[GitHub] [pulsar] lhotari commented on a diff in pull request #15084: Add KeyStore support in WebSocket, Function Worker HTTPS Servers

Mon, 11 Apr 2022 08:24:01 -0700 


lhotari commented on code in PR #15084:
URL: https://github.com/apache/pulsar/pull/15084#discussion_r847451374


##########
pulsar-websocket/src/main/java/org/apache/pulsar/websocket/service/WebSocketProxyConfiguration.java:
##########
@@ -175,6 +176,63 @@ public class WebSocketProxyConfiguration implements 
PulsarConfiguration {
     @FieldContext(doc = "TLS cert refresh duration (in seconds). 0 means 
checking every new connection.")
     private long tlsCertRefreshCheckDurationSec = 300;
 
+    /**** --- KeyStore TLS config variables. --- ****/
+    @FieldContext(
+            doc = "Enable TLS with KeyStore type configuration in broker"
+    )
+    private boolean tlsEnabledWithKeyStore = false;
+
+    @FieldContext(
+            doc = "TLS Provider for Specify the SSL provider for the broker 
service: \n"
+                    + "When using TLS authentication with CACert, the valid 
value is either OPENSSL or JDK.\n"
+                    + "When using TLS authentication with KeyStore, available 
values can be SunJSSE, Conscrypt and etc."
+    )
+    private String tlsProvider = null;
+
+    @FieldContext(
+            doc = "TLS KeyStore type configuration in broker: JKS, PKCS12"
+    )
+    private String tlsKeyStoreType = "JKS";
+
+    @FieldContext(
+            doc = "TLS KeyStore path in broker"
+    )
+    private String tlsKeyStore = null;
+
+    @FieldContext(
+            doc = "TLS KeyStore password for broker"
+    )
+    @ToString.Exclude
+    private String tlsKeyStorePassword = null;
+
+    @FieldContext(
+            doc = "TLS TrustStore type configuration in broker: JKS, PKCS12"
+    )
+    private String tlsTrustStoreType = "JKS";
+
+    @FieldContext(
+            doc = "TLS TrustStore path in broker"
+    )
+    private String tlsTrustStore = null;
+
+    @FieldContext(
+            doc = "TLS TrustStore password for broker, null means empty 
password."
+    )
+    @ToString.Exclude
+    private String tlsTrustStorePassword = null;
+
+    @FieldContext(
+            doc = "Specify the tls protocols the proxy's web service will use 
to negotiate during TLS Handshake.\n\n"
+                    + "Example:- [TLSv1.3, TLSv1.2]"
+    )
+    private Set<String> webServiceTlsProtocols = new TreeSet<>();

Review Comment:
   I think that @michaeljmarshall's argument about using similar naming as 
there is in the broker and proxy makes sense. I think it makes sense to use 
`webServiceTlsProtocols`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to