This is an automated email from the ASF dual-hosted git repository. jhyde pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/calcite-avatica.git
commit 9f4557c7f0580b33b2a2b4c32e88dfa0890fd182 Author: Richard Antal <[email protected]> AuthorDate: Wed Oct 26 10:36:56 2022 +0200 [CALCITE-5327] Make SSL key-store type configurable Close apache/calcite-avatica#184 --- .../apache/calcite/avatica/server/HttpServer.java | 24 ++++++++++++++++++++++ site/_docs/security.md | 3 +++ 2 files changed, 27 insertions(+) diff --git a/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java b/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java index 87dc73ee7..35b5f5aa6 100644 --- a/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java +++ b/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java @@ -79,6 +79,8 @@ public class HttpServer { private static final Logger LOG = LoggerFactory.getLogger(HttpServer.class); private static final int MAX_ALLOWED_HEADER_SIZE = 1024 * 64; + private static final String DEFAULT_KEYSTORE_TYPE = "JKS"; + private Server server; private int port = -1; private final AvaticaHandler handler; @@ -515,6 +517,8 @@ public class HttpServer { private File truststore; private String truststorePassword; + private String keystoreType; + private List<ServerCustomizer<T>> serverCustomizers = Collections.emptyList(); // The maximum size in bytes of an http header the server will read (64KB) @@ -767,6 +771,23 @@ public class HttpServer { return this; } + /** + * Configures the server to use TLS for wire encryption. + * + * @param keystore The server's keystore + * @param keystorePassword The keystore's password + * @param truststore The truststore containing the key used to generate the server's key + * @param truststorePassword The truststore's password + * @param keystoreType The keystore's type + * @return <code>this</code> + */ + public Builder<T> withTLS(File keystore, String keystorePassword, File truststore, + String truststorePassword, String keystoreType) { + this.withTLS(keystore, keystorePassword, truststore, truststorePassword); + this.keystoreType = Objects.requireNonNull(keystoreType); + return this; + } + /** * Adds customizers to configure a Server before startup. * @@ -850,6 +871,9 @@ public class HttpServer { sslFactory.setKeyStorePassword(keystorePassword); sslFactory.setTrustStorePath(truststore.getAbsolutePath()); sslFactory.setTrustStorePassword(truststorePassword); + if (keystoreType != null && !keystoreType.equals(DEFAULT_KEYSTORE_TYPE)) { + sslFactory.setKeyStoreType(keystoreType); + } } return sslFactory; } diff --git a/site/_docs/security.md b/site/_docs/security.md index d7cf02cff..5333bad8b 100644 --- a/site/_docs/security.md +++ b/site/_docs/security.md @@ -344,3 +344,6 @@ HttpServer server = new HttpServer.Builder() new File("/avatica/truststore.jks"), "MyTruststorePassword") .build(); {% endhighlight %} + +If you wish to change the default `JKS` keystore format to for example, `BCFKS` use the method +`withTls(File, String, File, String, String)` to provide the keystore format as a fifth parameter.
