From 20ef532261c7cfdad784e0dc6b804434be2b263a Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Thu, 17 Jan 2019 13:54:48 +0100 Subject: Make TransportMetrics a singleton --- jrt/src/com/yahoo/jrt/CryptoEngine.java | 2 +- jrt/src/com/yahoo/jrt/MaybeTlsCryptoEngine.java | 8 +++---- jrt/src/com/yahoo/jrt/MaybeTlsCryptoSocket.java | 13 +++++------ jrt/src/com/yahoo/jrt/NullCryptoEngine.java | 4 ++-- jrt/src/com/yahoo/jrt/NullCryptoSocket.java | 15 +++++------- jrt/src/com/yahoo/jrt/TlsCryptoEngine.java | 4 ++-- jrt/src/com/yahoo/jrt/TlsCryptoSocket.java | 5 ++-- jrt/src/com/yahoo/jrt/Transport.java | 4 ++-- jrt/src/com/yahoo/jrt/TransportMetrics.java | 15 ++++++++++++ jrt/src/com/yahoo/jrt/XorCryptoEngine.java | 2 +- jrt/tests/com/yahoo/jrt/EchoTest.java | 31 ++++++++++++++----------- 11 files changed, 58 insertions(+), 45 deletions(-) diff --git a/jrt/src/com/yahoo/jrt/CryptoEngine.java b/jrt/src/com/yahoo/jrt/CryptoEngine.java index 41a567a83f2..81bf10be187 100644 --- a/jrt/src/com/yahoo/jrt/CryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/CryptoEngine.java @@ -18,7 +18,7 @@ import java.nio.channels.SocketChannel; * encryption. **/ public interface CryptoEngine extends AutoCloseable { - CryptoSocket createCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer); + CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer); static CryptoEngine createDefault() { if (!TransportSecurityUtils.isTransportSecurityEnabled()) { return new NullCryptoEngine(); diff --git a/jrt/src/com/yahoo/jrt/MaybeTlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/MaybeTlsCryptoEngine.java index a0d56281744..801f2075c4e 100644 --- a/jrt/src/com/yahoo/jrt/MaybeTlsCryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/MaybeTlsCryptoEngine.java @@ -21,13 +21,13 @@ public class MaybeTlsCryptoEngine implements CryptoEngine { } @Override - public CryptoSocket createCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer) { + public CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) { if (isServer) { - return new MaybeTlsCryptoSocket(metrics, channel, tlsEngine, isServer); + return new MaybeTlsCryptoSocket(channel, tlsEngine, isServer); } else if (useTlsWhenClient) { - return tlsEngine.createCryptoSocket(metrics, channel, false); + return tlsEngine.createCryptoSocket(channel, false); } else { - return new NullCryptoSocket(metrics, channel, isServer); + return new NullCryptoSocket(channel, isServer); } } diff --git a/jrt/src/com/yahoo/jrt/MaybeTlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/MaybeTlsCryptoSocket.java index ba34bed11c0..2e0d41b28d1 100644 --- a/jrt/src/com/yahoo/jrt/MaybeTlsCryptoSocket.java +++ b/jrt/src/com/yahoo/jrt/MaybeTlsCryptoSocket.java @@ -56,13 +56,12 @@ public class MaybeTlsCryptoSocket implements CryptoSocket { private class MyCryptoSocket extends NullCryptoSocket { - private final TransportMetrics metrics; + private final TransportMetrics metrics = TransportMetrics.getInstance(); private TlsCryptoEngine factory; private Buffer buffer; - MyCryptoSocket(TransportMetrics metrics, SocketChannel channel, TlsCryptoEngine factory, boolean isServer) { - super(metrics, channel, isServer); - this.metrics = metrics; + MyCryptoSocket(SocketChannel channel, TlsCryptoEngine factory, boolean isServer) { + super(channel, isServer); this.factory = factory; this.buffer = new Buffer(4096); } @@ -81,7 +80,7 @@ public class MaybeTlsCryptoSocket implements CryptoSocket { data[i] = src.get(i); } if (looksLikeTlsToMe(data)) { - TlsCryptoSocket tlsSocket = factory.createCryptoSocket(metrics, channel(), true); + TlsCryptoSocket tlsSocket = factory.createCryptoSocket(channel(), true); tlsSocket.injectReadData(buffer); socket = tlsSocket; return socket.handshake(); @@ -117,8 +116,8 @@ public class MaybeTlsCryptoSocket implements CryptoSocket { } } - public MaybeTlsCryptoSocket(TransportMetrics metrics, SocketChannel channel, TlsCryptoEngine factory, boolean isServer) { - this.socket = new MyCryptoSocket(metrics, channel, factory, isServer); + public MaybeTlsCryptoSocket(SocketChannel channel, TlsCryptoEngine factory, boolean isServer) { + this.socket = new MyCryptoSocket(channel, factory, isServer); } @Override public SocketChannel channel() { return socket.channel(); } diff --git a/jrt/src/com/yahoo/jrt/NullCryptoEngine.java b/jrt/src/com/yahoo/jrt/NullCryptoEngine.java index 7a7773ed855..b5a53accf92 100644 --- a/jrt/src/com/yahoo/jrt/NullCryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/NullCryptoEngine.java @@ -9,7 +9,7 @@ import java.nio.channels.SocketChannel; * CryptoEngine implementation that performs no encryption. **/ public class NullCryptoEngine implements CryptoEngine { - @Override public CryptoSocket createCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer) { - return new NullCryptoSocket(metrics, channel, isServer); + @Override public CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) { + return new NullCryptoSocket(channel, isServer); } } diff --git a/jrt/src/com/yahoo/jrt/NullCryptoSocket.java b/jrt/src/com/yahoo/jrt/NullCryptoSocket.java index 1473f288306..0d7b83f1c7d 100644 --- a/jrt/src/com/yahoo/jrt/NullCryptoSocket.java +++ b/jrt/src/com/yahoo/jrt/NullCryptoSocket.java @@ -13,17 +13,14 @@ import java.nio.channels.SocketChannel; public class NullCryptoSocket implements CryptoSocket { private final boolean isServer; private SocketChannel channel; - private TransportMetrics metrics; - public NullCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer) { this.metrics = metrics; this.channel = channel; this.isServer = isServer; } + private final TransportMetrics metrics = TransportMetrics.getInstance(); + public NullCryptoSocket(SocketChannel channel, boolean isServer) { this.channel = channel; this.isServer = isServer; } @Override public SocketChannel channel() { return channel; } @Override public HandshakeResult handshake() throws IOException { - if (metrics != null) { - if (isServer) { - metrics.incrementServerUnencryptedConnectionsEstablished(); - } else { - metrics.incrementClientUnencryptedConnectionsEstablished(); - } - metrics = null; + if (isServer) { + metrics.incrementServerUnencryptedConnectionsEstablished(); + } else { + metrics.incrementClientUnencryptedConnectionsEstablished(); } return HandshakeResult.DONE; } diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java index 7e5e6fd9dc4..41302a4c725 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java @@ -20,11 +20,11 @@ public class TlsCryptoEngine implements CryptoEngine { } @Override - public TlsCryptoSocket createCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer) { + public TlsCryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) { SSLEngine sslEngine = tlsContext.createSslEngine(); sslEngine.setNeedClientAuth(true); sslEngine.setUseClientMode(!isServer); - return new TlsCryptoSocket(metrics, channel, sslEngine); + return new TlsCryptoSocket(channel, sslEngine); } @Override diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java index 184b8824877..f25a45169a8 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java @@ -31,7 +31,7 @@ public class TlsCryptoSocket implements CryptoSocket { private enum HandshakeState { NOT_STARTED, NEED_READ, NEED_WRITE, COMPLETED } - private final TransportMetrics metrics; + private final TransportMetrics metrics = TransportMetrics.getInstance(); private final SocketChannel channel; private final SSLEngine sslEngine; private final Buffer wrapBuffer; @@ -42,8 +42,7 @@ public class TlsCryptoSocket implements CryptoSocket { private HandshakeState handshakeState; private AuthorizationResult authorizationResult; - public TlsCryptoSocket(TransportMetrics metrics, SocketChannel channel, SSLEngine sslEngine) { - this.metrics = metrics; + public TlsCryptoSocket(SocketChannel channel, SSLEngine sslEngine) { this.channel = channel; this.sslEngine = sslEngine; SSLSession nullSession = sslEngine.getSession(); diff --git a/jrt/src/com/yahoo/jrt/Transport.java b/jrt/src/com/yahoo/jrt/Transport.java index 717c39d403b..8da4c737f79 100644 --- a/jrt/src/com/yahoo/jrt/Transport.java +++ b/jrt/src/com/yahoo/jrt/Transport.java @@ -77,7 +77,7 @@ public class Transport { private Scheduler scheduler; private int state; private Selector selector; - private final TransportMetrics metrics = new TransportMetrics(); + private final TransportMetrics metrics = TransportMetrics.getInstance(); private void handleAddConnection(Connection conn) { if (conn.isClosed()) { @@ -197,7 +197,7 @@ public class Transport { * @param isServer flag indicating which end of the connection we are **/ CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) { - return cryptoEngine.createCryptoSocket(metrics, channel, isServer); + return cryptoEngine.createCryptoSocket(channel, isServer); } /** diff --git a/jrt/src/com/yahoo/jrt/TransportMetrics.java b/jrt/src/com/yahoo/jrt/TransportMetrics.java index dba68b88f34..e4524b138e7 100644 --- a/jrt/src/com/yahoo/jrt/TransportMetrics.java +++ b/jrt/src/com/yahoo/jrt/TransportMetrics.java @@ -10,6 +10,8 @@ import java.util.concurrent.atomic.AtomicLong; */ public class TransportMetrics { + private static final TransportMetrics instance = new TransportMetrics(); + private final AtomicLong tlsCertificateVerificationFailures = new AtomicLong(0); private final AtomicLong peerAuthorizationFailures = new AtomicLong(0); private final AtomicLong serverTlsConnectionsEstablished = new AtomicLong(0); @@ -17,6 +19,10 @@ public class TransportMetrics { private final AtomicLong serverUnencryptedConnectionsEstablished = new AtomicLong(0); private final AtomicLong clientUnencryptedConnectionsEstablished = new AtomicLong(0); + private TransportMetrics() {} + + public static TransportMetrics getInstance() { return instance; } + public long tlsCertificateVerificationFailures() { return tlsCertificateVerificationFailures.get(); } @@ -67,6 +73,15 @@ public class TransportMetrics { clientUnencryptedConnectionsEstablished.incrementAndGet(); } + void reset() { + tlsCertificateVerificationFailures.set(0); + peerAuthorizationFailures.set(0); + serverTlsConnectionsEstablished.set(0); + clientTlsConnectionsEstablished.set(0); + serverUnencryptedConnectionsEstablished.set(0); + clientUnencryptedConnectionsEstablished.set(0); + } + @Override public String toString() { return "TransportMetrics{" + diff --git a/jrt/src/com/yahoo/jrt/XorCryptoEngine.java b/jrt/src/com/yahoo/jrt/XorCryptoEngine.java index 6912a58e394..4ba6d00faa4 100644 --- a/jrt/src/com/yahoo/jrt/XorCryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/XorCryptoEngine.java @@ -11,7 +11,7 @@ import java.nio.channels.SocketChannel; * from TLS. **/ public class XorCryptoEngine implements CryptoEngine { - @Override public CryptoSocket createCryptoSocket(TransportMetrics metrics, SocketChannel channel, boolean isServer) { + @Override public CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) { return new XorCryptoSocket(channel, isServer); } } diff --git a/jrt/tests/com/yahoo/jrt/EchoTest.java b/jrt/tests/com/yahoo/jrt/EchoTest.java index 1c600e0918c..4ca9ba2bd64 100644 --- a/jrt/tests/com/yahoo/jrt/EchoTest.java +++ b/jrt/tests/com/yahoo/jrt/EchoTest.java @@ -16,6 +16,7 @@ import static org.junit.Assert.assertTrue; @RunWith(Parameterized.class) public class EchoTest { + TransportMetrics metrics; Supervisor server; Acceptor acceptor; Supervisor client; @@ -23,7 +24,7 @@ public class EchoTest { Values refValues; private interface MetricsAssertions { - void assertMetrics(TransportMetrics serverMetrics, TransportMetrics clientMetrics) throws AssertionError; + void assertMetrics(TransportMetrics metrics) throws AssertionError; } @Parameter(value = 0) public CryptoEngine crypto; @@ -34,33 +35,35 @@ public class EchoTest { return new Object[][] { { new NullCryptoEngine(), - (MetricsAssertions) (serverMetrics, clientMetrics) -> { - assertEquals(1, serverMetrics.serverUnencryptedConnectionsEstablished()); - assertEquals(1, clientMetrics.clientUnencryptedConnectionsEstablished()); + (MetricsAssertions) metrics -> { + assertEquals(1, metrics.serverUnencryptedConnectionsEstablished()); + assertEquals(1, metrics.clientUnencryptedConnectionsEstablished()); }}, {new XorCryptoEngine(), null}, { new TlsCryptoEngine(createTestTlsContext()), - (MetricsAssertions) (serverMetrics, clientMetrics) -> { - assertEquals(1, serverMetrics.serverTlsConnectionsEstablished()); - assertEquals(1, clientMetrics.clientTlsConnectionsEstablished()); + (MetricsAssertions) metrics -> { + assertEquals(1, metrics.serverTlsConnectionsEstablished()); + assertEquals(1, metrics.clientTlsConnectionsEstablished()); }}, { new MaybeTlsCryptoEngine(new TlsCryptoEngine(createTestTlsContext()), false), - (MetricsAssertions) (serverMetrics, clientMetrics) -> { - assertEquals(1, serverMetrics.serverUnencryptedConnectionsEstablished()); - assertEquals(1, clientMetrics.clientUnencryptedConnectionsEstablished()); + (MetricsAssertions) metrics -> { + assertEquals(1, metrics.serverUnencryptedConnectionsEstablished()); + assertEquals(1, metrics.clientUnencryptedConnectionsEstablished()); }}, { new MaybeTlsCryptoEngine(new TlsCryptoEngine(createTestTlsContext()), true), - (MetricsAssertions) (serverMetrics, clientMetrics) -> { - assertEquals(1, serverMetrics.serverTlsConnectionsEstablished()); - assertEquals(1, clientMetrics.clientTlsConnectionsEstablished()); + (MetricsAssertions) metrics -> { + assertEquals(1, metrics.serverTlsConnectionsEstablished()); + assertEquals(1, metrics.clientTlsConnectionsEstablished()); }}}; } @Before public void setUp() throws ListenFailedException { + metrics = TransportMetrics.getInstance(); + metrics.reset(); server = new Supervisor(new Transport(crypto)); client = new Supervisor(new Transport(crypto)); acceptor = server.listen(new Spec(0)); @@ -131,7 +134,7 @@ public class EchoTest { assertTrue(Test.equals(req.returnValues(), refValues)); assertTrue(Test.equals(req.parameters(), refValues)); if (metricsAssertions != null) { - metricsAssertions.assertMetrics(server.transport().metrics(), client.transport().metrics()); + metricsAssertions.assertMetrics(metrics); } } } -- cgit v1.2.3