This is an automated email from the ASF dual-hosted git repository.
pifta pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 25599d6663 HDDS-10701. Create config option for keystores (#6548)
25599d6663 is described below
commit 25599d6663673c3c00e644097f08b9f6ae002619
Author: Galsza <[email protected]>
AuthorDate: Fri Apr 26 10:53:03 2024 +0200
HDDS-10701. Create config option for keystores (#6548)
---
.../apache/hadoop/hdds/scm/client/ClientTrustManager.java | 2 +-
.../hdds/security/ssl/PemFileBasedKeyStoresFactory.java | 13 +++----------
2 files changed, 4 insertions(+), 11 deletions(-)
diff --git
a/hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/client/ClientTrustManager.java
b/hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/client/ClientTrustManager.java
index 0e297ae005..e2e590b914 100644
---
a/hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/client/ClientTrustManager.java
+++
b/hadoop-hdds/client/src/main/java/org/apache/hadoop/hdds/scm/client/ClientTrustManager.java
@@ -118,7 +118,7 @@ public class ClientTrustManager extends
X509ExtendedTrustManager {
private void initialize(List<X509Certificate> caCerts)
throws CertificateException {
try {
- KeyStore ks = KeyStore.getInstance("jks");
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null);
for (X509Certificate cert : caCerts) {
diff --git
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/ssl/PemFileBasedKeyStoresFactory.java
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/ssl/PemFileBasedKeyStoresFactory.java
index 9a9002195c..028d6c8e03 100644
---
a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/ssl/PemFileBasedKeyStoresFactory.java
+++
b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/security/ssl/PemFileBasedKeyStoresFactory.java
@@ -48,11 +48,6 @@ public class PemFileBasedKeyStoresFactory implements
KeyStoresFactory,
private static final Logger LOG =
LoggerFactory.getLogger(PemFileBasedKeyStoresFactory.class);
- /**
- * Default format of the keystore files.
- */
- public static final String DEFAULT_KEYSTORE_TYPE = "jks";
-
private KeyManager[] keyManagers;
private TrustManager[] trustManagers;
private final CertificateClient caClient;
@@ -67,8 +62,7 @@ public class PemFileBasedKeyStoresFactory implements
KeyStoresFactory,
*/
private void createTrustManagers() throws
GeneralSecurityException, IOException {
- ReloadingX509TrustManager trustManager = new ReloadingX509TrustManager(
- DEFAULT_KEYSTORE_TYPE, caClient);
+ ReloadingX509TrustManager trustManager = new
ReloadingX509TrustManager(KeyStore.getDefaultType(), caClient);
trustManagers = new TrustManager[] {trustManager};
}
@@ -78,8 +72,7 @@ public class PemFileBasedKeyStoresFactory implements
KeyStoresFactory,
*/
private void createKeyManagers() throws
GeneralSecurityException, IOException {
- ReloadingX509KeyManager keystoreManager =
- new ReloadingX509KeyManager(DEFAULT_KEYSTORE_TYPE, caClient);
+ ReloadingX509KeyManager keystoreManager = new
ReloadingX509KeyManager(KeyStore.getDefaultType(), caClient);
keyManagers = new KeyManager[] {keystoreManager};
}
@@ -101,7 +94,7 @@ public class PemFileBasedKeyStoresFactory implements
KeyStoresFactory,
if (requireClientAuth || mode == Mode.SERVER) {
createKeyManagers();
} else {
- KeyStore keystore = KeyStore.getInstance(DEFAULT_KEYSTORE_TYPE);
+ KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, null);
KeyManagerFactory keyMgrFactory = KeyManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
