Pearl1594 commented on code in PR #11055:
URL: https://github.com/apache/cloudstack/pull/11055#discussion_r2155447075
##########
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapContextFactory.java:
##########
@@ -72,8 +72,32 @@ private void enableSSL(final Hashtable<String, String>
environment, Long domainI
if (sslStatus) {
s_logger.info("LDAP SSL enabled.");
environment.put(Context.SECURITY_PROTOCOL, "ssl");
- System.setProperty("javax.net.ssl.trustStore",
_ldapConfiguration.getTrustStore(domainId));
- System.setProperty("javax.net.ssl.trustStorePassword",
_ldapConfiguration.getTrustStorePassword(domainId));
+ String trustStore = _ldapConfiguration.getTrustStore(domainId);
+ String trustStorePassword =
_ldapConfiguration.getTrustStorePassword(domainId);
+
+ if (!validateTrustStore(trustStore, trustStorePassword)) {
+ throw new RuntimeException("Invalid truststore or truststore
password");
+ }
+
+ System.setProperty("javax.net.ssl.trustStore", trustStore);
+ System.setProperty("javax.net.ssl.trustStorePassword",
trustStorePassword);
+ }
+ }
+
+ private boolean validateTrustStore(String trustStore, String
trustStorePassword) {
+ if (trustStore == null || trustStorePassword == null) {
+ return false;
+ }
+
+ try {
+ java.security.KeyStore.getInstance("JKS").load(
+ new java.io.FileInputStream(trustStore),
+ trustStorePassword.toCharArray()
Review Comment:
Oh - some issue during importing - Thanks. I'll fix it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
