zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] anmolnar commented on a change in pull request #681: ZOOKEEPER-3176: Quorum TLS - add SSL config options
Date Mon, 14 Jan 2019 14:30:16 GMT
anmolnar commented on a change in pull request #681: ZOOKEEPER-3176: Quorum TLS - add SSL config
options
URL: https://github.com/apache/zookeeper/pull/681#discussion_r247509842
 
 

 ##########
 File path: zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java
 ##########
 @@ -82,7 +83,187 @@
 
     public static final int DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS = 5000;
 
+    /**
+     * Enum specifying the client auth requirement of server-side TLS sockets created by
this X509Util.
+     * <ul>
+     *     <li>NONE - do not request a client certificate.</li>
+     *     <li>WANT - request a client certificate, but allow anonymous clients to
connect.</li>
+     *     <li>NEED - require a client certificate, disconnect anonymous clients.</li>
+     * </ul>
+     *
+     * If the config property is not set, the default value is NEED.
+     */
+    public enum ClientAuth {
+        NONE,
+        WANT,
+        NEED;
+
+        /**
+         * Converts a property value to a ClientAuth enum. If the input string is empty or
null, returns
+         * <code>ClientAuth.NEED</code>.
+         * @param prop the property string.
+         * @return the ClientAuth.
+         * @throws IllegalArgumentException if the property value is not "NONE", "WANT",
"NEED", or empty/null.
+         */
+        public static ClientAuth fromPropertyValue(String prop) {
+            if (prop == null || prop.length() == 0) {
+                return NEED;
+            }
+            return ClientAuth.valueOf(prop.toUpperCase());
+        }
+    }
+
+    /**
+     * Wrapper class for an SSLContext + some config options that can't be set on the context
when it is created but
+     * must be set on a secure socket created by the context after the socket creation. By
wrapping the options in this
+     * class we avoid reading from global system properties during socket configuration.
This makes testing easier
+     * since we can create different X509Util instances with different configurations in
a single test process, and
+     * unit test interactions between them.
+     */
+    public class SSLContextAndOptions {
 
 Review comment:
   I think this class is big enough to live in a separate file.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message