anmolnar commented on a change in pull request #924: ZOOKEEPER-3371: Port
unification for Jetty admin server
URL: https://github.com/apache/zookeeper/pull/924#discussion_r299078044
##########
File path:
zookeeper-server/src/main/java/org/apache/zookeeper/server/admin/JettyAdminServer.java
##########
@@ -67,24 +80,75 @@
private final String commandUrl;
private ZooKeeperServer zkServer;
- public JettyAdminServer() throws AdminServerException {
+ public JettyAdminServer() throws AdminServerException, IOException,
GeneralSecurityException {
this(System.getProperty("zookeeper.admin.serverAddress",
DEFAULT_ADDRESS),
Integer.getInteger("zookeeper.admin.serverPort", DEFAULT_PORT),
Integer.getInteger("zookeeper.admin.idleTimeout",
DEFAULT_IDLE_TIMEOUT),
- System.getProperty("zookeeper.admin.commandURL",
DEFAULT_COMMAND_URL));
+ System.getProperty("zookeeper.admin.commandURL",
DEFAULT_COMMAND_URL),
+ Integer.getInteger("zookeeper.admin.httpVersion",
DEFAULT_HTTP_VERSION),
+ Boolean.getBoolean("zookeeper.admin.portUnification"));
}
- public JettyAdminServer(String address, int port, int timeout, String
commandUrl) {
+ public JettyAdminServer(String address,
+ int port,
+ int timeout,
+ String commandUrl,
+ int httpVersion,
+ boolean portUnification) throws IOException,
GeneralSecurityException {
this.port = port;
this.idleTimeout = timeout;
this.commandUrl = commandUrl;
this.address = address;
server = new Server();
- ServerConnector connector = new ServerConnector(server);
+ ServerConnector connector = null;
+
+ if (!portUnification) {
+ connector = new ServerConnector(server);
+ } else {
+ SecureRequestCustomizer customizer = new SecureRequestCustomizer();
+ customizer.setStsMaxAge(DEFAULT_STS_MAX_AGE);
+ customizer.setStsIncludeSubDomains(true);
+
+ HttpConfiguration config = new HttpConfiguration();
+ config.setSecureScheme("https");
+ config.addCustomizer(customizer);
+
+ try (QuorumX509Util x509Util = new QuorumX509Util()) {
+ String privateKeyPath =
System.getProperty(x509Util.getSslKeystoreLocationProperty(), "");
+ String privateKeyPassword =
System.getProperty(x509Util.getSslKeystorePasswdProperty(), "");
+ String certAuthPath =
System.getProperty(x509Util.getSslTruststoreLocationProperty(), "");
+ String certAuthPassword =
System.getProperty(x509Util.getSslTruststorePasswdProperty(), "");
+ File privateKey = new File(privateKeyPath);
+ File certAuth = new File(certAuthPath);
+ KeyStore keyStore = null, trustStore = null;
+
+ try {
+ keyStore = PemReader.loadKeyStore(privateKey, privateKey,
Optional.empty());
Review comment:
This way you only support the PEM format for both keystore and truststore.
You should highlight this in the documentation or use
`FileKeyStoreLoaderBuilderProvider` like X509Util does in order to support both
JKS and PEM files.
Given that this feature shares configuration properties for
keystore/truststore location, I believe the latter would be better to avoid
confusion.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
