apache · himanshug · Apr 5, 2020 · Apr 4, 2020
diff --git a/examples/bin/dsql-main b/examples/bin/dsql-main
@@ -400,7 +400,7 @@ def main():
   parser_fmt.add_argument('--format', type=str, default='table', choices=('csv', 'tsv', 'json', 'table'), help='Result format')
   parser_fmt.add_argument('--header', action='store_true', help='Include header row for formats "csv" and "tsv"')
   parser_fmt.add_argument('--tsv-delimiter', type=str, default='\t', help='Delimiter for format "tsv"')
-  parser_oth.add_argument('--context-option', '-c', type=str, action='append', help='Set context option for this connection, see https://docs.imply.io/on-prem/query-data/sql for options')
+  parser_oth.add_argument('--context-option', '-c', type=str, action='append', help='Set context option for this connection, see https://druid.apache.org/docs/latest/querying/sql.html#connection-context for options')
   parser_oth.add_argument('--execute', '-e', type=str, help='Execute single SQL query')
   args = parser.parse_args()
 

diff --git a/integration-tests/docker/tls/generate-good-client-cert.sh b/integration-tests/docker/tls/generate-good-client-cert.sh
@@ -58,5 +58,5 @@ openssl x509 -req -days 3650 -in client.csr -CA root.pem -CAkey root.key -set_se
 openssl pkcs12 -export -in client.pem -inkey client.key -out client.p12 -name druid -CAfile root.pem -caname druid-it-root -password pass:druid123
 keytool -importkeystore -srckeystore client.p12 -srcstoretype PKCS12 -destkeystore client.jks -deststoretype JKS -srcstorepass druid123 -deststorepass druid123
 
-# Create a Java truststore with the imply test cluster root CA
+# Create a Java truststore with the druid test cluster root CA
 keytool -import -alias druid-it-root -keystore truststore.jks -file root.pem -storepass druid123 -noprompt
diff --git a/integration-tests/docker/tls/generate-server-certs-and-keystores.sh b/integration-tests/docker/tls/generate-server-certs-and-keystores.sh
@@ -63,7 +63,7 @@ openssl x509 -req -days 3650 -in server.csr -CA root.pem -CAkey root.key -set_se
 openssl pkcs12 -export -in server.pem -inkey server.key -out server.p12 -name druid -CAfile root.pem -caname druid-it-root -password pass:druid123
 keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12 -destkeystore server.jks -deststoretype JKS -srcstorepass druid123 -deststorepass druid123
 
-# Create a Java truststore with the imply test cluster root CA
+# Create a Java truststore with the druid test cluster root CA
 keytool -import -alias druid-it-root -keystore truststore.jks -file root.pem -storepass druid123 -noprompt
 
 # Revoke one of the client certs

diff --git a/server/src/main/java/org/apache/druid/server/initialization/jetty/JettyServerModule.java b/server/src/main/java/org/apache/druid/server/initialization/jetty/JettyServerModule.java
@@ -22,6 +22,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
 import com.fasterxml.jackson.jaxrs.smile.JacksonSmileProvider;
+import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Preconditions;
 import com.google.common.primitives.Ints;
 import com.google.inject.Binder;
@@ -345,7 +346,13 @@ static Server makeAndInitializeServer(
 
       List<ConnectionFactory> monitoredConnFactories = new ArrayList<>();
       for (ConnectionFactory cf : connector.getConnectionFactories()) {
-        monitoredConnFactories.add(new JettyMonitoringConnectionFactory(cf, ACTIVE_CONNECTIONS));
+        // we only want to monitor the first connection factory, since it will pass the connection to subsequent
+        // connection factories (in this case HTTP/1.1 after the connection is unencrypted for SSL)
+        if (cf.getProtocol().equals(connector.getDefaultProtocol())) {
+          monitoredConnFactories.add(new JettyMonitoringConnectionFactory(cf, ACTIVE_CONNECTIONS));
+        } else {
+          monitoredConnFactories.add(cf);
+        }
       }
       connector.setConnectionFactories(monitoredConnFactories);
     }
@@ -531,4 +538,10 @@ protected TrustManager[] getTrustManagers(
       return newTrustManagers;
     }
   }
+
+  @VisibleForTesting
+  public int getActiveConnections()
+  {
+    return ACTIVE_CONNECTIONS.get();
+  }
 }
diff --git a/server/src/test/java/org/apache/druid/server/initialization/BaseJettyTest.java b/server/src/test/java/org/apache/druid/server/initialization/BaseJettyTest.java
@@ -19,6 +19,7 @@
 
 package org.apache.druid.server.initialization;
 
+import com.google.inject.Inject;
 import com.google.inject.Injector;
 import com.google.inject.Key;
 import com.google.inject.servlet.GuiceFilter;
@@ -60,6 +61,7 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import java.io.IOException;
+import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ThreadLocalRandom;
 import java.util.concurrent.TimeUnit;
 import java.util.zip.Deflater;
@@ -72,6 +74,7 @@ public abstract class BaseJettyTest
   protected HttpClient client;
   protected Server server;
   protected int port = -1;
+  protected int tlsPort = -1;
 
   public static void setProperties()
   {
@@ -87,6 +90,8 @@ public void setup() throws Exception
     Injector injector = setupInjector();
     final DruidNode node = injector.getInstance(Key.get(DruidNode.class, Self.class));
     port = node.getPlaintextPort();
+    tlsPort = node.getTlsPort();
+
     lifecycle = injector.getInstance(Lifecycle.class);
     lifecycle.start();
     ClientHolder holder = injector.getInstance(ClientHolder.class);
@@ -175,6 +180,71 @@ public Response hello()
     }
   }
 
+  @Path("/latched")
+  public static class LatchedResource
+  {
+    private final LatchedRequestStateHolder state;
+
+    @Inject
+    public LatchedResource(LatchedRequestStateHolder state)
+    {
+      this.state = state;
+    }
+
+    @GET
+    @Path("/hello")
+    @Produces(MediaType.APPLICATION_JSON)
+    public Response hello()
+    {
+      state.serverStartRequest();
+      try {
+        state.serverWaitForClientReadyToFinishRequest();
+      }
+      catch (InterruptedException ignored) {
+      }
+      return Response.ok(DEFAULT_RESPONSE_CONTENT).build();
+    }
+  }
+
+  public static class LatchedRequestStateHolder
+  {
+    private static final int TIMEOUT_MILLIS = 10_000;
+
+    private CountDownLatch requestStartLatch;
+    private CountDownLatch requestEndLatch;
+
+    public LatchedRequestStateHolder()
+    {
+      reset();
+    }
+
+    public void reset()
+    {
+      requestStartLatch = new CountDownLatch(1);
+      requestEndLatch = new CountDownLatch(1);
+    }
+
+    public void clientWaitForServerToStartRequest() throws InterruptedException
+    {
+      requestStartLatch.await(TIMEOUT_MILLIS, TimeUnit.MILLISECONDS);
+    }
+
+    public void serverStartRequest()
+    {
+      requestStartLatch.countDown();
+    }
+
+    public void serverWaitForClientReadyToFinishRequest() throws InterruptedException
+    {
+      requestEndLatch.await(TIMEOUT_MILLIS, TimeUnit.MILLISECONDS);
+    }
+
+    public void clientReadyToFinishRequest()
+    {
+      requestEndLatch.countDown();
+    }
+  }
+
   @Path("/default")
   public static class DefaultResource
   {