[GitHub] zookeeper pull request #678: ZOOKEEPER-3173: Quorum TLS - support PEM trust/...

Mon, 29 Oct 2018 09:56:16 -0700 

Github user ivmaykov commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/678#discussion_r229011934
  
    --- Diff: 
zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java ---
    @@ -79,12 +82,56 @@
                 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
         };
     
    +    /**
    +     * This enum represents the file type of a KeyStore or TrustStore. 
Currently, JKS (java keystore) and PEM types
    +     * are supported.
    +     */
    +    public enum StoreFileType {
    +        JKS(".jks"), PEM(".pem");
    +
    +        private final String defaultFileExtension;
    +
    +        StoreFileType(String defaultFileExtension) {
    +            this.defaultFileExtension = defaultFileExtension;
    +        }
    +
    +        /**
    +         * The property string that specifies that a key store or trust 
store should use this store file type.
    +         */
    +        public String getPropertyValue() {
    +            return this.name();
    +        }
    +
    +        /**
    +         * The file extension that is associated with this file type.
    +         */
    +        public String getDefaultFileExtension() {
    +            return defaultFileExtension;
    +        }
    +
    +        /**
    +         * Converts a property value to a StoreFileType enum. If the 
property value is not set or is empty, returns
    +         * null.
    +         * @param prop the property value.
    +         * @return the StoreFileType.
    +         * @throws IllegalArgumentException if the property value is not 
"JKS", "PEM", or empty/null.
    +         */
    +        public static StoreFileType fromPropertyValue(String prop) {
    +            if (prop == null || prop.length() == 0) {
    +                return null;
    +            }
    +            return StoreFileType.valueOf(prop.toUpperCase());
    +        }
    +    }
    +
         private String sslProtocolProperty = getConfigPrefix() + "protocol";
         private String cipherSuitesProperty = getConfigPrefix() + 
"ciphersuites";
         private String sslKeystoreLocationProperty = getConfigPrefix() + 
"keyStore.location";
         private String sslKeystorePasswdProperty = getConfigPrefix() + 
"keyStore.password";
    +    private String sslKeystoreTypeProperty = getConfigPrefix() + 
"keyStore.type";
    --- End diff --
    
    I think it makes sense, if someone puts their JKS key in a file that they 
name "foobar.key" or something non-standard, we can still support it if they 
explicitly set the store type option. Most people will probably use the default 
extensions and leave this option unset.


---

Reply via email to