conf.Configuration-org.apache.hbase.thirdparty.io.netty.channel.Channel-int-java.lang.String-char:A-java.util.Map-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-">doSaslNegotiation(Configuration, Channel, int, String, char[], Map<String, String>, Promise<Void>)</a></span> - Static method in class org.apache.hadoop.hbase.io.asyncfs.<a href="org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html" title="class in org.apache.hadoop.hbase.io.asyncfs">FanOutOneBlockAsyncDFSOutputSaslHelper</a></dt>
+<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#doSaslNegotiation-org.apache.hadoop.conf.Configuration-org.apache.hbase.thirdparty.io.netty.channel.Channel-int-java.lang.String-char:A-java.util.Map-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-org.apache.hadoop.hdfs.DFSClient-">doSaslNegotiation(Configuration, Channel, int, String, char[], Map<String, String>, Promise<Void>, DFSClient)</a></span> - Static method in class org.apache.hadoop.hbase.io.asyncfs.<a href="org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html" title="class in org.apache.hadoop.hbase.io.asyncfs">FanOutOneBlockAsyncDFSOutputSaslHelper</a></dt>
<dd> </dd>
<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/client/CancellableRegionServerCallable.html#doScan-org.apache.hadoop.hbase.shaded.protobuf.generated.ClientProtos.ScanRequest-">doScan(ClientProtos.ScanRequest)</a></span> - Method in class org.apache.hadoop.hbase.client.<a href="org/apache/hadoop/hbase/client/CancellableRegionServerCallable.html" title="class in org.apache.hadoop.hbase.client">CancellableRegionServerCallable</a></dt>
<dd> </dd>
@@ -97666,7 +97668,7 @@ service.</div>
<dd> </dd>
<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/ipc/NettyRpcConnection.html#saslNegotiate-org.apache.hbase.thirdparty.io.netty.channel.Channel-">saslNegotiate(Channel)</a></span> - Method in class org.apache.hadoop.hbase.ipc.<a href="org/apache/hadoop/hbase/ipc/NettyRpcConnection.html" title="class in org.apache.hadoop.hbase.ipc">NettyRpcConnection</a></dt>
<dd> </dd>
-<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#SaslNegotiateHandler-org.apache.hadoop.conf.Configuration-java.lang.String-char:A-java.util.Map-int-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-">SaslNegotiateHandler(Configuration, String, char[], Map<String, String>, int, Promise<Void>)</a></span> - Constructor for class org.apache.hadoop.hbase.io.asyncfs.<a href="org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html" title="class in org.apache.hadoop.hbase.io.asyncfs">FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler</a></dt>
+<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#SaslNegotiateHandler-org.apache.hadoop.conf.Configuration-java.lang.String-char:A-java.util.Map-int-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-org.apache.hadoop.hdfs.DFSClient-">SaslNegotiateHandler(Configuration, String, char[], Map<String, String>, int, Promise<Void>, DFSClient)</a></span> - Constructor for class org.apache.hadoop.hbase.io.asyncfs.<a href="org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html" title="class in org.apache.hadoop.hbase.io.asyncfs">FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler</a></dt>
<dd> </dd>
<dt><span class="memberNameLink"><a href="org/apache/hadoop/hbase/security/HBaseSaslRpcClient.html#saslOutputStream">saslOutputStream</a></span> - Variable in class org.apache.hadoop.hbase.security.<a href="org/apache/hadoop/hbase/security/HBaseSaslRpcClient.html" title="class in org.apache.hadoop.hbase.security">HBaseSaslRpcClient</a></dt>
<dd> </dd>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html b/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html
index 06e7f45..38f7cc7 100644
--- a/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/backup/package-tree.html
@@ -168,9 +168,9 @@
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
<li type="circle">org.apache.hadoop.hbase.backup.<a href="../../../../../org/apache/hadoop/hbase/backup/BackupType.html" title="enum in org.apache.hadoop.hbase.backup"><span class="typeNameLink">BackupType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.backup.<a href="../../../../../org/apache/hadoop/hbase/backup/BackupRestoreConstants.BackupCommand.html" title="enum in org.apache.hadoop.hbase.backup"><span class="typeNameLink">BackupRestoreConstants.BackupCommand</span></a></li>
<li type="circle">org.apache.hadoop.hbase.backup.<a href="../../../../../org/apache/hadoop/hbase/backup/BackupInfo.BackupPhase.html" title="enum in org.apache.hadoop.hbase.backup"><span class="typeNameLink">BackupInfo.BackupPhase</span></a></li>
<li type="circle">org.apache.hadoop.hbase.backup.<a href="../../../../../org/apache/hadoop/hbase/backup/BackupInfo.BackupState.html" title="enum in org.apache.hadoop.hbase.backup"><span class="typeNameLink">BackupInfo.BackupState</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.backup.<a href="../../../../../org/apache/hadoop/hbase/backup/BackupRestoreConstants.BackupCommand.html" title="enum in org.apache.hadoop.hbase.backup"><span class="typeNameLink">BackupRestoreConstants.BackupCommand</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/client/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/client/package-tree.html b/devapidocs/org/apache/hadoop/hbase/client/package-tree.html
index cb0f3ec..97558ff 100644
--- a/devapidocs/org/apache/hadoop/hbase/client/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/client/package-tree.html
@@ -552,24 +552,24 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/SnapshotType.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">SnapshotType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/ScannerCallable.MoreResults.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">ScannerCallable.MoreResults</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/MobCompactPartitionPolicy.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">MobCompactPartitionPolicy</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/Consistency.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">Consistency</span></a></li>
<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/MasterSwitchType.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">MasterSwitchType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/Durability.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">Durability</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/CompactType.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">CompactType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/Scan.ReadType.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">Scan.ReadType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/AsyncScanSingleRegionRpcRetryingCaller.ScanResumerState.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">AsyncScanSingleRegionRpcRetryingCaller.ScanResumerState</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/IsolationLevel.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">IsolationLevel</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/Consistency.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">Consistency</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/TableState.State.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">TableState.State</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/AsyncProcessTask.SubmittedRows.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">AsyncProcessTask.SubmittedRows</span></a></li>
<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/RequestController.ReturnCode.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">RequestController.ReturnCode</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/AsyncScanSingleRegionRpcRetryingCaller.ScanControllerState.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">AsyncScanSingleRegionRpcRetryingCaller.ScanControllerState</span></a></li>
<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/CompactionState.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">CompactionState</span></a></li>
<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/AbstractResponse.ResponseType.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">AbstractResponse.ResponseType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/AsyncScanSingleRegionRpcRetryingCaller.ScanResumerState.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">AsyncScanSingleRegionRpcRetryingCaller.ScanResumerState</span></a></li>
<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/RegionLocateType.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">RegionLocateType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/AsyncProcessTask.SubmittedRows.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">AsyncProcessTask.SubmittedRows</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/AsyncScanSingleRegionRpcRetryingCaller.ScanControllerState.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">AsyncScanSingleRegionRpcRetryingCaller.ScanControllerState</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/TableState.State.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">TableState.State</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/IsolationLevel.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">IsolationLevel</span></a></li>
<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/AsyncRequestFutureImpl.Retry.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">AsyncRequestFutureImpl.Retry</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/SnapshotType.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">SnapshotType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/CompactType.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">CompactType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/ScannerCallable.MoreResults.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">ScannerCallable.MoreResults</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/MobCompactPartitionPolicy.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">MobCompactPartitionPolicy</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.client.<a href="../../../../../org/apache/hadoop/hbase/client/Durability.html" title="enum in org.apache.hadoop.hbase.client"><span class="typeNameLink">Durability</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/coprocessor/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/coprocessor/package-tree.html b/devapidocs/org/apache/hadoop/hbase/coprocessor/package-tree.html
index 329f62f..e67b778 100644
--- a/devapidocs/org/apache/hadoop/hbase/coprocessor/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/coprocessor/package-tree.html
@@ -201,8 +201,8 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.coprocessor.<a href="../../../../../org/apache/hadoop/hbase/coprocessor/RegionObserver.MutationType.html" title="enum in org.apache.hadoop.hbase.coprocessor"><span class="typeNameLink">RegionObserver.MutationType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.coprocessor.<a href="../../../../../org/apache/hadoop/hbase/coprocessor/MetaTableMetrics.MetaTableOps.html" title="enum in org.apache.hadoop.hbase.coprocessor"><span class="typeNameLink">MetaTableMetrics.MetaTableOps</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.coprocessor.<a href="../../../../../org/apache/hadoop/hbase/coprocessor/RegionObserver.MutationType.html" title="enum in org.apache.hadoop.hbase.coprocessor"><span class="typeNameLink">RegionObserver.MutationType</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/executor/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/executor/package-tree.html b/devapidocs/org/apache/hadoop/hbase/executor/package-tree.html
index ce950b0..ae0124e 100644
--- a/devapidocs/org/apache/hadoop/hbase/executor/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/executor/package-tree.html
@@ -104,8 +104,8 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.executor.<a href="../../../../../org/apache/hadoop/hbase/executor/EventType.html" title="enum in org.apache.hadoop.hbase.executor"><span class="typeNameLink">EventType</span></a></li>
<li type="circle">org.apache.hadoop.hbase.executor.<a href="../../../../../org/apache/hadoop/hbase/executor/ExecutorType.html" title="enum in org.apache.hadoop.hbase.executor"><span class="typeNameLink">ExecutorType</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.executor.<a href="../../../../../org/apache/hadoop/hbase/executor/EventType.html" title="enum in org.apache.hadoop.hbase.executor"><span class="typeNameLink">EventType</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/filter/package-tree.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/filter/package-tree.html b/devapidocs/org/apache/hadoop/hbase/filter/package-tree.html
index 625f7e8..4bb8eeb 100644
--- a/devapidocs/org/apache/hadoop/hbase/filter/package-tree.html
+++ b/devapidocs/org/apache/hadoop/hbase/filter/package-tree.html
@@ -183,14 +183,14 @@
<ul>
<li type="circle">java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Enum.html?is-external=true" title="class or interface in java.lang"><span class="typeNameLink">Enum</span></a><E> (implements java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Comparable.html?is-external=true" title="class or interface in java.lang">Comparable</a><T>, java.io.<a href="https://docs.oracle.com/javase/8/docs/api/java/io/Serializable.html?is-external=true" title="class or interface in java.io">Serializable</a>)
<ul>
-<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/RegexStringComparator.EngineType.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">RegexStringComparator.EngineType</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/Filter.ReturnCode.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">Filter.ReturnCode</span></a></li>
<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/FilterWrapper.FilterRowRetCode.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">FilterWrapper.FilterRowRetCode</span></a></li>
<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/FuzzyRowFilter.SatisfiesCode.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">FuzzyRowFilter.SatisfiesCode</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/FilterList.Operator.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">FilterList.Operator</span></a></li>
<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/CompareFilter.CompareOp.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">CompareFilter.CompareOp</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/FuzzyRowFilter.Order.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">FuzzyRowFilter.Order</span></a></li>
<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/BitComparator.BitwiseOp.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">BitComparator.BitwiseOp</span></a></li>
-<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/FilterList.Operator.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">FilterList.Operator</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/Filter.ReturnCode.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">Filter.ReturnCode</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/FuzzyRowFilter.Order.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">FuzzyRowFilter.Order</span></a></li>
+<li type="circle">org.apache.hadoop.hbase.filter.<a href="../../../../../org/apache/hadoop/hbase/filter/RegexStringComparator.EngineType.html" title="enum in org.apache.hadoop.hbase.filter"><span class="typeNameLink">RegexStringComparator.EngineType</span></a></li>
</ul>
</li>
</ul>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html
index 0cdaf25..0dcab7a 100644
--- a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html
+++ b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html
@@ -132,7 +132,7 @@ var activeTableTab = "activeTableTab";
</dl>
<hr>
<br>
-<pre>private static final class <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.639">FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler</a>
+<pre>private static final class <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.644">FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler</a>
extends org.apache.hbase.thirdparty.io.netty.channel.SimpleChannelInboundHandler<org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf></pre>
</li>
</ul>
@@ -266,7 +266,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.SimpleChannelInboundHandler
<ul class="blockListLast">
<li class="blockList">
<h4>decryptor</h4>
-<pre>private final org.apache.hadoop.crypto.Decryptor <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html#line.641">decryptor</a></pre>
+<pre>private final org.apache.hadoop.crypto.Decryptor <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html#line.646">decryptor</a></pre>
</li>
</ul>
</li>
@@ -283,7 +283,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.SimpleChannelInboundHandler
<ul class="blockListLast">
<li class="blockList">
<h4>DecryptHandler</h4>
-<pre>public <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html#line.643">DecryptHandler</a>(org.apache.hadoop.crypto.CryptoCodec codec,
+<pre>public <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html#line.648">DecryptHandler</a>(org.apache.hadoop.crypto.CryptoCodec codec,
byte[] key,
byte[] iv)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/security/GeneralSecurityException.html?is-external=true" title="class or interface in java.security">GeneralSecurityException</a>,
@@ -309,7 +309,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.SimpleChannelInboundHandler
<ul class="blockListLast">
<li class="blockList">
<h4>channelRead0</h4>
-<pre>protected void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html#line.650">channelRead0</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>protected void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.DecryptHandler.html#line.655">channelRead0</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf msg)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html
index fffc44e..b47b3d0 100644
--- a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html
+++ b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html
@@ -132,7 +132,7 @@ var activeTableTab = "activeTableTab";
</dl>
<hr>
<br>
-<pre>private static final class <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.672">FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler</a>
+<pre>private static final class <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.677">FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler</a>
extends org.apache.hbase.thirdparty.io.netty.handler.codec.MessageToByteEncoder<org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf></pre>
</li>
</ul>
@@ -273,7 +273,7 @@ extends org.apache.hbase.thirdparty.io.netty.handler.codec.MessageToByteEncoder&
<ul class="blockListLast">
<li class="blockList">
<h4>encryptor</h4>
-<pre>private final org.apache.hadoop.crypto.Encryptor <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html#line.674">encryptor</a></pre>
+<pre>private final org.apache.hadoop.crypto.Encryptor <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html#line.679">encryptor</a></pre>
</li>
</ul>
</li>
@@ -290,7 +290,7 @@ extends org.apache.hbase.thirdparty.io.netty.handler.codec.MessageToByteEncoder&
<ul class="blockListLast">
<li class="blockList">
<h4>EncryptHandler</h4>
-<pre>public <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html#line.676">EncryptHandler</a>(org.apache.hadoop.crypto.CryptoCodec codec,
+<pre>public <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html#line.681">EncryptHandler</a>(org.apache.hadoop.crypto.CryptoCodec codec,
byte[] key,
byte[] iv)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/security/GeneralSecurityException.html?is-external=true" title="class or interface in java.security">GeneralSecurityException</a>,
@@ -316,7 +316,7 @@ extends org.apache.hbase.thirdparty.io.netty.handler.codec.MessageToByteEncoder&
<ul class="blockList">
<li class="blockList">
<h4>allocateBuffer</h4>
-<pre>protected org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html#line.683">allocateBuffer</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>protected org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html#line.688">allocateBuffer</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf msg,
boolean preferDirect)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
@@ -334,7 +334,7 @@ extends org.apache.hbase.thirdparty.io.netty.handler.codec.MessageToByteEncoder&
<ul class="blockListLast">
<li class="blockList">
<h4>encode</h4>
-<pre>protected void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html#line.693">encode</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>protected void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.EncryptHandler.html#line.698">encode</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf msg,
org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf out)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html
index f835c13..ceb0b30 100644
--- a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html
+++ b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html
@@ -172,22 +172,26 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#conf">conf</a></span></code> </td>
</tr>
<tr class="rowColor">
+<td class="colFirst"><code>private org.apache.hadoop.hdfs.DFSClient</code></td>
+<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#dfsClient">dfsClient</a></span></code> </td>
+</tr>
+<tr class="altColor">
<td class="colFirst"><code>private org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise<<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Void.html?is-external=true" title="class or interface in java.lang">Void</a>></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#promise">promise</a></span></code> </td>
</tr>
-<tr class="altColor">
+<tr class="rowColor">
<td class="colFirst"><code>private <a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#saslClient">saslClient</a></span></code> </td>
</tr>
-<tr class="rowColor">
+<tr class="altColor">
<td class="colFirst"><code>private <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a><<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>,<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>></code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#saslProps">saslProps</a></span></code> </td>
</tr>
-<tr class="altColor">
+<tr class="rowColor">
<td class="colFirst"><code>private int</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#step">step</a></span></code> </td>
</tr>
-<tr class="rowColor">
+<tr class="altColor">
<td class="colFirst"><code>private int</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#timeoutMs">timeoutMs</a></span></code> </td>
</tr>
@@ -206,12 +210,13 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<th class="colOne" scope="col">Constructor and Description</th>
</tr>
<tr class="altColor">
-<td class="colOne"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#SaslNegotiateHandler-org.apache.hadoop.conf.Configuration-java.lang.String-char:A-java.util.Map-int-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-">SaslNegotiateHandler</a></span>(org.apache.hadoop.conf.Configuration conf,
+<td class="colOne"><code><span class="memberNameLink"><a href="../../../../../../org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#SaslNegotiateHandler-org.apache.hadoop.conf.Configuration-java.lang.String-char:A-java.util.Map-int-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-org.apache.hadoop.hdfs.DFSClient-">SaslNegotiateHandler</a></span>(org.apache.hadoop.conf.Configuration conf,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> username,
char[] password,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a><<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>,<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>> saslProps,
int timeoutMs,
- org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise<<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Void.html?is-external=true" title="class or interface in java.lang">Void</a>> promise)</code> </td>
+ org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise<<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Void.html?is-external=true" title="class or interface in java.lang">Void</a>> promise,
+ org.apache.hadoop.hdfs.DFSClient dfsClient)</code> </td>
</tr>
</table>
</li>
@@ -396,13 +401,22 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<pre>private final org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise<<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Void.html?is-external=true" title="class or interface in java.lang">Void</a>> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.368">promise</a></pre>
</li>
</ul>
+<a name="dfsClient">
+<!-- -->
+</a>
+<ul class="blockList">
+<li class="blockList">
+<h4>dfsClient</h4>
+<pre>private final org.apache.hadoop.hdfs.DFSClient <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.370">dfsClient</a></pre>
+</li>
+</ul>
<a name="step">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>step</h4>
-<pre>private int <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.370">step</a></pre>
+<pre>private int <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.372">step</a></pre>
</li>
</ul>
</li>
@@ -413,18 +427,19 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<!-- -->
</a>
<h3>Constructor Detail</h3>
-<a name="SaslNegotiateHandler-org.apache.hadoop.conf.Configuration-java.lang.String-char:A-java.util.Map-int-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-">
+<a name="SaslNegotiateHandler-org.apache.hadoop.conf.Configuration-java.lang.String-char:A-java.util.Map-int-org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise-org.apache.hadoop.hdfs.DFSClient-">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>SaslNegotiateHandler</h4>
-<pre>public <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.372">SaslNegotiateHandler</a>(org.apache.hadoop.conf.Configuration conf,
+<pre>public <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.374">SaslNegotiateHandler</a>(org.apache.hadoop.conf.Configuration conf,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> username,
char[] password,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util">Map</a><<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>,<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>> saslProps,
int timeoutMs,
- org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise<<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Void.html?is-external=true" title="class or interface in java.lang">Void</a>> promise)
+ org.apache.hbase.thirdparty.io.netty.util.concurrent.Promise<<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Void.html?is-external=true" title="class or interface in java.lang">Void</a>> promise,
+ org.apache.hadoop.hdfs.DFSClient dfsClient)
throws <a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslException.html?is-external=true" title="class or interface in javax.security.sasl">SaslException</a></pre>
<dl>
<dt><span class="throwsLabel">Throws:</span></dt>
@@ -446,7 +461,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>sendSaslMessage</h4>
-<pre>private void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.382">sendSaslMessage</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>private void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.386">sendSaslMessage</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
byte[] payload)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></pre>
<dl>
@@ -461,7 +476,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>getCipherOptions</h4>
-<pre>private <a href="https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true" title="class or interface in java.util">List</a><org.apache.hadoop.crypto.CipherOption> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.386">getCipherOptions</a>()
+<pre>private <a href="https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true" title="class or interface in java.util">List</a><org.apache.hadoop.crypto.CipherOption> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.390">getCipherOptions</a>()
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></pre>
<dl>
<dt><span class="throwsLabel">Throws:</span></dt>
@@ -475,7 +490,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>sendSaslMessage</h4>
-<pre>private void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.401">sendSaslMessage</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>private void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.405">sendSaslMessage</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
byte[] payload,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/List.html?is-external=true" title="class or interface in java.util">List</a><org.apache.hadoop.crypto.CipherOption> options)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></pre>
@@ -491,7 +506,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>handlerAdded</h4>
-<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.423">handlerAdded</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx)
+<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.427">handlerAdded</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
@@ -509,7 +524,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>channelInactive</h4>
-<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.431">channelInactive</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx)
+<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.435">channelInactive</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
@@ -527,7 +542,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>check</h4>
-<pre>private void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.435">check</a>(org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto proto)
+<pre>private void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.439">check</a>(org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto proto)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></pre>
<dl>
<dt><span class="throwsLabel">Throws:</span></dt>
@@ -541,7 +556,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>getNegotiatedQop</h4>
-<pre>private <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.443">getNegotiatedQop</a>()</pre>
+<pre>private <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.448">getNegotiatedQop</a>()</pre>
</li>
</ul>
<a name="isNegotiatedQopPrivacy--">
@@ -550,7 +565,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>isNegotiatedQopPrivacy</h4>
-<pre>private boolean <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.447">isNegotiatedQopPrivacy</a>()</pre>
+<pre>private boolean <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.452">isNegotiatedQopPrivacy</a>()</pre>
</li>
</ul>
<a name="requestedQopContainsPrivacy--">
@@ -559,7 +574,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>requestedQopContainsPrivacy</h4>
-<pre>private boolean <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.452">requestedQopContainsPrivacy</a>()</pre>
+<pre>private boolean <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.457">requestedQopContainsPrivacy</a>()</pre>
</li>
</ul>
<a name="checkSaslComplete--">
@@ -568,7 +583,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>checkSaslComplete</h4>
-<pre>private void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.458">checkSaslComplete</a>()
+<pre>private void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.463">checkSaslComplete</a>()
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></pre>
<dl>
<dt><span class="throwsLabel">Throws:</span></dt>
@@ -582,7 +597,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>useWrap</h4>
-<pre>private boolean <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.475">useWrap</a>()</pre>
+<pre>private boolean <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.480">useWrap</a>()</pre>
</li>
</ul>
<a name="unwrap-org.apache.hadoop.crypto.CipherOption-javax.security.sasl.SaslClient-">
@@ -591,7 +606,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>unwrap</h4>
-<pre>private org.apache.hadoop.crypto.CipherOption <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.480">unwrap</a>(org.apache.hadoop.crypto.CipherOption option,
+<pre>private org.apache.hadoop.crypto.CipherOption <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.485">unwrap</a>(org.apache.hadoop.crypto.CipherOption option,
<a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a> saslClient)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></pre>
<dl>
@@ -606,7 +621,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>getCipherOption</h4>
-<pre>private org.apache.hadoop.crypto.CipherOption <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.493">getCipherOption</a>(org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto proto,
+<pre>private org.apache.hadoop.crypto.CipherOption <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.498">getCipherOption</a>(org.apache.hadoop.hdfs.protocol.proto.DataTransferProtos.DataTransferEncryptorMessageProto proto,
boolean isNegotiatedQopPrivacy,
<a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a> saslClient)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io">IOException</a></pre>
@@ -622,7 +637,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>channelRead</h4>
-<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.505">channelRead</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.510">channelRead</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> msg)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
@@ -641,7 +656,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockList">
<li class="blockList">
<h4>exceptionCaught</h4>
-<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.554">exceptionCaught</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.559">exceptionCaught</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Throwable.html?is-external=true" title="class or interface in java.lang">Throwable</a> cause)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
@@ -662,7 +677,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelDuplexHandler</pre>
<ul class="blockListLast">
<li class="blockList">
<h4>userEventTriggered</h4>
-<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.559">userEventTriggered</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslNegotiateHandler.html#line.564">userEventTriggered</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> evt)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html
index 2ff4512..d632a44 100644
--- a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html
+++ b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html
@@ -132,7 +132,7 @@ var activeTableTab = "activeTableTab";
</dl>
<hr>
<br>
-<pre>private static final class <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.568">FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler</a>
+<pre>private static final class <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.573">FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler</a>
extends org.apache.hbase.thirdparty.io.netty.channel.SimpleChannelInboundHandler<org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf></pre>
</li>
</ul>
@@ -268,7 +268,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.SimpleChannelInboundHandler
<ul class="blockListLast">
<li class="blockList">
<h4>saslClient</h4>
-<pre>private final <a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html#line.570">saslClient</a></pre>
+<pre>private final <a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html#line.575">saslClient</a></pre>
</li>
</ul>
</li>
@@ -285,7 +285,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.SimpleChannelInboundHandler
<ul class="blockListLast">
<li class="blockList">
<h4>SaslUnwrapHandler</h4>
-<pre>public <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html#line.572">SaslUnwrapHandler</a>(<a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a> saslClient)</pre>
+<pre>public <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html#line.577">SaslUnwrapHandler</a>(<a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a> saslClient)</pre>
</li>
</ul>
</li>
@@ -302,7 +302,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.SimpleChannelInboundHandler
<ul class="blockList">
<li class="blockList">
<h4>channelInactive</h4>
-<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html#line.577">channelInactive</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx)
+<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html#line.582">channelInactive</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
@@ -320,7 +320,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.SimpleChannelInboundHandler
<ul class="blockListLast">
<li class="blockList">
<h4>channelRead0</h4>
-<pre>protected void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html#line.582">channelRead0</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>protected void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslUnwrapHandler.html#line.587">channelRead0</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
org.apache.hbase.thirdparty.io.netty.buffer.ByteBuf msg)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html
index 8987cd5..5c4b34d 100644
--- a/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html
+++ b/devapidocs/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html
@@ -127,7 +127,7 @@ var activeTableTab = "activeTableTab";
</dl>
<hr>
<br>
-<pre>private static final class <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.590">FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler</a>
+<pre>private static final class <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.html#line.595">FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler</a>
extends org.apache.hbase.thirdparty.io.netty.channel.ChannelOutboundHandlerAdapter</pre>
</li>
</ul>
@@ -270,7 +270,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelOutboundHandlerAdapt
<ul class="blockList">
<li class="blockList">
<h4>saslClient</h4>
-<pre>private final <a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.592">saslClient</a></pre>
+<pre>private final <a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a> <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.597">saslClient</a></pre>
</li>
</ul>
<a name="cBuf">
@@ -279,7 +279,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelOutboundHandlerAdapt
<ul class="blockListLast">
<li class="blockList">
<h4>cBuf</h4>
-<pre>private org.apache.hbase.thirdparty.io.netty.buffer.CompositeByteBuf <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.594">cBuf</a></pre>
+<pre>private org.apache.hbase.thirdparty.io.netty.buffer.CompositeByteBuf <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.599">cBuf</a></pre>
</li>
</ul>
</li>
@@ -296,7 +296,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelOutboundHandlerAdapt
<ul class="blockListLast">
<li class="blockList">
<h4>SaslWrapHandler</h4>
-<pre>public <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.596">SaslWrapHandler</a>(<a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a> saslClient)</pre>
+<pre>public <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.601">SaslWrapHandler</a>(<a href="https://docs.oracle.com/javase/8/docs/api/javax/security/sasl/SaslClient.html?is-external=true" title="class or interface in javax.security.sasl">SaslClient</a> saslClient)</pre>
</li>
</ul>
</li>
@@ -313,7 +313,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelOutboundHandlerAdapt
<ul class="blockList">
<li class="blockList">
<h4>handlerAdded</h4>
-<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.601">handlerAdded</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx)
+<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.606">handlerAdded</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
@@ -331,7 +331,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelOutboundHandlerAdapt
<ul class="blockList">
<li class="blockList">
<h4>write</h4>
-<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.606">write</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.611">write</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> msg,
org.apache.hbase.thirdparty.io.netty.channel.ChannelPromise promise)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
@@ -351,7 +351,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelOutboundHandlerAdapt
<ul class="blockList">
<li class="blockList">
<h4>flush</h4>
-<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.618">flush</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx)
+<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.623">flush</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
@@ -369,7 +369,7 @@ extends org.apache.hbase.thirdparty.io.netty.channel.ChannelOutboundHandlerAdapt
<ul class="blockListLast">
<li class="blockList">
<h4>close</h4>
-<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.633">close</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
+<pre>public void <a href="../../../../../../src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html#line.638">close</a>(org.apache.hbase.thirdparty.io.netty.channel.ChannelHandlerContext ctx,
org.apache.hbase.thirdparty.io.netty.channel.ChannelPromise promise)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang">Exception</a></pre>
<dl>
[03/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.TransparentCryptoHelper.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.TransparentCryptoHelper.html b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.TransparentCryptoHelper.html
index 40ef9f4..36b4e7f 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.TransparentCryptoHelper.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.TransparentCryptoHelper.html
@@ -375,455 +375,464 @@
<span class="sourceLineNo">367</span><a name="line.367"></a>
<span class="sourceLineNo">368</span> private final Promise<Void> promise;<a name="line.368"></a>
<span class="sourceLineNo">369</span><a name="line.369"></a>
-<span class="sourceLineNo">370</span> private int step = 0;<a name="line.370"></a>
+<span class="sourceLineNo">370</span> private final DFSClient dfsClient;<a name="line.370"></a>
<span class="sourceLineNo">371</span><a name="line.371"></a>
-<span class="sourceLineNo">372</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.372"></a>
-<span class="sourceLineNo">373</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {<a name="line.373"></a>
-<span class="sourceLineNo">374</span> this.conf = conf;<a name="line.374"></a>
-<span class="sourceLineNo">375</span> this.saslProps = saslProps;<a name="line.375"></a>
-<span class="sourceLineNo">376</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.376"></a>
-<span class="sourceLineNo">377</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.377"></a>
-<span class="sourceLineNo">378</span> this.timeoutMs = timeoutMs;<a name="line.378"></a>
-<span class="sourceLineNo">379</span> this.promise = promise;<a name="line.379"></a>
-<span class="sourceLineNo">380</span> }<a name="line.380"></a>
-<span class="sourceLineNo">381</span><a name="line.381"></a>
-<span class="sourceLineNo">382</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.382"></a>
-<span class="sourceLineNo">383</span> sendSaslMessage(ctx, payload, null);<a name="line.383"></a>
+<span class="sourceLineNo">372</span> private int step = 0;<a name="line.372"></a>
+<span class="sourceLineNo">373</span><a name="line.373"></a>
+<span class="sourceLineNo">374</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.374"></a>
+<span class="sourceLineNo">375</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,<a name="line.375"></a>
+<span class="sourceLineNo">376</span> DFSClient dfsClient) throws SaslException {<a name="line.376"></a>
+<span class="sourceLineNo">377</span> this.conf = conf;<a name="line.377"></a>
+<span class="sourceLineNo">378</span> this.saslProps = saslProps;<a name="line.378"></a>
+<span class="sourceLineNo">379</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.379"></a>
+<span class="sourceLineNo">380</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.380"></a>
+<span class="sourceLineNo">381</span> this.timeoutMs = timeoutMs;<a name="line.381"></a>
+<span class="sourceLineNo">382</span> this.promise = promise;<a name="line.382"></a>
+<span class="sourceLineNo">383</span> this.dfsClient = dfsClient;<a name="line.383"></a>
<span class="sourceLineNo">384</span> }<a name="line.384"></a>
<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.387"></a>
-<span class="sourceLineNo">388</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.388"></a>
-<span class="sourceLineNo">389</span> // values for future expansion.<a name="line.389"></a>
-<span class="sourceLineNo">390</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.390"></a>
-<span class="sourceLineNo">391</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.391"></a>
-<span class="sourceLineNo">392</span> return null;<a name="line.392"></a>
-<span class="sourceLineNo">393</span> }<a name="line.393"></a>
-<span class="sourceLineNo">394</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.394"></a>
-<span class="sourceLineNo">395</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.395"></a>
-<span class="sourceLineNo">396</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.396"></a>
+<span class="sourceLineNo">386</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.386"></a>
+<span class="sourceLineNo">387</span> sendSaslMessage(ctx, payload, null);<a name="line.387"></a>
+<span class="sourceLineNo">388</span> }<a name="line.388"></a>
+<span class="sourceLineNo">389</span><a name="line.389"></a>
+<span class="sourceLineNo">390</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.390"></a>
+<span class="sourceLineNo">391</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.391"></a>
+<span class="sourceLineNo">392</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.392"></a>
+<span class="sourceLineNo">393</span> // values for future expansion.<a name="line.393"></a>
+<span class="sourceLineNo">394</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.395"></a>
+<span class="sourceLineNo">396</span> return null;<a name="line.396"></a>
<span class="sourceLineNo">397</span> }<a name="line.397"></a>
-<span class="sourceLineNo">398</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.398"></a>
-<span class="sourceLineNo">399</span> }<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.401"></a>
-<span class="sourceLineNo">402</span> List<CipherOption> options) throws IOException {<a name="line.402"></a>
-<span class="sourceLineNo">403</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.403"></a>
-<span class="sourceLineNo">404</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.404"></a>
-<span class="sourceLineNo">405</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> if (payload != null) {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.407"></a>
-<span class="sourceLineNo">408</span> // and we want to keep that out of hbase-server.<a name="line.408"></a>
-<span class="sourceLineNo">409</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.409"></a>
-<span class="sourceLineNo">410</span> }<a name="line.410"></a>
-<span class="sourceLineNo">411</span> if (options != null) {<a name="line.411"></a>
-<span class="sourceLineNo">412</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.412"></a>
-<span class="sourceLineNo">413</span> }<a name="line.413"></a>
-<span class="sourceLineNo">414</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> int size = proto.getSerializedSize();<a name="line.415"></a>
-<span class="sourceLineNo">416</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.416"></a>
-<span class="sourceLineNo">417</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.417"></a>
-<span class="sourceLineNo">418</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.418"></a>
-<span class="sourceLineNo">419</span> ctx.write(buf);<a name="line.419"></a>
-<span class="sourceLineNo">420</span> }<a name="line.420"></a>
-<span class="sourceLineNo">421</span><a name="line.421"></a>
-<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
-<span class="sourceLineNo">423</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.423"></a>
-<span class="sourceLineNo">424</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.424"></a>
-<span class="sourceLineNo">425</span> sendSaslMessage(ctx, new byte[0]);<a name="line.425"></a>
-<span class="sourceLineNo">426</span> ctx.flush();<a name="line.426"></a>
-<span class="sourceLineNo">427</span> step++;<a name="line.427"></a>
-<span class="sourceLineNo">428</span> }<a name="line.428"></a>
-<span class="sourceLineNo">429</span><a name="line.429"></a>
-<span class="sourceLineNo">430</span> @Override<a name="line.430"></a>
-<span class="sourceLineNo">431</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.431"></a>
-<span class="sourceLineNo">432</span> saslClient.dispose();<a name="line.432"></a>
-<span class="sourceLineNo">433</span> }<a name="line.433"></a>
-<span class="sourceLineNo">434</span><a name="line.434"></a>
-<span class="sourceLineNo">435</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.435"></a>
-<span class="sourceLineNo">436</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.436"></a>
-<span class="sourceLineNo">437</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.437"></a>
-<span class="sourceLineNo">438</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.438"></a>
-<span class="sourceLineNo">439</span> throw new IOException(proto.getMessage());<a name="line.439"></a>
-<span class="sourceLineNo">440</span> }<a name="line.440"></a>
-<span class="sourceLineNo">441</span> }<a name="line.441"></a>
-<span class="sourceLineNo">442</span><a name="line.442"></a>
-<span class="sourceLineNo">443</span> private String getNegotiatedQop() {<a name="line.443"></a>
-<span class="sourceLineNo">444</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> }<a name="line.445"></a>
-<span class="sourceLineNo">446</span><a name="line.446"></a>
-<span class="sourceLineNo">447</span> private boolean isNegotiatedQopPrivacy() {<a name="line.447"></a>
-<span class="sourceLineNo">448</span> String qop = getNegotiatedQop();<a name="line.448"></a>
-<span class="sourceLineNo">449</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.449"></a>
+<span class="sourceLineNo">398</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.398"></a>
+<span class="sourceLineNo">399</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.399"></a>
+<span class="sourceLineNo">400</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.400"></a>
+<span class="sourceLineNo">401</span> }<a name="line.401"></a>
+<span class="sourceLineNo">402</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.402"></a>
+<span class="sourceLineNo">403</span> }<a name="line.403"></a>
+<span class="sourceLineNo">404</span><a name="line.404"></a>
+<span class="sourceLineNo">405</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.405"></a>
+<span class="sourceLineNo">406</span> List<CipherOption> options) throws IOException {<a name="line.406"></a>
+<span class="sourceLineNo">407</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.407"></a>
+<span class="sourceLineNo">408</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.408"></a>
+<span class="sourceLineNo">409</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> if (payload != null) {<a name="line.410"></a>
+<span class="sourceLineNo">411</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.411"></a>
+<span class="sourceLineNo">412</span> // and we want to keep that out of hbase-server.<a name="line.412"></a>
+<span class="sourceLineNo">413</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.413"></a>
+<span class="sourceLineNo">414</span> }<a name="line.414"></a>
+<span class="sourceLineNo">415</span> if (options != null) {<a name="line.415"></a>
+<span class="sourceLineNo">416</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.416"></a>
+<span class="sourceLineNo">417</span> }<a name="line.417"></a>
+<span class="sourceLineNo">418</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.418"></a>
+<span class="sourceLineNo">419</span> int size = proto.getSerializedSize();<a name="line.419"></a>
+<span class="sourceLineNo">420</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.420"></a>
+<span class="sourceLineNo">421</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.421"></a>
+<span class="sourceLineNo">422</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.422"></a>
+<span class="sourceLineNo">423</span> ctx.write(buf);<a name="line.423"></a>
+<span class="sourceLineNo">424</span> }<a name="line.424"></a>
+<span class="sourceLineNo">425</span><a name="line.425"></a>
+<span class="sourceLineNo">426</span> @Override<a name="line.426"></a>
+<span class="sourceLineNo">427</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.427"></a>
+<span class="sourceLineNo">428</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.428"></a>
+<span class="sourceLineNo">429</span> sendSaslMessage(ctx, new byte[0]);<a name="line.429"></a>
+<span class="sourceLineNo">430</span> ctx.flush();<a name="line.430"></a>
+<span class="sourceLineNo">431</span> step++;<a name="line.431"></a>
+<span class="sourceLineNo">432</span> }<a name="line.432"></a>
+<span class="sourceLineNo">433</span><a name="line.433"></a>
+<span class="sourceLineNo">434</span> @Override<a name="line.434"></a>
+<span class="sourceLineNo">435</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.435"></a>
+<span class="sourceLineNo">436</span> saslClient.dispose();<a name="line.436"></a>
+<span class="sourceLineNo">437</span> }<a name="line.437"></a>
+<span class="sourceLineNo">438</span><a name="line.438"></a>
+<span class="sourceLineNo">439</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.439"></a>
+<span class="sourceLineNo">440</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.440"></a>
+<span class="sourceLineNo">441</span> dfsClient.clearDataEncryptionKey();<a name="line.441"></a>
+<span class="sourceLineNo">442</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.442"></a>
+<span class="sourceLineNo">443</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> throw new IOException(proto.getMessage());<a name="line.444"></a>
+<span class="sourceLineNo">445</span> }<a name="line.445"></a>
+<span class="sourceLineNo">446</span> }<a name="line.446"></a>
+<span class="sourceLineNo">447</span><a name="line.447"></a>
+<span class="sourceLineNo">448</span> private String getNegotiatedQop() {<a name="line.448"></a>
+<span class="sourceLineNo">449</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.449"></a>
<span class="sourceLineNo">450</span> }<a name="line.450"></a>
<span class="sourceLineNo">451</span><a name="line.451"></a>
-<span class="sourceLineNo">452</span> private boolean requestedQopContainsPrivacy() {<a name="line.452"></a>
-<span class="sourceLineNo">453</span> Set<String> requestedQop =<a name="line.453"></a>
-<span class="sourceLineNo">454</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.454"></a>
-<span class="sourceLineNo">455</span> return requestedQop.contains("auth-conf");<a name="line.455"></a>
-<span class="sourceLineNo">456</span> }<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> private void checkSaslComplete() throws IOException {<a name="line.458"></a>
-<span class="sourceLineNo">459</span> if (!saslClient.isComplete()) {<a name="line.459"></a>
-<span class="sourceLineNo">460</span> throw new IOException("Failed to complete SASL handshake");<a name="line.460"></a>
-<span class="sourceLineNo">461</span> }<a name="line.461"></a>
-<span class="sourceLineNo">462</span> Set<String> requestedQop =<a name="line.462"></a>
-<span class="sourceLineNo">463</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.463"></a>
-<span class="sourceLineNo">464</span> String negotiatedQop = getNegotiatedQop();<a name="line.464"></a>
-<span class="sourceLineNo">465</span> LOG.debug(<a name="line.465"></a>
-<span class="sourceLineNo">466</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.466"></a>
-<span class="sourceLineNo">467</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.467"></a>
-<span class="sourceLineNo">468</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.468"></a>
-<span class="sourceLineNo">469</span> + "channel does not have acceptable quality of protection, "<a name="line.469"></a>
-<span class="sourceLineNo">470</span> + "requested = %s, negotiated = %s",<a name="line.470"></a>
-<span class="sourceLineNo">471</span> requestedQop, negotiatedQop));<a name="line.471"></a>
-<span class="sourceLineNo">472</span> }<a name="line.472"></a>
-<span class="sourceLineNo">473</span> }<a name="line.473"></a>
-<span class="sourceLineNo">474</span><a name="line.474"></a>
-<span class="sourceLineNo">475</span> private boolean useWrap() {<a name="line.475"></a>
-<span class="sourceLineNo">476</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.476"></a>
-<span class="sourceLineNo">477</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.477"></a>
+<span class="sourceLineNo">452</span> private boolean isNegotiatedQopPrivacy() {<a name="line.452"></a>
+<span class="sourceLineNo">453</span> String qop = getNegotiatedQop();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.454"></a>
+<span class="sourceLineNo">455</span> }<a name="line.455"></a>
+<span class="sourceLineNo">456</span><a name="line.456"></a>
+<span class="sourceLineNo">457</span> private boolean requestedQopContainsPrivacy() {<a name="line.457"></a>
+<span class="sourceLineNo">458</span> Set<String> requestedQop =<a name="line.458"></a>
+<span class="sourceLineNo">459</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.459"></a>
+<span class="sourceLineNo">460</span> return requestedQop.contains("auth-conf");<a name="line.460"></a>
+<span class="sourceLineNo">461</span> }<a name="line.461"></a>
+<span class="sourceLineNo">462</span><a name="line.462"></a>
+<span class="sourceLineNo">463</span> private void checkSaslComplete() throws IOException {<a name="line.463"></a>
+<span class="sourceLineNo">464</span> if (!saslClient.isComplete()) {<a name="line.464"></a>
+<span class="sourceLineNo">465</span> throw new IOException("Failed to complete SASL handshake");<a name="line.465"></a>
+<span class="sourceLineNo">466</span> }<a name="line.466"></a>
+<span class="sourceLineNo">467</span> Set<String> requestedQop =<a name="line.467"></a>
+<span class="sourceLineNo">468</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.468"></a>
+<span class="sourceLineNo">469</span> String negotiatedQop = getNegotiatedQop();<a name="line.469"></a>
+<span class="sourceLineNo">470</span> LOG.debug(<a name="line.470"></a>
+<span class="sourceLineNo">471</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.471"></a>
+<span class="sourceLineNo">472</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.472"></a>
+<span class="sourceLineNo">473</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.473"></a>
+<span class="sourceLineNo">474</span> + "channel does not have acceptable quality of protection, "<a name="line.474"></a>
+<span class="sourceLineNo">475</span> + "requested = %s, negotiated = %s",<a name="line.475"></a>
+<span class="sourceLineNo">476</span> requestedQop, negotiatedQop));<a name="line.476"></a>
+<span class="sourceLineNo">477</span> }<a name="line.477"></a>
<span class="sourceLineNo">478</span> }<a name="line.478"></a>
<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.480"></a>
-<span class="sourceLineNo">481</span> byte[] inKey = option.getInKey();<a name="line.481"></a>
-<span class="sourceLineNo">482</span> if (inKey != null) {<a name="line.482"></a>
-<span class="sourceLineNo">483</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.483"></a>
-<span class="sourceLineNo">484</span> }<a name="line.484"></a>
-<span class="sourceLineNo">485</span> byte[] outKey = option.getOutKey();<a name="line.485"></a>
-<span class="sourceLineNo">486</span> if (outKey != null) {<a name="line.486"></a>
-<span class="sourceLineNo">487</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.487"></a>
-<span class="sourceLineNo">488</span> }<a name="line.488"></a>
-<span class="sourceLineNo">489</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.489"></a>
-<span class="sourceLineNo">490</span> option.getOutIv());<a name="line.490"></a>
-<span class="sourceLineNo">491</span> }<a name="line.491"></a>
-<span class="sourceLineNo">492</span><a name="line.492"></a>
-<span class="sourceLineNo">493</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.493"></a>
-<span class="sourceLineNo">494</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.494"></a>
-<span class="sourceLineNo">495</span> List<CipherOption> cipherOptions =<a name="line.495"></a>
-<span class="sourceLineNo">496</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.496"></a>
-<span class="sourceLineNo">497</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.497"></a>
-<span class="sourceLineNo">498</span> return null;<a name="line.498"></a>
-<span class="sourceLineNo">499</span> }<a name="line.499"></a>
-<span class="sourceLineNo">500</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.501"></a>
-<span class="sourceLineNo">502</span> }<a name="line.502"></a>
-<span class="sourceLineNo">503</span><a name="line.503"></a>
-<span class="sourceLineNo">504</span> @Override<a name="line.504"></a>
-<span class="sourceLineNo">505</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.505"></a>
-<span class="sourceLineNo">506</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.506"></a>
-<span class="sourceLineNo">507</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.507"></a>
-<span class="sourceLineNo">508</span> check(proto);<a name="line.508"></a>
-<span class="sourceLineNo">509</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.509"></a>
-<span class="sourceLineNo">510</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.510"></a>
-<span class="sourceLineNo">511</span> switch (step) {<a name="line.511"></a>
-<span class="sourceLineNo">512</span> case 1: {<a name="line.512"></a>
-<span class="sourceLineNo">513</span> List<CipherOption> cipherOptions = null;<a name="line.513"></a>
-<span class="sourceLineNo">514</span> if (requestedQopContainsPrivacy()) {<a name="line.514"></a>
-<span class="sourceLineNo">515</span> cipherOptions = getCipherOptions();<a name="line.515"></a>
-<span class="sourceLineNo">516</span> }<a name="line.516"></a>
-<span class="sourceLineNo">517</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.517"></a>
-<span class="sourceLineNo">518</span> ctx.flush();<a name="line.518"></a>
-<span class="sourceLineNo">519</span> step++;<a name="line.519"></a>
-<span class="sourceLineNo">520</span> break;<a name="line.520"></a>
-<span class="sourceLineNo">521</span> }<a name="line.521"></a>
-<span class="sourceLineNo">522</span> case 2: {<a name="line.522"></a>
-<span class="sourceLineNo">523</span> assert response == null;<a name="line.523"></a>
-<span class="sourceLineNo">524</span> checkSaslComplete();<a name="line.524"></a>
-<span class="sourceLineNo">525</span> CipherOption cipherOption =<a name="line.525"></a>
-<span class="sourceLineNo">526</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.526"></a>
-<span class="sourceLineNo">527</span> ChannelPipeline p = ctx.pipeline();<a name="line.527"></a>
-<span class="sourceLineNo">528</span> while (p.first() != null) {<a name="line.528"></a>
-<span class="sourceLineNo">529</span> p.removeFirst();<a name="line.529"></a>
-<span class="sourceLineNo">530</span> }<a name="line.530"></a>
-<span class="sourceLineNo">531</span> if (cipherOption != null) {<a name="line.531"></a>
-<span class="sourceLineNo">532</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.532"></a>
-<span class="sourceLineNo">533</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.533"></a>
-<span class="sourceLineNo">534</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.534"></a>
-<span class="sourceLineNo">535</span> } else {<a name="line.535"></a>
-<span class="sourceLineNo">536</span> if (useWrap()) {<a name="line.536"></a>
-<span class="sourceLineNo">537</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.537"></a>
-<span class="sourceLineNo">538</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.538"></a>
-<span class="sourceLineNo">539</span> new SaslUnwrapHandler(saslClient));<a name="line.539"></a>
-<span class="sourceLineNo">540</span> }<a name="line.540"></a>
-<span class="sourceLineNo">541</span> }<a name="line.541"></a>
-<span class="sourceLineNo">542</span> promise.trySuccess(null);<a name="line.542"></a>
-<span class="sourceLineNo">543</span> break;<a name="line.543"></a>
-<span class="sourceLineNo">544</span> }<a name="line.544"></a>
-<span class="sourceLineNo">545</span> default:<a name="line.545"></a>
-<span class="sourceLineNo">546</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.546"></a>
-<span class="sourceLineNo">547</span> }<a name="line.547"></a>
-<span class="sourceLineNo">548</span> } else {<a name="line.548"></a>
-<span class="sourceLineNo">549</span> ctx.fireChannelRead(msg);<a name="line.549"></a>
-<span class="sourceLineNo">550</span> }<a name="line.550"></a>
-<span class="sourceLineNo">551</span> }<a name="line.551"></a>
-<span class="sourceLineNo">552</span><a name="line.552"></a>
-<span class="sourceLineNo">553</span> @Override<a name="line.553"></a>
-<span class="sourceLineNo">554</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.554"></a>
-<span class="sourceLineNo">555</span> promise.tryFailure(cause);<a name="line.555"></a>
+<span class="sourceLineNo">480</span> private boolean useWrap() {<a name="line.480"></a>
+<span class="sourceLineNo">481</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.481"></a>
+<span class="sourceLineNo">482</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> }<a name="line.483"></a>
+<span class="sourceLineNo">484</span><a name="line.484"></a>
+<span class="sourceLineNo">485</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.485"></a>
+<span class="sourceLineNo">486</span> byte[] inKey = option.getInKey();<a name="line.486"></a>
+<span class="sourceLineNo">487</span> if (inKey != null) {<a name="line.487"></a>
+<span class="sourceLineNo">488</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.488"></a>
+<span class="sourceLineNo">489</span> }<a name="line.489"></a>
+<span class="sourceLineNo">490</span> byte[] outKey = option.getOutKey();<a name="line.490"></a>
+<span class="sourceLineNo">491</span> if (outKey != null) {<a name="line.491"></a>
+<span class="sourceLineNo">492</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.492"></a>
+<span class="sourceLineNo">493</span> }<a name="line.493"></a>
+<span class="sourceLineNo">494</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.494"></a>
+<span class="sourceLineNo">495</span> option.getOutIv());<a name="line.495"></a>
+<span class="sourceLineNo">496</span> }<a name="line.496"></a>
+<span class="sourceLineNo">497</span><a name="line.497"></a>
+<span class="sourceLineNo">498</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.498"></a>
+<span class="sourceLineNo">499</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.499"></a>
+<span class="sourceLineNo">500</span> List<CipherOption> cipherOptions =<a name="line.500"></a>
+<span class="sourceLineNo">501</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.501"></a>
+<span class="sourceLineNo">502</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.502"></a>
+<span class="sourceLineNo">503</span> return null;<a name="line.503"></a>
+<span class="sourceLineNo">504</span> }<a name="line.504"></a>
+<span class="sourceLineNo">505</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.505"></a>
+<span class="sourceLineNo">506</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.506"></a>
+<span class="sourceLineNo">507</span> }<a name="line.507"></a>
+<span class="sourceLineNo">508</span><a name="line.508"></a>
+<span class="sourceLineNo">509</span> @Override<a name="line.509"></a>
+<span class="sourceLineNo">510</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.510"></a>
+<span class="sourceLineNo">511</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.511"></a>
+<span class="sourceLineNo">512</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.512"></a>
+<span class="sourceLineNo">513</span> check(proto);<a name="line.513"></a>
+<span class="sourceLineNo">514</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.514"></a>
+<span class="sourceLineNo">515</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.515"></a>
+<span class="sourceLineNo">516</span> switch (step) {<a name="line.516"></a>
+<span class="sourceLineNo">517</span> case 1: {<a name="line.517"></a>
+<span class="sourceLineNo">518</span> List<CipherOption> cipherOptions = null;<a name="line.518"></a>
+<span class="sourceLineNo">519</span> if (requestedQopContainsPrivacy()) {<a name="line.519"></a>
+<span class="sourceLineNo">520</span> cipherOptions = getCipherOptions();<a name="line.520"></a>
+<span class="sourceLineNo">521</span> }<a name="line.521"></a>
+<span class="sourceLineNo">522</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.522"></a>
+<span class="sourceLineNo">523</span> ctx.flush();<a name="line.523"></a>
+<span class="sourceLineNo">524</span> step++;<a name="line.524"></a>
+<span class="sourceLineNo">525</span> break;<a name="line.525"></a>
+<span class="sourceLineNo">526</span> }<a name="line.526"></a>
+<span class="sourceLineNo">527</span> case 2: {<a name="line.527"></a>
+<span class="sourceLineNo">528</span> assert response == null;<a name="line.528"></a>
+<span class="sourceLineNo">529</span> checkSaslComplete();<a name="line.529"></a>
+<span class="sourceLineNo">530</span> CipherOption cipherOption =<a name="line.530"></a>
+<span class="sourceLineNo">531</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.531"></a>
+<span class="sourceLineNo">532</span> ChannelPipeline p = ctx.pipeline();<a name="line.532"></a>
+<span class="sourceLineNo">533</span> while (p.first() != null) {<a name="line.533"></a>
+<span class="sourceLineNo">534</span> p.removeFirst();<a name="line.534"></a>
+<span class="sourceLineNo">535</span> }<a name="line.535"></a>
+<span class="sourceLineNo">536</span> if (cipherOption != null) {<a name="line.536"></a>
+<span class="sourceLineNo">537</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.537"></a>
+<span class="sourceLineNo">538</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.538"></a>
+<span class="sourceLineNo">539</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.539"></a>
+<span class="sourceLineNo">540</span> } else {<a name="line.540"></a>
+<span class="sourceLineNo">541</span> if (useWrap()) {<a name="line.541"></a>
+<span class="sourceLineNo">542</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.542"></a>
+<span class="sourceLineNo">543</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.543"></a>
+<span class="sourceLineNo">544</span> new SaslUnwrapHandler(saslClient));<a name="line.544"></a>
+<span class="sourceLineNo">545</span> }<a name="line.545"></a>
+<span class="sourceLineNo">546</span> }<a name="line.546"></a>
+<span class="sourceLineNo">547</span> promise.trySuccess(null);<a name="line.547"></a>
+<span class="sourceLineNo">548</span> break;<a name="line.548"></a>
+<span class="sourceLineNo">549</span> }<a name="line.549"></a>
+<span class="sourceLineNo">550</span> default:<a name="line.550"></a>
+<span class="sourceLineNo">551</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.551"></a>
+<span class="sourceLineNo">552</span> }<a name="line.552"></a>
+<span class="sourceLineNo">553</span> } else {<a name="line.553"></a>
+<span class="sourceLineNo">554</span> ctx.fireChannelRead(msg);<a name="line.554"></a>
+<span class="sourceLineNo">555</span> }<a name="line.555"></a>
<span class="sourceLineNo">556</span> }<a name="line.556"></a>
<span class="sourceLineNo">557</span><a name="line.557"></a>
<span class="sourceLineNo">558</span> @Override<a name="line.558"></a>
-<span class="sourceLineNo">559</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.559"></a>
-<span class="sourceLineNo">560</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.560"></a>
-<span class="sourceLineNo">561</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.561"></a>
-<span class="sourceLineNo">562</span> } else {<a name="line.562"></a>
-<span class="sourceLineNo">563</span> super.userEventTriggered(ctx, evt);<a name="line.563"></a>
-<span class="sourceLineNo">564</span> }<a name="line.564"></a>
-<span class="sourceLineNo">565</span> }<a name="line.565"></a>
-<span class="sourceLineNo">566</span> }<a name="line.566"></a>
-<span class="sourceLineNo">567</span><a name="line.567"></a>
-<span class="sourceLineNo">568</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.568"></a>
-<span class="sourceLineNo">569</span><a name="line.569"></a>
-<span class="sourceLineNo">570</span> private final SaslClient saslClient;<a name="line.570"></a>
-<span class="sourceLineNo">571</span><a name="line.571"></a>
-<span class="sourceLineNo">572</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.572"></a>
-<span class="sourceLineNo">573</span> this.saslClient = saslClient;<a name="line.573"></a>
-<span class="sourceLineNo">574</span> }<a name="line.574"></a>
-<span class="sourceLineNo">575</span><a name="line.575"></a>
-<span class="sourceLineNo">576</span> @Override<a name="line.576"></a>
-<span class="sourceLineNo">577</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.577"></a>
-<span class="sourceLineNo">578</span> saslClient.dispose();<a name="line.578"></a>
+<span class="sourceLineNo">559</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.559"></a>
+<span class="sourceLineNo">560</span> promise.tryFailure(cause);<a name="line.560"></a>
+<span class="sourceLineNo">561</span> }<a name="line.561"></a>
+<span class="sourceLineNo">562</span><a name="line.562"></a>
+<span class="sourceLineNo">563</span> @Override<a name="line.563"></a>
+<span class="sourceLineNo">564</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.564"></a>
+<span class="sourceLineNo">565</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.565"></a>
+<span class="sourceLineNo">566</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.566"></a>
+<span class="sourceLineNo">567</span> } else {<a name="line.567"></a>
+<span class="sourceLineNo">568</span> super.userEventTriggered(ctx, evt);<a name="line.568"></a>
+<span class="sourceLineNo">569</span> }<a name="line.569"></a>
+<span class="sourceLineNo">570</span> }<a name="line.570"></a>
+<span class="sourceLineNo">571</span> }<a name="line.571"></a>
+<span class="sourceLineNo">572</span><a name="line.572"></a>
+<span class="sourceLineNo">573</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.573"></a>
+<span class="sourceLineNo">574</span><a name="line.574"></a>
+<span class="sourceLineNo">575</span> private final SaslClient saslClient;<a name="line.575"></a>
+<span class="sourceLineNo">576</span><a name="line.576"></a>
+<span class="sourceLineNo">577</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.577"></a>
+<span class="sourceLineNo">578</span> this.saslClient = saslClient;<a name="line.578"></a>
<span class="sourceLineNo">579</span> }<a name="line.579"></a>
<span class="sourceLineNo">580</span><a name="line.580"></a>
<span class="sourceLineNo">581</span> @Override<a name="line.581"></a>
-<span class="sourceLineNo">582</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.582"></a>
-<span class="sourceLineNo">583</span> msg.skipBytes(4);<a name="line.583"></a>
-<span class="sourceLineNo">584</span> byte[] b = new byte[msg.readableBytes()];<a name="line.584"></a>
-<span class="sourceLineNo">585</span> msg.readBytes(b);<a name="line.585"></a>
-<span class="sourceLineNo">586</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.586"></a>
-<span class="sourceLineNo">587</span> }<a name="line.587"></a>
-<span class="sourceLineNo">588</span> }<a name="line.588"></a>
-<span class="sourceLineNo">589</span><a name="line.589"></a>
-<span class="sourceLineNo">590</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.590"></a>
-<span class="sourceLineNo">591</span><a name="line.591"></a>
-<span class="sourceLineNo">592</span> private final SaslClient saslClient;<a name="line.592"></a>
-<span class="sourceLineNo">593</span><a name="line.593"></a>
-<span class="sourceLineNo">594</span> private CompositeByteBuf cBuf;<a name="line.594"></a>
-<span class="sourceLineNo">595</span><a name="line.595"></a>
-<span class="sourceLineNo">596</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.596"></a>
-<span class="sourceLineNo">597</span> this.saslClient = saslClient;<a name="line.597"></a>
-<span class="sourceLineNo">598</span> }<a name="line.598"></a>
-<span class="sourceLineNo">599</span><a name="line.599"></a>
-<span class="sourceLineNo">600</span> @Override<a name="line.600"></a>
-<span class="sourceLineNo">601</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.601"></a>
-<span class="sourceLineNo">602</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.602"></a>
+<span class="sourceLineNo">582</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.582"></a>
+<span class="sourceLineNo">583</span> saslClient.dispose();<a name="line.583"></a>
+<span class="sourceLineNo">584</span> }<a name="line.584"></a>
+<span class="sourceLineNo">585</span><a name="line.585"></a>
+<span class="sourceLineNo">586</span> @Override<a name="line.586"></a>
+<span class="sourceLineNo">587</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.587"></a>
+<span class="sourceLineNo">588</span> msg.skipBytes(4);<a name="line.588"></a>
+<span class="sourceLineNo">589</span> byte[] b = new byte[msg.readableBytes()];<a name="line.589"></a>
+<span class="sourceLineNo">590</span> msg.readBytes(b);<a name="line.590"></a>
+<span class="sourceLineNo">591</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.591"></a>
+<span class="sourceLineNo">592</span> }<a name="line.592"></a>
+<span class="sourceLineNo">593</span> }<a name="line.593"></a>
+<span class="sourceLineNo">594</span><a name="line.594"></a>
+<span class="sourceLineNo">595</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.595"></a>
+<span class="sourceLineNo">596</span><a name="line.596"></a>
+<span class="sourceLineNo">597</span> private final SaslClient saslClient;<a name="line.597"></a>
+<span class="sourceLineNo">598</span><a name="line.598"></a>
+<span class="sourceLineNo">599</span> private CompositeByteBuf cBuf;<a name="line.599"></a>
+<span class="sourceLineNo">600</span><a name="line.600"></a>
+<span class="sourceLineNo">601</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.601"></a>
+<span class="sourceLineNo">602</span> this.saslClient = saslClient;<a name="line.602"></a>
<span class="sourceLineNo">603</span> }<a name="line.603"></a>
<span class="sourceLineNo">604</span><a name="line.604"></a>
<span class="sourceLineNo">605</span> @Override<a name="line.605"></a>
-<span class="sourceLineNo">606</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.606"></a>
-<span class="sourceLineNo">607</span> throws Exception {<a name="line.607"></a>
-<span class="sourceLineNo">608</span> if (msg instanceof ByteBuf) {<a name="line.608"></a>
-<span class="sourceLineNo">609</span> ByteBuf buf = (ByteBuf) msg;<a name="line.609"></a>
-<span class="sourceLineNo">610</span> cBuf.addComponent(buf);<a name="line.610"></a>
-<span class="sourceLineNo">611</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.611"></a>
-<span class="sourceLineNo">612</span> } else {<a name="line.612"></a>
-<span class="sourceLineNo">613</span> ctx.write(msg);<a name="line.613"></a>
-<span class="sourceLineNo">614</span> }<a name="line.614"></a>
-<span class="sourceLineNo">615</span> }<a name="line.615"></a>
-<span class="sourceLineNo">616</span><a name="line.616"></a>
-<span class="sourceLineNo">617</span> @Override<a name="line.617"></a>
-<span class="sourceLineNo">618</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.618"></a>
-<span class="sourceLineNo">619</span> if (cBuf.isReadable()) {<a name="line.619"></a>
-<span class="sourceLineNo">620</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.620"></a>
-<span class="sourceLineNo">621</span> cBuf.readBytes(b);<a name="line.621"></a>
-<span class="sourceLineNo">622</span> cBuf.discardReadComponents();<a name="line.622"></a>
-<span class="sourceLineNo">623</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.623"></a>
-<span class="sourceLineNo">624</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.624"></a>
-<span class="sourceLineNo">625</span> buf.writeInt(wrapped.length);<a name="line.625"></a>
-<span class="sourceLineNo">626</span> buf.writeBytes(wrapped);<a name="line.626"></a>
-<span class="sourceLineNo">627</span> ctx.write(buf);<a name="line.627"></a>
-<span class="sourceLineNo">628</span> }<a name="line.628"></a>
-<span class="sourceLineNo">629</span> ctx.flush();<a name="line.629"></a>
-<span class="sourceLineNo">630</span> }<a name="line.630"></a>
-<span class="sourceLineNo">631</span><a name="line.631"></a>
-<span class="sourceLineNo">632</span> @Override<a name="line.632"></a>
-<span class="sourceLineNo">633</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.633"></a>
-<span class="sourceLineNo">634</span> cBuf.release();<a name="line.634"></a>
-<span class="sourceLineNo">635</span> cBuf = null;<a name="line.635"></a>
-<span class="sourceLineNo">636</span> }<a name="line.636"></a>
-<span class="sourceLineNo">637</span> }<a name="line.637"></a>
-<span class="sourceLineNo">638</span><a name="line.638"></a>
-<span class="sourceLineNo">639</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.639"></a>
-<span class="sourceLineNo">640</span><a name="line.640"></a>
-<span class="sourceLineNo">641</span> private final Decryptor decryptor;<a name="line.641"></a>
-<span class="sourceLineNo">642</span><a name="line.642"></a>
-<span class="sourceLineNo">643</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.643"></a>
-<span class="sourceLineNo">644</span> throws GeneralSecurityException, IOException {<a name="line.644"></a>
-<span class="sourceLineNo">645</span> this.decryptor = codec.createDecryptor();<a name="line.645"></a>
-<span class="sourceLineNo">646</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.646"></a>
-<span class="sourceLineNo">647</span> }<a name="line.647"></a>
-<span class="sourceLineNo">648</span><a name="line.648"></a>
-<span class="sourceLineNo">649</span> @Override<a name="line.649"></a>
-<span class="sourceLineNo">650</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.650"></a>
-<span class="sourceLineNo">651</span> ByteBuf inBuf;<a name="line.651"></a>
-<span class="sourceLineNo">652</span> boolean release = false;<a name="line.652"></a>
-<span class="sourceLineNo">653</span> if (msg.nioBufferCount() == 1) {<a name="line.653"></a>
-<span class="sourceLineNo">654</span> inBuf = msg;<a name="line.654"></a>
-<span class="sourceLineNo">655</span> } else {<a name="line.655"></a>
-<span class="sourceLineNo">656</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.656"></a>
-<span class="sourceLineNo">657</span> msg.readBytes(inBuf);<a name="line.657"></a>
-<span class="sourceLineNo">658</span> release = true;<a name="line.658"></a>
-<span class="sourceLineNo">659</span> }<a name="line.659"></a>
-<span class="sourceLineNo">660</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.660"></a>
-<span class="sourceLineNo">661</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.661"></a>
-<span class="sourceLineNo">662</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.662"></a>
-<span class="sourceLineNo">663</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.663"></a>
-<span class="sourceLineNo">664</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.664"></a>
-<span class="sourceLineNo">665</span> if (release) {<a name="line.665"></a>
-<span class="sourceLineNo">666</span> inBuf.release();<a name="line.666"></a>
-<span class="sourceLineNo">667</span> }<a name="line.667"></a>
-<span class="sourceLineNo">668</span> ctx.fireChannelRead(outBuf);<a name="line.668"></a>
-<span class="sourceLineNo">669</span> }<a name="line.669"></a>
-<span class="sourceLineNo">670</span> }<a name="line.670"></a>
-<span class="sourceLineNo">671</span><a name="line.671"></a>
-<span class="sourceLineNo">672</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.672"></a>
-<span class="sourceLineNo">673</span><a name="line.673"></a>
-<span class="sourceLineNo">674</span> private final Encryptor encryptor;<a name="line.674"></a>
-<span class="sourceLineNo">675</span><a name="line.675"></a>
-<span class="sourceLineNo">676</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.676"></a>
-<span class="sourceLineNo">677</span> throws GeneralSecurityException, IOException {<a name="line.677"></a>
-<span class="sourceLineNo">678</span> this.encryptor = codec.createEncryptor();<a name="line.678"></a>
-<span class="sourceLineNo">679</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.679"></a>
-<span class="sourceLineNo">680</span> }<a name="line.680"></a>
-<span class="sourceLineNo">681</span><a name="line.681"></a>
-<span class="sourceLineNo">682</span> @Override<a name="line.682"></a>
-<span class="sourceLineNo">683</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.683"></a>
-<span class="sourceLineNo">684</span> throws Exception {<a name="line.684"></a>
-<span class="sourceLineNo">685</span> if (preferDirect) {<a name="line.685"></a>
-<span class="sourceLineNo">686</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.686"></a>
-<span class="sourceLineNo">687</span> } else {<a name="line.687"></a>
-<span class="sourceLineNo">688</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.688"></a>
-<span class="sourceLineNo">689</span> }<a name="line.689"></a>
-<span class="sourceLineNo">690</span> }<a name="line.690"></a>
-<span class="sourceLineNo">691</span><a name="line.691"></a>
-<span class="sourceLineNo">692</span> @Override<a name="line.692"></a>
-<span class="sourceLineNo">693</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.693"></a>
-<span class="sourceLineNo">694</span> ByteBuf inBuf;<a name="line.694"></a>
-<span class="sourceLineNo">695</span> boolean release = false;<a name="line.695"></a>
-<span class="sourceLineNo">696</span> if (msg.nioBufferCount() == 1) {<a name="line.696"></a>
-<span class="sourceLineNo">697</span> inBuf = msg;<a name="line.697"></a>
-<span class="sourceLineNo">698</span> } else {<a name="line.698"></a>
-<span class="sourceLineNo">699</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.699"></a>
-<span class="sourceLineNo">700</span> msg.readBytes(inBuf);<a name="line.700"></a>
-<span class="sourceLineNo">701</span> release = true;<a name="line.701"></a>
-<span class="sourceLineNo">702</span> }<a name="line.702"></a>
-<span class="sourceLineNo">703</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.703"></a>
-<span class="sourceLineNo">704</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.704"></a>
-<span class="sourceLineNo">705</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.705"></a>
-<span class="sourceLineNo">706</span> out.writerIndex(inBuf.readableBytes());<a name="line.706"></a>
-<span class="sourceLineNo">707</span> if (release) {<a name="line.707"></a>
-<span class="sourceLineNo">708</span> inBuf.release();<a name="line.708"></a>
-<span class="sourceLineNo">709</span> }<a name="line.709"></a>
-<span class="sourceLineNo">710</span> }<a name="line.710"></a>
-<span class="sourceLineNo">711</span> }<a name="line.711"></a>
-<span class="sourceLineNo">712</span><a name="line.712"></a>
-<span class="sourceLineNo">713</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.713"></a>
-<span class="sourceLineNo">714</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.714"></a>
-<span class="sourceLineNo">715</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.715"></a>
+<span class="sourceLineNo">606</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.606"></a>
+<span class="sourceLineNo">607</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.607"></a>
+<span class="sourceLineNo">608</span> }<a name="line.608"></a>
+<span class="sourceLineNo">609</span><a name="line.609"></a>
+<span class="sourceLineNo">610</span> @Override<a name="line.610"></a>
+<span class="sourceLineNo">611</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.611"></a>
+<span class="sourceLineNo">612</span> throws Exception {<a name="line.612"></a>
+<span class="sourceLineNo">613</span> if (msg instanceof ByteBuf) {<a name="line.613"></a>
+<span class="sourceLineNo">614</span> ByteBuf buf = (ByteBuf) msg;<a name="line.614"></a>
+<span class="sourceLineNo">615</span> cBuf.addComponent(buf);<a name="line.615"></a>
+<span class="sourceLineNo">616</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.616"></a>
+<span class="sourceLineNo">617</span> } else {<a name="line.617"></a>
+<span class="sourceLineNo">618</span> ctx.write(msg);<a name="line.618"></a>
+<span class="sourceLineNo">619</span> }<a name="line.619"></a>
+<span class="sourceLineNo">620</span> }<a name="line.620"></a>
+<span class="sourceLineNo">621</span><a name="line.621"></a>
+<span class="sourceLineNo">622</span> @Override<a name="line.622"></a>
+<span class="sourceLineNo">623</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.623"></a>
+<span class="sourceLineNo">624</span> if (cBuf.isReadable()) {<a name="line.624"></a>
+<span class="sourceLineNo">625</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.625"></a>
+<span class="sourceLineNo">626</span> cBuf.readBytes(b);<a name="line.626"></a>
+<span class="sourceLineNo">627</span> cBuf.discardReadComponents();<a name="line.627"></a>
+<span class="sourceLineNo">628</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.628"></a>
+<span class="sourceLineNo">629</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.629"></a>
+<span class="sourceLineNo">630</span> buf.writeInt(wrapped.length);<a name="line.630"></a>
+<span class="sourceLineNo">631</span> buf.writeBytes(wrapped);<a name="line.631"></a>
+<span class="sourceLineNo">632</span> ctx.write(buf);<a name="line.632"></a>
+<span class="sourceLineNo">633</span> }<a name="line.633"></a>
+<span class="sourceLineNo">634</span> ctx.flush();<a name="line.634"></a>
+<span class="sourceLineNo">635</span> }<a name="line.635"></a>
+<span class="sourceLineNo">636</span><a name="line.636"></a>
+<span class="sourceLineNo">637</span> @Override<a name="line.637"></a>
+<span class="sourceLineNo">638</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.638"></a>
+<span class="sourceLineNo">639</span> cBuf.release();<a name="line.639"></a>
+<span class="sourceLineNo">640</span> cBuf = null;<a name="line.640"></a>
+<span class="sourceLineNo">641</span> }<a name="line.641"></a>
+<span class="sourceLineNo">642</span> }<a name="line.642"></a>
+<span class="sourceLineNo">643</span><a name="line.643"></a>
+<span class="sourceLineNo">644</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.644"></a>
+<span class="sourceLineNo">645</span><a name="line.645"></a>
+<span class="sourceLineNo">646</span> private final Decryptor decryptor;<a name="line.646"></a>
+<span class="sourceLineNo">647</span><a name="line.647"></a>
+<span class="sourceLineNo">648</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.648"></a>
+<span class="sourceLineNo">649</span> throws GeneralSecurityException, IOException {<a name="line.649"></a>
+<span class="sourceLineNo">650</span> this.decryptor = codec.createDecryptor();<a name="line.650"></a>
+<span class="sourceLineNo">651</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.651"></a>
+<span class="sourceLineNo">652</span> }<a name="line.652"></a>
+<span class="sourceLineNo">653</span><a name="line.653"></a>
+<span class="sourceLineNo">654</span> @Override<a name="line.654"></a>
+<span class="sourceLineNo">655</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.655"></a>
+<span class="sourceLineNo">656</span> ByteBuf inBuf;<a name="line.656"></a>
+<span class="sourceLineNo">657</span> boolean release = false;<a name="line.657"></a>
+<span class="sourceLineNo">658</span> if (msg.nioBufferCount() == 1) {<a name="line.658"></a>
+<span class="sourceLineNo">659</span> inBuf = msg;<a name="line.659"></a>
+<span class="sourceLineNo">660</span> } else {<a name="line.660"></a>
+<span class="sourceLineNo">661</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.661"></a>
+<span class="sourceLineNo">662</span> msg.readBytes(inBuf);<a name="line.662"></a>
+<span class="sourceLineNo">663</span> release = true;<a name="line.663"></a>
+<span class="sourceLineNo">664</span> }<a name="line.664"></a>
+<span class="sourceLineNo">665</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.665"></a>
+<span class="sourceLineNo">666</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.666"></a>
+<span class="sourceLineNo">667</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.667"></a>
+<span class="sourceLineNo">668</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.668"></a>
+<span class="sourceLineNo">669</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.669"></a>
+<span class="sourceLineNo">670</span> if (release) {<a name="line.670"></a>
+<span class="sourceLineNo">671</span> inBuf.release();<a name="line.671"></a>
+<span class="sourceLineNo">672</span> }<a name="line.672"></a>
+<span class="sourceLineNo">673</span> ctx.fireChannelRead(outBuf);<a name="line.673"></a>
+<span class="sourceLineNo">674</span> }<a name="line.674"></a>
+<span class="sourceLineNo">675</span> }<a name="line.675"></a>
+<span class="sourceLineNo">676</span><a name="line.676"></a>
+<span class="sourceLineNo">677</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.677"></a>
+<span class="sourceLineNo">678</span><a name="line.678"></a>
+<span class="sourceLineNo">679</span> private final Encryptor encryptor;<a name="line.679"></a>
+<span class="sourceLineNo">680</span><a name="line.680"></a>
+<span class="sourceLineNo">681</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.681"></a>
+<span class="sourceLineNo">682</span> throws GeneralSecurityException, IOException {<a name="line.682"></a>
+<span class="sourceLineNo">683</span> this.encryptor = codec.createEncryptor();<a name="line.683"></a>
+<span class="sourceLineNo">684</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.684"></a>
+<span class="sourceLineNo">685</span> }<a name="line.685"></a>
+<span class="sourceLineNo">686</span><a name="line.686"></a>
+<span class="sourceLineNo">687</span> @Override<a name="line.687"></a>
+<span class="sourceLineNo">688</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.688"></a>
+<span class="sourceLineNo">689</span> throws Exception {<a name="line.689"></a>
+<span class="sourceLineNo">690</span> if (preferDirect) {<a name="line.690"></a>
+<span class="sourceLineNo">691</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.691"></a>
+<span class="sourceLineNo">692</span> } else {<a name="line.692"></a>
+<span class="sourceLineNo">693</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.693"></a>
+<span class="sourceLineNo">694</span> }<a name="line.694"></a>
+<span class="sourceLineNo">695</span> }<a name="line.695"></a>
+<span class="sourceLineNo">696</span><a name="line.696"></a>
+<span class="sourceLineNo">697</span> @Override<a name="line.697"></a>
+<span class="sourceLineNo">698</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.698"></a>
+<span class="sourceLineNo">699</span> ByteBuf inBuf;<a name="line.699"></a>
+<span class="sourceLineNo">700</span> boolean release = false;<a name="line.700"></a>
+<span class="sourceLineNo">701</span> if (msg.nioBufferCount() == 1) {<a name="line.701"></a>
+<span class="sourceLineNo">702</span> inBuf = msg;<a name="line.702"></a>
+<span class="sourceLineNo">703</span> } else {<a name="line.703"></a>
+<span class="sourceLineNo">704</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.704"></a>
+<span class="sourceLineNo">705</span> msg.readBytes(inBuf);<a name="line.705"></a>
+<span class="sourceLineNo">706</span> release = true;<a name="line.706"></a>
+<span class="sourceLineNo">707</span> }<a name="line.707"></a>
+<span class="sourceLineNo">708</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.708"></a>
+<span class="sourceLineNo">709</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.709"></a>
+<span class="sourceLineNo">710</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.710"></a>
+<span class="sourceLineNo">711</span> out.writerIndex(inBuf.readableBytes());<a name="line.711"></a>
+<span class="sourceLineNo">712</span> if (release) {<a name="line.712"></a>
+<span class="sourceLineNo">713</span> inBuf.release();<a name="line.713"></a>
+<span class="sourceLineNo">714</span> }<a name="line.714"></a>
+<span class="sourceLineNo">715</span> }<a name="line.715"></a>
<span class="sourceLineNo">716</span> }<a name="line.716"></a>
<span class="sourceLineNo">717</span><a name="line.717"></a>
-<span class="sourceLineNo">718</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.718"></a>
-<span class="sourceLineNo">719</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.719"></a>
-<span class="sourceLineNo">720</span> }<a name="line.720"></a>
-<span class="sourceLineNo">721</span><a name="line.721"></a>
-<span class="sourceLineNo">722</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.722"></a>
-<span class="sourceLineNo">723</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.723"></a>
-<span class="sourceLineNo">724</span> }<a name="line.724"></a>
-<span class="sourceLineNo">725</span><a name="line.725"></a>
-<span class="sourceLineNo">726</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.726"></a>
-<span class="sourceLineNo">727</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.727"></a>
-<span class="sourceLineNo">728</span> .toCharArray();<a name="line.728"></a>
+<span class="sourceLineNo">718</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.718"></a>
+<span class="sourceLineNo">719</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.719"></a>
+<span class="sourceLineNo">720</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.720"></a>
+<span class="sourceLineNo">721</span> }<a name="line.721"></a>
+<span class="sourceLineNo">722</span><a name="line.722"></a>
+<span class="sourceLineNo">723</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.723"></a>
+<span class="sourceLineNo">724</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.724"></a>
+<span class="sourceLineNo">725</span> }<a name="line.725"></a>
+<span class="sourceLineNo">726</span><a name="line.726"></a>
+<span class="sourceLineNo">727</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.727"></a>
+<span class="sourceLineNo">728</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.728"></a>
<span class="sourceLineNo">729</span> }<a name="line.729"></a>
<span class="sourceLineNo">730</span><a name="line.730"></a>
-<span class="sourceLineNo">731</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.731"></a>
-<span class="sourceLineNo">732</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.732"></a>
-<span class="sourceLineNo">733</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.733"></a>
-<span class="sourceLineNo">734</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.734"></a>
-<span class="sourceLineNo">735</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.735"></a>
-<span class="sourceLineNo">736</span> return saslProps;<a name="line.736"></a>
-<span class="sourceLineNo">737</span> }<a name="line.737"></a>
-<span class="sourceLineNo">738</span><a name="line.738"></a>
-<span class="sourceLineNo">739</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.739"></a>
-<span class="sourceLineNo">740</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {<a name="line.740"></a>
-<span class="sourceLineNo">741</span> try {<a name="line.741"></a>
-<span class="sourceLineNo">742</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.742"></a>
-<span class="sourceLineNo">743</span> new ProtobufVarint32FrameDecoder(),<a name="line.743"></a>
-<span class="sourceLineNo">744</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.744"></a>
-<span class="sourceLineNo">745</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));<a name="line.745"></a>
-<span class="sourceLineNo">746</span> } catch (SaslException e) {<a name="line.746"></a>
-<span class="sourceLineNo">747</span> saslPromise.tryFailure(e);<a name="line.747"></a>
-<span class="sourceLineNo">748</span> }<a name="line.748"></a>
-<span class="sourceLineNo">749</span> }<a name="line.749"></a>
-<span class="sourceLineNo">750</span><a name="line.750"></a>
-<span class="sourceLineNo">751</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.751"></a>
-<span class="sourceLineNo">752</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.752"></a>
-<span class="sourceLineNo">753</span> Promise<Void> saslPromise) throws IOException {<a name="line.753"></a>
-<span class="sourceLineNo">754</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.754"></a>
-<span class="sourceLineNo">755</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.755"></a>
-<span class="sourceLineNo">756</span> TrustedChannelResolver trustedChannelResolver =<a name="line.756"></a>
-<span class="sourceLineNo">757</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.757"></a>
-<span class="sourceLineNo">758</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.758"></a>
-<span class="sourceLineNo">759</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.759"></a>
-<span class="sourceLineNo">760</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.760"></a>
-<span class="sourceLineNo">761</span> saslPromise.trySuccess(null);<a name="line.761"></a>
-<span class="sourceLineNo">762</span> return;<a name="line.762"></a>
-<span class="sourceLineNo">763</span> }<a name="line.763"></a>
-<span class="sourceLineNo">764</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.764"></a>
-<span class="sourceLineNo">765</span> if (encryptionKey != null) {<a name="line.765"></a>
-<span class="sourceLineNo">766</span> if (LOG.isDebugEnabled()) {<a name="line.766"></a>
-<span class="sourceLineNo">767</span> LOG.debug(<a name="line.767"></a>
-<span class="sourceLineNo">768</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.768"></a>
-<span class="sourceLineNo">769</span> }<a name="line.769"></a>
-<span class="sourceLineNo">770</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.770"></a>
-<span class="sourceLineNo">771</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.771"></a>
-<span class="sourceLineNo">772</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);<a name="line.772"></a>
-<span class="sourceLineNo">773</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.773"></a>
-<span class="sourceLineNo">774</span> if (LOG.isDebugEnabled()) {<a name="line.774"></a>
-<span class="sourceLineNo">775</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.775"></a>
-<span class="sourceLineNo">776</span> + ", datanodeId = " + dnInfo);<a name="line.776"></a>
-<span class="sourceLineNo">777</span> }<a name="line.777"></a>
-<span class="sourceLineNo">778</span> saslPromise.trySuccess(null);<a name="line.778"></a>
-<span class="sourceLineNo">779</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.779"></a>
-<span class="sourceLineNo">780</span> if (LOG.isDebugEnabled()) {<a name="line.780"></a>
-<span class="sourceLineNo">781</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.781"></a>
-<span class="sourceLineNo">782</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.782"></a>
-<span class="sourceLineNo">783</span> }<a name="line.783"></a>
-<span class="sourceLineNo">784</span> saslPromise.trySuccess(null);<a name="line.784"></a>
-<span class="sourceLineNo">785</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.785"></a>
-<span class="sourceLineNo">786</span> if (LOG.isDebugEnabled()) {<a name="line.786"></a>
-<span class="sourceLineNo">787</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.787"></a>
-<span class="sourceLineNo">788</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.788"></a>
-<span class="sourceLineNo">789</span> }<a name="line.789"></a>
-<span class="sourceLineNo">790</span> saslPromise.trySuccess(null);<a name="line.790"></a>
-<span class="sourceLineNo">791</span> } else if (saslPropsResolver != null) {<a name="line.791"></a>
-<span class="sourceLineNo">792</span> if (LOG.isDebugEnabled()) {<a name="line.792"></a>
-<span class="sourceLineNo">793</span> LOG.debug(<a name="line.793"></a>
-<span class="sourceLineNo">794</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.794"></a>
-<span class="sourceLineNo">795</span> }<a name="line.795"></a>
-<span class="sourceLineNo">796</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.796"></a>
-<span class="sourceLineNo">797</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);<a name="line.797"></a>
-<span class="sourceLineNo">798</span> } else {<a name="line.798"></a>
-<span class="sourceLineNo">799</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.799"></a>
-<span class="sourceLineNo">800</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.800"></a>
-<span class="sourceLineNo">801</span> // edge case.<a name="line.801"></a>
-<span class="sourceLineNo">802</span> if (LOG.isDebugEnabled()) {<a name="line.802"></a>
-<span class="sourceLineNo">803</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.803"></a>
-<span class="sourceLineNo">804</span> + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.804"></a>
-<span class="sourceLineNo">805</span> }<a name="line.805"></a>
-<span class="sourceLineNo">806</span> saslPromise.trySuccess(null);<a name="line.806"></a>
-<span class="sourceLineNo">807</span> }<a name="line.807"></a>
-<span class="sourceLineNo">808</span> }<a name="line.808"></a>
-<span class="sourceLineNo">809</span><a name="line.809"></a>
-<span class="sourceLineNo">810</span> static Encryptor createEncryptor(Configuration conf, HdfsFileStatus stat, DFSClient client)<a name="line.810"></a>
-<span class="sourceLineNo">811</span> throws IOException {<a name="line.811"></a>
-<span class="sourceLineNo">812</span> FileEncryptionInfo feInfo = stat.getFileEncryptionInfo();<a name="line.812"></a>
-<span class="sourceLineNo">813</span> if (feInfo == null) {<a name="line.813"></a>
-<span class="sourceLineNo">814</span> return null;<a name="line.814"></a>
-<span class="sourceLineNo">815</span> }<a name="line.815"></a>
-<span class="sourceLineNo">816</span> return TRANSPARENT_CRYPTO_HELPER.createEncryptor(conf, feInfo, client);<a name="line.816"></a>
+<span class="sourceLineNo">731</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.731"></a>
+<span class="sourceLineNo">732</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.732"></a>
+<span class="sourceLineNo">733</span> .toCharArray();<a name="line.733"></a>
+<span class="sourceLineNo">734</span> }<a name="line.734"></a>
+<span class="sourceLineNo">735</span><a name="line.735"></a>
+<span class="sourceLineNo">736</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.736"></a>
+<span class="sourceLineNo">737</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.737"></a>
+<span class="sourceLineNo">738</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.738"></a>
+<span class="sourceLineNo">739</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.739"></a>
+<span class="sourceLineNo">740</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.740"></a>
+<span class="sourceLineNo">741</span> return saslProps;<a name="line.741"></a>
+<span class="sourceLineNo">742</span> }<a name="line.742"></a>
+<span class="sourceLineNo">743</span><a name="line.743"></a>
+<span class="sourceLineNo">744</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.744"></a>
+<span class="sourceLineNo">745</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,<a name="line.745"></a>
+<span class="sourceLineNo">746</span> DFSClient dfsClient) {<a name="line.746"></a>
+<span class="sourceLineNo">747</span> try {<a name="line.747"></a>
+<span class="sourceLineNo">748</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.748"></a>
+<span class="sourceLineNo">749</span> new ProtobufVarint32FrameDecoder(),<a name="line.749"></a>
+<span class="sourceLineNo">750</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.750"></a>
+<span class="sourceLineNo">751</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,<a name="line.751"></a>
+<span class="sourceLineNo">752</span> dfsClient));<a name="line.752"></a>
+<span class="sourceLineNo">753</span> } catch (SaslException e) {<a name="line.753"></a>
+<span class="sourceLineNo">754</span> saslPromise.tryFailure(e);<a name="line.754"></a>
+<span class="sourceLineNo">755</span> }<a name="line.755"></a>
+<span class="sourceLineNo">756</span> }<a name="line.756"></a>
+<span class="sourceLineNo">757</span><a name="line.757"></a>
+<span class="sourceLineNo">758</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.758"></a>
+<span class="sourceLineNo">759</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.759"></a>
+<span class="sourceLineNo">760</span> Promise<Void> saslPromise) throws IOException {<a name="line.760"></a>
+<span class="sourceLineNo">761</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.761"></a>
+<span class="sourceLineNo">762</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.762"></a>
+<span class="sourceLineNo">763</span> TrustedChannelResolver trustedChannelResolver =<a name="line.763"></a>
+<span class="sourceLineNo">764</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.764"></a>
+<span class="sourceLineNo">765</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.765"></a>
+<span class="sourceLineNo">766</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.766"></a>
+<span class="sourceLineNo">767</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.767"></a>
+<span class="sourceLineNo">768</span> saslPromise.trySuccess(null);<a name="line.768"></a>
+<span class="sourceLineNo">769</span> return;<a name="line.769"></a>
+<span class="sourceLineNo">770</span> }<a name="line.770"></a>
+<span class="sourceLineNo">771</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.771"></a>
+<span class="sourceLineNo">772</span> if (encryptionKey != null) {<a name="line.772"></a>
+<span class="sourceLineNo">773</span> if (LOG.isDebugEnabled()) {<a name="line.773"></a>
+<span class="sourceLineNo">774</span> LOG.debug(<a name="line.774"></a>
+<span class="sourceLineNo">775</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.775"></a>
+<span class="sourceLineNo">776</span> }<a name="line.776"></a>
+<span class="sourceLineNo">777</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.777"></a>
+<span class="sourceLineNo">778</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.778"></a>
+<span class="sourceLineNo">779</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,<a name="line.779"></a>
+<span class="sourceLineNo">780</span> client);<a name="line.780"></a>
+<span class="sourceLineNo">781</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.781"></a>
+<span class="sourceLineNo">782</span> if (LOG.isDebugEnabled()) {<a name="line.782"></a>
+<span class="sourceLineNo">783</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.783"></a>
+<span class="sourceLineNo">784</span> + ", datanodeId = " + dnInfo);<a name="line.784"></a>
+<span class="sourceLineNo">785</span> }<a name="line.785"></a>
+<span class="sourceLineNo">786</span> saslPromise.trySuccess(null);<a name="line.786"></a>
+<span class="sourceLineNo">787</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.787"></a>
+<span class="sourceLineNo">788</span> if (LOG.isDebugEnabled()) {<a name="line.788"></a>
+<span class="sourceLineNo">789</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.789"></a>
+<span class="sourceLineNo">790</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.790"></a>
+<span class="sourceLineNo">791</span> }<a name="line.791"></a>
+<span class="sourceLineNo">792</span> saslPromise.trySuccess(null);<a name="line.792"></a>
+<span class="sourceLineNo">793</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.793"></a>
+<span class="sourceLineNo">794</span> if (LOG.isDebugEnabled()) {<a name="line.794"></a>
+<span class="sourceLineNo">795</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.795"></a>
+<span class="sourceLineNo">796</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.796"></a>
+<span class="sourceLineNo">797</span> }<a name="line.797"></a>
+<span class="sourceLineNo">798</span> saslPromise.trySuccess(null);<a name="line.798"></a>
+<span class="sourceLineNo">799</span> } else if (saslPropsResolver != null) {<a name="line.799"></a>
+<span class="sourceLineNo">800</span> if (LOG.isDebugEnabled()) {<a name="line.800"></a>
+<span class="sourceLineNo">801</span> LOG.debug(<a name="line.801"></a>
+<span class="sourceLineNo">802</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.802"></a>
+<span class="sourceLineNo">803</span> }<a name="line.803"></a>
+<span class="sourceLineNo">804</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.804"></a>
+<span class="sourceLineNo">805</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,<a name="line.805"></a>
+<span class="sourceLineNo">806</span> client);<a name="line.806"></a>
+<span class="sourceLineNo">807</span> } else {<a name="line.807"></a>
+<span class="sourceLineNo">808</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.808"></a>
+<span class="sourceLineNo">809</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.809"></a>
+<span class="sourceLineNo">810</span> // edge case.<a name="line.810"></a>
+<span class="sourceLineNo">811</span> if (LOG.isDebugEnabled()) {<a name="line.811"></a>
+<span class="sourceLineNo">
<TRUNCATED>
[04/15] hbase-site git commit: Published site at
a3ab9306a6a1b044a8558814c5e21a38e0cb8b03.
Posted by gi...@apache.org.
http://git-wip-us.apache.org/repos/asf/hbase-site/blob/10a20a24/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html
----------------------------------------------------------------------
diff --git a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html
index 40ef9f4..36b4e7f 100644
--- a/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html
+++ b/devapidocs/src-html/org/apache/hadoop/hbase/io/asyncfs/FanOutOneBlockAsyncDFSOutputSaslHelper.SaslWrapHandler.html
@@ -375,455 +375,464 @@
<span class="sourceLineNo">367</span><a name="line.367"></a>
<span class="sourceLineNo">368</span> private final Promise<Void> promise;<a name="line.368"></a>
<span class="sourceLineNo">369</span><a name="line.369"></a>
-<span class="sourceLineNo">370</span> private int step = 0;<a name="line.370"></a>
+<span class="sourceLineNo">370</span> private final DFSClient dfsClient;<a name="line.370"></a>
<span class="sourceLineNo">371</span><a name="line.371"></a>
-<span class="sourceLineNo">372</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.372"></a>
-<span class="sourceLineNo">373</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise) throws SaslException {<a name="line.373"></a>
-<span class="sourceLineNo">374</span> this.conf = conf;<a name="line.374"></a>
-<span class="sourceLineNo">375</span> this.saslProps = saslProps;<a name="line.375"></a>
-<span class="sourceLineNo">376</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.376"></a>
-<span class="sourceLineNo">377</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.377"></a>
-<span class="sourceLineNo">378</span> this.timeoutMs = timeoutMs;<a name="line.378"></a>
-<span class="sourceLineNo">379</span> this.promise = promise;<a name="line.379"></a>
-<span class="sourceLineNo">380</span> }<a name="line.380"></a>
-<span class="sourceLineNo">381</span><a name="line.381"></a>
-<span class="sourceLineNo">382</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.382"></a>
-<span class="sourceLineNo">383</span> sendSaslMessage(ctx, payload, null);<a name="line.383"></a>
+<span class="sourceLineNo">372</span> private int step = 0;<a name="line.372"></a>
+<span class="sourceLineNo">373</span><a name="line.373"></a>
+<span class="sourceLineNo">374</span> public SaslNegotiateHandler(Configuration conf, String username, char[] password,<a name="line.374"></a>
+<span class="sourceLineNo">375</span> Map<String, String> saslProps, int timeoutMs, Promise<Void> promise,<a name="line.375"></a>
+<span class="sourceLineNo">376</span> DFSClient dfsClient) throws SaslException {<a name="line.376"></a>
+<span class="sourceLineNo">377</span> this.conf = conf;<a name="line.377"></a>
+<span class="sourceLineNo">378</span> this.saslProps = saslProps;<a name="line.378"></a>
+<span class="sourceLineNo">379</span> this.saslClient = Sasl.createSaslClient(new String[] { MECHANISM }, username, PROTOCOL,<a name="line.379"></a>
+<span class="sourceLineNo">380</span> SERVER_NAME, saslProps, new SaslClientCallbackHandler(username, password));<a name="line.380"></a>
+<span class="sourceLineNo">381</span> this.timeoutMs = timeoutMs;<a name="line.381"></a>
+<span class="sourceLineNo">382</span> this.promise = promise;<a name="line.382"></a>
+<span class="sourceLineNo">383</span> this.dfsClient = dfsClient;<a name="line.383"></a>
<span class="sourceLineNo">384</span> }<a name="line.384"></a>
<span class="sourceLineNo">385</span><a name="line.385"></a>
-<span class="sourceLineNo">386</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.386"></a>
-<span class="sourceLineNo">387</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.387"></a>
-<span class="sourceLineNo">388</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.388"></a>
-<span class="sourceLineNo">389</span> // values for future expansion.<a name="line.389"></a>
-<span class="sourceLineNo">390</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.390"></a>
-<span class="sourceLineNo">391</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.391"></a>
-<span class="sourceLineNo">392</span> return null;<a name="line.392"></a>
-<span class="sourceLineNo">393</span> }<a name="line.393"></a>
-<span class="sourceLineNo">394</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.394"></a>
-<span class="sourceLineNo">395</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.395"></a>
-<span class="sourceLineNo">396</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.396"></a>
+<span class="sourceLineNo">386</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload) throws IOException {<a name="line.386"></a>
+<span class="sourceLineNo">387</span> sendSaslMessage(ctx, payload, null);<a name="line.387"></a>
+<span class="sourceLineNo">388</span> }<a name="line.388"></a>
+<span class="sourceLineNo">389</span><a name="line.389"></a>
+<span class="sourceLineNo">390</span> private List<CipherOption> getCipherOptions() throws IOException {<a name="line.390"></a>
+<span class="sourceLineNo">391</span> // Negotiate cipher suites if configured. Currently, the only supported<a name="line.391"></a>
+<span class="sourceLineNo">392</span> // cipher suite is AES/CTR/NoPadding, but the protocol allows multiple<a name="line.392"></a>
+<span class="sourceLineNo">393</span> // values for future expansion.<a name="line.393"></a>
+<span class="sourceLineNo">394</span> String cipherSuites = conf.get(DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY);<a name="line.394"></a>
+<span class="sourceLineNo">395</span> if (StringUtils.isBlank(cipherSuites)) {<a name="line.395"></a>
+<span class="sourceLineNo">396</span> return null;<a name="line.396"></a>
<span class="sourceLineNo">397</span> }<a name="line.397"></a>
-<span class="sourceLineNo">398</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.398"></a>
-<span class="sourceLineNo">399</span> }<a name="line.399"></a>
-<span class="sourceLineNo">400</span><a name="line.400"></a>
-<span class="sourceLineNo">401</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.401"></a>
-<span class="sourceLineNo">402</span> List<CipherOption> options) throws IOException {<a name="line.402"></a>
-<span class="sourceLineNo">403</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.403"></a>
-<span class="sourceLineNo">404</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.404"></a>
-<span class="sourceLineNo">405</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.405"></a>
-<span class="sourceLineNo">406</span> if (payload != null) {<a name="line.406"></a>
-<span class="sourceLineNo">407</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.407"></a>
-<span class="sourceLineNo">408</span> // and we want to keep that out of hbase-server.<a name="line.408"></a>
-<span class="sourceLineNo">409</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.409"></a>
-<span class="sourceLineNo">410</span> }<a name="line.410"></a>
-<span class="sourceLineNo">411</span> if (options != null) {<a name="line.411"></a>
-<span class="sourceLineNo">412</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.412"></a>
-<span class="sourceLineNo">413</span> }<a name="line.413"></a>
-<span class="sourceLineNo">414</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.414"></a>
-<span class="sourceLineNo">415</span> int size = proto.getSerializedSize();<a name="line.415"></a>
-<span class="sourceLineNo">416</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.416"></a>
-<span class="sourceLineNo">417</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.417"></a>
-<span class="sourceLineNo">418</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.418"></a>
-<span class="sourceLineNo">419</span> ctx.write(buf);<a name="line.419"></a>
-<span class="sourceLineNo">420</span> }<a name="line.420"></a>
-<span class="sourceLineNo">421</span><a name="line.421"></a>
-<span class="sourceLineNo">422</span> @Override<a name="line.422"></a>
-<span class="sourceLineNo">423</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.423"></a>
-<span class="sourceLineNo">424</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.424"></a>
-<span class="sourceLineNo">425</span> sendSaslMessage(ctx, new byte[0]);<a name="line.425"></a>
-<span class="sourceLineNo">426</span> ctx.flush();<a name="line.426"></a>
-<span class="sourceLineNo">427</span> step++;<a name="line.427"></a>
-<span class="sourceLineNo">428</span> }<a name="line.428"></a>
-<span class="sourceLineNo">429</span><a name="line.429"></a>
-<span class="sourceLineNo">430</span> @Override<a name="line.430"></a>
-<span class="sourceLineNo">431</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.431"></a>
-<span class="sourceLineNo">432</span> saslClient.dispose();<a name="line.432"></a>
-<span class="sourceLineNo">433</span> }<a name="line.433"></a>
-<span class="sourceLineNo">434</span><a name="line.434"></a>
-<span class="sourceLineNo">435</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.435"></a>
-<span class="sourceLineNo">436</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.436"></a>
-<span class="sourceLineNo">437</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.437"></a>
-<span class="sourceLineNo">438</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.438"></a>
-<span class="sourceLineNo">439</span> throw new IOException(proto.getMessage());<a name="line.439"></a>
-<span class="sourceLineNo">440</span> }<a name="line.440"></a>
-<span class="sourceLineNo">441</span> }<a name="line.441"></a>
-<span class="sourceLineNo">442</span><a name="line.442"></a>
-<span class="sourceLineNo">443</span> private String getNegotiatedQop() {<a name="line.443"></a>
-<span class="sourceLineNo">444</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.444"></a>
-<span class="sourceLineNo">445</span> }<a name="line.445"></a>
-<span class="sourceLineNo">446</span><a name="line.446"></a>
-<span class="sourceLineNo">447</span> private boolean isNegotiatedQopPrivacy() {<a name="line.447"></a>
-<span class="sourceLineNo">448</span> String qop = getNegotiatedQop();<a name="line.448"></a>
-<span class="sourceLineNo">449</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.449"></a>
+<span class="sourceLineNo">398</span> if (!cipherSuites.equals(CipherSuite.AES_CTR_NOPADDING.getName())) {<a name="line.398"></a>
+<span class="sourceLineNo">399</span> throw new IOException(String.format("Invalid cipher suite, %s=%s",<a name="line.399"></a>
+<span class="sourceLineNo">400</span> DFS_ENCRYPT_DATA_TRANSFER_CIPHER_SUITES_KEY, cipherSuites));<a name="line.400"></a>
+<span class="sourceLineNo">401</span> }<a name="line.401"></a>
+<span class="sourceLineNo">402</span> return Collections.singletonList(new CipherOption(CipherSuite.AES_CTR_NOPADDING));<a name="line.402"></a>
+<span class="sourceLineNo">403</span> }<a name="line.403"></a>
+<span class="sourceLineNo">404</span><a name="line.404"></a>
+<span class="sourceLineNo">405</span> private void sendSaslMessage(ChannelHandlerContext ctx, byte[] payload,<a name="line.405"></a>
+<span class="sourceLineNo">406</span> List<CipherOption> options) throws IOException {<a name="line.406"></a>
+<span class="sourceLineNo">407</span> DataTransferEncryptorMessageProto.Builder builder =<a name="line.407"></a>
+<span class="sourceLineNo">408</span> DataTransferEncryptorMessageProto.newBuilder();<a name="line.408"></a>
+<span class="sourceLineNo">409</span> builder.setStatus(DataTransferEncryptorStatus.SUCCESS);<a name="line.409"></a>
+<span class="sourceLineNo">410</span> if (payload != null) {<a name="line.410"></a>
+<span class="sourceLineNo">411</span> // Was ByteStringer; fix w/o using ByteStringer. Its in hbase-protocol<a name="line.411"></a>
+<span class="sourceLineNo">412</span> // and we want to keep that out of hbase-server.<a name="line.412"></a>
+<span class="sourceLineNo">413</span> builder.setPayload(ByteString.copyFrom(payload));<a name="line.413"></a>
+<span class="sourceLineNo">414</span> }<a name="line.414"></a>
+<span class="sourceLineNo">415</span> if (options != null) {<a name="line.415"></a>
+<span class="sourceLineNo">416</span> builder.addAllCipherOption(PB_HELPER.convertCipherOptions(options));<a name="line.416"></a>
+<span class="sourceLineNo">417</span> }<a name="line.417"></a>
+<span class="sourceLineNo">418</span> DataTransferEncryptorMessageProto proto = builder.build();<a name="line.418"></a>
+<span class="sourceLineNo">419</span> int size = proto.getSerializedSize();<a name="line.419"></a>
+<span class="sourceLineNo">420</span> size += CodedOutputStream.computeRawVarint32Size(size);<a name="line.420"></a>
+<span class="sourceLineNo">421</span> ByteBuf buf = ctx.alloc().buffer(size);<a name="line.421"></a>
+<span class="sourceLineNo">422</span> proto.writeDelimitedTo(new ByteBufOutputStream(buf));<a name="line.422"></a>
+<span class="sourceLineNo">423</span> ctx.write(buf);<a name="line.423"></a>
+<span class="sourceLineNo">424</span> }<a name="line.424"></a>
+<span class="sourceLineNo">425</span><a name="line.425"></a>
+<span class="sourceLineNo">426</span> @Override<a name="line.426"></a>
+<span class="sourceLineNo">427</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.427"></a>
+<span class="sourceLineNo">428</span> ctx.write(ctx.alloc().buffer(4).writeInt(SASL_TRANSFER_MAGIC_NUMBER));<a name="line.428"></a>
+<span class="sourceLineNo">429</span> sendSaslMessage(ctx, new byte[0]);<a name="line.429"></a>
+<span class="sourceLineNo">430</span> ctx.flush();<a name="line.430"></a>
+<span class="sourceLineNo">431</span> step++;<a name="line.431"></a>
+<span class="sourceLineNo">432</span> }<a name="line.432"></a>
+<span class="sourceLineNo">433</span><a name="line.433"></a>
+<span class="sourceLineNo">434</span> @Override<a name="line.434"></a>
+<span class="sourceLineNo">435</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.435"></a>
+<span class="sourceLineNo">436</span> saslClient.dispose();<a name="line.436"></a>
+<span class="sourceLineNo">437</span> }<a name="line.437"></a>
+<span class="sourceLineNo">438</span><a name="line.438"></a>
+<span class="sourceLineNo">439</span> private void check(DataTransferEncryptorMessageProto proto) throws IOException {<a name="line.439"></a>
+<span class="sourceLineNo">440</span> if (proto.getStatus() == DataTransferEncryptorStatus.ERROR_UNKNOWN_KEY) {<a name="line.440"></a>
+<span class="sourceLineNo">441</span> dfsClient.clearDataEncryptionKey();<a name="line.441"></a>
+<span class="sourceLineNo">442</span> throw new InvalidEncryptionKeyException(proto.getMessage());<a name="line.442"></a>
+<span class="sourceLineNo">443</span> } else if (proto.getStatus() == DataTransferEncryptorStatus.ERROR) {<a name="line.443"></a>
+<span class="sourceLineNo">444</span> throw new IOException(proto.getMessage());<a name="line.444"></a>
+<span class="sourceLineNo">445</span> }<a name="line.445"></a>
+<span class="sourceLineNo">446</span> }<a name="line.446"></a>
+<span class="sourceLineNo">447</span><a name="line.447"></a>
+<span class="sourceLineNo">448</span> private String getNegotiatedQop() {<a name="line.448"></a>
+<span class="sourceLineNo">449</span> return (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.449"></a>
<span class="sourceLineNo">450</span> }<a name="line.450"></a>
<span class="sourceLineNo">451</span><a name="line.451"></a>
-<span class="sourceLineNo">452</span> private boolean requestedQopContainsPrivacy() {<a name="line.452"></a>
-<span class="sourceLineNo">453</span> Set<String> requestedQop =<a name="line.453"></a>
-<span class="sourceLineNo">454</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.454"></a>
-<span class="sourceLineNo">455</span> return requestedQop.contains("auth-conf");<a name="line.455"></a>
-<span class="sourceLineNo">456</span> }<a name="line.456"></a>
-<span class="sourceLineNo">457</span><a name="line.457"></a>
-<span class="sourceLineNo">458</span> private void checkSaslComplete() throws IOException {<a name="line.458"></a>
-<span class="sourceLineNo">459</span> if (!saslClient.isComplete()) {<a name="line.459"></a>
-<span class="sourceLineNo">460</span> throw new IOException("Failed to complete SASL handshake");<a name="line.460"></a>
-<span class="sourceLineNo">461</span> }<a name="line.461"></a>
-<span class="sourceLineNo">462</span> Set<String> requestedQop =<a name="line.462"></a>
-<span class="sourceLineNo">463</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.463"></a>
-<span class="sourceLineNo">464</span> String negotiatedQop = getNegotiatedQop();<a name="line.464"></a>
-<span class="sourceLineNo">465</span> LOG.debug(<a name="line.465"></a>
-<span class="sourceLineNo">466</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.466"></a>
-<span class="sourceLineNo">467</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.467"></a>
-<span class="sourceLineNo">468</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.468"></a>
-<span class="sourceLineNo">469</span> + "channel does not have acceptable quality of protection, "<a name="line.469"></a>
-<span class="sourceLineNo">470</span> + "requested = %s, negotiated = %s",<a name="line.470"></a>
-<span class="sourceLineNo">471</span> requestedQop, negotiatedQop));<a name="line.471"></a>
-<span class="sourceLineNo">472</span> }<a name="line.472"></a>
-<span class="sourceLineNo">473</span> }<a name="line.473"></a>
-<span class="sourceLineNo">474</span><a name="line.474"></a>
-<span class="sourceLineNo">475</span> private boolean useWrap() {<a name="line.475"></a>
-<span class="sourceLineNo">476</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.476"></a>
-<span class="sourceLineNo">477</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.477"></a>
+<span class="sourceLineNo">452</span> private boolean isNegotiatedQopPrivacy() {<a name="line.452"></a>
+<span class="sourceLineNo">453</span> String qop = getNegotiatedQop();<a name="line.453"></a>
+<span class="sourceLineNo">454</span> return qop != null && "auth-conf".equalsIgnoreCase(qop);<a name="line.454"></a>
+<span class="sourceLineNo">455</span> }<a name="line.455"></a>
+<span class="sourceLineNo">456</span><a name="line.456"></a>
+<span class="sourceLineNo">457</span> private boolean requestedQopContainsPrivacy() {<a name="line.457"></a>
+<span class="sourceLineNo">458</span> Set<String> requestedQop =<a name="line.458"></a>
+<span class="sourceLineNo">459</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.459"></a>
+<span class="sourceLineNo">460</span> return requestedQop.contains("auth-conf");<a name="line.460"></a>
+<span class="sourceLineNo">461</span> }<a name="line.461"></a>
+<span class="sourceLineNo">462</span><a name="line.462"></a>
+<span class="sourceLineNo">463</span> private void checkSaslComplete() throws IOException {<a name="line.463"></a>
+<span class="sourceLineNo">464</span> if (!saslClient.isComplete()) {<a name="line.464"></a>
+<span class="sourceLineNo">465</span> throw new IOException("Failed to complete SASL handshake");<a name="line.465"></a>
+<span class="sourceLineNo">466</span> }<a name="line.466"></a>
+<span class="sourceLineNo">467</span> Set<String> requestedQop =<a name="line.467"></a>
+<span class="sourceLineNo">468</span> ImmutableSet.copyOf(Arrays.asList(saslProps.get(Sasl.QOP).split(",")));<a name="line.468"></a>
+<span class="sourceLineNo">469</span> String negotiatedQop = getNegotiatedQop();<a name="line.469"></a>
+<span class="sourceLineNo">470</span> LOG.debug(<a name="line.470"></a>
+<span class="sourceLineNo">471</span> "Verifying QOP, requested QOP = " + requestedQop + ", negotiated QOP = " + negotiatedQop);<a name="line.471"></a>
+<span class="sourceLineNo">472</span> if (!requestedQop.contains(negotiatedQop)) {<a name="line.472"></a>
+<span class="sourceLineNo">473</span> throw new IOException(String.format("SASL handshake completed, but "<a name="line.473"></a>
+<span class="sourceLineNo">474</span> + "channel does not have acceptable quality of protection, "<a name="line.474"></a>
+<span class="sourceLineNo">475</span> + "requested = %s, negotiated = %s",<a name="line.475"></a>
+<span class="sourceLineNo">476</span> requestedQop, negotiatedQop));<a name="line.476"></a>
+<span class="sourceLineNo">477</span> }<a name="line.477"></a>
<span class="sourceLineNo">478</span> }<a name="line.478"></a>
<span class="sourceLineNo">479</span><a name="line.479"></a>
-<span class="sourceLineNo">480</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.480"></a>
-<span class="sourceLineNo">481</span> byte[] inKey = option.getInKey();<a name="line.481"></a>
-<span class="sourceLineNo">482</span> if (inKey != null) {<a name="line.482"></a>
-<span class="sourceLineNo">483</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.483"></a>
-<span class="sourceLineNo">484</span> }<a name="line.484"></a>
-<span class="sourceLineNo">485</span> byte[] outKey = option.getOutKey();<a name="line.485"></a>
-<span class="sourceLineNo">486</span> if (outKey != null) {<a name="line.486"></a>
-<span class="sourceLineNo">487</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.487"></a>
-<span class="sourceLineNo">488</span> }<a name="line.488"></a>
-<span class="sourceLineNo">489</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.489"></a>
-<span class="sourceLineNo">490</span> option.getOutIv());<a name="line.490"></a>
-<span class="sourceLineNo">491</span> }<a name="line.491"></a>
-<span class="sourceLineNo">492</span><a name="line.492"></a>
-<span class="sourceLineNo">493</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.493"></a>
-<span class="sourceLineNo">494</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.494"></a>
-<span class="sourceLineNo">495</span> List<CipherOption> cipherOptions =<a name="line.495"></a>
-<span class="sourceLineNo">496</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.496"></a>
-<span class="sourceLineNo">497</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.497"></a>
-<span class="sourceLineNo">498</span> return null;<a name="line.498"></a>
-<span class="sourceLineNo">499</span> }<a name="line.499"></a>
-<span class="sourceLineNo">500</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.500"></a>
-<span class="sourceLineNo">501</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.501"></a>
-<span class="sourceLineNo">502</span> }<a name="line.502"></a>
-<span class="sourceLineNo">503</span><a name="line.503"></a>
-<span class="sourceLineNo">504</span> @Override<a name="line.504"></a>
-<span class="sourceLineNo">505</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.505"></a>
-<span class="sourceLineNo">506</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.506"></a>
-<span class="sourceLineNo">507</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.507"></a>
-<span class="sourceLineNo">508</span> check(proto);<a name="line.508"></a>
-<span class="sourceLineNo">509</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.509"></a>
-<span class="sourceLineNo">510</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.510"></a>
-<span class="sourceLineNo">511</span> switch (step) {<a name="line.511"></a>
-<span class="sourceLineNo">512</span> case 1: {<a name="line.512"></a>
-<span class="sourceLineNo">513</span> List<CipherOption> cipherOptions = null;<a name="line.513"></a>
-<span class="sourceLineNo">514</span> if (requestedQopContainsPrivacy()) {<a name="line.514"></a>
-<span class="sourceLineNo">515</span> cipherOptions = getCipherOptions();<a name="line.515"></a>
-<span class="sourceLineNo">516</span> }<a name="line.516"></a>
-<span class="sourceLineNo">517</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.517"></a>
-<span class="sourceLineNo">518</span> ctx.flush();<a name="line.518"></a>
-<span class="sourceLineNo">519</span> step++;<a name="line.519"></a>
-<span class="sourceLineNo">520</span> break;<a name="line.520"></a>
-<span class="sourceLineNo">521</span> }<a name="line.521"></a>
-<span class="sourceLineNo">522</span> case 2: {<a name="line.522"></a>
-<span class="sourceLineNo">523</span> assert response == null;<a name="line.523"></a>
-<span class="sourceLineNo">524</span> checkSaslComplete();<a name="line.524"></a>
-<span class="sourceLineNo">525</span> CipherOption cipherOption =<a name="line.525"></a>
-<span class="sourceLineNo">526</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.526"></a>
-<span class="sourceLineNo">527</span> ChannelPipeline p = ctx.pipeline();<a name="line.527"></a>
-<span class="sourceLineNo">528</span> while (p.first() != null) {<a name="line.528"></a>
-<span class="sourceLineNo">529</span> p.removeFirst();<a name="line.529"></a>
-<span class="sourceLineNo">530</span> }<a name="line.530"></a>
-<span class="sourceLineNo">531</span> if (cipherOption != null) {<a name="line.531"></a>
-<span class="sourceLineNo">532</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.532"></a>
-<span class="sourceLineNo">533</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.533"></a>
-<span class="sourceLineNo">534</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.534"></a>
-<span class="sourceLineNo">535</span> } else {<a name="line.535"></a>
-<span class="sourceLineNo">536</span> if (useWrap()) {<a name="line.536"></a>
-<span class="sourceLineNo">537</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.537"></a>
-<span class="sourceLineNo">538</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.538"></a>
-<span class="sourceLineNo">539</span> new SaslUnwrapHandler(saslClient));<a name="line.539"></a>
-<span class="sourceLineNo">540</span> }<a name="line.540"></a>
-<span class="sourceLineNo">541</span> }<a name="line.541"></a>
-<span class="sourceLineNo">542</span> promise.trySuccess(null);<a name="line.542"></a>
-<span class="sourceLineNo">543</span> break;<a name="line.543"></a>
-<span class="sourceLineNo">544</span> }<a name="line.544"></a>
-<span class="sourceLineNo">545</span> default:<a name="line.545"></a>
-<span class="sourceLineNo">546</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.546"></a>
-<span class="sourceLineNo">547</span> }<a name="line.547"></a>
-<span class="sourceLineNo">548</span> } else {<a name="line.548"></a>
-<span class="sourceLineNo">549</span> ctx.fireChannelRead(msg);<a name="line.549"></a>
-<span class="sourceLineNo">550</span> }<a name="line.550"></a>
-<span class="sourceLineNo">551</span> }<a name="line.551"></a>
-<span class="sourceLineNo">552</span><a name="line.552"></a>
-<span class="sourceLineNo">553</span> @Override<a name="line.553"></a>
-<span class="sourceLineNo">554</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.554"></a>
-<span class="sourceLineNo">555</span> promise.tryFailure(cause);<a name="line.555"></a>
+<span class="sourceLineNo">480</span> private boolean useWrap() {<a name="line.480"></a>
+<span class="sourceLineNo">481</span> String qop = (String) saslClient.getNegotiatedProperty(Sasl.QOP);<a name="line.481"></a>
+<span class="sourceLineNo">482</span> return qop != null && !"auth".equalsIgnoreCase(qop);<a name="line.482"></a>
+<span class="sourceLineNo">483</span> }<a name="line.483"></a>
+<span class="sourceLineNo">484</span><a name="line.484"></a>
+<span class="sourceLineNo">485</span> private CipherOption unwrap(CipherOption option, SaslClient saslClient) throws IOException {<a name="line.485"></a>
+<span class="sourceLineNo">486</span> byte[] inKey = option.getInKey();<a name="line.486"></a>
+<span class="sourceLineNo">487</span> if (inKey != null) {<a name="line.487"></a>
+<span class="sourceLineNo">488</span> inKey = saslClient.unwrap(inKey, 0, inKey.length);<a name="line.488"></a>
+<span class="sourceLineNo">489</span> }<a name="line.489"></a>
+<span class="sourceLineNo">490</span> byte[] outKey = option.getOutKey();<a name="line.490"></a>
+<span class="sourceLineNo">491</span> if (outKey != null) {<a name="line.491"></a>
+<span class="sourceLineNo">492</span> outKey = saslClient.unwrap(outKey, 0, outKey.length);<a name="line.492"></a>
+<span class="sourceLineNo">493</span> }<a name="line.493"></a>
+<span class="sourceLineNo">494</span> return new CipherOption(option.getCipherSuite(), inKey, option.getInIv(), outKey,<a name="line.494"></a>
+<span class="sourceLineNo">495</span> option.getOutIv());<a name="line.495"></a>
+<span class="sourceLineNo">496</span> }<a name="line.496"></a>
+<span class="sourceLineNo">497</span><a name="line.497"></a>
+<span class="sourceLineNo">498</span> private CipherOption getCipherOption(DataTransferEncryptorMessageProto proto,<a name="line.498"></a>
+<span class="sourceLineNo">499</span> boolean isNegotiatedQopPrivacy, SaslClient saslClient) throws IOException {<a name="line.499"></a>
+<span class="sourceLineNo">500</span> List<CipherOption> cipherOptions =<a name="line.500"></a>
+<span class="sourceLineNo">501</span> PB_HELPER.convertCipherOptionProtos(proto.getCipherOptionList());<a name="line.501"></a>
+<span class="sourceLineNo">502</span> if (cipherOptions == null || cipherOptions.isEmpty()) {<a name="line.502"></a>
+<span class="sourceLineNo">503</span> return null;<a name="line.503"></a>
+<span class="sourceLineNo">504</span> }<a name="line.504"></a>
+<span class="sourceLineNo">505</span> CipherOption cipherOption = cipherOptions.get(0);<a name="line.505"></a>
+<span class="sourceLineNo">506</span> return isNegotiatedQopPrivacy ? unwrap(cipherOption, saslClient) : cipherOption;<a name="line.506"></a>
+<span class="sourceLineNo">507</span> }<a name="line.507"></a>
+<span class="sourceLineNo">508</span><a name="line.508"></a>
+<span class="sourceLineNo">509</span> @Override<a name="line.509"></a>
+<span class="sourceLineNo">510</span> public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {<a name="line.510"></a>
+<span class="sourceLineNo">511</span> if (msg instanceof DataTransferEncryptorMessageProto) {<a name="line.511"></a>
+<span class="sourceLineNo">512</span> DataTransferEncryptorMessageProto proto = (DataTransferEncryptorMessageProto) msg;<a name="line.512"></a>
+<span class="sourceLineNo">513</span> check(proto);<a name="line.513"></a>
+<span class="sourceLineNo">514</span> byte[] challenge = proto.getPayload().toByteArray();<a name="line.514"></a>
+<span class="sourceLineNo">515</span> byte[] response = saslClient.evaluateChallenge(challenge);<a name="line.515"></a>
+<span class="sourceLineNo">516</span> switch (step) {<a name="line.516"></a>
+<span class="sourceLineNo">517</span> case 1: {<a name="line.517"></a>
+<span class="sourceLineNo">518</span> List<CipherOption> cipherOptions = null;<a name="line.518"></a>
+<span class="sourceLineNo">519</span> if (requestedQopContainsPrivacy()) {<a name="line.519"></a>
+<span class="sourceLineNo">520</span> cipherOptions = getCipherOptions();<a name="line.520"></a>
+<span class="sourceLineNo">521</span> }<a name="line.521"></a>
+<span class="sourceLineNo">522</span> sendSaslMessage(ctx, response, cipherOptions);<a name="line.522"></a>
+<span class="sourceLineNo">523</span> ctx.flush();<a name="line.523"></a>
+<span class="sourceLineNo">524</span> step++;<a name="line.524"></a>
+<span class="sourceLineNo">525</span> break;<a name="line.525"></a>
+<span class="sourceLineNo">526</span> }<a name="line.526"></a>
+<span class="sourceLineNo">527</span> case 2: {<a name="line.527"></a>
+<span class="sourceLineNo">528</span> assert response == null;<a name="line.528"></a>
+<span class="sourceLineNo">529</span> checkSaslComplete();<a name="line.529"></a>
+<span class="sourceLineNo">530</span> CipherOption cipherOption =<a name="line.530"></a>
+<span class="sourceLineNo">531</span> getCipherOption(proto, isNegotiatedQopPrivacy(), saslClient);<a name="line.531"></a>
+<span class="sourceLineNo">532</span> ChannelPipeline p = ctx.pipeline();<a name="line.532"></a>
+<span class="sourceLineNo">533</span> while (p.first() != null) {<a name="line.533"></a>
+<span class="sourceLineNo">534</span> p.removeFirst();<a name="line.534"></a>
+<span class="sourceLineNo">535</span> }<a name="line.535"></a>
+<span class="sourceLineNo">536</span> if (cipherOption != null) {<a name="line.536"></a>
+<span class="sourceLineNo">537</span> CryptoCodec codec = CryptoCodec.getInstance(conf, cipherOption.getCipherSuite());<a name="line.537"></a>
+<span class="sourceLineNo">538</span> p.addLast(new EncryptHandler(codec, cipherOption.getInKey(), cipherOption.getInIv()),<a name="line.538"></a>
+<span class="sourceLineNo">539</span> new DecryptHandler(codec, cipherOption.getOutKey(), cipherOption.getOutIv()));<a name="line.539"></a>
+<span class="sourceLineNo">540</span> } else {<a name="line.540"></a>
+<span class="sourceLineNo">541</span> if (useWrap()) {<a name="line.541"></a>
+<span class="sourceLineNo">542</span> p.addLast(new SaslWrapHandler(saslClient),<a name="line.542"></a>
+<span class="sourceLineNo">543</span> new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4),<a name="line.543"></a>
+<span class="sourceLineNo">544</span> new SaslUnwrapHandler(saslClient));<a name="line.544"></a>
+<span class="sourceLineNo">545</span> }<a name="line.545"></a>
+<span class="sourceLineNo">546</span> }<a name="line.546"></a>
+<span class="sourceLineNo">547</span> promise.trySuccess(null);<a name="line.547"></a>
+<span class="sourceLineNo">548</span> break;<a name="line.548"></a>
+<span class="sourceLineNo">549</span> }<a name="line.549"></a>
+<span class="sourceLineNo">550</span> default:<a name="line.550"></a>
+<span class="sourceLineNo">551</span> throw new IllegalArgumentException("Unrecognized negotiation step: " + step);<a name="line.551"></a>
+<span class="sourceLineNo">552</span> }<a name="line.552"></a>
+<span class="sourceLineNo">553</span> } else {<a name="line.553"></a>
+<span class="sourceLineNo">554</span> ctx.fireChannelRead(msg);<a name="line.554"></a>
+<span class="sourceLineNo">555</span> }<a name="line.555"></a>
<span class="sourceLineNo">556</span> }<a name="line.556"></a>
<span class="sourceLineNo">557</span><a name="line.557"></a>
<span class="sourceLineNo">558</span> @Override<a name="line.558"></a>
-<span class="sourceLineNo">559</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.559"></a>
-<span class="sourceLineNo">560</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.560"></a>
-<span class="sourceLineNo">561</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.561"></a>
-<span class="sourceLineNo">562</span> } else {<a name="line.562"></a>
-<span class="sourceLineNo">563</span> super.userEventTriggered(ctx, evt);<a name="line.563"></a>
-<span class="sourceLineNo">564</span> }<a name="line.564"></a>
-<span class="sourceLineNo">565</span> }<a name="line.565"></a>
-<span class="sourceLineNo">566</span> }<a name="line.566"></a>
-<span class="sourceLineNo">567</span><a name="line.567"></a>
-<span class="sourceLineNo">568</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.568"></a>
-<span class="sourceLineNo">569</span><a name="line.569"></a>
-<span class="sourceLineNo">570</span> private final SaslClient saslClient;<a name="line.570"></a>
-<span class="sourceLineNo">571</span><a name="line.571"></a>
-<span class="sourceLineNo">572</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.572"></a>
-<span class="sourceLineNo">573</span> this.saslClient = saslClient;<a name="line.573"></a>
-<span class="sourceLineNo">574</span> }<a name="line.574"></a>
-<span class="sourceLineNo">575</span><a name="line.575"></a>
-<span class="sourceLineNo">576</span> @Override<a name="line.576"></a>
-<span class="sourceLineNo">577</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.577"></a>
-<span class="sourceLineNo">578</span> saslClient.dispose();<a name="line.578"></a>
+<span class="sourceLineNo">559</span> public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {<a name="line.559"></a>
+<span class="sourceLineNo">560</span> promise.tryFailure(cause);<a name="line.560"></a>
+<span class="sourceLineNo">561</span> }<a name="line.561"></a>
+<span class="sourceLineNo">562</span><a name="line.562"></a>
+<span class="sourceLineNo">563</span> @Override<a name="line.563"></a>
+<span class="sourceLineNo">564</span> public void userEventTriggered(ChannelHandlerContext ctx, Object evt) throws Exception {<a name="line.564"></a>
+<span class="sourceLineNo">565</span> if (evt instanceof IdleStateEvent && ((IdleStateEvent) evt).state() == READER_IDLE) {<a name="line.565"></a>
+<span class="sourceLineNo">566</span> promise.tryFailure(new IOException("Timeout(" + timeoutMs + "ms) waiting for response"));<a name="line.566"></a>
+<span class="sourceLineNo">567</span> } else {<a name="line.567"></a>
+<span class="sourceLineNo">568</span> super.userEventTriggered(ctx, evt);<a name="line.568"></a>
+<span class="sourceLineNo">569</span> }<a name="line.569"></a>
+<span class="sourceLineNo">570</span> }<a name="line.570"></a>
+<span class="sourceLineNo">571</span> }<a name="line.571"></a>
+<span class="sourceLineNo">572</span><a name="line.572"></a>
+<span class="sourceLineNo">573</span> private static final class SaslUnwrapHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.573"></a>
+<span class="sourceLineNo">574</span><a name="line.574"></a>
+<span class="sourceLineNo">575</span> private final SaslClient saslClient;<a name="line.575"></a>
+<span class="sourceLineNo">576</span><a name="line.576"></a>
+<span class="sourceLineNo">577</span> public SaslUnwrapHandler(SaslClient saslClient) {<a name="line.577"></a>
+<span class="sourceLineNo">578</span> this.saslClient = saslClient;<a name="line.578"></a>
<span class="sourceLineNo">579</span> }<a name="line.579"></a>
<span class="sourceLineNo">580</span><a name="line.580"></a>
<span class="sourceLineNo">581</span> @Override<a name="line.581"></a>
-<span class="sourceLineNo">582</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.582"></a>
-<span class="sourceLineNo">583</span> msg.skipBytes(4);<a name="line.583"></a>
-<span class="sourceLineNo">584</span> byte[] b = new byte[msg.readableBytes()];<a name="line.584"></a>
-<span class="sourceLineNo">585</span> msg.readBytes(b);<a name="line.585"></a>
-<span class="sourceLineNo">586</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.586"></a>
-<span class="sourceLineNo">587</span> }<a name="line.587"></a>
-<span class="sourceLineNo">588</span> }<a name="line.588"></a>
-<span class="sourceLineNo">589</span><a name="line.589"></a>
-<span class="sourceLineNo">590</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.590"></a>
-<span class="sourceLineNo">591</span><a name="line.591"></a>
-<span class="sourceLineNo">592</span> private final SaslClient saslClient;<a name="line.592"></a>
-<span class="sourceLineNo">593</span><a name="line.593"></a>
-<span class="sourceLineNo">594</span> private CompositeByteBuf cBuf;<a name="line.594"></a>
-<span class="sourceLineNo">595</span><a name="line.595"></a>
-<span class="sourceLineNo">596</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.596"></a>
-<span class="sourceLineNo">597</span> this.saslClient = saslClient;<a name="line.597"></a>
-<span class="sourceLineNo">598</span> }<a name="line.598"></a>
-<span class="sourceLineNo">599</span><a name="line.599"></a>
-<span class="sourceLineNo">600</span> @Override<a name="line.600"></a>
-<span class="sourceLineNo">601</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.601"></a>
-<span class="sourceLineNo">602</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.602"></a>
+<span class="sourceLineNo">582</span> public void channelInactive(ChannelHandlerContext ctx) throws Exception {<a name="line.582"></a>
+<span class="sourceLineNo">583</span> saslClient.dispose();<a name="line.583"></a>
+<span class="sourceLineNo">584</span> }<a name="line.584"></a>
+<span class="sourceLineNo">585</span><a name="line.585"></a>
+<span class="sourceLineNo">586</span> @Override<a name="line.586"></a>
+<span class="sourceLineNo">587</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.587"></a>
+<span class="sourceLineNo">588</span> msg.skipBytes(4);<a name="line.588"></a>
+<span class="sourceLineNo">589</span> byte[] b = new byte[msg.readableBytes()];<a name="line.589"></a>
+<span class="sourceLineNo">590</span> msg.readBytes(b);<a name="line.590"></a>
+<span class="sourceLineNo">591</span> ctx.fireChannelRead(Unpooled.wrappedBuffer(saslClient.unwrap(b, 0, b.length)));<a name="line.591"></a>
+<span class="sourceLineNo">592</span> }<a name="line.592"></a>
+<span class="sourceLineNo">593</span> }<a name="line.593"></a>
+<span class="sourceLineNo">594</span><a name="line.594"></a>
+<span class="sourceLineNo">595</span> private static final class SaslWrapHandler extends ChannelOutboundHandlerAdapter {<a name="line.595"></a>
+<span class="sourceLineNo">596</span><a name="line.596"></a>
+<span class="sourceLineNo">597</span> private final SaslClient saslClient;<a name="line.597"></a>
+<span class="sourceLineNo">598</span><a name="line.598"></a>
+<span class="sourceLineNo">599</span> private CompositeByteBuf cBuf;<a name="line.599"></a>
+<span class="sourceLineNo">600</span><a name="line.600"></a>
+<span class="sourceLineNo">601</span> public SaslWrapHandler(SaslClient saslClient) {<a name="line.601"></a>
+<span class="sourceLineNo">602</span> this.saslClient = saslClient;<a name="line.602"></a>
<span class="sourceLineNo">603</span> }<a name="line.603"></a>
<span class="sourceLineNo">604</span><a name="line.604"></a>
<span class="sourceLineNo">605</span> @Override<a name="line.605"></a>
-<span class="sourceLineNo">606</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.606"></a>
-<span class="sourceLineNo">607</span> throws Exception {<a name="line.607"></a>
-<span class="sourceLineNo">608</span> if (msg instanceof ByteBuf) {<a name="line.608"></a>
-<span class="sourceLineNo">609</span> ByteBuf buf = (ByteBuf) msg;<a name="line.609"></a>
-<span class="sourceLineNo">610</span> cBuf.addComponent(buf);<a name="line.610"></a>
-<span class="sourceLineNo">611</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.611"></a>
-<span class="sourceLineNo">612</span> } else {<a name="line.612"></a>
-<span class="sourceLineNo">613</span> ctx.write(msg);<a name="line.613"></a>
-<span class="sourceLineNo">614</span> }<a name="line.614"></a>
-<span class="sourceLineNo">615</span> }<a name="line.615"></a>
-<span class="sourceLineNo">616</span><a name="line.616"></a>
-<span class="sourceLineNo">617</span> @Override<a name="line.617"></a>
-<span class="sourceLineNo">618</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.618"></a>
-<span class="sourceLineNo">619</span> if (cBuf.isReadable()) {<a name="line.619"></a>
-<span class="sourceLineNo">620</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.620"></a>
-<span class="sourceLineNo">621</span> cBuf.readBytes(b);<a name="line.621"></a>
-<span class="sourceLineNo">622</span> cBuf.discardReadComponents();<a name="line.622"></a>
-<span class="sourceLineNo">623</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.623"></a>
-<span class="sourceLineNo">624</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.624"></a>
-<span class="sourceLineNo">625</span> buf.writeInt(wrapped.length);<a name="line.625"></a>
-<span class="sourceLineNo">626</span> buf.writeBytes(wrapped);<a name="line.626"></a>
-<span class="sourceLineNo">627</span> ctx.write(buf);<a name="line.627"></a>
-<span class="sourceLineNo">628</span> }<a name="line.628"></a>
-<span class="sourceLineNo">629</span> ctx.flush();<a name="line.629"></a>
-<span class="sourceLineNo">630</span> }<a name="line.630"></a>
-<span class="sourceLineNo">631</span><a name="line.631"></a>
-<span class="sourceLineNo">632</span> @Override<a name="line.632"></a>
-<span class="sourceLineNo">633</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.633"></a>
-<span class="sourceLineNo">634</span> cBuf.release();<a name="line.634"></a>
-<span class="sourceLineNo">635</span> cBuf = null;<a name="line.635"></a>
-<span class="sourceLineNo">636</span> }<a name="line.636"></a>
-<span class="sourceLineNo">637</span> }<a name="line.637"></a>
-<span class="sourceLineNo">638</span><a name="line.638"></a>
-<span class="sourceLineNo">639</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.639"></a>
-<span class="sourceLineNo">640</span><a name="line.640"></a>
-<span class="sourceLineNo">641</span> private final Decryptor decryptor;<a name="line.641"></a>
-<span class="sourceLineNo">642</span><a name="line.642"></a>
-<span class="sourceLineNo">643</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.643"></a>
-<span class="sourceLineNo">644</span> throws GeneralSecurityException, IOException {<a name="line.644"></a>
-<span class="sourceLineNo">645</span> this.decryptor = codec.createDecryptor();<a name="line.645"></a>
-<span class="sourceLineNo">646</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.646"></a>
-<span class="sourceLineNo">647</span> }<a name="line.647"></a>
-<span class="sourceLineNo">648</span><a name="line.648"></a>
-<span class="sourceLineNo">649</span> @Override<a name="line.649"></a>
-<span class="sourceLineNo">650</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.650"></a>
-<span class="sourceLineNo">651</span> ByteBuf inBuf;<a name="line.651"></a>
-<span class="sourceLineNo">652</span> boolean release = false;<a name="line.652"></a>
-<span class="sourceLineNo">653</span> if (msg.nioBufferCount() == 1) {<a name="line.653"></a>
-<span class="sourceLineNo">654</span> inBuf = msg;<a name="line.654"></a>
-<span class="sourceLineNo">655</span> } else {<a name="line.655"></a>
-<span class="sourceLineNo">656</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.656"></a>
-<span class="sourceLineNo">657</span> msg.readBytes(inBuf);<a name="line.657"></a>
-<span class="sourceLineNo">658</span> release = true;<a name="line.658"></a>
-<span class="sourceLineNo">659</span> }<a name="line.659"></a>
-<span class="sourceLineNo">660</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.660"></a>
-<span class="sourceLineNo">661</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.661"></a>
-<span class="sourceLineNo">662</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.662"></a>
-<span class="sourceLineNo">663</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.663"></a>
-<span class="sourceLineNo">664</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.664"></a>
-<span class="sourceLineNo">665</span> if (release) {<a name="line.665"></a>
-<span class="sourceLineNo">666</span> inBuf.release();<a name="line.666"></a>
-<span class="sourceLineNo">667</span> }<a name="line.667"></a>
-<span class="sourceLineNo">668</span> ctx.fireChannelRead(outBuf);<a name="line.668"></a>
-<span class="sourceLineNo">669</span> }<a name="line.669"></a>
-<span class="sourceLineNo">670</span> }<a name="line.670"></a>
-<span class="sourceLineNo">671</span><a name="line.671"></a>
-<span class="sourceLineNo">672</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.672"></a>
-<span class="sourceLineNo">673</span><a name="line.673"></a>
-<span class="sourceLineNo">674</span> private final Encryptor encryptor;<a name="line.674"></a>
-<span class="sourceLineNo">675</span><a name="line.675"></a>
-<span class="sourceLineNo">676</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.676"></a>
-<span class="sourceLineNo">677</span> throws GeneralSecurityException, IOException {<a name="line.677"></a>
-<span class="sourceLineNo">678</span> this.encryptor = codec.createEncryptor();<a name="line.678"></a>
-<span class="sourceLineNo">679</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.679"></a>
-<span class="sourceLineNo">680</span> }<a name="line.680"></a>
-<span class="sourceLineNo">681</span><a name="line.681"></a>
-<span class="sourceLineNo">682</span> @Override<a name="line.682"></a>
-<span class="sourceLineNo">683</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.683"></a>
-<span class="sourceLineNo">684</span> throws Exception {<a name="line.684"></a>
-<span class="sourceLineNo">685</span> if (preferDirect) {<a name="line.685"></a>
-<span class="sourceLineNo">686</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.686"></a>
-<span class="sourceLineNo">687</span> } else {<a name="line.687"></a>
-<span class="sourceLineNo">688</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.688"></a>
-<span class="sourceLineNo">689</span> }<a name="line.689"></a>
-<span class="sourceLineNo">690</span> }<a name="line.690"></a>
-<span class="sourceLineNo">691</span><a name="line.691"></a>
-<span class="sourceLineNo">692</span> @Override<a name="line.692"></a>
-<span class="sourceLineNo">693</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.693"></a>
-<span class="sourceLineNo">694</span> ByteBuf inBuf;<a name="line.694"></a>
-<span class="sourceLineNo">695</span> boolean release = false;<a name="line.695"></a>
-<span class="sourceLineNo">696</span> if (msg.nioBufferCount() == 1) {<a name="line.696"></a>
-<span class="sourceLineNo">697</span> inBuf = msg;<a name="line.697"></a>
-<span class="sourceLineNo">698</span> } else {<a name="line.698"></a>
-<span class="sourceLineNo">699</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.699"></a>
-<span class="sourceLineNo">700</span> msg.readBytes(inBuf);<a name="line.700"></a>
-<span class="sourceLineNo">701</span> release = true;<a name="line.701"></a>
-<span class="sourceLineNo">702</span> }<a name="line.702"></a>
-<span class="sourceLineNo">703</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.703"></a>
-<span class="sourceLineNo">704</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.704"></a>
-<span class="sourceLineNo">705</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.705"></a>
-<span class="sourceLineNo">706</span> out.writerIndex(inBuf.readableBytes());<a name="line.706"></a>
-<span class="sourceLineNo">707</span> if (release) {<a name="line.707"></a>
-<span class="sourceLineNo">708</span> inBuf.release();<a name="line.708"></a>
-<span class="sourceLineNo">709</span> }<a name="line.709"></a>
-<span class="sourceLineNo">710</span> }<a name="line.710"></a>
-<span class="sourceLineNo">711</span> }<a name="line.711"></a>
-<span class="sourceLineNo">712</span><a name="line.712"></a>
-<span class="sourceLineNo">713</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.713"></a>
-<span class="sourceLineNo">714</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.714"></a>
-<span class="sourceLineNo">715</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.715"></a>
+<span class="sourceLineNo">606</span> public void handlerAdded(ChannelHandlerContext ctx) throws Exception {<a name="line.606"></a>
+<span class="sourceLineNo">607</span> cBuf = new CompositeByteBuf(ctx.alloc(), false, Integer.MAX_VALUE);<a name="line.607"></a>
+<span class="sourceLineNo">608</span> }<a name="line.608"></a>
+<span class="sourceLineNo">609</span><a name="line.609"></a>
+<span class="sourceLineNo">610</span> @Override<a name="line.610"></a>
+<span class="sourceLineNo">611</span> public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)<a name="line.611"></a>
+<span class="sourceLineNo">612</span> throws Exception {<a name="line.612"></a>
+<span class="sourceLineNo">613</span> if (msg instanceof ByteBuf) {<a name="line.613"></a>
+<span class="sourceLineNo">614</span> ByteBuf buf = (ByteBuf) msg;<a name="line.614"></a>
+<span class="sourceLineNo">615</span> cBuf.addComponent(buf);<a name="line.615"></a>
+<span class="sourceLineNo">616</span> cBuf.writerIndex(cBuf.writerIndex() + buf.readableBytes());<a name="line.616"></a>
+<span class="sourceLineNo">617</span> } else {<a name="line.617"></a>
+<span class="sourceLineNo">618</span> ctx.write(msg);<a name="line.618"></a>
+<span class="sourceLineNo">619</span> }<a name="line.619"></a>
+<span class="sourceLineNo">620</span> }<a name="line.620"></a>
+<span class="sourceLineNo">621</span><a name="line.621"></a>
+<span class="sourceLineNo">622</span> @Override<a name="line.622"></a>
+<span class="sourceLineNo">623</span> public void flush(ChannelHandlerContext ctx) throws Exception {<a name="line.623"></a>
+<span class="sourceLineNo">624</span> if (cBuf.isReadable()) {<a name="line.624"></a>
+<span class="sourceLineNo">625</span> byte[] b = new byte[cBuf.readableBytes()];<a name="line.625"></a>
+<span class="sourceLineNo">626</span> cBuf.readBytes(b);<a name="line.626"></a>
+<span class="sourceLineNo">627</span> cBuf.discardReadComponents();<a name="line.627"></a>
+<span class="sourceLineNo">628</span> byte[] wrapped = saslClient.wrap(b, 0, b.length);<a name="line.628"></a>
+<span class="sourceLineNo">629</span> ByteBuf buf = ctx.alloc().ioBuffer(4 + wrapped.length);<a name="line.629"></a>
+<span class="sourceLineNo">630</span> buf.writeInt(wrapped.length);<a name="line.630"></a>
+<span class="sourceLineNo">631</span> buf.writeBytes(wrapped);<a name="line.631"></a>
+<span class="sourceLineNo">632</span> ctx.write(buf);<a name="line.632"></a>
+<span class="sourceLineNo">633</span> }<a name="line.633"></a>
+<span class="sourceLineNo">634</span> ctx.flush();<a name="line.634"></a>
+<span class="sourceLineNo">635</span> }<a name="line.635"></a>
+<span class="sourceLineNo">636</span><a name="line.636"></a>
+<span class="sourceLineNo">637</span> @Override<a name="line.637"></a>
+<span class="sourceLineNo">638</span> public void close(ChannelHandlerContext ctx, ChannelPromise promise) throws Exception {<a name="line.638"></a>
+<span class="sourceLineNo">639</span> cBuf.release();<a name="line.639"></a>
+<span class="sourceLineNo">640</span> cBuf = null;<a name="line.640"></a>
+<span class="sourceLineNo">641</span> }<a name="line.641"></a>
+<span class="sourceLineNo">642</span> }<a name="line.642"></a>
+<span class="sourceLineNo">643</span><a name="line.643"></a>
+<span class="sourceLineNo">644</span> private static final class DecryptHandler extends SimpleChannelInboundHandler<ByteBuf> {<a name="line.644"></a>
+<span class="sourceLineNo">645</span><a name="line.645"></a>
+<span class="sourceLineNo">646</span> private final Decryptor decryptor;<a name="line.646"></a>
+<span class="sourceLineNo">647</span><a name="line.647"></a>
+<span class="sourceLineNo">648</span> public DecryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.648"></a>
+<span class="sourceLineNo">649</span> throws GeneralSecurityException, IOException {<a name="line.649"></a>
+<span class="sourceLineNo">650</span> this.decryptor = codec.createDecryptor();<a name="line.650"></a>
+<span class="sourceLineNo">651</span> this.decryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.651"></a>
+<span class="sourceLineNo">652</span> }<a name="line.652"></a>
+<span class="sourceLineNo">653</span><a name="line.653"></a>
+<span class="sourceLineNo">654</span> @Override<a name="line.654"></a>
+<span class="sourceLineNo">655</span> protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {<a name="line.655"></a>
+<span class="sourceLineNo">656</span> ByteBuf inBuf;<a name="line.656"></a>
+<span class="sourceLineNo">657</span> boolean release = false;<a name="line.657"></a>
+<span class="sourceLineNo">658</span> if (msg.nioBufferCount() == 1) {<a name="line.658"></a>
+<span class="sourceLineNo">659</span> inBuf = msg;<a name="line.659"></a>
+<span class="sourceLineNo">660</span> } else {<a name="line.660"></a>
+<span class="sourceLineNo">661</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.661"></a>
+<span class="sourceLineNo">662</span> msg.readBytes(inBuf);<a name="line.662"></a>
+<span class="sourceLineNo">663</span> release = true;<a name="line.663"></a>
+<span class="sourceLineNo">664</span> }<a name="line.664"></a>
+<span class="sourceLineNo">665</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.665"></a>
+<span class="sourceLineNo">666</span> ByteBuf outBuf = ctx.alloc().directBuffer(inBuf.readableBytes());<a name="line.666"></a>
+<span class="sourceLineNo">667</span> ByteBuffer outBuffer = outBuf.nioBuffer(0, inBuf.readableBytes());<a name="line.667"></a>
+<span class="sourceLineNo">668</span> decryptor.decrypt(inBuffer, outBuffer);<a name="line.668"></a>
+<span class="sourceLineNo">669</span> outBuf.writerIndex(inBuf.readableBytes());<a name="line.669"></a>
+<span class="sourceLineNo">670</span> if (release) {<a name="line.670"></a>
+<span class="sourceLineNo">671</span> inBuf.release();<a name="line.671"></a>
+<span class="sourceLineNo">672</span> }<a name="line.672"></a>
+<span class="sourceLineNo">673</span> ctx.fireChannelRead(outBuf);<a name="line.673"></a>
+<span class="sourceLineNo">674</span> }<a name="line.674"></a>
+<span class="sourceLineNo">675</span> }<a name="line.675"></a>
+<span class="sourceLineNo">676</span><a name="line.676"></a>
+<span class="sourceLineNo">677</span> private static final class EncryptHandler extends MessageToByteEncoder<ByteBuf> {<a name="line.677"></a>
+<span class="sourceLineNo">678</span><a name="line.678"></a>
+<span class="sourceLineNo">679</span> private final Encryptor encryptor;<a name="line.679"></a>
+<span class="sourceLineNo">680</span><a name="line.680"></a>
+<span class="sourceLineNo">681</span> public EncryptHandler(CryptoCodec codec, byte[] key, byte[] iv)<a name="line.681"></a>
+<span class="sourceLineNo">682</span> throws GeneralSecurityException, IOException {<a name="line.682"></a>
+<span class="sourceLineNo">683</span> this.encryptor = codec.createEncryptor();<a name="line.683"></a>
+<span class="sourceLineNo">684</span> this.encryptor.init(key, Arrays.copyOf(iv, iv.length));<a name="line.684"></a>
+<span class="sourceLineNo">685</span> }<a name="line.685"></a>
+<span class="sourceLineNo">686</span><a name="line.686"></a>
+<span class="sourceLineNo">687</span> @Override<a name="line.687"></a>
+<span class="sourceLineNo">688</span> protected ByteBuf allocateBuffer(ChannelHandlerContext ctx, ByteBuf msg, boolean preferDirect)<a name="line.688"></a>
+<span class="sourceLineNo">689</span> throws Exception {<a name="line.689"></a>
+<span class="sourceLineNo">690</span> if (preferDirect) {<a name="line.690"></a>
+<span class="sourceLineNo">691</span> return ctx.alloc().directBuffer(msg.readableBytes());<a name="line.691"></a>
+<span class="sourceLineNo">692</span> } else {<a name="line.692"></a>
+<span class="sourceLineNo">693</span> return ctx.alloc().buffer(msg.readableBytes());<a name="line.693"></a>
+<span class="sourceLineNo">694</span> }<a name="line.694"></a>
+<span class="sourceLineNo">695</span> }<a name="line.695"></a>
+<span class="sourceLineNo">696</span><a name="line.696"></a>
+<span class="sourceLineNo">697</span> @Override<a name="line.697"></a>
+<span class="sourceLineNo">698</span> protected void encode(ChannelHandlerContext ctx, ByteBuf msg, ByteBuf out) throws Exception {<a name="line.698"></a>
+<span class="sourceLineNo">699</span> ByteBuf inBuf;<a name="line.699"></a>
+<span class="sourceLineNo">700</span> boolean release = false;<a name="line.700"></a>
+<span class="sourceLineNo">701</span> if (msg.nioBufferCount() == 1) {<a name="line.701"></a>
+<span class="sourceLineNo">702</span> inBuf = msg;<a name="line.702"></a>
+<span class="sourceLineNo">703</span> } else {<a name="line.703"></a>
+<span class="sourceLineNo">704</span> inBuf = ctx.alloc().directBuffer(msg.readableBytes());<a name="line.704"></a>
+<span class="sourceLineNo">705</span> msg.readBytes(inBuf);<a name="line.705"></a>
+<span class="sourceLineNo">706</span> release = true;<a name="line.706"></a>
+<span class="sourceLineNo">707</span> }<a name="line.707"></a>
+<span class="sourceLineNo">708</span> ByteBuffer inBuffer = inBuf.nioBuffer();<a name="line.708"></a>
+<span class="sourceLineNo">709</span> ByteBuffer outBuffer = out.nioBuffer(0, inBuf.readableBytes());<a name="line.709"></a>
+<span class="sourceLineNo">710</span> encryptor.encrypt(inBuffer, outBuffer);<a name="line.710"></a>
+<span class="sourceLineNo">711</span> out.writerIndex(inBuf.readableBytes());<a name="line.711"></a>
+<span class="sourceLineNo">712</span> if (release) {<a name="line.712"></a>
+<span class="sourceLineNo">713</span> inBuf.release();<a name="line.713"></a>
+<span class="sourceLineNo">714</span> }<a name="line.714"></a>
+<span class="sourceLineNo">715</span> }<a name="line.715"></a>
<span class="sourceLineNo">716</span> }<a name="line.716"></a>
<span class="sourceLineNo">717</span><a name="line.717"></a>
-<span class="sourceLineNo">718</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.718"></a>
-<span class="sourceLineNo">719</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.719"></a>
-<span class="sourceLineNo">720</span> }<a name="line.720"></a>
-<span class="sourceLineNo">721</span><a name="line.721"></a>
-<span class="sourceLineNo">722</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.722"></a>
-<span class="sourceLineNo">723</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.723"></a>
-<span class="sourceLineNo">724</span> }<a name="line.724"></a>
-<span class="sourceLineNo">725</span><a name="line.725"></a>
-<span class="sourceLineNo">726</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.726"></a>
-<span class="sourceLineNo">727</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.727"></a>
-<span class="sourceLineNo">728</span> .toCharArray();<a name="line.728"></a>
+<span class="sourceLineNo">718</span> private static String getUserNameFromEncryptionKey(DataEncryptionKey encryptionKey) {<a name="line.718"></a>
+<span class="sourceLineNo">719</span> return encryptionKey.keyId + NAME_DELIMITER + encryptionKey.blockPoolId + NAME_DELIMITER<a name="line.719"></a>
+<span class="sourceLineNo">720</span> + new String(Base64.encodeBase64(encryptionKey.nonce, false), Charsets.UTF_8);<a name="line.720"></a>
+<span class="sourceLineNo">721</span> }<a name="line.721"></a>
+<span class="sourceLineNo">722</span><a name="line.722"></a>
+<span class="sourceLineNo">723</span> private static char[] encryptionKeyToPassword(byte[] encryptionKey) {<a name="line.723"></a>
+<span class="sourceLineNo">724</span> return new String(Base64.encodeBase64(encryptionKey, false), Charsets.UTF_8).toCharArray();<a name="line.724"></a>
+<span class="sourceLineNo">725</span> }<a name="line.725"></a>
+<span class="sourceLineNo">726</span><a name="line.726"></a>
+<span class="sourceLineNo">727</span> private static String buildUsername(Token<BlockTokenIdentifier> blockToken) {<a name="line.727"></a>
+<span class="sourceLineNo">728</span> return new String(Base64.encodeBase64(blockToken.getIdentifier(), false), Charsets.UTF_8);<a name="line.728"></a>
<span class="sourceLineNo">729</span> }<a name="line.729"></a>
<span class="sourceLineNo">730</span><a name="line.730"></a>
-<span class="sourceLineNo">731</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.731"></a>
-<span class="sourceLineNo">732</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.732"></a>
-<span class="sourceLineNo">733</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.733"></a>
-<span class="sourceLineNo">734</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.734"></a>
-<span class="sourceLineNo">735</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.735"></a>
-<span class="sourceLineNo">736</span> return saslProps;<a name="line.736"></a>
-<span class="sourceLineNo">737</span> }<a name="line.737"></a>
-<span class="sourceLineNo">738</span><a name="line.738"></a>
-<span class="sourceLineNo">739</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.739"></a>
-<span class="sourceLineNo">740</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise) {<a name="line.740"></a>
-<span class="sourceLineNo">741</span> try {<a name="line.741"></a>
-<span class="sourceLineNo">742</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.742"></a>
-<span class="sourceLineNo">743</span> new ProtobufVarint32FrameDecoder(),<a name="line.743"></a>
-<span class="sourceLineNo">744</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.744"></a>
-<span class="sourceLineNo">745</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise));<a name="line.745"></a>
-<span class="sourceLineNo">746</span> } catch (SaslException e) {<a name="line.746"></a>
-<span class="sourceLineNo">747</span> saslPromise.tryFailure(e);<a name="line.747"></a>
-<span class="sourceLineNo">748</span> }<a name="line.748"></a>
-<span class="sourceLineNo">749</span> }<a name="line.749"></a>
-<span class="sourceLineNo">750</span><a name="line.750"></a>
-<span class="sourceLineNo">751</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.751"></a>
-<span class="sourceLineNo">752</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.752"></a>
-<span class="sourceLineNo">753</span> Promise<Void> saslPromise) throws IOException {<a name="line.753"></a>
-<span class="sourceLineNo">754</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.754"></a>
-<span class="sourceLineNo">755</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.755"></a>
-<span class="sourceLineNo">756</span> TrustedChannelResolver trustedChannelResolver =<a name="line.756"></a>
-<span class="sourceLineNo">757</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.757"></a>
-<span class="sourceLineNo">758</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.758"></a>
-<span class="sourceLineNo">759</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.759"></a>
-<span class="sourceLineNo">760</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.760"></a>
-<span class="sourceLineNo">761</span> saslPromise.trySuccess(null);<a name="line.761"></a>
-<span class="sourceLineNo">762</span> return;<a name="line.762"></a>
-<span class="sourceLineNo">763</span> }<a name="line.763"></a>
-<span class="sourceLineNo">764</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.764"></a>
-<span class="sourceLineNo">765</span> if (encryptionKey != null) {<a name="line.765"></a>
-<span class="sourceLineNo">766</span> if (LOG.isDebugEnabled()) {<a name="line.766"></a>
-<span class="sourceLineNo">767</span> LOG.debug(<a name="line.767"></a>
-<span class="sourceLineNo">768</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.768"></a>
-<span class="sourceLineNo">769</span> }<a name="line.769"></a>
-<span class="sourceLineNo">770</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.770"></a>
-<span class="sourceLineNo">771</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.771"></a>
-<span class="sourceLineNo">772</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise);<a name="line.772"></a>
-<span class="sourceLineNo">773</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.773"></a>
-<span class="sourceLineNo">774</span> if (LOG.isDebugEnabled()) {<a name="line.774"></a>
-<span class="sourceLineNo">775</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.775"></a>
-<span class="sourceLineNo">776</span> + ", datanodeId = " + dnInfo);<a name="line.776"></a>
-<span class="sourceLineNo">777</span> }<a name="line.777"></a>
-<span class="sourceLineNo">778</span> saslPromise.trySuccess(null);<a name="line.778"></a>
-<span class="sourceLineNo">779</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.779"></a>
-<span class="sourceLineNo">780</span> if (LOG.isDebugEnabled()) {<a name="line.780"></a>
-<span class="sourceLineNo">781</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.781"></a>
-<span class="sourceLineNo">782</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.782"></a>
-<span class="sourceLineNo">783</span> }<a name="line.783"></a>
-<span class="sourceLineNo">784</span> saslPromise.trySuccess(null);<a name="line.784"></a>
-<span class="sourceLineNo">785</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.785"></a>
-<span class="sourceLineNo">786</span> if (LOG.isDebugEnabled()) {<a name="line.786"></a>
-<span class="sourceLineNo">787</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.787"></a>
-<span class="sourceLineNo">788</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.788"></a>
-<span class="sourceLineNo">789</span> }<a name="line.789"></a>
-<span class="sourceLineNo">790</span> saslPromise.trySuccess(null);<a name="line.790"></a>
-<span class="sourceLineNo">791</span> } else if (saslPropsResolver != null) {<a name="line.791"></a>
-<span class="sourceLineNo">792</span> if (LOG.isDebugEnabled()) {<a name="line.792"></a>
-<span class="sourceLineNo">793</span> LOG.debug(<a name="line.793"></a>
-<span class="sourceLineNo">794</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.794"></a>
-<span class="sourceLineNo">795</span> }<a name="line.795"></a>
-<span class="sourceLineNo">796</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.796"></a>
-<span class="sourceLineNo">797</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise);<a name="line.797"></a>
-<span class="sourceLineNo">798</span> } else {<a name="line.798"></a>
-<span class="sourceLineNo">799</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.799"></a>
-<span class="sourceLineNo">800</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.800"></a>
-<span class="sourceLineNo">801</span> // edge case.<a name="line.801"></a>
-<span class="sourceLineNo">802</span> if (LOG.isDebugEnabled()) {<a name="line.802"></a>
-<span class="sourceLineNo">803</span> LOG.debug("SASL client skipping handshake in secured configuration with no SASL "<a name="line.803"></a>
-<span class="sourceLineNo">804</span> + "protection configured for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.804"></a>
-<span class="sourceLineNo">805</span> }<a name="line.805"></a>
-<span class="sourceLineNo">806</span> saslPromise.trySuccess(null);<a name="line.806"></a>
-<span class="sourceLineNo">807</span> }<a name="line.807"></a>
-<span class="sourceLineNo">808</span> }<a name="line.808"></a>
-<span class="sourceLineNo">809</span><a name="line.809"></a>
-<span class="sourceLineNo">810</span> static Encryptor createEncryptor(Configuration conf, HdfsFileStatus stat, DFSClient client)<a name="line.810"></a>
-<span class="sourceLineNo">811</span> throws IOException {<a name="line.811"></a>
-<span class="sourceLineNo">812</span> FileEncryptionInfo feInfo = stat.getFileEncryptionInfo();<a name="line.812"></a>
-<span class="sourceLineNo">813</span> if (feInfo == null) {<a name="line.813"></a>
-<span class="sourceLineNo">814</span> return null;<a name="line.814"></a>
-<span class="sourceLineNo">815</span> }<a name="line.815"></a>
-<span class="sourceLineNo">816</span> return TRANSPARENT_CRYPTO_HELPER.createEncryptor(conf, feInfo, client);<a name="line.816"></a>
+<span class="sourceLineNo">731</span> private static char[] buildClientPassword(Token<BlockTokenIdentifier> blockToken) {<a name="line.731"></a>
+<span class="sourceLineNo">732</span> return new String(Base64.encodeBase64(blockToken.getPassword(), false), Charsets.UTF_8)<a name="line.732"></a>
+<span class="sourceLineNo">733</span> .toCharArray();<a name="line.733"></a>
+<span class="sourceLineNo">734</span> }<a name="line.734"></a>
+<span class="sourceLineNo">735</span><a name="line.735"></a>
+<span class="sourceLineNo">736</span> private static Map<String, String> createSaslPropertiesForEncryption(String encryptionAlgorithm) {<a name="line.736"></a>
+<span class="sourceLineNo">737</span> Map<String, String> saslProps = Maps.newHashMapWithExpectedSize(3);<a name="line.737"></a>
+<span class="sourceLineNo">738</span> saslProps.put(Sasl.QOP, QualityOfProtection.PRIVACY.getSaslQop());<a name="line.738"></a>
+<span class="sourceLineNo">739</span> saslProps.put(Sasl.SERVER_AUTH, "true");<a name="line.739"></a>
+<span class="sourceLineNo">740</span> saslProps.put("com.sun.security.sasl.digest.cipher", encryptionAlgorithm);<a name="line.740"></a>
+<span class="sourceLineNo">741</span> return saslProps;<a name="line.741"></a>
+<span class="sourceLineNo">742</span> }<a name="line.742"></a>
+<span class="sourceLineNo">743</span><a name="line.743"></a>
+<span class="sourceLineNo">744</span> private static void doSaslNegotiation(Configuration conf, Channel channel, int timeoutMs,<a name="line.744"></a>
+<span class="sourceLineNo">745</span> String username, char[] password, Map<String, String> saslProps, Promise<Void> saslPromise,<a name="line.745"></a>
+<span class="sourceLineNo">746</span> DFSClient dfsClient) {<a name="line.746"></a>
+<span class="sourceLineNo">747</span> try {<a name="line.747"></a>
+<span class="sourceLineNo">748</span> channel.pipeline().addLast(new IdleStateHandler(timeoutMs, 0, 0, TimeUnit.MILLISECONDS),<a name="line.748"></a>
+<span class="sourceLineNo">749</span> new ProtobufVarint32FrameDecoder(),<a name="line.749"></a>
+<span class="sourceLineNo">750</span> new ProtobufDecoder(DataTransferEncryptorMessageProto.getDefaultInstance()),<a name="line.750"></a>
+<span class="sourceLineNo">751</span> new SaslNegotiateHandler(conf, username, password, saslProps, timeoutMs, saslPromise,<a name="line.751"></a>
+<span class="sourceLineNo">752</span> dfsClient));<a name="line.752"></a>
+<span class="sourceLineNo">753</span> } catch (SaslException e) {<a name="line.753"></a>
+<span class="sourceLineNo">754</span> saslPromise.tryFailure(e);<a name="line.754"></a>
+<span class="sourceLineNo">755</span> }<a name="line.755"></a>
+<span class="sourceLineNo">756</span> }<a name="line.756"></a>
+<span class="sourceLineNo">757</span><a name="line.757"></a>
+<span class="sourceLineNo">758</span> static void trySaslNegotiate(Configuration conf, Channel channel, DatanodeInfo dnInfo,<a name="line.758"></a>
+<span class="sourceLineNo">759</span> int timeoutMs, DFSClient client, Token<BlockTokenIdentifier> accessToken,<a name="line.759"></a>
+<span class="sourceLineNo">760</span> Promise<Void> saslPromise) throws IOException {<a name="line.760"></a>
+<span class="sourceLineNo">761</span> SaslDataTransferClient saslClient = client.getSaslDataTransferClient();<a name="line.761"></a>
+<span class="sourceLineNo">762</span> SaslPropertiesResolver saslPropsResolver = SASL_ADAPTOR.getSaslPropsResolver(saslClient);<a name="line.762"></a>
+<span class="sourceLineNo">763</span> TrustedChannelResolver trustedChannelResolver =<a name="line.763"></a>
+<span class="sourceLineNo">764</span> SASL_ADAPTOR.getTrustedChannelResolver(saslClient);<a name="line.764"></a>
+<span class="sourceLineNo">765</span> AtomicBoolean fallbackToSimpleAuth = SASL_ADAPTOR.getFallbackToSimpleAuth(saslClient);<a name="line.765"></a>
+<span class="sourceLineNo">766</span> InetAddress addr = ((InetSocketAddress) channel.remoteAddress()).getAddress();<a name="line.766"></a>
+<span class="sourceLineNo">767</span> if (trustedChannelResolver.isTrusted() || trustedChannelResolver.isTrusted(addr)) {<a name="line.767"></a>
+<span class="sourceLineNo">768</span> saslPromise.trySuccess(null);<a name="line.768"></a>
+<span class="sourceLineNo">769</span> return;<a name="line.769"></a>
+<span class="sourceLineNo">770</span> }<a name="line.770"></a>
+<span class="sourceLineNo">771</span> DataEncryptionKey encryptionKey = client.newDataEncryptionKey();<a name="line.771"></a>
+<span class="sourceLineNo">772</span> if (encryptionKey != null) {<a name="line.772"></a>
+<span class="sourceLineNo">773</span> if (LOG.isDebugEnabled()) {<a name="line.773"></a>
+<span class="sourceLineNo">774</span> LOG.debug(<a name="line.774"></a>
+<span class="sourceLineNo">775</span> "SASL client doing encrypted handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.775"></a>
+<span class="sourceLineNo">776</span> }<a name="line.776"></a>
+<span class="sourceLineNo">777</span> doSaslNegotiation(conf, channel, timeoutMs, getUserNameFromEncryptionKey(encryptionKey),<a name="line.777"></a>
+<span class="sourceLineNo">778</span> encryptionKeyToPassword(encryptionKey.encryptionKey),<a name="line.778"></a>
+<span class="sourceLineNo">779</span> createSaslPropertiesForEncryption(encryptionKey.encryptionAlgorithm), saslPromise,<a name="line.779"></a>
+<span class="sourceLineNo">780</span> client);<a name="line.780"></a>
+<span class="sourceLineNo">781</span> } else if (!UserGroupInformation.isSecurityEnabled()) {<a name="line.781"></a>
+<span class="sourceLineNo">782</span> if (LOG.isDebugEnabled()) {<a name="line.782"></a>
+<span class="sourceLineNo">783</span> LOG.debug("SASL client skipping handshake in unsecured configuration for addr = " + addr<a name="line.783"></a>
+<span class="sourceLineNo">784</span> + ", datanodeId = " + dnInfo);<a name="line.784"></a>
+<span class="sourceLineNo">785</span> }<a name="line.785"></a>
+<span class="sourceLineNo">786</span> saslPromise.trySuccess(null);<a name="line.786"></a>
+<span class="sourceLineNo">787</span> } else if (dnInfo.getXferPort() < 1024) {<a name="line.787"></a>
+<span class="sourceLineNo">788</span> if (LOG.isDebugEnabled()) {<a name="line.788"></a>
+<span class="sourceLineNo">789</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.789"></a>
+<span class="sourceLineNo">790</span> + "privileged port for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.790"></a>
+<span class="sourceLineNo">791</span> }<a name="line.791"></a>
+<span class="sourceLineNo">792</span> saslPromise.trySuccess(null);<a name="line.792"></a>
+<span class="sourceLineNo">793</span> } else if (fallbackToSimpleAuth != null && fallbackToSimpleAuth.get()) {<a name="line.793"></a>
+<span class="sourceLineNo">794</span> if (LOG.isDebugEnabled()) {<a name="line.794"></a>
+<span class="sourceLineNo">795</span> LOG.debug("SASL client skipping handshake in secured configuration with "<a name="line.795"></a>
+<span class="sourceLineNo">796</span> + "unsecured cluster for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.796"></a>
+<span class="sourceLineNo">797</span> }<a name="line.797"></a>
+<span class="sourceLineNo">798</span> saslPromise.trySuccess(null);<a name="line.798"></a>
+<span class="sourceLineNo">799</span> } else if (saslPropsResolver != null) {<a name="line.799"></a>
+<span class="sourceLineNo">800</span> if (LOG.isDebugEnabled()) {<a name="line.800"></a>
+<span class="sourceLineNo">801</span> LOG.debug(<a name="line.801"></a>
+<span class="sourceLineNo">802</span> "SASL client doing general handshake for addr = " + addr + ", datanodeId = " + dnInfo);<a name="line.802"></a>
+<span class="sourceLineNo">803</span> }<a name="line.803"></a>
+<span class="sourceLineNo">804</span> doSaslNegotiation(conf, channel, timeoutMs, buildUsername(accessToken),<a name="line.804"></a>
+<span class="sourceLineNo">805</span> buildClientPassword(accessToken), saslPropsResolver.getClientProperties(addr), saslPromise,<a name="line.805"></a>
+<span class="sourceLineNo">806</span> client);<a name="line.806"></a>
+<span class="sourceLineNo">807</span> } else {<a name="line.807"></a>
+<span class="sourceLineNo">808</span> // It's a secured cluster using non-privileged ports, but no SASL. The only way this can<a name="line.808"></a>
+<span class="sourceLineNo">809</span> // happen is if the DataNode has ignore.secure.ports.for.testing configured, so this is a rare<a name="line.809"></a>
+<span class="sourceLineNo">810</span> // edge case.<a name="line.810"></a>
+<span class="sourceLineNo">811</span> if (LOG.isDebugEnabled()) {<a name="line.811"></a>
+<span class="sourceLineNo">812</span> LOG.debug("SASL client
<TRUNCATED>