aboutsummaryrefslogtreecommitdiff
path: root/common/network-common/src/main/java/org/apache/spark/network/sasl/SaslRpcHandler.java
diff options
context:
space:
mode:
Diffstat (limited to 'common/network-common/src/main/java/org/apache/spark/network/sasl/SaslRpcHandler.java')
-rw-r--r--common/network-common/src/main/java/org/apache/spark/network/sasl/SaslRpcHandler.java41
1 files changed, 6 insertions, 35 deletions
diff --git a/common/network-common/src/main/java/org/apache/spark/network/sasl/SaslRpcHandler.java b/common/network-common/src/main/java/org/apache/spark/network/sasl/SaslRpcHandler.java
index b2f3ef214b..0231428318 100644
--- a/common/network-common/src/main/java/org/apache/spark/network/sasl/SaslRpcHandler.java
+++ b/common/network-common/src/main/java/org/apache/spark/network/sasl/SaslRpcHandler.java
@@ -29,8 +29,6 @@ import org.slf4j.LoggerFactory;
import org.apache.spark.network.client.RpcResponseCallback;
import org.apache.spark.network.client.TransportClient;
-import org.apache.spark.network.sasl.aes.AesCipher;
-import org.apache.spark.network.sasl.aes.AesConfigMessage;
import org.apache.spark.network.server.RpcHandler;
import org.apache.spark.network.server.StreamManager;
import org.apache.spark.network.util.JavaUtils;
@@ -44,7 +42,7 @@ import org.apache.spark.network.util.TransportConf;
* Note that the authentication process consists of multiple challenge-response pairs, each of
* which are individual RPCs.
*/
-class SaslRpcHandler extends RpcHandler {
+public class SaslRpcHandler extends RpcHandler {
private static final Logger logger = LoggerFactory.getLogger(SaslRpcHandler.class);
/** Transport configuration. */
@@ -63,7 +61,7 @@ class SaslRpcHandler extends RpcHandler {
private boolean isComplete;
private boolean isAuthenticated;
- SaslRpcHandler(
+ public SaslRpcHandler(
TransportConf conf,
Channel channel,
RpcHandler delegate,
@@ -122,37 +120,10 @@ class SaslRpcHandler extends RpcHandler {
return;
}
- if (!conf.aesEncryptionEnabled()) {
- logger.debug("Enabling encryption for channel {}", client);
- SaslEncryption.addToChannel(channel, saslServer, conf.maxSaslEncryptedBlockSize());
- complete(false);
- return;
- }
-
- // Extra negotiation should happen after authentication, so return directly while
- // processing authenticate.
- if (!isAuthenticated) {
- logger.debug("SASL authentication successful for channel {}", client);
- isAuthenticated = true;
- return;
- }
-
- // Create AES cipher when it is authenticated
- try {
- byte[] encrypted = JavaUtils.bufferToArray(message);
- ByteBuffer decrypted = ByteBuffer.wrap(saslServer.unwrap(encrypted, 0 , encrypted.length));
-
- AesConfigMessage configMessage = AesConfigMessage.decodeMessage(decrypted);
- AesCipher cipher = new AesCipher(configMessage, conf);
-
- // Send response back to client to confirm that server accept config.
- callback.onSuccess(JavaUtils.stringToBytes(AesCipher.TRANSFORM));
- logger.info("Enabling AES cipher for Server channel {}", client);
- cipher.addToChannel(channel);
- complete(true);
- } catch (IOException ioe) {
- throw new RuntimeException(ioe);
- }
+ logger.debug("Enabling encryption for channel {}", client);
+ SaslEncryption.addToChannel(channel, saslServer, conf.maxSaslEncryptedBlockSize());
+ complete(false);
+ return;
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-17 14:58:54 +0000