zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ivmaykov <...@git.apache.org>
Subject [GitHub] zookeeper pull request #678: ZOOKEEPER-3173: Quorum TLS - support PEM trust/...
Date Mon, 29 Oct 2018 16:55:55 GMT
Github user ivmaykov commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/678#discussion_r229011934
  
    --- Diff: zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java ---
    @@ -79,12 +82,56 @@
                 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
         };
     
    +    /**
    +     * This enum represents the file type of a KeyStore or TrustStore. Currently, JKS
(java keystore) and PEM types
    +     * are supported.
    +     */
    +    public enum StoreFileType {
    +        JKS(".jks"), PEM(".pem");
    +
    +        private final String defaultFileExtension;
    +
    +        StoreFileType(String defaultFileExtension) {
    +            this.defaultFileExtension = defaultFileExtension;
    +        }
    +
    +        /**
    +         * The property string that specifies that a key store or trust store should
use this store file type.
    +         */
    +        public String getPropertyValue() {
    +            return this.name();
    +        }
    +
    +        /**
    +         * The file extension that is associated with this file type.
    +         */
    +        public String getDefaultFileExtension() {
    +            return defaultFileExtension;
    +        }
    +
    +        /**
    +         * Converts a property value to a StoreFileType enum. If the property value is
not set or is empty, returns
    +         * null.
    +         * @param prop the property value.
    +         * @return the StoreFileType.
    +         * @throws IllegalArgumentException if the property value is not "JKS", "PEM",
or empty/null.
    +         */
    +        public static StoreFileType fromPropertyValue(String prop) {
    +            if (prop == null || prop.length() == 0) {
    +                return null;
    +            }
    +            return StoreFileType.valueOf(prop.toUpperCase());
    +        }
    +    }
    +
         private String sslProtocolProperty = getConfigPrefix() + "protocol";
         private String cipherSuitesProperty = getConfigPrefix() + "ciphersuites";
         private String sslKeystoreLocationProperty = getConfigPrefix() + "keyStore.location";
         private String sslKeystorePasswdProperty = getConfigPrefix() + "keyStore.password";
    +    private String sslKeystoreTypeProperty = getConfigPrefix() + "keyStore.type";
    --- End diff --
    
    I think it makes sense, if someone puts their JKS key in a file that they name "foobar.key"
or something non-standard, we can still support it if they explicitly set the store type option.
Most people will probably use the default extensions and leave this option unset.


---

Mime
View raw message