private SSLContextAndOptions createSSLContextAndOptions() throws SSLContextException { /* * Since Configuration initializes the key store and trust store related * configuration from system property. Reading property from * configuration will be same reading from system property */ return createSSLContextAndOptions(zkConfig == null ? new ZKConfig() : zkConfig); }
private void parseProperties(Properties cfg) { for (Entry<Object, Object> entry : cfg.entrySet()) { String key = entry.getKey().toString().trim(); String value = entry.getValue().toString().trim(); setProperty(key, value); } }
/** * * @param configFile * Configuration file * @throws ConfigException * if failed to load configuration properties */ public ZKConfig(File configFile) throws ConfigException { this(); addConfiguration(configFile); }
@Test(expected = X509Exception.SSLContextException.class) public void testCreateSSLContext_invalidCustomSSLContextClass() throws Exception { ZKConfig zkConfig = new ZKConfig(); ClientX509Util clientX509Util = new ClientX509Util(); zkConfig.setProperty(clientX509Util.getSslContextSupplierClassProperty(), String.class.getCanonicalName()); clientX509Util.createSSLContext(zkConfig); }
ZKConfig config = new ZKConfig(); try (X509Util x509Util = new ClientX509Util()) { String keyStoreLocation = config.getProperty(x509Util.getSslKeystoreLocationProperty(), ""); String keyStorePassword = config.getProperty(x509Util.getSslKeystorePasswdProperty(), ""); String keyStoreTypeProp = config.getProperty(x509Util.getSslKeystoreTypeProperty()); boolean crlEnabled = Boolean.parseBoolean(config.getProperty(x509Util.getSslCrlEnabledProperty())); boolean ocspEnabled = Boolean.parseBoolean(config.getProperty(x509Util.getSslOcspEnabledProperty())); boolean hostnameVerificationEnabled = Boolean.parseBoolean( config.getProperty(x509Util.getSslHostnameVerificationEnabledProperty())); String trustStoreLocation = config.getProperty(x509Util.getSslTruststoreLocationProperty(), ""); String trustStorePassword = config.getProperty(x509Util.getSslTruststorePasswdProperty(), ""); String trustStoreTypeProp = config.getProperty(x509Util.getSslTruststoreTypeProperty());
private String getLoginContextMessage() { if (zkConfig instanceof ZKClientConfig) { return ZKClientConfig.LOGIN_CONTEXT_NAME_KEY + "(=" + zkConfig.getProperty( ZKClientConfig.LOGIN_CONTEXT_NAME_KEY, ZKClientConfig.LOGIN_CONTEXT_NAME_KEY_DEFAULT) + ")"; } else { return ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY + "(=" + System.getProperty( ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME) + ")"; } }
TrustManager[] trustManagers = null; String keyStoreLocationProp = config.getProperty(sslKeystoreLocationProperty, ""); String keyStorePasswordProp = config.getProperty(sslKeystorePasswdProperty, ""); String keyStoreTypeProp = config.getProperty(sslKeystoreTypeProperty); String trustStoreLocationProp = config.getProperty(sslTruststoreLocationProperty, ""); String trustStorePasswordProp = config.getProperty(sslTruststorePasswdProperty, ""); String trustStoreTypeProp = config.getProperty(sslTruststoreTypeProperty); boolean sslCrlEnabled = config.getBoolean(this.sslCrlEnabledProperty); boolean sslOcspEnabled = config.getBoolean(this.sslOcspEnabledProperty); boolean sslServerHostnameVerificationEnabled = config.getBoolean(this.getSslHostnameVerificationEnabledProperty(), true); boolean sslClientHostnameVerificationEnabled = sslServerHostnameVerificationEnabled && shouldVerifyClientHostname(); String protocol = config.getProperty(sslProtocolProperty, DEFAULT_PROTOCOL); try { SSLContext sslContext = SSLContext.getInstance(protocol);
private void init() { /** * backward compatibility for all currently available client properties */ handleBackwardCompatibility(); }
/** * Returns {@code true} if and only if the property named by the argument * exists and is equal to the string {@code "true"}. */ public boolean getBoolean(String key) { return getBoolean(key, false); }
/** * properties, which are common to both client and server, are initialized * from system properties */ public ZKConfig() { init(); }
/** * Now onwards client code will use properties from this class but older * clients still be setting properties through system properties. So to make * this change backward compatible we should set old system properties in * this configuration. */ protected void handleBackwardCompatibility() { properties.put(JUTE_MAXBUFFER, System.getProperty(JUTE_MAXBUFFER)); properties.put(KINIT_COMMAND, System.getProperty(KINIT_COMMAND)); properties.put(JGSS_NATIVE, System.getProperty(JGSS_NATIVE)); try (ClientX509Util clientX509Util = new ClientX509Util()) { putSSLProperties(clientX509Util); properties.put(clientX509Util.getSslAuthProviderProperty(), System.getProperty(clientX509Util.getSslAuthProviderProperty())); } try (X509Util x509Util = new QuorumX509Util()) { putSSLProperties(x509Util); } }
/** * Add a configuration resource. The properties form this configuration will * overwrite corresponding already loaded property and system property * * @param configFile * Configuration file. */ public void addConfiguration(File configFile) throws ConfigException { LOG.info("Reading configuration from: {}", configFile.getAbsolutePath()); try { configFile = (new VerifyingFileFactory.Builder(LOG).warnForRelativePath().failForNonExistingPath().build()) .validate(configFile); Properties cfg = new Properties(); FileInputStream in = new FileInputStream(configFile); try { cfg.load(in); } finally { in.close(); } parseProperties(cfg); } catch (IOException | IllegalArgumentException e) { LOG.error("Error while configuration from: {}", configFile.getAbsolutePath(), e); throw new ConfigException("Error while processing " + configFile.getAbsolutePath(), e); } }
@Test public void testCreateSSLContext_validCustomSSLContextClass() throws Exception { ZKConfig zkConfig = new ZKConfig(); ClientX509Util clientX509Util = new ClientX509Util(); zkConfig.setProperty(clientX509Util.getSslContextSupplierClassProperty(), SslContextSupplier.class.getName()); final SSLContext sslContext = clientX509Util.createSSLContext(zkConfig); Assert.assertEquals(SSLContext.getDefault(), sslContext); }
/** * Enables automatic reloading of the trust store and key store files when they change on disk. * * @throws IOException if creating the FileChangeWatcher objects fails. */ public void enableCertFileReloading() throws IOException { LOG.info("enabling cert file reloading"); ZKConfig config = zkConfig == null ? new ZKConfig() : zkConfig; FileChangeWatcher newKeyStoreFileWatcher = newFileChangeWatcher(config.getProperty(sslKeystoreLocationProperty)); if (newKeyStoreFileWatcher != null) { // stop old watcher if there is one if (keyStoreFileWatcher != null) { keyStoreFileWatcher.stop(); } keyStoreFileWatcher = newKeyStoreFileWatcher; keyStoreFileWatcher.start(); } FileChangeWatcher newTrustStoreFileWatcher = newFileChangeWatcher(config.getProperty(sslTruststoreLocationProperty)); if (newTrustStoreFileWatcher != null) { // stop old watcher if there is one if (trustStoreFileWatcher != null) { trustStoreFileWatcher.stop(); } trustStoreFileWatcher = newTrustStoreFileWatcher; trustStoreFileWatcher.start(); } }
/** * Get the value of the <code>key</code> property as a <code>boolean</code>. Returns * {@code true} if and only if the property named by the argument exists and is equal * to the string {@code "true"}. If the property is not set, the provided * <code>defaultValue</code> is returned. * * @param key * property key. * @param defaultValue * default value. * @return return property value as an <code>boolean</code>, or * <code>defaultValue</code> */ public boolean getBoolean(String key, boolean defaultValue) { String propertyValue = getProperty(key); if (propertyValue == null) { return defaultValue; } else { return Boolean.parseBoolean(propertyValue); } }
@Override protected void handleBackwardCompatibility() { /** * backward compatibility for properties which are common to both client * and server */ super.handleBackwardCompatibility(); /** * backward compatibility for client specific properties */ setProperty(ZK_SASL_CLIENT_USERNAME, System.getProperty(ZK_SASL_CLIENT_USERNAME)); setProperty(LOGIN_CONTEXT_NAME_KEY, System.getProperty(LOGIN_CONTEXT_NAME_KEY)); setProperty(ENABLE_CLIENT_SASL_KEY, System.getProperty(ENABLE_CLIENT_SASL_KEY)); setProperty(ZOOKEEPER_SERVER_REALM, System.getProperty(ZOOKEEPER_SERVER_REALM)); setProperty(DISABLE_AUTO_WATCH_RESET, System.getProperty(DISABLE_AUTO_WATCH_RESET)); setProperty(ZOOKEEPER_CLIENT_CNXN_SOCKET, System.getProperty(ZOOKEEPER_CLIENT_CNXN_SOCKET)); setProperty(SECURE_CLIENT, System.getProperty(SECURE_CLIENT)); }
login = new Login(serverSection, saslServerCallbackHandler, new ZKConfig() ); login.startThreadIfNeeded(); } catch (LoginException e) {
/** * Get the value of the <code>key</code> property as an <code>int</code>. If * property is not set, the provided <code>defaultValue</code> is returned * * @param key * property key. * @param defaultValue * default value. * @throws NumberFormatException * when the value is invalid * @return return property value as an <code>int</code>, or * <code>defaultValue</code> */ public int getInt(String key, int defaultValue) { String value = getProperty(key); if (value != null) { return Integer.parseInt(value.trim()); } return defaultValue; }
/** * Add a configuration resource. The properties form this configuration will * overwrite corresponding already loaded property and system property * * @param configPath * Configuration file path. */ public void addConfiguration(String configPath) throws ConfigException { addConfiguration(new File(configPath)); }
public SaslQuorumAuthServer(boolean quorumRequireSasl, String loginContext, Set<String> authzHosts) throws SaslException { this.quorumRequireSasl = quorumRequireSasl; try { AppConfigurationEntry entries[] = Configuration.getConfiguration() .getAppConfigurationEntry(loginContext); if (entries == null || entries.length == 0) { throw new LoginException("SASL-authentication failed" + " because the specified JAAS configuration " + "section '" + loginContext + "' could not be found."); } SaslQuorumServerCallbackHandler saslServerCallbackHandler = new SaslQuorumServerCallbackHandler( Configuration.getConfiguration(), loginContext, authzHosts); serverLogin = new Login(loginContext, saslServerCallbackHandler, new ZKConfig()); serverLogin.startThreadIfNeeded(); } catch (Throwable e) { throw new SaslException( "Failed to initialize authentication mechanism using SASL", e); } }