zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anmolnar <...@git.apache.org>
Subject [GitHub] zookeeper pull request #678: ZOOKEEPER-3173: Quorum TLS - support PEM trust/...
Date Mon, 29 Oct 2018 15:20:46 GMT
Github user anmolnar commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/678#discussion_r228958388
  
    --- Diff: zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java ---
    @@ -79,12 +82,56 @@
                 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
         };
     
    +    /**
    +     * This enum represents the file type of a KeyStore or TrustStore. Currently, JKS
(java keystore) and PEM types
    +     * are supported.
    +     */
    +    public enum StoreFileType {
    +        JKS(".jks"), PEM(".pem");
    +
    +        private final String defaultFileExtension;
    +
    +        StoreFileType(String defaultFileExtension) {
    +            this.defaultFileExtension = defaultFileExtension;
    +        }
    +
    +        /**
    +         * The property string that specifies that a key store or trust store should
use this store file type.
    +         */
    +        public String getPropertyValue() {
    +            return this.name();
    +        }
    +
    +        /**
    +         * The file extension that is associated with this file type.
    +         */
    +        public String getDefaultFileExtension() {
    +            return defaultFileExtension;
    +        }
    +
    +        /**
    +         * Converts a property value to a StoreFileType enum. If the property value is
not set or is empty, returns
    +         * null.
    +         * @param prop the property value.
    +         * @return the StoreFileType.
    +         * @throws IllegalArgumentException if the property value is not "JKS", "PEM",
or empty/null.
    +         */
    +        public static StoreFileType fromPropertyValue(String prop) {
    +            if (prop == null || prop.length() == 0) {
    +                return null;
    +            }
    +            return StoreFileType.valueOf(prop.toUpperCase());
    +        }
    +    }
    +
         private String sslProtocolProperty = getConfigPrefix() + "protocol";
         private String cipherSuitesProperty = getConfigPrefix() + "ciphersuites";
         private String sslKeystoreLocationProperty = getConfigPrefix() + "keyStore.location";
         private String sslKeystorePasswdProperty = getConfigPrefix() + "keyStore.password";
    +    private String sslKeystoreTypeProperty = getConfigPrefix() + "keyStore.type";
    --- End diff --
    
    Do we need the ability to override the keystore type that we otherwise detect from the
file extension?


---

Mime
View raw message