[
https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15958425#comment-15958425
]
ASF GitHub Bot commented on ZOOKEEPER-236:
------------------------------------------
Github user geek101 commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/184#discussion_r110090086
--- Diff: src/java/main/org/apache/zookeeper/common/X509Util.java ---
@@ -18,63 +18,116 @@
package org.apache.zookeeper.common;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedTrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
+import java.net.Socket;
+import java.security.KeyManagementException;
import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.Security;
+import java.security.cert.CertificateException;
+import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509Certificate;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import static
org.apache.zookeeper.common.X509Exception.KeyManagerException;
-import static
org.apache.zookeeper.common.X509Exception.SSLContextException;
-import static
org.apache.zookeeper.common.X509Exception.TrustManagerException;
+import static org.apache.zookeeper.common.X509Exception.*;
/**
* Utility code for X509 handling
*/
-public class X509Util {
+public abstract class X509Util {
private static final Logger LOG =
LoggerFactory.getLogger(X509Util.class);
- /**
- * @deprecated Use {@link ZKConfig#SSL_KEYSTORE_LOCATION}
- * instead.
- */
- @Deprecated
- public static final String SSL_KEYSTORE_LOCATION =
"zookeeper.ssl.keyStore.location";
- /**
- * @deprecated Use {@link ZKConfig#SSL_KEYSTORE_PASSWD}
- * instead.
- */
- @Deprecated
- public static final String SSL_KEYSTORE_PASSWD =
"zookeeper.ssl.keyStore.password";
- /**
- * @deprecated Use {@link ZKConfig#SSL_TRUSTSTORE_LOCATION}
- * instead.
- */
- @Deprecated
- public static final String SSL_TRUSTSTORE_LOCATION =
"zookeeper.ssl.trustStore.location";
- /**
- * @deprecated Use {@link ZKConfig#SSL_TRUSTSTORE_PASSWD}
- * instead.
- */
- @Deprecated
- public static final String SSL_TRUSTSTORE_PASSWD =
"zookeeper.ssl.trustStore.password";
- /**
- * @deprecated Use {@link ZKConfig#SSL_AUTHPROVIDER}
- * instead.
- */
- @Deprecated
- public static final String SSL_AUTHPROVIDER =
"zookeeper.ssl.authProvider";
-
- public static SSLContext createSSLContext() throws SSLContextException
{
+ public static final String DEFAULT_PROTOCOL = "TLSv1";
+
+ private String sslProtocolProperty = getConfigPrefix() + "protocol";
+ private String cipherSuitesProperty = getConfigPrefix() +
"ciphersuites";
--- End diff --
nice.
> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
> Key: ZOOKEEPER-236
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
> Project: ZooKeeper
> Issue Type: New Feature
> Components: quorum, server
> Reporter: Benjamin Reed
> Assignee: Abraham Fine
> Priority: Minor
>
> We should have the ability to use SSL to authenticate and encrypt the traffic
> between ZooKeeper servers. For the most part this is a very easy change. We
> would probably only want to support this for TCP based leader elections.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
