HBASE-27346. Add PEM reader, test and spotless fixes

hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/BCFKSFileLoader.java

@@ -15,29 +15,28 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.hadoop.hbase.io.crypto.tls;
 
 /**
  * Implementation of {@link FileKeyStoreLoader} that loads from BCKFS files.
  * <p/>
  * This file has been copied from the Apache ZooKeeper project.
  * @see <a href=
- *         "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/BCFKSFileLoader.java">Base
- *         revision</a>
+ *      "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/BCFKSFileLoader.java">Base
+ *      revision</a>
  */
 class BCFKSFileLoader extends StandardTypeFileKeyStoreLoader {
-    private BCFKSFileLoader(String keyStorePath,
-                            String trustStorePath,
-                            char[] keyStorePassword,
-                            char[] trustStorePassword) {
-        super(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword, SupportedStandardKeyFormat.BCFKS);
-    }
+  private BCFKSFileLoader(String keyStorePath, String trustStorePath, char[] keyStorePassword,
+    char[] trustStorePassword) {
+    super(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword,
+      SupportedStandardKeyFormat.BCFKS);
+  }
 
-    static class Builder extends FileKeyStoreLoader.Builder<BCFKSFileLoader> {
-        @Override
-        BCFKSFileLoader build() {
-            return new BCFKSFileLoader(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword);
-        }
+  static class Builder extends FileKeyStoreLoader.Builder<BCFKSFileLoader> {
+    @Override
+    BCFKSFileLoader build() {
+      return new BCFKSFileLoader(keyStorePath, trustStorePath, keyStorePassword,
+        trustStorePassword);
     }
+  }
 }

hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/FileKeyStoreLoader.java

@@ -15,68 +15,66 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.hadoop.hbase.io.crypto.tls;
 
 import java.util.Objects;
 
 /**
- * Base class for instances of {@link KeyStoreLoader} which load the key/trust
- * stores from files on a filesystem.
+ * Base class for instances of {@link KeyStoreLoader} which load the key/trust stores from files on
+ * a filesystem.
  * <p/>
  * This file has been copied from the Apache ZooKeeper project.
  * @see <a href=
- *         "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/FileKeyStoreLoader.java">Base
- *         revision</a>
+ *      "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/FileKeyStoreLoader.java">Base
+ *      revision</a>
  */
 abstract class FileKeyStoreLoader implements KeyStoreLoader {
-    final String keyStorePath;
-    final String trustStorePath;
-    final char[] keyStorePassword;
-    final char[] trustStorePassword;
-
-    FileKeyStoreLoader(String keyStorePath,
-                       String trustStorePath,
-                       char[] keyStorePassword,
-                       char[] trustStorePassword) {
-        this.keyStorePath = keyStorePath;
-        this.trustStorePath = trustStorePath;
-        this.keyStorePassword = keyStorePassword;
-        this.trustStorePassword = trustStorePassword;
-    }
+  final String keyStorePath;
+  final String trustStorePath;
+  final char[] keyStorePassword;
+  final char[] trustStorePassword;
 
-    /**
-     * Base class for builder pattern used by subclasses.
-     * @param <T> the subtype of FileKeyStoreLoader created by the Builder.
-     */
-    static abstract class Builder<T extends FileKeyStoreLoader> {
-        String keyStorePath;
-        String trustStorePath;
-        char[] keyStorePassword;
-        char[] trustStorePassword;
+  FileKeyStoreLoader(String keyStorePath, String trustStorePath, char[] keyStorePassword,
+    char[] trustStorePassword) {
+    this.keyStorePath = keyStorePath;
+    this.trustStorePath = trustStorePath;
+    this.keyStorePassword = keyStorePassword;
+    this.trustStorePassword = trustStorePassword;
+  }
 
-        Builder() {}
+  /**
+   * Base class for builder pattern used by subclasses.
+   * @param <T> the subtype of FileKeyStoreLoader created by the Builder.
+   */
+  static abstract class Builder<T extends FileKeyStoreLoader> {
+    String keyStorePath;
+    String trustStorePath;
+    char[] keyStorePassword;
+    char[] trustStorePassword;
 
-        Builder<T> setKeyStorePath(String keyStorePath) {
-            this.keyStorePath = Objects.requireNonNull(keyStorePath);
-            return this;
-        }
+    Builder() {
+    }
 
-        Builder<T> setTrustStorePath(String trustStorePath) {
-            this.trustStorePath = Objects.requireNonNull(trustStorePath);
-            return this;
-        }
+    Builder<T> setKeyStorePath(String keyStorePath) {
+      this.keyStorePath = Objects.requireNonNull(keyStorePath);
+      return this;
+    }
 
-        Builder<T> setKeyStorePassword(char[] keyStorePassword) {
-            this.keyStorePassword = Objects.requireNonNull(keyStorePassword);
-            return this;
-        }
+    Builder<T> setTrustStorePath(String trustStorePath) {
+      this.trustStorePath = Objects.requireNonNull(trustStorePath);
+      return this;
+    }
 
-        Builder<T> setTrustStorePassword(char[] trustStorePassword) {
-            this.trustStorePassword = Objects.requireNonNull(trustStorePassword);
-            return this;
-        }
+    Builder<T> setKeyStorePassword(char[] keyStorePassword) {
+      this.keyStorePassword = Objects.requireNonNull(keyStorePassword);
+      return this;
+    }
 
-        abstract T build();
+    Builder<T> setTrustStorePassword(char[] trustStorePassword) {
+      this.trustStorePassword = Objects.requireNonNull(trustStorePassword);
+      return this;
     }
+
+    abstract T build();
+  }
 }

hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/FileKeyStoreLoaderBuilderProvider.java

@@ -15,40 +15,38 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.hadoop.hbase.io.crypto.tls;
 
 import java.util.Objects;
+import org.apache.yetus.audience.InterfaceAudience;
 
 /**
  * This file has been copied from the Apache ZooKeeper project.
  * @see <a href=
- *         "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/FileKeyStoreLoaderBuilderProvider.java">Base
- *         revision</a>
+ *      "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/FileKeyStoreLoaderBuilderProvider.java">Base
+ *      revision</a>
  */
+@InterfaceAudience.Private
 public class FileKeyStoreLoaderBuilderProvider {
-    /**
-     * Returns a {@link FileKeyStoreLoader.Builder} that can build a loader
-     * which loads keys and certs from files of the given
-     * {@link KeyStoreFileType}.
-     *
-     * @param type the file type to load keys/certs from.
-     * @return a new Builder.
-     */
-    static FileKeyStoreLoader.Builder<? extends FileKeyStoreLoader>
+  /**
+   * Returns a {@link FileKeyStoreLoader.Builder} that can build a loader which loads keys and certs
+   * from files of the given {@link KeyStoreFileType}.
+   * @param type the file type to load keys/certs from.
+   * @return a new Builder.
+   */
+  static FileKeyStoreLoader.Builder<? extends FileKeyStoreLoader>
     getBuilderForKeyStoreFileType(KeyStoreFileType type) {
-        switch (Objects.requireNonNull(type)) {
-            case JKS:
-                return new JKSFileLoader.Builder();
-            case PEM:
-                return new PEMFileLoader.Builder();
-            case PKCS12:
-                return new PKCS12FileLoader.Builder();
-            case BCFKS:
-              return new BCFKSFileLoader.Builder();
-            default:
-                throw new AssertionError(
-                        "Unexpected StoreFileType: " + type.name());
-        }
+    switch (Objects.requireNonNull(type)) {
+      case JKS:
+        return new JKSFileLoader.Builder();
+      case PEM:
+        return new PEMFileLoader.Builder();
+      case PKCS12:
+        return new PKCS12FileLoader.Builder();
+      case BCFKS:
+        return new BCFKSFileLoader.Builder();
+      default:
+        throw new AssertionError("Unexpected StoreFileType: " + type.name());
     }
+  }
 }

hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/JKSFileLoader.java

@@ -15,29 +15,27 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.hadoop.hbase.io.crypto.tls;
 
 /**
  * Implementation of {@link FileKeyStoreLoader} that loads from JKS files.
  * <p/>
  * This file has been copied from the Apache ZooKeeper project.
  * @see <a href=
- *         "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/JKSFileLoader.java">Base
- *         revision</a>
+ *      "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/JKSFileLoader.java">Base
+ *      revision</a>
  */
 class JKSFileLoader extends StandardTypeFileKeyStoreLoader {
-    private JKSFileLoader(String keyStorePath,
-                          String trustStorePath,
-                          char[] keyStorePassword,
-                          char[] trustStorePassword) {
-        super(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword, SupportedStandardKeyFormat.JKS);
-    }
+  private JKSFileLoader(String keyStorePath, String trustStorePath, char[] keyStorePassword,
+    char[] trustStorePassword) {
+    super(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword,
+      SupportedStandardKeyFormat.JKS);
+  }
 
-    static class Builder extends FileKeyStoreLoader.Builder<JKSFileLoader> {
-        @Override
-        JKSFileLoader build() {
-            return new JKSFileLoader(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword);
-        }
+  static class Builder extends FileKeyStoreLoader.Builder<JKSFileLoader> {
+    @Override
+    JKSFileLoader build() {
+      return new JKSFileLoader(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword);
     }
+  }
 }

hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/KeyStoreLoader.java

@@ -15,7 +15,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.hadoop.hbase.io.crypto.tls;
 
 import java.io.IOException;
@@ -27,31 +26,28 @@
  * <p/>
  * This file has been copied from the Apache ZooKeeper project.
  * @see <a href=
- *         "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/KeyStoreLoader.java">Base
- *         revision</a>
+ *      "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/KeyStoreLoader.java">Base
+ *      revision</a>
  */
 interface KeyStoreLoader {
-    /**
-     * Loads a KeyStore which contains at least one private key and the
-     * associated X509 cert chain.
-     *
-     * @return a new KeyStore
-     * @throws IOException if loading the key store fails due to an IO error,
-     *         such as "file not found".
-     * @throws GeneralSecurityException if loading the key store fails due to
-     *         a security error, such as "unsupported crypto algorithm".
-     */
-    KeyStore loadKeyStore() throws IOException, GeneralSecurityException;
+  /**
+   * Loads a KeyStore which contains at least one private key and the associated X509 cert chain.
+   * @return a new KeyStore
+   * @throws IOException              if loading the key store fails due to an IO error, such as
+   *                                  "file not found".
+   * @throws GeneralSecurityException if loading the key store fails due to a security error, such
+   *                                  as "unsupported crypto algorithm".
+   */
+  KeyStore loadKeyStore() throws IOException, GeneralSecurityException;
 
-    /**
-     * Loads a KeyStore which contains at least one X509 cert chain for a
-     * trusted Certificate Authority (CA).
-     *
-     * @return a new KeyStore
-     * @throws IOException if loading the trust store fails due to an IO error,
-     *         such as "file not found".
-     * @throws GeneralSecurityException if loading the trust store fails due to
-     *         a security error, such as "unsupported crypto algorithm".
-     */
-    KeyStore loadTrustStore() throws IOException, GeneralSecurityException;
+  /**
+   * Loads a KeyStore which contains at least one X509 cert chain for a trusted Certificate
+   * Authority (CA).
+   * @return a new KeyStore
+   * @throws IOException              if loading the trust store fails due to an IO error, such as
+   *                                  "file not found".
+   * @throws GeneralSecurityException if loading the trust store fails due to a security error, such
+   *                                  as "unsupported crypto algorithm".
+   */
+  KeyStore loadTrustStore() throws IOException, GeneralSecurityException;
 }

hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/PEMFileLoader.java

@@ -15,54 +15,42 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
 package org.apache.hadoop.hbase.io.crypto.tls;
 
 import java.io.File;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
-import java.util.Optional;
-
-import org.apache.zookeeper.util.PemReader;
 
 /**
  * Implementation of {@link FileKeyStoreLoader} that loads from PEM files.
  * <p/>
  * This file has been copied from the Apache ZooKeeper project.
  * @see <a href=
- *         "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/PEMFileLoader.java">Base
- *         revision</a>
+ *      "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/PEMFileLoader.java">Base
+ *      revision</a>
  */
 class PEMFileLoader extends FileKeyStoreLoader {
-    private PEMFileLoader(String keyStorePath,
-                          String trustStorePath,
-                          char[] keyStorePassword,
-                          char[] trustStorePassword) {
-        super(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword);
-    }
+  private PEMFileLoader(String keyStorePath, String trustStorePath, char[] keyStorePassword,
+    char[] trustStorePassword) {
+    super(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword);
+  }
 
-    @Override
-    public KeyStore loadKeyStore() throws IOException, GeneralSecurityException {
-        Optional<String> passwordOption;
-        if (keyStorePassword == null || keyStorePassword.length == 0) {
-            passwordOption = Optional.empty();
-        } else {
-            passwordOption = Optional.of(String.valueOf(keyStorePassword));
-        }
-        File file = new File(keyStorePath);
-        return PemReader.loadKeyStore(file, file, passwordOption);
-    }
+  @Override
+  public KeyStore loadKeyStore() throws IOException, GeneralSecurityException {
+    File file = new File(keyStorePath);
+    return PemReader.loadKeyStore(file, file, keyStorePassword);
+  }
 
-    @Override
-    public KeyStore loadTrustStore() throws IOException, GeneralSecurityException {
-        return PemReader.loadTrustStore(new File(trustStorePath));
-    }
+  @Override
+  public KeyStore loadTrustStore() throws IOException, GeneralSecurityException {
+    return PemReader.loadTrustStore(new File(trustStorePath));
+  }
 
-    static class Builder extends FileKeyStoreLoader.Builder<PEMFileLoader> {
-        @Override
-        PEMFileLoader build() {
-            return new PEMFileLoader(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword);
-        }
+  static class Builder extends FileKeyStoreLoader.Builder<PEMFileLoader> {
+    @Override
+    PEMFileLoader build() {
+      return new PEMFileLoader(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword);
     }
+  }
 }