zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hanm <...@git.apache.org>
Subject [GitHub] zookeeper pull request #678: ZOOKEEPER-3173: Quorum TLS - support PEM trust/...
Date Tue, 30 Oct 2018 23:36:36 GMT
Github user hanm commented on a diff in the pull request:

    --- Diff: zookeeper-server/src/main/java/org/apache/zookeeper/util/PemReader.java ---
    @@ -0,0 +1,224 @@
    + * Licensed under the Apache License, Version 2.0 (the "License");
    + * you may not use this file except in compliance with the License.
    + * You may obtain a copy of the License at
    + *
    + *     http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.zookeeper.util;
    +import javax.crypto.Cipher;
    +import javax.crypto.EncryptedPrivateKeyInfo;
    +import javax.crypto.SecretKey;
    +import javax.crypto.SecretKeyFactory;
    +import javax.crypto.spec.PBEKeySpec;
    +import javax.security.auth.x500.X500Principal;
    +import java.io.ByteArrayInputStream;
    +import java.io.File;
    +import java.io.IOException;
    +import java.nio.charset.StandardCharsets;
    +import java.nio.file.Files;
    +import java.security.GeneralSecurityException;
    +import java.security.KeyFactory;
    +import java.security.KeyStore;
    +import java.security.KeyStoreException;
    +import java.security.PrivateKey;
    +import java.security.PublicKey;
    +import java.security.cert.Certificate;
    +import java.security.cert.CertificateException;
    +import java.security.cert.CertificateFactory;
    +import java.security.cert.X509Certificate;
    +import java.security.spec.InvalidKeySpecException;
    +import java.security.spec.PKCS8EncodedKeySpec;
    +import java.security.spec.X509EncodedKeySpec;
    +import java.util.ArrayList;
    +import java.util.List;
    +import java.util.Optional;
    +import java.util.regex.Matcher;
    +import java.util.regex.Pattern;
    +import static java.util.Base64.getMimeDecoder;
    +import static java.util.regex.Pattern.CASE_INSENSITIVE;
    +import static javax.crypto.Cipher.DECRYPT_MODE;
    + * Note: this class is copied from io.airlift.security.pem.PemReader (see
    + * https://github.com/airlift/airlift/blob/master/security/src/main/java/io/airlift/security/pem/PemReader.java)
    --- End diff --
    i agree with @eolivelli , it should be enough to declare airlift in our notice file as
a dependency.
    our notice file is here:
    I vaguely remember we also copied some code from org.apache.httpcomponents for host verification
to mitigate the perf regression of directly referencing the library as a dependency. Might
worth to double check if we need patch notice file for that copy as well.


View raw message