[ https://issues.apache.org/jira/browse/ZOOKEEPER-236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15959419#comment-15959419 ]
ASF GitHub Bot commented on ZOOKEEPER-236: ------------------------------------------ Github user afine commented on a diff in the pull request: https://github.com/apache/zookeeper/pull/184#discussion_r110224694 --- Diff: src/java/main/org/apache/zookeeper/common/X509Util.java --- @@ -18,63 +18,116 @@ package org.apache.zookeeper.common; +import org.apache.http.conn.ssl.DefaultHostnameVerifier; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.net.ssl.CertPathTrustManagerParameters; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509ExtendedTrustManager; import javax.net.ssl.X509KeyManager; import javax.net.ssl.X509TrustManager; import java.io.File; import java.io.FileInputStream; import java.io.IOException; +import java.net.Socket; +import java.security.KeyManagementException; import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.Security; +import java.security.cert.CertificateException; +import java.security.cert.PKIXBuilderParameters; +import java.security.cert.X509CertSelector; +import java.security.cert.X509Certificate; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import static org.apache.zookeeper.common.X509Exception.KeyManagerException; -import static org.apache.zookeeper.common.X509Exception.SSLContextException; -import static org.apache.zookeeper.common.X509Exception.TrustManagerException; +import static org.apache.zookeeper.common.X509Exception.*; /** * Utility code for X509 handling */ -public class X509Util { +public abstract class X509Util { private static final Logger LOG = LoggerFactory.getLogger(X509Util.class); - /** - * @deprecated Use {@link ZKConfig#SSL_KEYSTORE_LOCATION} - * instead. - */ - @Deprecated - public static final String SSL_KEYSTORE_LOCATION = "zookeeper.ssl.keyStore.location"; - /** - * @deprecated Use {@link ZKConfig#SSL_KEYSTORE_PASSWD} - * instead. - */ - @Deprecated - public static final String SSL_KEYSTORE_PASSWD = "zookeeper.ssl.keyStore.password"; - /** - * @deprecated Use {@link ZKConfig#SSL_TRUSTSTORE_LOCATION} - * instead. - */ - @Deprecated - public static final String SSL_TRUSTSTORE_LOCATION = "zookeeper.ssl.trustStore.location"; - /** - * @deprecated Use {@link ZKConfig#SSL_TRUSTSTORE_PASSWD} - * instead. - */ - @Deprecated - public static final String SSL_TRUSTSTORE_PASSWD = "zookeeper.ssl.trustStore.password"; - /** - * @deprecated Use {@link ZKConfig#SSL_AUTHPROVIDER} - * instead. - */ - @Deprecated - public static final String SSL_AUTHPROVIDER = "zookeeper.ssl.authProvider"; - - public static SSLContext createSSLContext() throws SSLContextException { + public static final String DEFAULT_PROTOCOL = "TLSv1"; + + private String sslProtocolProperty = getConfigPrefix() + "protocol"; + private String cipherSuitesProperty = getConfigPrefix() + "ciphersuites"; --- End diff -- Thanks! > SSL Support for Atomic Broadcast protocol > ----------------------------------------- > > Key: ZOOKEEPER-236 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-236 > Project: ZooKeeper > Issue Type: New Feature > Components: quorum, server > Reporter: Benjamin Reed > Assignee: Abraham Fine > Priority: Minor > > We should have the ability to use SSL to authenticate and encrypt the traffic > between ZooKeeper servers. For the most part this is a very easy change. We > would probably only want to support this for TCP based leader elections. -- This message was sent by Atlassian JIRA (v6.3.15#6346)