> On March 25, 2015, 6:28 p.m., Hongchao Deng wrote: > > src/java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java, line > > 309 > > <https://reviews.apache.org/r/31963/diff/4/?file=905602#file905602line309> > > > > Can we get rid of certificate chain in each cnxn and pass it as > > authData in handleAuthentication()? > > > > Actually I think changing authData from byte[] to object makes more > > sense since we are not taking the data over network or serialized.
authData is not semantically the same as a certificate chain, since it can be passed with a ZOO_ADD_AUTH request. It does indeed come over the network which is why it's a byte[] (see org.apache.zookeeper.server.auth.AuthenticationProvider) byte[] authData is defined in AuthenticationProvider which is meant to be extended--changing it to object would be a huge breaking change which I'm not sure is in scope here. In this case, I'm inclined to leave the chain tied to the cnxn, since it was determined at cnxn establishment. Meanwhile the "x509" scheme authInfo is also added right after the handshake, so clients won't be calling ZOO_ADD_AUTH for x509. - Ian ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31963/#review77766 ----------------------------------------------------------- On March 25, 2015, 8:02 p.m., Ian Dimayuga wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/31963/ > ----------------------------------------------------------- > > (Updated March 25, 2015, 8:02 p.m.) > > > Review request for zookeeper, fpj, Hongchao Deng, and Rakesh R. > > > Repository: zookeeper-git > > > Description > ------- > > Patch in X509AuthenticationProvider on top of ZOOKEEPER-2125 > > > Diffs > ----- > > src/java/main/org/apache/zookeeper/ZooKeeperMain.java > 83273d3407f08a95dbd78a3e2b6a4f031bd956d7 > src/java/main/org/apache/zookeeper/client/FourLetterWordMain.java > e41465ab93a3a59dbced8294e83b1651ad0dfe69 > src/java/main/org/apache/zookeeper/common/X509Util.java PRE-CREATION > src/java/main/org/apache/zookeeper/server/NIOServerCnxn.java > e02753f4fb926a8cc6c7a7c10af42f949c1e210c > src/java/main/org/apache/zookeeper/server/NettyServerCnxn.java > b4bdc82f8b52f736c6ee3d67bb793a3616c1b436 > src/java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java > 09a794844978456fc3580adc22b6064e2a12cf77 > src/java/main/org/apache/zookeeper/server/ServerCnxn.java > a47d85662970cc0c219a46b226737a8689f8fe96 > src/java/main/org/apache/zookeeper/server/ServerCnxnFactory.java > 14037722c569d560acef56de0b5a7ae13464128c > src/java/main/org/apache/zookeeper/server/auth/ProviderRegistry.java > 406015f84a51e6afcfe704b881f8494bdd687a25 > > src/java/main/org/apache/zookeeper/server/auth/X509AuthenticationProvider.java > PRE-CREATION > src/java/test/data/ssl/testUntrustedKeyStore.jks PRE-CREATION > src/java/test/org/apache/zookeeper/server/MockServerCnxn.java PRE-CREATION > src/java/test/org/apache/zookeeper/test/ClientBase.java > 8915dfc81d286d5114d47f5781c62b29231f7774 > src/java/test/org/apache/zookeeper/test/FourLetterWordsQuorumTest.java > 49d90f76e07e088009d30ceff3ad1597d19c31d4 > src/java/test/org/apache/zookeeper/test/FourLetterWordsTest.java > 281b1786954993618ba7085897b742349acdd7c0 > src/java/test/org/apache/zookeeper/test/SSLAuthTest.java PRE-CREATION > src/java/test/org/apache/zookeeper/test/X509AuthTest.java PRE-CREATION > > Diff: https://reviews.apache.org/r/31963/diff/ > > > Testing > ------- > > > Thanks, > > Ian Dimayuga > >
