You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@calcite.apache.org by fr...@apache.org on 2022/10/26 21:26:06 UTC
[calcite-avatica] branch main updated: CALCITE-5327 Make SSL key-store type configurable
This is an automated email from the ASF dual-hosted git repository.
francischuang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/calcite-avatica.git
The following commit(s) were added to refs/heads/main by this push:
new ca68749d2 CALCITE-5327 Make SSL key-store type configurable
ca68749d2 is described below
commit ca68749d23788924af9a87e99ffd73aa85f55ef0
Author: Richard Antal <ri...@cloudera.com>
AuthorDate: Wed Oct 26 10:36:56 2022 +0200
CALCITE-5327 Make SSL key-store type configurable
---
.../apache/calcite/avatica/server/HttpServer.java | 24 ++++++++++++++++++++++
site/_docs/security.md | 3 +++
2 files changed, 27 insertions(+)
diff --git a/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java b/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
index 87dc73ee7..35b5f5aa6 100644
--- a/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
+++ b/server/src/main/java/org/apache/calcite/avatica/server/HttpServer.java
@@ -79,6 +79,8 @@ public class HttpServer {
private static final Logger LOG = LoggerFactory.getLogger(HttpServer.class);
private static final int MAX_ALLOWED_HEADER_SIZE = 1024 * 64;
+ private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
+
private Server server;
private int port = -1;
private final AvaticaHandler handler;
@@ -515,6 +517,8 @@ public class HttpServer {
private File truststore;
private String truststorePassword;
+ private String keystoreType;
+
private List<ServerCustomizer<T>> serverCustomizers = Collections.emptyList();
// The maximum size in bytes of an http header the server will read (64KB)
@@ -767,6 +771,23 @@ public class HttpServer {
return this;
}
+ /**
+ * Configures the server to use TLS for wire encryption.
+ *
+ * @param keystore The server's keystore
+ * @param keystorePassword The keystore's password
+ * @param truststore The truststore containing the key used to generate the server's key
+ * @param truststorePassword The truststore's password
+ * @param keystoreType The keystore's type
+ * @return <code>this</code>
+ */
+ public Builder<T> withTLS(File keystore, String keystorePassword, File truststore,
+ String truststorePassword, String keystoreType) {
+ this.withTLS(keystore, keystorePassword, truststore, truststorePassword);
+ this.keystoreType = Objects.requireNonNull(keystoreType);
+ return this;
+ }
+
/**
* Adds customizers to configure a Server before startup.
*
@@ -850,6 +871,9 @@ public class HttpServer {
sslFactory.setKeyStorePassword(keystorePassword);
sslFactory.setTrustStorePath(truststore.getAbsolutePath());
sslFactory.setTrustStorePassword(truststorePassword);
+ if (keystoreType != null && !keystoreType.equals(DEFAULT_KEYSTORE_TYPE)) {
+ sslFactory.setKeyStoreType(keystoreType);
+ }
}
return sslFactory;
}
diff --git a/site/_docs/security.md b/site/_docs/security.md
index d7cf02cff..5333bad8b 100644
--- a/site/_docs/security.md
+++ b/site/_docs/security.md
@@ -344,3 +344,6 @@ HttpServer server = new HttpServer.Builder()
new File("/avatica/truststore.jks"), "MyTruststorePassword")
.build();
{% endhighlight %}
+
+If you wish to change the default `JKS` keystore format to for example, `BCFKS` use the method
+`withTls(File, String, File, String, String)` to provide the keystore format as a fifth parameter.