[GitHub] zookeeper pull request #678: ZOOKEEPER-3173: Quorum TLS - support PEM trust/...

Mon, 29 Oct 2018 08:20:52 -0700 

Github user anmolnar commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/678#discussion_r228958680
  
    --- Diff: 
zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java ---
    @@ -167,47 +222,50 @@ public SSLContext createSSLContext(ZKConfig config) 
throws SSLContextException {
             KeyManager[] keyManagers = null;
             TrustManager[] trustManagers = null;
     
    -        String keyStoreLocationProp = 
config.getProperty(sslKeystoreLocationProperty);
    -        String keyStorePasswordProp = 
config.getProperty(sslKeystorePasswdProperty);
    +        String keyStoreLocationProp = 
config.getProperty(sslKeystoreLocationProperty, "");
    +        String keyStorePasswordProp = 
config.getProperty(sslKeystorePasswdProperty, "");
    +        String keyStoreTypeProp = 
config.getProperty(sslKeystoreTypeProperty);
     
             // There are legal states in some use cases for null KeyManager or 
TrustManager.
    -        // But if a user wanna specify one, location and password are 
required.
    +        // But if a user wanna specify one, location is required. Password 
defaults to empty string if it is not
    +        // specified by the user.
     
    -        if (keyStoreLocationProp == null && keyStorePasswordProp == null) {
    +        if (keyStoreLocationProp.isEmpty()) {
                 LOG.warn(getSslKeystoreLocationProperty() + " not specified");
             } else {
    -            if (keyStoreLocationProp == null) {
    -                throw new 
SSLContextException(getSslKeystoreLocationProperty() + " not specified");
    -            }
    -            if (keyStorePasswordProp == null) {
    -                throw new 
SSLContextException(getSslKeystorePasswdProperty() + " not specified");
    -            }
                 try {
    +                StoreFileType keyStoreType = 
StoreFileType.fromPropertyValue(keyStoreTypeProp);
                     keyManagers = new KeyManager[]{
    -                        createKeyManager(keyStoreLocationProp, 
keyStorePasswordProp)};
    +                        createKeyManager(keyStoreLocationProp, 
keyStorePasswordProp, keyStoreType)};
                 } catch (KeyManagerException keyManagerException) {
                     throw new SSLContextException("Failed to create 
KeyManager", keyManagerException);
    +            } catch (IllegalArgumentException e) {
    +                throw new SSLContextException("Bad value for " + 
sslKeystoreTypeProperty + ": " + keyStoreTypeProp, e);
                 }
             }
     
    -        String trustStoreLocationProp = 
config.getProperty(sslTruststoreLocationProperty);
    -        String trustStorePasswordProp = 
config.getProperty(sslTruststorePasswdProperty);
    +        String trustStoreLocationProp = 
config.getProperty(sslTruststoreLocationProperty, "");
    --- End diff --
    
    Same here. Previously it was checked against null value, why have you 
changed that?


---

Reply via email to