You are viewing a plain text version of this content. The canonical link for it is here.
Posted to gitbox@activemq.apache.org by GitBox <gi...@apache.org> on 2021/02/17 11:16:07 UTC

[GitHub] [activemq-artemis] sebthom commented on a change in pull request #3456: ARTEMIS-3117 Provide CachingOpenSSLContextFactory

sebthom commented on a change in pull request #3456:
URL: https://github.com/apache/activemq-artemis/pull/3456#discussion_r577527749



##########
File path: artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/DefaultOpenSSLContextFactory.java
##########
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2021 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.core.remoting.impl.ssl;
+
+import java.util.Map;
+
+import org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector;
+import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
+import org.apache.activemq.artemis.spi.core.remoting.ssl.OpenSSLContextFactory;
+
+import io.netty.handler.ssl.SslContext;
+
+/**
+ * Default {@link OpenSSLContextFactory} for use in {@link NettyConnector} and NettyAcceptor.
+ */
+public class DefaultOpenSSLContextFactory implements OpenSSLContextFactory {
+
+   protected SSLSupport createSSLSupport(final Map<String, Object> config,
+      final String keystoreProvider, final String keystorePath, final String keystorePassword,

Review comment:
       The SSLSupport class basically is such a config class, but it resides in the impl package.
   Introduce something like an SSLContextConfig class on the API/SPI level would from my view be beneficial too, but it should then also used for the JDK SSLContextFactory, e.g. the signature should change from
   
   ```java
      SSLContext getSSLContext(Map<String, Object> configuration,
              String keystoreProvider, String keystorePath, String keystorePassword,
              String truststoreProvider, String truststorePath, String truststorePassword,
              String crlPath, String trustManagerFactoryPlugin, boolean trustAll) throws Exception;
   ```
   to
   ```
      SSLContext getSSLContext(SSLContextConfig config) throws Exception;
   ```
   
   I can do this in a backward compatible way using default methods, but I would get the OK to do so from at least two reviewers. @jbertram WDYT?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org