private String getLoginContextMessage() { if (zkConfig instanceof ZKClientConfig) { return ZKClientConfig.LOGIN_CONTEXT_NAME_KEY + "(=" + zkConfig.getProperty( ZKClientConfig.LOGIN_CONTEXT_NAME_KEY, ZKClientConfig.LOGIN_CONTEXT_NAME_KEY_DEFAULT) + ")"; } else { return ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY + "(=" + System.getProperty( ZooKeeperSaslServer.LOGIN_CONTEXT_NAME_KEY, ZooKeeperSaslServer.DEFAULT_LOGIN_CONTEXT_NAME) + ")"; } }
/** * Get the value of the <code>key</code> property as a <code>boolean</code>. Returns * {@code true} if and only if the property named by the argument exists and is equal * to the string {@code "true"}. If the property is not set, the provided * <code>defaultValue</code> is returned. * * @param key * property key. * @param defaultValue * default value. * @return return property value as an <code>boolean</code>, or * <code>defaultValue</code> */ public boolean getBoolean(String key, boolean defaultValue) { String propertyValue = getProperty(key); if (propertyValue == null) { return defaultValue; } else { return Boolean.parseBoolean(propertyValue); } }
/** * Get the value of the <code>key</code> property as an <code>int</code>. If * property is not set, the provided <code>defaultValue</code> is returned * * @param key * property key. * @param defaultValue * default value. * @throws NumberFormatException * when the value is invalid * @return return property value as an <code>int</code>, or * <code>defaultValue</code> */ public int getInt(String key, int defaultValue) { String value = getProperty(key); if (value != null) { return Integer.parseInt(value.trim()); } return defaultValue; }
private String[] getCipherSuites(final ZKConfig config) { String cipherSuitesInput = config.getProperty(x509Util.getSslCipherSuitesProperty()); if (cipherSuitesInput == null) { return X509Util.getDefaultCipherSuites(); } else { return cipherSuitesInput.split(","); } }
private String[] getEnabledProtocols(final ZKConfig config, final SSLContext sslContext) { String enabledProtocolsInput = config.getProperty(x509Util.getSslEnabledProtocolsProperty()); if (enabledProtocolsInput == null) { return new String[] { sslContext.getProtocol() }; } return enabledProtocolsInput.split(","); }
private int getHandshakeDetectionTimeoutMillis(final ZKConfig config) { String propertyString = config.getProperty(x509Util.getSslHandshakeDetectionTimeoutMillisProperty()); int result; if (propertyString == null) { result = X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS; } else { result = Integer.parseInt(propertyString); if (result < 1) { // Timeout of 0 is not allowed, since an infinite timeout can permanently lock up an // accept() thread. LOG.warn("Invalid value for {}: {}, using the default value of {}", x509Util.getSslHandshakeDetectionTimeoutMillisProperty(), result, X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS); result = X509Util.DEFAULT_HANDSHAKE_DETECTION_TIMEOUT_MILLIS; } } return result; } }
@SuppressWarnings("unchecked") public SSLContextAndOptions createSSLContextAndOptions(ZKConfig config) throws SSLContextException { final String supplierContextClassName = config.getProperty(sslContextSupplierClassProperty); if (supplierContextClassName != null) { if (LOG.isDebugEnabled()) { LOG.debug("Loading SSLContext supplier from property '{}'", sslContextSupplierClassProperty); } try { Class<?> sslContextClass = Class.forName(supplierContextClassName); Supplier<SSLContext> sslContextSupplier = (Supplier<SSLContext>) sslContextClass.getConstructor().newInstance(); return new SSLContextAndOptions(this, config, sslContextSupplier.get()); } catch (ClassNotFoundException | ClassCastException | NoSuchMethodException | InvocationTargetException | InstantiationException | IllegalAccessException e) { throw new SSLContextException("Could not retrieve the SSLContext from supplier source '" + supplierContextClassName + "' provided in the property '" + sslContextSupplierClassProperty + "'", e); } } else { return createSSLContextAndOptionsFromConfig(config); } }
private X509Util.ClientAuth getClientAuth(final ZKConfig config) { return X509Util.ClientAuth.fromPropertyValue(config.getProperty(x509Util.getSslClientAuthProperty())); }
ZKConfig config = new ZKConfig(); try (X509Util x509Util = new ClientX509Util()) { String keyStoreLocation = config.getProperty(x509Util.getSslKeystoreLocationProperty(), ""); String keyStorePassword = config.getProperty(x509Util.getSslKeystorePasswdProperty(), ""); String keyStoreTypeProp = config.getProperty(x509Util.getSslKeystoreTypeProperty()); boolean crlEnabled = Boolean.parseBoolean(config.getProperty(x509Util.getSslCrlEnabledProperty())); boolean ocspEnabled = Boolean.parseBoolean(config.getProperty(x509Util.getSslOcspEnabledProperty())); boolean hostnameVerificationEnabled = Boolean.parseBoolean( config.getProperty(x509Util.getSslHostnameVerificationEnabledProperty())); String trustStoreLocation = config.getProperty(x509Util.getSslTruststoreLocationProperty(), ""); String trustStorePassword = config.getProperty(x509Util.getSslTruststorePasswdProperty(), ""); String trustStoreTypeProp = config.getProperty(x509Util.getSslTruststoreTypeProperty());
TrustManager[] trustManagers = null; String keyStoreLocationProp = config.getProperty(sslKeystoreLocationProperty, ""); String keyStorePasswordProp = config.getProperty(sslKeystorePasswdProperty, ""); String keyStoreTypeProp = config.getProperty(sslKeystoreTypeProperty); String trustStoreLocationProp = config.getProperty(sslTruststoreLocationProperty, ""); String trustStorePasswordProp = config.getProperty(sslTruststorePasswdProperty, ""); String trustStoreTypeProp = config.getProperty(sslTruststoreTypeProperty); String protocol = config.getProperty(sslProtocolProperty, DEFAULT_PROTOCOL); try { SSLContext sslContext = SSLContext.getInstance(protocol);
String cmd = zkConfig.getProperty(ZKConfig.KINIT_COMMAND, KINIT_COMMAND_DEFAULT); String kinitArgs = "-R"; int retry = 1;
/** * Enables automatic reloading of the trust store and key store files when they change on disk. * * @throws IOException if creating the FileChangeWatcher objects fails. */ public void enableCertFileReloading() throws IOException { LOG.info("enabling cert file reloading"); ZKConfig config = zkConfig == null ? new ZKConfig() : zkConfig; FileChangeWatcher newKeyStoreFileWatcher = newFileChangeWatcher(config.getProperty(sslKeystoreLocationProperty)); if (newKeyStoreFileWatcher != null) { // stop old watcher if there is one if (keyStoreFileWatcher != null) { keyStoreFileWatcher.stop(); } keyStoreFileWatcher = newKeyStoreFileWatcher; keyStoreFileWatcher.start(); } FileChangeWatcher newTrustStoreFileWatcher = newFileChangeWatcher(config.getProperty(sslTruststoreLocationProperty)); if (newTrustStoreFileWatcher != null) { // stop old watcher if there is one if (trustStoreFileWatcher != null) { trustStoreFileWatcher.stop(); } trustStoreFileWatcher = newTrustStoreFileWatcher; trustStoreFileWatcher.start(); } }