[jira] [Commented] (ZOOKEEPER-236) SSL Support for Atomic Broadcast protocol

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15958426#comment-15958426
 ] 

ASF GitHub Bot commented on ZOOKEEPER-236:
------------------------------------------

Github user geek101 commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/184#discussion_r110089934
  
    --- Diff: src/java/test/org/apache/zookeeper/test/QuorumSSLTest.java ---
    @@ -0,0 +1,603 @@
    +/**
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + * <p/>
    + * http://www.apache.org/licenses/LICENSE-2.0
    + * <p/>
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.zookeeper.test;
    +
    +import com.sun.net.httpserver.Headers;
    +import com.sun.net.httpserver.HttpHandler;
    +import com.sun.net.httpserver.HttpServer;
    +import org.apache.zookeeper.PortAssignment;
    +import org.apache.zookeeper.client.ZKClientConfig;
    +import org.apache.zookeeper.common.QuorumX509Util;
    +import org.apache.zookeeper.server.ServerCnxnFactory;
    +import org.apache.zookeeper.server.quorum.QuorumPeerTestBase;
    +import org.bouncycastle.asn1.ocsp.OCSPResponse;
    +import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
    +import org.bouncycastle.asn1.x500.X500Name;
    +import org.bouncycastle.asn1.x500.X500NameBuilder;
    +import org.bouncycastle.asn1.x500.style.BCStyle;
    +import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
    +import org.bouncycastle.asn1.x509.BasicConstraints;
    +import org.bouncycastle.asn1.x509.CRLDistPoint;
    +import org.bouncycastle.asn1.x509.CRLNumber;
    +import org.bouncycastle.asn1.x509.CRLReason;
    +import org.bouncycastle.asn1.x509.DistributionPoint;
    +import org.bouncycastle.asn1.x509.DistributionPointName;
    +import org.bouncycastle.asn1.x509.Extension;
    +import org.bouncycastle.asn1.x509.GeneralName;
    +import org.bouncycastle.asn1.x509.GeneralNames;
    +import org.bouncycastle.asn1.x509.KeyUsage;
    +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
    +import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
    +import org.bouncycastle.cert.X509CRLHolder;
    +import org.bouncycastle.cert.X509CertificateHolder;
    +import org.bouncycastle.cert.X509ExtensionUtils;
    +import org.bouncycastle.cert.X509v2CRLBuilder;
    +import org.bouncycastle.cert.X509v3CertificateBuilder;
    +import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
    +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
    +import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
    +import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
    +import org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder;
    +import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
    +import org.bouncycastle.cert.ocsp.BasicOCSPResp;
    +import org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder;
    +import org.bouncycastle.cert.ocsp.CertificateID;
    +import org.bouncycastle.cert.ocsp.CertificateStatus;
    +import org.bouncycastle.cert.ocsp.OCSPException;
    +import org.bouncycastle.cert.ocsp.OCSPReq;
    +import org.bouncycastle.cert.ocsp.OCSPResp;
    +import org.bouncycastle.cert.ocsp.OCSPRespBuilder;
    +import org.bouncycastle.cert.ocsp.Req;
    +import org.bouncycastle.cert.ocsp.UnknownStatus;
    +import org.bouncycastle.cert.ocsp.jcajce.JcaBasicOCSPRespBuilder;
    +import org.bouncycastle.cert.ocsp.jcajce.JcaCertificateID;
    +import org.bouncycastle.crypto.util.PublicKeyFactory;
    +import org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory;
    +import org.bouncycastle.jce.provider.BouncyCastleProvider;
    +import org.bouncycastle.openssl.MiscPEMGenerator;
    +import org.bouncycastle.operator.ContentSigner;
    +import org.bouncycastle.operator.DigestCalculator;
    +import org.bouncycastle.operator.OperatorException;
    +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
    +import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
    +import org.bouncycastle.util.io.pem.PemWriter;
    +import org.junit.After;
    +import org.junit.Assert;
    +import org.junit.Before;
    +import org.junit.Test;
    +
    +import java.io.FileOutputStream;
    +import java.io.FileWriter;
    +import java.io.IOException;
    +import java.io.InputStream;
    +import java.io.OutputStream;
    +import java.math.BigInteger;
    +import java.net.InetSocketAddress;
    +import java.security.KeyPair;
    +import java.security.KeyPairGenerator;
    +import java.security.KeyStore;
    +import java.security.NoSuchAlgorithmException;
    +import java.security.NoSuchProviderException;
    +import java.security.PrivateKey;
    +import java.security.Security;
    +import java.security.cert.Certificate;
    +import java.security.cert.CertificateEncodingException;
    +import java.security.cert.X509Certificate;
    +import java.util.Calendar;
    +import java.util.Date;
    +import java.util.HashMap;
    +import java.util.Map;
    +import java.util.Random;
    +
    +import static org.apache.zookeeper.test.ClientBase.CONNECTION_TIMEOUT;
    +import static org.apache.zookeeper.test.ClientBase.createTmpDir;
    +
    +public class QuorumSSLTest extends QuorumPeerTestBase {
    --- End diff --
    
    This is very nice great stuff :)


> SSL Support for Atomic Broadcast protocol
> -----------------------------------------
>
>                 Key: ZOOKEEPER-236
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236
>             Project: ZooKeeper
>          Issue Type: New Feature
>          Components: quorum, server
>            Reporter: Benjamin Reed
>            Assignee: Abraham Fine
>            Priority: Minor
>
> We should have the ability to use SSL to authenticate and encrypt the traffic 
> between ZooKeeper servers. For the most part this is a very easy change. We 
> would probably only want to support this for TCP based leader elections.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)