[SECURITY] Weak security algorithm used by MacDigestManager

[AliIoT]

bookkeeper/bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/checksum/MacDigestManager.java

Lines 43 to 44 in 7018d2f

	public static final String DIGEST_ALGORITHM = "SHA-1";
	public static final String KEY_ALGORITHM = "HmacSHA1";

[mauricebarnum]

This is required by the V2 wire protocol. I don't know what's required to remove that, but at the least I see that Pulsar is still defaulting to v2.

Maybe there's some sort of "yeah, sorry" annotation that can be added so code scanners wouldn't complain?

[dlg99]

DigestManager isn't used for the security but for the checksum/checksum validation.

CRC32 should be the default:

bookkeeper/conf/bk_server.conf

Lines 883 to 884 in 7018d2f

	# The default digest type used for opening ledgers.
	# digestType=CRC32

and

bookkeeper/bookkeeper-server/src/main/java/org/apache/bookkeeper/conf/ClientConfiguration.java

Lines 276 to 284 in 7018d2f

	/**
	* Get digest type used in bookkeeper admin.
	*
	* @return digest type
	* @see #setBookieRecoveryDigestType
	*/
	public DigestType getBookieRecoveryDigestType() {
	return DigestType.valueOf(this.getString(DIGEST_TYPE, DigestType.CRC32.toString()));
	}

CRC32c is recommended for performance.

If you have use case for some other checksuming algorithm you can add it by extending DigestManager class and use configuration to set it.