This is an automated email from the ASF dual-hosted git repository. alsuliman pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/asterixdb.git
commit f87564bb761a28e09e60cfbf079e78782da06139 Merge: 22d4e6a 84935cd Author: Michael Blow <[email protected]> AuthorDate: Wed Nov 24 12:07:58 2021 -0500 Merge branch 'gerrit/stabilization-5949a1cb71' Change-Id: Iaa206a731edf30d598d8b5eb8bd472ab8b9cc9f9 .../api/network/INetworkSecurityConfig.java | 11 +++++++++-- .../ipc/security/NetworkSecurityConfig.java | 23 ++++++++++++---------- .../ipc/security/NetworkSecurityManager.java | 5 ++++- 3 files changed, 26 insertions(+), 13 deletions(-) diff --cc hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityConfig.java index 9c65eea,95c3efc..b483158 --- a/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityConfig.java +++ b/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityConfig.java @@@ -58,4 -65,11 +65,4 @@@ public interface INetworkSecurityConfi * @return the trust store file */ File getTrustStoreFile(); - - /** - * Gets the password for the trust store file, if configured - * - * @return the password to the trust store file, if configured - */ - Optional<String> getTrustStorePassword(); --} ++} diff --cc hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java index b7c0d0f,e352260..42dacf5 --- a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java +++ b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java @@@ -76,28 -101,7 +76,31 @@@ public class NetworkSecurityManager imp this.config = config; } - private KeyStore loadKeyStoreFromFile(char[] password) { + public static SSLContext newSSLContext(INetworkSecurityConfig config) { + try { + final char[] password = getKeyStorePassword(config); + KeyStore engineKeyStore = config.getKeyStore(); + if (engineKeyStore == null) { + engineKeyStore = loadKeyStoreFromFile(password, config); + } + final String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); + KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm); + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm); + keyManagerFactory.init(engineKeyStore, password); - final KeyStore trustStore = loadTrustStoreFromFile(password, config); ++ KeyStore trustStore = config.getTrustStore(); ++ if (trustStore == null) { ++ trustStore = loadTrustStoreFromFile(password, config); ++ } + trustManagerFactory.init(trustStore); + SSLContext ctx = SSLContext.getInstance(TSL_VERSION); + ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom()); + return ctx; + } catch (Exception ex) { + throw new IllegalStateException("Failed to create SSLEngine", ex); + } + } + + private static KeyStore loadKeyStoreFromFile(char[] password, INetworkSecurityConfig config) { try { final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(new FileInputStream(config.getKeyStoreFile()), password);
