Repository: lens Updated Branches: refs/heads/master f678a4bae -> 58752d0a4
LENS-1515 :For SSL enabled lens client must always use trust manager for root 509. Project: http://git-wip-us.apache.org/repos/asf/lens/repo Commit: http://git-wip-us.apache.org/repos/asf/lens/commit/58752d0a Tree: http://git-wip-us.apache.org/repos/asf/lens/tree/58752d0a Diff: http://git-wip-us.apache.org/repos/asf/lens/diff/58752d0a Branch: refs/heads/master Commit: 58752d0a4fda199d83be8bb9bd899a6e19e1e43f Parents: f678a4b Author: Rajitha R <[email protected]> Authored: Fri May 25 16:26:49 2018 +0530 Committer: Rajitha.R <[email protected]> Committed: Fri May 25 16:26:49 2018 +0530 ---------------------------------------------------------------------- .../org/apache/lens/client/LensTrustManager.java | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/lens/blob/58752d0a/lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java ---------------------------------------------------------------------- diff --git a/lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java b/lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java index 4a69617..284fa28 100644 --- a/lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java +++ b/lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java @@ -42,10 +42,10 @@ public class LensTrustManager implements X509TrustManager { if (Boolean.valueOf(config.get(LensClientConfig.SSL_IGNORE_SERVER_CERT, String.valueOf(LensClientConfig.DEFAULT_SSL_IGNORE_SERVER_CERT_VALUE)))) { - log.info("Will skip server cert verification."); + log.debug("Will skip server cert verification."); ignoreCertCheck = true; } else { - log.info("Server cert verification is enabled."); + log.debug("Server cert verification is enabled."); ignoreCertCheck = false; try { trustManager = getTrustManager(); @@ -65,9 +65,6 @@ public class LensTrustManager implements X509TrustManager { */ @Override public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { - if (!ignoreCertCheck) { - trustManager.checkClientTrusted(chain, authType); - } } /** @@ -78,9 +75,6 @@ public class LensTrustManager implements X509TrustManager { */ @Override public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { - if (!ignoreCertCheck) { - trustManager.checkServerTrusted(chain, authType); - } } /** @@ -89,7 +83,13 @@ public class LensTrustManager implements X509TrustManager { */ @Override public X509Certificate[] getAcceptedIssuers() { - return trustManager.getAcceptedIssuers(); + if (ignoreCertCheck) { + log.debug("return root X509."); + return new X509Certificate[0]; + } else { + log.debug("return first CA X509 cert."); + return trustManager.getAcceptedIssuers(); + } } /**
