zookeeper-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [zookeeper] anmolnar commented on a change in pull request #924: ZOOKEEPER-3371: Port unification for Jetty admin server
Date Mon, 01 Jul 2019 14:45:30 GMT
anmolnar commented on a change in pull request #924: ZOOKEEPER-3371: Port unification for Jetty
admin server
URL: https://github.com/apache/zookeeper/pull/924#discussion_r299078044
 
 

 ##########
 File path: zookeeper-server/src/main/java/org/apache/zookeeper/server/admin/JettyAdminServer.java
 ##########
 @@ -67,24 +80,75 @@
     private final String commandUrl;
     private ZooKeeperServer zkServer;
 
-    public JettyAdminServer() throws AdminServerException {
+    public JettyAdminServer() throws AdminServerException, IOException, GeneralSecurityException
{
         this(System.getProperty("zookeeper.admin.serverAddress", DEFAULT_ADDRESS),
              Integer.getInteger("zookeeper.admin.serverPort", DEFAULT_PORT),
              Integer.getInteger("zookeeper.admin.idleTimeout", DEFAULT_IDLE_TIMEOUT),
-             System.getProperty("zookeeper.admin.commandURL", DEFAULT_COMMAND_URL));
+             System.getProperty("zookeeper.admin.commandURL", DEFAULT_COMMAND_URL),
+             Integer.getInteger("zookeeper.admin.httpVersion", DEFAULT_HTTP_VERSION),
+             Boolean.getBoolean("zookeeper.admin.portUnification"));
     }
 
-    public JettyAdminServer(String address, int port, int timeout, String commandUrl) {
+    public JettyAdminServer(String address,
+                            int port,
+                            int timeout,
+                            String commandUrl,
+                            int httpVersion,
+                            boolean portUnification) throws IOException, GeneralSecurityException
{
         this.port = port;
         this.idleTimeout = timeout;
         this.commandUrl = commandUrl;
         this.address = address;
 
         server = new Server();
-        ServerConnector connector = new ServerConnector(server);
+        ServerConnector connector = null;
+
+        if (!portUnification) {
+            connector = new ServerConnector(server);
+        } else {
+            SecureRequestCustomizer customizer = new SecureRequestCustomizer();
+            customizer.setStsMaxAge(DEFAULT_STS_MAX_AGE);
+            customizer.setStsIncludeSubDomains(true);
+
+            HttpConfiguration config = new HttpConfiguration();
+            config.setSecureScheme("https");
+            config.addCustomizer(customizer);
+
+            try (QuorumX509Util x509Util = new QuorumX509Util()) {
+                String privateKeyPath = System.getProperty(x509Util.getSslKeystoreLocationProperty(),
"");
+                String privateKeyPassword = System.getProperty(x509Util.getSslKeystorePasswdProperty(),
"");
+                String certAuthPath = System.getProperty(x509Util.getSslTruststoreLocationProperty(),
"");
+                String certAuthPassword = System.getProperty(x509Util.getSslTruststorePasswdProperty(),
"");
+                File privateKey = new File(privateKeyPath);
+                File certAuth = new File(certAuthPath);
+                KeyStore keyStore = null, trustStore = null;
+
+                try {
+                    keyStore = PemReader.loadKeyStore(privateKey, privateKey, Optional.empty());
 
 Review comment:
   This way you only support the PEM format for both keystore and truststore. You should highlight
this in the documentation or use `FileKeyStoreLoaderBuilderProvider` like X509Util does in
order to support both JKS and PEM files.
   
   Given that this feature shares configuration properties for keystore/truststore location,
I believe the latter would be better to avoid confusion. 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message