/// <summary>Sends client SASL negotiation for a socket if required.</summary> /// <param name="socket">connection socket</param> /// <param name="underlyingOut">connection output stream</param> /// <param name="underlyingIn">connection input stream</param> /// <param name="encryptionKeyFactory">for creation of an encryption key</param> /// <param name="accessToken">connection block access token</param> /// <param name="datanodeId">ID of destination DataNode</param> /// <returns>new pair of streams, wrapped after SASL negotiation</returns> /// <exception cref="System.IO.IOException">for any error</exception> public virtual IOStreamPair SocketSend(Socket socket, OutputStream underlyingOut, InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> accessToken, DatanodeID datanodeId) { IOStreamPair ios = CheckTrustAndSend(socket.GetInetAddress(), underlyingOut, underlyingIn , encryptionKeyFactory, accessToken, datanodeId); return(ios != null ? ios : new IOStreamPair(underlyingIn, underlyingOut)); }
/// <summary>Sends client SASL negotiation for a peer if required.</summary> /// <param name="peer">connection peer</param> /// <param name="encryptionKeyFactory">for creation of an encryption key</param> /// <param name="accessToken">connection block access token</param> /// <param name="datanodeId">ID of destination DataNode</param> /// <returns>new pair of streams, wrapped after SASL negotiation</returns> /// <exception cref="System.IO.IOException">for any error</exception> public virtual Peer PeerSend(Peer peer, DataEncryptionKeyFactory encryptionKeyFactory , Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> accessToken, DatanodeID datanodeId) { IOStreamPair ios = CheckTrustAndSend(DataTransferSaslUtil.GetPeerAddress(peer), peer .GetOutputStream(), peer.GetInputStream(), encryptionKeyFactory, accessToken, datanodeId ); // TODO: Consider renaming EncryptedPeer to SaslPeer. return(ios != null ? new EncryptedPeer(peer, ios) : peer); }
/// <summary>Sends client SASL negotiation for a newly allocated socket if required.</summary> /// <param name="socket">connection socket</param> /// <param name="underlyingOut">connection output stream</param> /// <param name="underlyingIn">connection input stream</param> /// <param name="encryptionKeyFactory">for creation of an encryption key</param> /// <param name="accessToken">connection block access token</param> /// <param name="datanodeId">ID of destination DataNode</param> /// <returns>new pair of streams, wrapped after SASL negotiation</returns> /// <exception cref="System.IO.IOException">for any error</exception> public virtual IOStreamPair NewSocketSend(Socket socket, OutputStream underlyingOut , InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> accessToken, DatanodeID datanodeId) { // The encryption key factory only returns a key if encryption is enabled. DataEncryptionKey encryptionKey = !trustedChannelResolver.IsTrusted() ? encryptionKeyFactory .NewDataEncryptionKey() : null; IOStreamPair ios = Send(socket.GetInetAddress(), underlyingOut, underlyingIn, encryptionKey , accessToken, datanodeId); return(ios != null ? ios : new IOStreamPair(underlyingIn, underlyingOut)); }
/// <summary> /// Checks if an address is already trusted and then sends client SASL /// negotiation if required. /// </summary> /// <param name="addr">connection address</param> /// <param name="underlyingOut">connection output stream</param> /// <param name="underlyingIn">connection input stream</param> /// <param name="encryptionKeyFactory">for creation of an encryption key</param> /// <param name="accessToken">connection block access token</param> /// <param name="datanodeId">ID of destination DataNode</param> /// <returns>new pair of streams, wrapped after SASL negotiation</returns> /// <exception cref="System.IO.IOException">for any error</exception> private IOStreamPair CheckTrustAndSend(IPAddress addr, OutputStream underlyingOut , InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> accessToken, DatanodeID datanodeId) { if (!trustedChannelResolver.IsTrusted() && !trustedChannelResolver.IsTrusted(addr )) { // The encryption key factory only returns a key if encryption is enabled. DataEncryptionKey encryptionKey = encryptionKeyFactory.NewDataEncryptionKey(); return(Send(addr, underlyingOut, underlyingIn, encryptionKey, accessToken, datanodeId )); } else { Log.Debug("SASL client skipping handshake on trusted connection for addr = {}, " + "datanodeId = {}", addr, datanodeId); return(null); } }
/// <exception cref="System.IO.IOException"/> public static Peer PeerFromSocketAndKey(SaslDataTransferClient saslClient, Socket s, DataEncryptionKeyFactory keyFactory, Org.Apache.Hadoop.Security.Token.Token < BlockTokenIdentifier> blockToken, DatanodeID datanodeId) { Peer peer = null; bool success = false; try { peer = PeerFromSocket(s); peer = saslClient.PeerSend(peer, keyFactory, blockToken, datanodeId); success = true; return(peer); } finally { if (!success) { IOUtils.Cleanup(null, peer); } } }