[pulsar] branch branch-3.0 updated: [fix] Ignore openIDTokenIssuerTrustCertsFilePath conf when blank (#20745)

Thu, 06 Jul 2023 20:48:32 -0700 

This is an automated email from the ASF dual-hosted git repository.

mmarshall pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-3.0 by this push:
     new 6e2f6683da8 [fix] Ignore openIDTokenIssuerTrustCertsFilePath conf when 
blank (#20745)
6e2f6683da8 is described below

commit 6e2f6683da80ac0ba2f3b2a6078408fdb87c477a
Author: Michael Marshall <[email protected]>
AuthorDate: Thu Jul 6 20:45:26 2023 -0500

    [fix] Ignore openIDTokenIssuerTrustCertsFilePath conf when blank (#20745)
    
    (cherry picked from commit 4586852f30902b5247d907ce4cc9360152db1e21)
---
 .../broker/authentication/oidc/AuthenticationProviderOpenID.java     | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git 
a/pulsar-broker-auth-oidc/src/main/java/org/apache/pulsar/broker/authentication/oidc/AuthenticationProviderOpenID.java
 
b/pulsar-broker-auth-oidc/src/main/java/org/apache/pulsar/broker/authentication/oidc/AuthenticationProviderOpenID.java
index 2078666a08d..1462b8e293f 100644
--- 
a/pulsar-broker-auth-oidc/src/main/java/org/apache/pulsar/broker/authentication/oidc/AuthenticationProviderOpenID.java
+++ 
b/pulsar-broker-auth-oidc/src/main/java/org/apache/pulsar/broker/authentication/oidc/AuthenticationProviderOpenID.java
@@ -52,6 +52,7 @@ import java.util.Set;
 import java.util.concurrent.CompletableFuture;
 import javax.naming.AuthenticationException;
 import javax.net.ssl.SSLSession;
+import org.apache.commons.lang.StringUtils;
 import org.apache.pulsar.broker.ServiceConfiguration;
 import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
 import org.apache.pulsar.broker.authentication.AuthenticationProvider;
@@ -163,7 +164,9 @@ public class AuthenticationProviderOpenID implements 
AuthenticationProvider {
         int readTimeout = getConfigValueAsInt(config, 
HTTP_READ_TIMEOUT_MILLIS, HTTP_READ_TIMEOUT_MILLIS_DEFAULT);
         String trustCertsFilePath = getConfigValueAsString(config, 
ISSUER_TRUST_CERTS_FILE_PATH, null);
         SslContext sslContext = null;
-        if (trustCertsFilePath != null) {
+        // When config is in the conf file but is empty, it defaults to the 
empty string, which is not meaningful and
+        // should be ignored.
+        if (StringUtils.isNotBlank(trustCertsFilePath)) {
             // Use default settings for everything but the trust store.
             sslContext = SslContextBuilder.forClient()
                     .trustManager(new File(trustCertsFilePath))

Reply via email to