honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Catch up with renamings in `TcpTransport` 

This is a followup from elastic/elasticsearch#25250

Original commit: elastic/x-pack-elasticsearch@325d10b973
This commit is contained in:
Simon Willnauer 2017-06-14 20:40:41 +02:00
parent 65228e4379
commit 35eb70e113
1 changed files with 5 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
plugin/src/main/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4Transport.java
View File

@ -12,9 +12,7 @@ import io.netty.channel.ChannelOutboundHandlerAdapter;
import io.netty.channel.ChannelPromise;
import io.netty.handler.ssl.SslHandler;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.ExceptionsHelper;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings;
@ -27,7 +25,6 @@ import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import javax.net.ssl.SSLEngine;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
@ -36,7 +33,6 @@ import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isCl
import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isNotSslRecordException;
import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isReceivedCertificateUnknownException;
/**
* Implementation of a transport that extends the {@link Netty4Transport} to add SSL and IP Filtering
*/
@ -46,7 +42,6 @@ public class SecurityNetty4Transport extends Netty4Transport {
@Nullable private final IPFilter authenticator;
private final Settings transportSSLSettings;
@Inject
public SecurityNetty4Transport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays,
NamedWriteableRegistry namedWriteableRegistry, CircuitBreakerService circuitBreakerService,
@Nullable IPFilter authenticator, SSLService sslService) {
@ -76,10 +71,9 @@ public class SecurityNetty4Transport extends Netty4Transport {
@Override
protected void onException(Channel channel, Exception e) {
String reason = ExceptionsHelper.detailedMessage(e);
if (!lifecycle.started()) {
// just close and ignore - we are already stopped and just need to make sure we release all resources
disconnectFromNodeChannel(channel, reason);
closeChannelWhileHandlingExceptions(channel);
} else if (isNotSslRecordException(e)) {
if (logger.isTraceEnabled()) {
logger.trace(
@ -87,25 +81,24 @@ public class SecurityNetty4Transport extends Netty4Transport {
} else {
logger.warn("received plaintext traffic on an encrypted channel, closing connection {}", channel);
}
disconnectFromNodeChannel(channel, reason);
closeChannelWhileHandlingExceptions(channel);
} else if (isCloseDuringHandshakeException(e)) {
if (logger.isTraceEnabled()) {
logger.trace(new ParameterizedMessage("connection {} closed during ssl handshake", channel), e);
} else {
logger.warn("connection {} closed during handshake", channel);
}
disconnectFromNodeChannel(channel, reason);
closeChannelWhileHandlingExceptions(channel);
} else if (isReceivedCertificateUnknownException(e)) {
if (logger.isTraceEnabled()) {
logger.trace(new ParameterizedMessage("client did not trust server's certificate, closing connection {}", channel), e);
} else {
logger.warn("client did not trust this server's certificate, closing connection {}", channel);
}
disconnectFromNodeChannel(channel, reason);
closeChannelWhileHandlingExceptions(channel);
} else {
super.onException(channel, e);
}
}
class SecurityServerChannelInitializer extends ServerChannelInitializer {