honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Catch up with renamings in `TcpTransport` 

This is a followup from elastic/elasticsearch#25250

Original commit: elastic/x-pack-elasticsearch@325d10b973
This commit is contained in:
Simon Willnauer 2017-06-14 20:40:41 +02:00
parent 65228e4379
commit 35eb70e113
1 changed files with 5 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
plugin/src/main/java/org/elasticsearch/xpack/security/transport/netty4/SecurityNetty4Transport.java
View File

@ -12,9 +12,7 @@ import io.netty.channel.ChannelOutboundHandlerAdapter;
import io.netty.channel.ChannelPromise; import io.netty.channel.ChannelPromise;
import io.netty.handler.ssl.SslHandler; import io.netty.handler.ssl.SslHandler;
import org.apache.logging.log4j.message.ParameterizedMessage; import org.apache.logging.log4j.message.ParameterizedMessage;
import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.internal.Nullable;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry; import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.network.NetworkService; import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
@ -27,7 +25,6 @@ import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import java.io.IOException;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.SocketAddress; import java.net.SocketAddress;
@ -36,7 +33,6 @@ import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isCl
import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isNotSslRecordException; import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isNotSslRecordException;
import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isReceivedCertificateUnknownException; import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isReceivedCertificateUnknownException;
/** /**
* Implementation of a transport that extends the {@link Netty4Transport} to add SSL and IP Filtering * Implementation of a transport that extends the {@link Netty4Transport} to add SSL and IP Filtering
*/ */
@ -46,7 +42,6 @@ public class SecurityNetty4Transport extends Netty4Transport {
@Nullable private final IPFilter authenticator; @Nullable private final IPFilter authenticator;
private final Settings transportSSLSettings; private final Settings transportSSLSettings;
@Inject
public SecurityNetty4Transport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays, public SecurityNetty4Transport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays,
NamedWriteableRegistry namedWriteableRegistry, CircuitBreakerService circuitBreakerService, NamedWriteableRegistry namedWriteableRegistry, CircuitBreakerService circuitBreakerService,
@Nullable IPFilter authenticator, SSLService sslService) { @Nullable IPFilter authenticator, SSLService sslService) {
@ -76,10 +71,9 @@ public class SecurityNetty4Transport extends Netty4Transport {
@Override @Override
protected void onException(Channel channel, Exception e) { protected void onException(Channel channel, Exception e) {
String reason = ExceptionsHelper.detailedMessage(e);
if (!lifecycle.started()) { if (!lifecycle.started()) {
// just close and ignore - we are already stopped and just need to make sure we release all resources // just close and ignore - we are already stopped and just need to make sure we release all resources
disconnectFromNodeChannel(channel, reason); closeChannelWhileHandlingExceptions(channel);
} else if (isNotSslRecordException(e)) { } else if (isNotSslRecordException(e)) {
if (logger.isTraceEnabled()) { if (logger.isTraceEnabled()) {
logger.trace( logger.trace(
@ -87,25 +81,24 @@ public class SecurityNetty4Transport extends Netty4Transport {
} else { } else {
logger.warn("received plaintext traffic on an encrypted channel, closing connection {}", channel); logger.warn("received plaintext traffic on an encrypted channel, closing connection {}", channel);
} }
disconnectFromNodeChannel(channel, reason); closeChannelWhileHandlingExceptions(channel);
} else if (isCloseDuringHandshakeException(e)) { } else if (isCloseDuringHandshakeException(e)) {
if (logger.isTraceEnabled()) { if (logger.isTraceEnabled()) {
logger.trace(new ParameterizedMessage("connection {} closed during ssl handshake", channel), e); logger.trace(new ParameterizedMessage("connection {} closed during ssl handshake", channel), e);
} else { } else {
logger.warn("connection {} closed during handshake", channel); logger.warn("connection {} closed during handshake", channel);
} }
disconnectFromNodeChannel(channel, reason); closeChannelWhileHandlingExceptions(channel);
} else if (isReceivedCertificateUnknownException(e)) { } else if (isReceivedCertificateUnknownException(e)) {
if (logger.isTraceEnabled()) { if (logger.isTraceEnabled()) {
logger.trace(new ParameterizedMessage("client did not trust server's certificate, closing connection {}", channel), e); logger.trace(new ParameterizedMessage("client did not trust server's certificate, closing connection {}", channel), e);
} else { } else {
logger.warn("client did not trust this server's certificate, closing connection {}", channel); logger.warn("client did not trust this server's certificate, closing connection {}", channel);
} }
disconnectFromNodeChannel(channel, reason); closeChannelWhileHandlingExceptions(channel);
} else { } else {
super.onException(channel, e); super.onException(channel, e);
} }
} }
class SecurityServerChannelInitializer extends ServerChannelInitializer { class SecurityServerChannelInitializer extends ServerChannelInitializer {