[GitHub] [calcite-avatica] joshelser commented on a diff in pull request #184: CALCITE-5327 Make SSL key-store type configurable

Fri, 21 Oct 2022 07:56:20 -0700 


joshelser commented on code in PR #184:
URL: https://github.com/apache/calcite-avatica/pull/184#discussion_r1001885363


##########
server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java:
##########
@@ -767,6 +771,27 @@ public Builder<T> withTLS(File keystore, String 
keystorePassword, File truststor
       return this;
     }
 
+    /**
+     * Configures the server to use TLS for wire encryption.
+     *
+     * @param keystore The server's keystore
+     * @param keystorePassword The keystore's password
+     * @param truststore The truststore containing the key used to generate 
the server's key
+     * @param truststorePassword The truststore's password
+     * @param keystoreType The keystore's type
+     * @return <code>this</code>
+     */
+    public Builder<T> withTLS(File keystore, String keystorePassword, File 
truststore,
+                              String truststorePassword, String keystoreType) {
+      this.usingTLS = true;
+      this.keystore = Objects.requireNonNull(keystore);
+      this.keystorePassword = Objects.requireNonNull(keystorePassword);
+      this.truststore = Objects.requireNonNull(truststore);
+      this.truststorePassword = Objects.requireNonNull(truststorePassword);

Review Comment:
   ```suggestion
         this.withTLS(keystore, keystorePassword, truststore, 
truststorePassword);
         this.KeystoreType = Objects.requireNonNull(keystoreType);
   ```
   
   



##########
server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java:
##########
@@ -850,6 +875,9 @@ protected SslContextFactory.Server buildSSLContextFactory() 
{
         sslFactory.setKeyStorePassword(keystorePassword);
         sslFactory.setTrustStorePath(truststore.getAbsolutePath());
         sslFactory.setTrustStorePassword(truststorePassword);
+        if (keystoreType != null && 
!keystoreType.equals(DEFAULT_KEYSTORE_TYPE)) {
+          sslFactory.setKeyStoreType(keystoreType);

Review Comment:
   Could you add a comment here as to why this is important? Was there some 
use-case which can accept a keystore in a different type?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to