/// <summary>Sends client SASL negotiation for a socket if required.</summary>
/// <param name="socket">connection socket</param>
/// <param name="underlyingOut">connection output stream</param>
/// <param name="underlyingIn">connection input stream</param>
/// <param name="encryptionKeyFactory">for creation of an encryption key</param>
/// <param name="accessToken">connection block access token</param>
/// <param name="datanodeId">ID of destination DataNode</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
public virtual IOStreamPair SocketSend(Socket socket, OutputStream underlyingOut,
InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Org.Apache.Hadoop.Security.Token.Token
<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
{
IOStreamPair ios = CheckTrustAndSend(socket.GetInetAddress(), underlyingOut, underlyingIn
, encryptionKeyFactory, accessToken, datanodeId);
return(ios != null ? ios : new IOStreamPair(underlyingIn, underlyingOut));
}
/// <summary>Sends client SASL negotiation for a peer if required.</summary>
/// <param name="peer">connection peer</param>
/// <param name="encryptionKeyFactory">for creation of an encryption key</param>
/// <param name="accessToken">connection block access token</param>
/// <param name="datanodeId">ID of destination DataNode</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
public virtual Peer PeerSend(Peer peer, DataEncryptionKeyFactory encryptionKeyFactory
, Org.Apache.Hadoop.Security.Token.Token <BlockTokenIdentifier> accessToken, DatanodeID
datanodeId)
{
IOStreamPair ios = CheckTrustAndSend(DataTransferSaslUtil.GetPeerAddress(peer), peer
.GetOutputStream(), peer.GetInputStream(), encryptionKeyFactory, accessToken, datanodeId
);
// TODO: Consider renaming EncryptedPeer to SaslPeer.
return(ios != null ? new EncryptedPeer(peer, ios) : peer);
}
/// <summary>Sends client SASL negotiation for a newly allocated socket if required.</summary>
/// <param name="socket">connection socket</param>
/// <param name="underlyingOut">connection output stream</param>
/// <param name="underlyingIn">connection input stream</param>
/// <param name="encryptionKeyFactory">for creation of an encryption key</param>
/// <param name="accessToken">connection block access token</param>
/// <param name="datanodeId">ID of destination DataNode</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
public virtual IOStreamPair NewSocketSend(Socket socket, OutputStream underlyingOut
, InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Org.Apache.Hadoop.Security.Token.Token
<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
{
// The encryption key factory only returns a key if encryption is enabled.
DataEncryptionKey encryptionKey = !trustedChannelResolver.IsTrusted() ? encryptionKeyFactory
.NewDataEncryptionKey() : null;
IOStreamPair ios = Send(socket.GetInetAddress(), underlyingOut, underlyingIn, encryptionKey
, accessToken, datanodeId);
return(ios != null ? ios : new IOStreamPair(underlyingIn, underlyingOut));
}
/// <summary>
/// Checks if an address is already trusted and then sends client SASL
/// negotiation if required.
/// </summary>
/// <param name="addr">connection address</param>
/// <param name="underlyingOut">connection output stream</param>
/// <param name="underlyingIn">connection input stream</param>
/// <param name="encryptionKeyFactory">for creation of an encryption key</param>
/// <param name="accessToken">connection block access token</param>
/// <param name="datanodeId">ID of destination DataNode</param>
/// <returns>new pair of streams, wrapped after SASL negotiation</returns>
/// <exception cref="System.IO.IOException">for any error</exception>
private IOStreamPair CheckTrustAndSend(IPAddress addr, OutputStream underlyingOut
, InputStream underlyingIn, DataEncryptionKeyFactory encryptionKeyFactory, Org.Apache.Hadoop.Security.Token.Token
<BlockTokenIdentifier> accessToken, DatanodeID datanodeId)
{
if (!trustedChannelResolver.IsTrusted() && !trustedChannelResolver.IsTrusted(addr
))
{
// The encryption key factory only returns a key if encryption is enabled.
DataEncryptionKey encryptionKey = encryptionKeyFactory.NewDataEncryptionKey();
return(Send(addr, underlyingOut, underlyingIn, encryptionKey, accessToken, datanodeId
));
}
else
{
Log.Debug("SASL client skipping handshake on trusted connection for addr = {}, "
+ "datanodeId = {}", addr, datanodeId);
return(null);
}
}
/// <exception cref="System.IO.IOException"/>
public static Peer PeerFromSocketAndKey(SaslDataTransferClient saslClient, Socket
s, DataEncryptionKeyFactory keyFactory, Org.Apache.Hadoop.Security.Token.Token <
BlockTokenIdentifier> blockToken, DatanodeID datanodeId)
{
Peer peer = null;
bool success = false;
try
{
peer = PeerFromSocket(s);
peer = saslClient.PeerSend(peer, keyFactory, blockToken, datanodeId);
success = true;
return(peer);
}
finally
{
if (!success)
{
IOUtils.Cleanup(null, peer);
}
}
}
