[GitHub] [zeppelin] Reamer commented on a change in pull request #3747: [ZEPPELIN-4774] TLS - create Keystores with PEM files

GitBox Fri, 24 Apr 2020 05:20:44 -0700


Reamer commented on a change in pull request #3747:
URL: https://github.com/apache/zeppelin/pull/3747#discussion_r414531965




##########
File path: 
zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
##########
@@ -438,19 +440,38 @@ private static void 
setupClusterManagerServer(ServiceLocator serviceLocator) {
   private static SslContextFactory getSslContextFactory(ZeppelinConfiguration 
conf) {
     SslContextFactory.Server sslContextFactory = new 
SslContextFactory.Server();
 
-    // Set keystore
-    sslContextFactory.setKeyStorePath(conf.getKeyStorePath());
-    sslContextFactory.setKeyStoreType(conf.getKeyStoreType());
-    sslContextFactory.setKeyStorePassword(conf.getKeyStorePassword());
-    sslContextFactory.setKeyManagerPassword(conf.getKeyManagerPassword());
-
-    if (conf.useClientAuth()) {
-      sslContextFactory.setNeedClientAuth(conf.useClientAuth());
-
-      // Set truststore
-      sslContextFactory.setTrustStorePath(conf.getTrustStorePath());
-      sslContextFactory.setTrustStoreType(conf.getTrustStoreType());
-      sslContextFactory.setTrustStorePassword(conf.getTrustStorePassword());
+    // Check for PEM files
+    if (StringUtils.isNoneBlank(conf.getPemKeyFile(), conf.getPemCertFile())) {
+      File pemKey = new File(conf.getPemKeyFile());
+      File pemCert = new File(conf.getPemCertFile());

Review comment:
       Thanks for your review. I added some checks, which should give more 
output in case of an error.

##########
File path: 
zeppelin-server/src/main/java/org/apache/zeppelin/server/ZeppelinServer.java
##########
@@ -438,19 +440,38 @@ private static void 
setupClusterManagerServer(ServiceLocator serviceLocator) {
   private static SslContextFactory getSslContextFactory(ZeppelinConfiguration 
conf) {
     SslContextFactory.Server sslContextFactory = new 
SslContextFactory.Server();
 
-    // Set keystore
-    sslContextFactory.setKeyStorePath(conf.getKeyStorePath());
-    sslContextFactory.setKeyStoreType(conf.getKeyStoreType());
-    sslContextFactory.setKeyStorePassword(conf.getKeyStorePassword());
-    sslContextFactory.setKeyManagerPassword(conf.getKeyManagerPassword());
-
-    if (conf.useClientAuth()) {
-      sslContextFactory.setNeedClientAuth(conf.useClientAuth());
-
-      // Set truststore
-      sslContextFactory.setTrustStorePath(conf.getTrustStorePath());
-      sslContextFactory.setTrustStoreType(conf.getTrustStoreType());
-      sslContextFactory.setTrustStorePassword(conf.getTrustStorePassword());
+    // Check for PEM files
+    if (StringUtils.isNoneBlank(conf.getPemKeyFile(), conf.getPemCertFile())) {
+      File pemKey = new File(conf.getPemKeyFile());
+      File pemCert = new File(conf.getPemCertFile());
+      try {
+        String password = conf.getPemKeyPassword();
+        sslContextFactory.setKeyStore(PEMImporter.loadKeyStore(pemCert, 
pemKey, password));
+        sslContextFactory.setKeyStoreType("JKS");
+        sslContextFactory.setKeyStorePassword(password);
+        if (conf.useClientAuth() && 
StringUtils.isNotBlank(conf.getPemCAFile())) {
+          File pemCA = new File(conf.getPemCAFile());

Review comment:
       Done




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

[GitHub] [zeppelin] Reamer commented on a change in pull request #3747: [ZEPPELIN-4774] TLS - create Keystores with PEM files

Reply via email to