Github user ivmaykov commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/678#discussion_r230465652
--- Diff:
zookeeper-server/src/main/java/org/apache/zookeeper/common/FileKeyStoreLoader.java
---
@@ -0,0 +1,98 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.zookeeper.common;
+
+import java.util.Objects;
+
+/**
+ * Base class for instances of {@link KeyStoreLoader} which load the
key/trust
+ * stores from files on a filesystem.
+ */
+abstract class FileKeyStoreLoader implements KeyStoreLoader {
+ final String keyStorePath;
+ final String trustStorePath;
+ final String keyStorePassword;
+ final String trustStorePassword;
+
+ FileKeyStoreLoader(String keyStorePath,
--- End diff --
Also, loading private keys from arbitrary URLs goes against best security
practices (unless that URL is for a local file, in which case there is no point
in wrapping it in a URL). TLS private keys should never be transmitted across a
network. The CA cert (i.e. Trust Store) could in theory be loaded from a remote
URL though.
---
