This is an automated email from the ASF dual-hosted git repository.
gavinchou pushed a commit to branch bdbje
in repository https://gitbox.apache.org/repos/asf/doris-thirdparty.git
The following commit(s) were added to refs/heads/bdbje by this push:
new 00dd1a331fe [fix](bdbje)fix bdbje can't set truststore password (#347)
00dd1a331fe is described below
commit 00dd1a331fe418b4d599f9aecb9e2b12bb12e808
Author: koarz <[email protected]>
AuthorDate: Wed Aug 13 11:31:39 2025 +0800
[fix](bdbje)fix bdbje can't set truststore password (#347)
---
CHANGELOG.md | 4 ++
pom.xml | 2 +-
.../com/sleepycat/je/rep/ReplicationSSLConfig.java | 55 ++++++++++++++++++++++
.../java/com/sleepycat/je/rep/impl/RepParams.java | 10 ++++
.../je/rep/utilint/net/SSLChannelFactory.java | 32 +++++++++++--
5 files changed, 99 insertions(+), 4 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 92d278d525d..79c94b6ff44 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
# CHANGELOG
+## bdbje-18.3.15-doris-SNAPSHOT (20250813)
+
+1. fix TrustStore can't set password
+
## bdbje-18.3.14-doris-SNAPSHOT (20221116)
1. support ipv6 address parsing
diff --git a/pom.xml b/pom.xml
index 42ae591c582..41a55c39054 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
</parent>
<groupId>org.apache.doris</groupId>
<artifactId>je</artifactId>
- <version>18.3.14-doris-SNAPSHOT</version>
+ <version>18.3.15-doris-SNAPSHOT</version>
<name>bdb-je apache doris release</name>
<url>https://doris.apache.org/</url>
<description>fork from bdb-je 18.3.12 from maven with starrocks bdbje
patches</description>
diff --git a/src/main/java/com/sleepycat/je/rep/ReplicationSSLConfig.java
b/src/main/java/com/sleepycat/je/rep/ReplicationSSLConfig.java
index 949e4f70785..061c9d21292 100644
--- a/src/main/java/com/sleepycat/je/rep/ReplicationSSLConfig.java
+++ b/src/main/java/com/sleepycat/je/rep/ReplicationSSLConfig.java
@@ -96,6 +96,7 @@ public class ReplicationSSLConfig extends
ReplicationNetworkConfig {
* {@link #SSL_SERVER_KEY_ALIAS je.rep.ssl.serverKeyAlias}
* {@link #SSL_TRUSTSTORE_FILE je.rep.ssl.trustStoreFile}
* {@link #SSL_TRUSTSTORE_TYPE je.rep.ssl.trustStoreType}
+ * {@link #SSL_KEYSTORE_PASSWORD je.rep.ssl.keyStorePassword}
* {@link #SSL_CIPHER_SUITES je.rep.ssl.cipherSuites}
* {@link #SSL_PROTOCOLS je.rep.ssl.protocols}
* {@link #SSL_AUTHENTICATOR je.rep.ssl.authenticator}
@@ -243,6 +244,25 @@ public class ReplicationSSLConfig extends
ReplicationNetworkConfig {
public static final String SSL_CLIENT_KEY_ALIAS =
EnvironmentParams.REP_PARAM_PREFIX + "ssl.clientKeyAlias";
+ /**
+ * The password for accessing the Java truststore file for SSL data
channnel
+ * factories. If this parameter is not set or has an empty value, the Java
+ * system property <code>javax.net.ssl.trustStorePassword</code> is used.
+ *
+ * <p><table border="1"
+ * summary="Information about configuration option">
+ * <tr><td>Name</td><td>Type</td><td>Mutable</td><td>Default</td></tr>
+ * <tr>
+ * <td>{@value}</td>
+ * <td>String</td>
+ * <td>No</td>
+ * <td>""</td>
+ * </tr>
+ * </table>
+ */
+ public static final String SSL_TRUSTSTORE_PASSWORD =
+ EnvironmentParams.REP_PARAM_PREFIX + "ssl.trustStorePassword";
+
/**
* The path to the Java truststore file for SSL data channel factories.
* The specified path must be absolute.
@@ -501,6 +521,7 @@ public class ReplicationSSLConfig extends
ReplicationNetworkConfig {
repSSLProperties.add(SSL_KEYSTORE_TYPE);
repSSLProperties.add(SSL_SERVER_KEY_ALIAS);
repSSLProperties.add(SSL_CLIENT_KEY_ALIAS);
+ repSSLProperties.add(SSL_TRUSTSTORE_PASSWORD);
repSSLProperties.add(SSL_TRUSTSTORE_FILE);
repSSLProperties.add(SSL_TRUSTSTORE_TYPE);
repSSLProperties.add(SSL_CIPHER_SUITES);
@@ -806,6 +827,40 @@ public class ReplicationSSLConfig extends
ReplicationNetworkConfig {
validateParams);
}
+ /**
+ * Returns the password for the Java TrustStore file to be used for SSL key
+ * pair retrieval.
+ *
+ * @return the TrustStore password
+ */
+ public String getSSLTrustStorePassword() {
+ return DbConfigManager.getVal(props,
RepParams.SSL_TRUSTSTORE_PASSWORD);
+ }
+
+ /**
+ * Sets the password for the Java TrustStore file to be used when creating
+ * SSL connections.
+ *
+ * @param password the TrustStore password
+ *
+ * @return this
+ */
+ public ReplicationNetworkConfig setSSLTrustStorePassword(String password) {
+
+ setSSLTrustStorePasswordVoid(password);
+ return this;
+ }
+
+ /**
+ * @hidden
+ * The void return setter for use by Bean editors.
+ */
+ public void setSSLTrustStorePasswordVoid(String password) {
+
+ DbConfigManager.setVal(props, RepParams.SSL_TRUSTSTORE_PASSWORD,
password,
+ validateParams);
+ }
+
/**
* Returns the name of the Java TrustStore file to be used for SSL
* certificate validation.
diff --git a/src/main/java/com/sleepycat/je/rep/impl/RepParams.java
b/src/main/java/com/sleepycat/je/rep/impl/RepParams.java
index 768f4ea95f6..69c2a71348e 100644
--- a/src/main/java/com/sleepycat/je/rep/impl/RepParams.java
+++ b/src/main/java/com/sleepycat/je/rep/impl/RepParams.java
@@ -1382,6 +1382,16 @@ public class RepParams {
false, // mutable
true); // forReplication
+ /**
+ * SSL TrustStore password
+ * @see ReplicationSSLConfig#SSL_TRUSTSTORE_PASSWORD
+ */
+ public static final ConfigParam SSL_TRUSTSTORE_PASSWORD =
+ new ConfigParam(ReplicationSSLConfig.SSL_TRUSTSTORE_PASSWORD,
+ "", // default
+ false, // mutable
+ true); // forReplication
+
/**
* SSL TrustStore file
* @see ReplicationSSLConfig#SSL_TRUSTSTORE_FILE
diff --git
a/src/main/java/com/sleepycat/je/rep/utilint/net/SSLChannelFactory.java
b/src/main/java/com/sleepycat/je/rep/utilint/net/SSLChannelFactory.java
index 3ca162baeed..f6f13b01a5f 100644
--- a/src/main/java/com/sleepycat/je/rep/utilint/net/SSLChannelFactory.java
+++ b/src/main/java/com/sleepycat/je/rep/utilint/net/SSLChannelFactory.java
@@ -526,6 +526,32 @@ public class SSLChannelFactory implements
DataChannelFactory {
return tmf.getTrustManagers();
}
+ /**
+ * Finds the truststore password based on the input config.
+ */
+ private static char[] getTrustStorePassword(InstanceContext context) {
+
+ final ReplicationSSLConfig config =
+ (ReplicationSSLConfig) context.getRepNetConfig();
+
+ char[] ksPw = null;
+
+ String ksPwProp = config.getSSLTrustStorePassword();
+ if (ksPwProp == null || ksPwProp.isEmpty()) {
+ /*
+ * Finally, consider the standard Java Keystore
+ * password system property
+ */
+ ksPwProp =
+ System.getProperty("javax.net.ssl.trustStorePassword");
+ }
+ if (ksPwProp != null) {
+ ksPw = ksPwProp.toCharArray();
+ }
+
+ return ksPw;
+ }
+
/**
* Based on the input config, read the configured TrustStore into memory.
*/
@@ -553,12 +579,12 @@ public class SSLChannelFactory implements
DataChannelFactory {
/*
* Build a TrustStore, if specified
*/
+ final char[] tsPw = getTrustStorePassword(context);
if (tsProp != null) {
- final KeyStore ts =
- loadStore(tsProp, null, "truststore", tsTypeProp);
+ final KeyStore ts = loadStore(tsProp, tsPw, "truststore",
tsTypeProp);
- return new KeyStoreInfo(tsProp, ts, null);
+ return new KeyStoreInfo(tsProp, ts, tsPw);
}
return null;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
