You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@zookeeper.apache.org by GitBox <gi...@apache.org> on 2020/10/20 07:21:49 UTC

[GitHub] [zookeeper] maoling commented on a change in pull request #1318: ZOOKEEPER-3696: support multiple algorithms for ACL digest

maoling commented on a change in pull request #1318:
URL: https://github.com/apache/zookeeper/pull/1318#discussion_r508265415



##########
File path: zookeeper-server/src/main/java/org/apache/zookeeper/server/auth/DigestAuthenticationProvider.java
##########
@@ -20,16 +20,40 @@
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.Security;
 import org.apache.zookeeper.KeeperException;
 import org.apache.zookeeper.data.Id;
 import org.apache.zookeeper.server.ServerCnxn;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class DigestAuthenticationProvider implements AuthenticationProvider {
 
     private static final Logger LOG = LoggerFactory.getLogger(DigestAuthenticationProvider.class);
 
+    private static final String DEFAULT_DIGEST_ALGORITHM = "SHA1";
+
+    public static final String DIGEST_ALGORITHM_KEY = "zookeeper.DigestAuthenticationProvider.digestAlg";
+
+    private static final String DIGEST_ALGORITHM = System.getProperty(DIGEST_ALGORITHM_KEY, DEFAULT_DIGEST_ALGORITHM);
+
+    static {
+        // To keep backward compatibility, the SHA1 still uses the implementation of JDK, other algorithms
+        // use the implementation of BouncyCastle which supports more types of algorithms than native JDK.
+        if (!DIGEST_ALGORITHM.equals(DEFAULT_DIGEST_ALGORITHM)) {
+            Security.addProvider(new BouncyCastleProvider());
+        }
+
+        try {
+            //sanity check, pre-check the availability of the algorithm to avoid some unexpected exceptions in the runtime
+            generateDigest(DEFAULT_DIGEST_ALGORITHM);

Review comment:
       In fact, any string is OK.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org