GitHub user arankin-irl opened a pull request:
https://github.com/apache/zookeeper/pull/654
ZOOKEEPER-3160: Custom User SSLContext
The Zookeeper libraries currently allow you to set up your SSL Context via
system properties such as "zookeeper.ssl.keyStore.location" in the X509Util.
This covers most simple use cases, where users have software keystores on their
harddrive.
There are, however, a few additional scenarios that this doesn't cover. Two
possible ones would be:
1. The user has a hardware keystore, loaded in using PKCS11 or something
similar.
2. The user has no access to the software keystore, but can retrieve an
already-constructed SSLContext from their container.
For this, I would propose that the X509Util be extended to allow a user to
set a property "zookeeper.ssl.client.context" to provide a class which supplies
a custom SSL context. This gives a lot more flexibility to the ZK client, and
allows the user to construct the SSLContext in whatever way they please (which
also future proofs the implementation somewhat).
I added a few simple tests to this class around setting the SSLContext, and
setting an invalid one. I'm not testing the actual functionality of the
SSLContext, etc.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/Mastercard/zookeeper ZOOKEEPER-3160
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zookeeper/pull/654.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #654
----
commit a5b93cc70b867adca542d79d17126d30b2afbd27
Author: Alex Rankin <davelister@...>
Date: 2018-10-02T15:52:12Z
Adding ability to specify custom SSLContext for client
----
---
