summaryrefslogtreecommitdiffstats
path: root/jrt/src
diff options
context:
space:
mode:
Diffstat (limited to 'jrt/src')
-rw-r--r--jrt/src/com/yahoo/jrt/CryptoEngine.java2
-rw-r--r--jrt/src/com/yahoo/jrt/MaybeTlsCryptoEngine.java8
-rw-r--r--jrt/src/com/yahoo/jrt/MaybeTlsCryptoSocket.java13
-rw-r--r--jrt/src/com/yahoo/jrt/NullCryptoEngine.java4
-rw-r--r--jrt/src/com/yahoo/jrt/NullCryptoSocket.java15
-rw-r--r--jrt/src/com/yahoo/jrt/TlsCryptoEngine.java4
-rw-r--r--jrt/src/com/yahoo/jrt/TlsCryptoSocket.java5
-rw-r--r--jrt/src/com/yahoo/jrt/Transport.java4
-rw-r--r--jrt/src/com/yahoo/jrt/TransportMetrics.java74
-rw-r--r--jrt/src/com/yahoo/jrt/XorCryptoEngine.java2
10 files changed, 100 insertions, 31 deletions
diff --git a/jrt/src/com/yahoo/jrt/CryptoEngine.java b/jrt/src/com/yahoo/jrt/CryptoEngine.java
index 41a567a83f2..81bf10be187 100644
--- a/jrt/src/com/yahoo/jrt/CryptoEngine.java
+++ b/jrt/src/com/yahoo/jrt/CryptoEngine.java
@@ -18,7 +18,7 @@ import java.nio.channels.SocketChannel;
* encryption.
**/
public interface CryptoEngine extends AutoCloseable {
- CryptoSocket createCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer);
+ CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer);
static CryptoEngine createDefault() {
if (!TransportSecurityUtils.isTransportSecurityEnabled()) {
return new NullCryptoEngine();
diff --git a/jrt/src/com/yahoo/jrt/MaybeTlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/MaybeTlsCryptoEngine.java
index a0d56281744..801f2075c4e 100644
--- a/jrt/src/com/yahoo/jrt/MaybeTlsCryptoEngine.java
+++ b/jrt/src/com/yahoo/jrt/MaybeTlsCryptoEngine.java
@@ -21,13 +21,13 @@ public class MaybeTlsCryptoEngine implements CryptoEngine {
}
@Override
- public CryptoSocket createCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer) {
+ public CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) {
if (isServer) {
- return new MaybeTlsCryptoSocket(metrics, channel, tlsEngine, isServer);
+ return new MaybeTlsCryptoSocket(channel, tlsEngine, isServer);
} else if (useTlsWhenClient) {
- return tlsEngine.createCryptoSocket(metrics, channel, false);
+ return tlsEngine.createCryptoSocket(channel, false);
} else {
- return new NullCryptoSocket(metrics, channel, isServer);
+ return new NullCryptoSocket(channel, isServer);
}
}
diff --git a/jrt/src/com/yahoo/jrt/MaybeTlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/MaybeTlsCryptoSocket.java
index ba34bed11c0..2e0d41b28d1 100644
--- a/jrt/src/com/yahoo/jrt/MaybeTlsCryptoSocket.java
+++ b/jrt/src/com/yahoo/jrt/MaybeTlsCryptoSocket.java
@@ -56,13 +56,12 @@ public class MaybeTlsCryptoSocket implements CryptoSocket {
private class MyCryptoSocket extends NullCryptoSocket {
- private final TransportMetrics metrics;
+ private final TransportMetrics metrics = TransportMetrics.getInstance();
private TlsCryptoEngine factory;
private Buffer buffer;
- MyCryptoSocket(TransportMetrics metrics, SocketChannel channel, TlsCryptoEngine factory, boolean isServer) {
- super(metrics, channel, isServer);
- this.metrics = metrics;
+ MyCryptoSocket(SocketChannel channel, TlsCryptoEngine factory, boolean isServer) {
+ super(channel, isServer);
this.factory = factory;
this.buffer = new Buffer(4096);
}
@@ -81,7 +80,7 @@ public class MaybeTlsCryptoSocket implements CryptoSocket {
data[i] = src.get(i);
}
if (looksLikeTlsToMe(data)) {
- TlsCryptoSocket tlsSocket = factory.createCryptoSocket(metrics, channel(), true);
+ TlsCryptoSocket tlsSocket = factory.createCryptoSocket(channel(), true);
tlsSocket.injectReadData(buffer);
socket = tlsSocket;
return socket.handshake();
@@ -117,8 +116,8 @@ public class MaybeTlsCryptoSocket implements CryptoSocket {
}
}
- public MaybeTlsCryptoSocket(TransportMetrics metrics, SocketChannel channel, TlsCryptoEngine factory, boolean isServer) {
- this.socket = new MyCryptoSocket(metrics, channel, factory, isServer);
+ public MaybeTlsCryptoSocket(SocketChannel channel, TlsCryptoEngine factory, boolean isServer) {
+ this.socket = new MyCryptoSocket(channel, factory, isServer);
}
@Override public SocketChannel channel() { return socket.channel(); }
diff --git a/jrt/src/com/yahoo/jrt/NullCryptoEngine.java b/jrt/src/com/yahoo/jrt/NullCryptoEngine.java
index 7a7773ed855..b5a53accf92 100644
--- a/jrt/src/com/yahoo/jrt/NullCryptoEngine.java
+++ b/jrt/src/com/yahoo/jrt/NullCryptoEngine.java
@@ -9,7 +9,7 @@ import java.nio.channels.SocketChannel;
* CryptoEngine implementation that performs no encryption.
**/
public class NullCryptoEngine implements CryptoEngine {
- @Override public CryptoSocket createCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer) {
- return new NullCryptoSocket(metrics, channel, isServer);
+ @Override public CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) {
+ return new NullCryptoSocket(channel, isServer);
}
}
diff --git a/jrt/src/com/yahoo/jrt/NullCryptoSocket.java b/jrt/src/com/yahoo/jrt/NullCryptoSocket.java
index 1473f288306..0d7b83f1c7d 100644
--- a/jrt/src/com/yahoo/jrt/NullCryptoSocket.java
+++ b/jrt/src/com/yahoo/jrt/NullCryptoSocket.java
@@ -13,17 +13,14 @@ import java.nio.channels.SocketChannel;
public class NullCryptoSocket implements CryptoSocket {
private final boolean isServer;
private SocketChannel channel;
- private TransportMetrics metrics;
- public NullCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer) { this.metrics = metrics; this.channel = channel; this.isServer = isServer; }
+ private final TransportMetrics metrics = TransportMetrics.getInstance();
+ public NullCryptoSocket(SocketChannel channel, boolean isServer) { this.channel = channel; this.isServer = isServer; }
@Override public SocketChannel channel() { return channel; }
@Override public HandshakeResult handshake() throws IOException {
- if (metrics != null) {
- if (isServer) {
- metrics.incrementServerUnencryptedConnectionsEstablished();
- } else {
- metrics.incrementClientUnencryptedConnectionsEstablished();
- }
- metrics = null;
+ if (isServer) {
+ metrics.incrementServerUnencryptedConnectionsEstablished();
+ } else {
+ metrics.incrementClientUnencryptedConnectionsEstablished();
}
return HandshakeResult.DONE;
}
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
index 7e5e6fd9dc4..41302a4c725 100644
--- a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
+++ b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java
@@ -20,11 +20,11 @@ public class TlsCryptoEngine implements CryptoEngine {
}
@Override
- public TlsCryptoSocket createCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer) {
+ public TlsCryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) {
SSLEngine sslEngine = tlsContext.createSslEngine();
sslEngine.setNeedClientAuth(true);
sslEngine.setUseClientMode(!isServer);
- return new TlsCryptoSocket(metrics, channel, sslEngine);
+ return new TlsCryptoSocket(channel, sslEngine);
}
@Override
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java
index 184b8824877..f25a45169a8 100644
--- a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java
+++ b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java
@@ -31,7 +31,7 @@ public class TlsCryptoSocket implements CryptoSocket {
private enum HandshakeState { NOT_STARTED, NEED_READ, NEED_WRITE, COMPLETED }
- private final TransportMetrics metrics;
+ private final TransportMetrics metrics = TransportMetrics.getInstance();
private final SocketChannel channel;
private final SSLEngine sslEngine;
private final Buffer wrapBuffer;
@@ -42,8 +42,7 @@ public class TlsCryptoSocket implements CryptoSocket {
private HandshakeState handshakeState;
private AuthorizationResult authorizationResult;
- public TlsCryptoSocket(TransportMetrics metrics, SocketChannel channel, SSLEngine sslEngine) {
- this.metrics = metrics;
+ public TlsCryptoSocket(SocketChannel channel, SSLEngine sslEngine) {
this.channel = channel;
this.sslEngine = sslEngine;
SSLSession nullSession = sslEngine.getSession();
diff --git a/jrt/src/com/yahoo/jrt/Transport.java b/jrt/src/com/yahoo/jrt/Transport.java
index ccdd5683f6a..0a2f2a4b7cb 100644
--- a/jrt/src/com/yahoo/jrt/Transport.java
+++ b/jrt/src/com/yahoo/jrt/Transport.java
@@ -77,7 +77,7 @@ public class Transport {
private Scheduler scheduler;
private int state;
private Selector selector;
- private final TransportMetrics metrics = new TransportMetrics();
+ private final TransportMetrics metrics = TransportMetrics.getInstance();
private void handleAddConnection(Connection conn) {
if (conn.isClosed()) {
@@ -197,7 +197,7 @@ public class Transport {
* @param isServer flag indicating which end of the connection we are
**/
CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) {
- return cryptoEngine.createCryptoSocket(metrics, channel, isServer);
+ return cryptoEngine.createCryptoSocket(channel, isServer);
}
/**
diff --git a/jrt/src/com/yahoo/jrt/TransportMetrics.java b/jrt/src/com/yahoo/jrt/TransportMetrics.java
index e0afbc495e7..507a925572f 100644
--- a/jrt/src/com/yahoo/jrt/TransportMetrics.java
+++ b/jrt/src/com/yahoo/jrt/TransportMetrics.java
@@ -2,6 +2,7 @@
package com.yahoo.jrt;
import java.util.concurrent.atomic.AtomicLong;
+import java.util.function.ToLongFunction;
/**
* Metric values produced by {@link Transport}.
@@ -10,6 +11,8 @@ import java.util.concurrent.atomic.AtomicLong;
*/
public class TransportMetrics {
+ private static final TransportMetrics instance = new TransportMetrics();
+
private final AtomicLong tlsCertificateVerificationFailures = new AtomicLong(0);
private final AtomicLong peerAuthorizationFailures = new AtomicLong(0);
private final AtomicLong serverTlsConnectionsEstablished = new AtomicLong(0);
@@ -17,6 +20,10 @@ public class TransportMetrics {
private final AtomicLong serverUnencryptedConnectionsEstablished = new AtomicLong(0);
private final AtomicLong clientUnencryptedConnectionsEstablished = new AtomicLong(0);
+ private TransportMetrics() {}
+
+ public static TransportMetrics getInstance() { return instance; }
+
public long tlsCertificateVerificationFailures() {
return tlsCertificateVerificationFailures.get();
}
@@ -41,6 +48,8 @@ public class TransportMetrics {
return clientUnencryptedConnectionsEstablished.get();
}
+ public Snapshot snapshot() { return new Snapshot(this); }
+
void incrementTlsCertificateVerificationFailures() {
tlsCertificateVerificationFailures.incrementAndGet();
}
@@ -76,4 +85,69 @@ public class TransportMetrics {
", clientUnencryptedConnectionsEstablished=" + clientUnencryptedConnectionsEstablished +
'}';
}
+
+ public static class Snapshot {
+ private final long tlsCertificateVerificationFailures;
+ private final long peerAuthorizationFailures;
+ private final long serverTlsConnectionsEstablished;
+ private final long clientTlsConnectionsEstablished;
+ private final long serverUnencryptedConnectionsEstablished;
+ private final long clientUnencryptedConnectionsEstablished;
+
+ private Snapshot(TransportMetrics metrics) {
+ this(metrics.tlsCertificateVerificationFailures.get(),
+ metrics.peerAuthorizationFailures.get(),
+ metrics.serverTlsConnectionsEstablished.get(),
+ metrics.clientTlsConnectionsEstablished.get(),
+ metrics.serverUnencryptedConnectionsEstablished.get(),
+ metrics.clientUnencryptedConnectionsEstablished.get());
+ }
+
+ private Snapshot(long tlsCertificateVerificationFailures,
+ long peerAuthorizationFailures,
+ long serverTlsConnectionsEstablished,
+ long clientTlsConnectionsEstablished,
+ long serverUnencryptedConnectionsEstablished,
+ long clientUnencryptedConnectionsEstablished) {
+ this.tlsCertificateVerificationFailures = tlsCertificateVerificationFailures;
+ this.peerAuthorizationFailures = peerAuthorizationFailures;
+ this.serverTlsConnectionsEstablished = serverTlsConnectionsEstablished;
+ this.clientTlsConnectionsEstablished = clientTlsConnectionsEstablished;
+ this.serverUnencryptedConnectionsEstablished = serverUnencryptedConnectionsEstablished;
+ this.clientUnencryptedConnectionsEstablished = clientUnencryptedConnectionsEstablished;
+ }
+
+ public long tlsCertificateVerificationFailures() { return tlsCertificateVerificationFailures; }
+ public long peerAuthorizationFailures() { return peerAuthorizationFailures; }
+ public long serverTlsConnectionsEstablished() { return serverTlsConnectionsEstablished; }
+ public long clientTlsConnectionsEstablished() { return clientTlsConnectionsEstablished; }
+ public long serverUnencryptedConnectionsEstablished() { return serverUnencryptedConnectionsEstablished; }
+ public long clientUnencryptedConnectionsEstablished() { return clientUnencryptedConnectionsEstablished; }
+
+ public Snapshot changesSince(Snapshot base) {
+ return new Snapshot(
+ changesSince(base, Snapshot::tlsCertificateVerificationFailures),
+ changesSince(base, Snapshot::peerAuthorizationFailures),
+ changesSince(base, Snapshot::serverTlsConnectionsEstablished),
+ changesSince(base, Snapshot::clientTlsConnectionsEstablished),
+ changesSince(base, Snapshot::serverUnencryptedConnectionsEstablished),
+ changesSince(base, Snapshot::clientUnencryptedConnectionsEstablished));
+ }
+
+ private long changesSince(Snapshot base, ToLongFunction<Snapshot> metricProperty) {
+ return metricProperty.applyAsLong(this) - metricProperty.applyAsLong(base);
+ }
+
+ @Override
+ public String toString() {
+ return "Snapshot{" +
+ "tlsCertificateVerificationFailures=" + tlsCertificateVerificationFailures +
+ ", peerAuthorizationFailures=" + peerAuthorizationFailures +
+ ", serverTlsConnectionsEstablished=" + serverTlsConnectionsEstablished +
+ ", clientTlsConnectionsEstablished=" + clientTlsConnectionsEstablished +
+ ", serverUnencryptedConnectionsEstablished=" + serverUnencryptedConnectionsEstablished +
+ ", clientUnencryptedConnectionsEstablished=" + clientUnencryptedConnectionsEstablished +
+ '}';
+ }
+ }
}
diff --git a/jrt/src/com/yahoo/jrt/XorCryptoEngine.java b/jrt/src/com/yahoo/jrt/XorCryptoEngine.java
index 6912a58e394..4ba6d00faa4 100644
--- a/jrt/src/com/yahoo/jrt/XorCryptoEngine.java
+++ b/jrt/src/com/yahoo/jrt/XorCryptoEngine.java
@@ -11,7 +11,7 @@ import java.nio.channels.SocketChannel;
* from TLS.
**/
public class XorCryptoEngine implements CryptoEngine {
- @Override public CryptoSocket createCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer) {
+ @Override public CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) {
return new XorCryptoSocket(channel, isServer);
}
}