Github user tumativ commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/678#discussion_r230255350
--- Diff:
zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java ---
@@ -254,23 +282,54 @@ public static X509KeyManager createKeyManager(String
keyStoreLocation, String ke
}
}
- public static X509TrustManager createTrustManager(String
trustStoreLocation, String trustStorePassword,
- boolean crlEnabled,
boolean ocspEnabled,
- final boolean
serverHostnameVerificationEnabled,
- final boolean
clientHostnameVerificationEnabled)
+ /**
+ * Creates a trust manager by loading the trust store from the given
file
+ * of the given type, optionally decrypting it using the given
password.
+ * @param trustStoreLocation the location of the trust store file.
+ * @param trustStorePassword optional password to decrypt the trust
store
+ * (only applies to JKS trust stores). If
empty,
+ * assumes the trust store is not encrypted.
+ * @param trustStoreTypeProp must be JKS, PEM, or null. If null,
attempts
+ * to autodetect the trust store type from
the
+ * file extension (.jks / .pem).
+ * @param crlEnabled enable CRL (certificate revocation list) checks.
+ * @param ocspEnabled enable OCSP (online certificate status protocol)
+ * checks.
+ * @param serverHostnameVerificationEnabled if true, verify hostnames
of
+ * remote servers that client
+ * sockets created by this
+ * X509Util connect to.
+ * @param clientHostnameVerificationEnabled if true, verify hostnames
of
+ * remote clients that server
+ * sockets created by this
+ * X509Util accept connections
+ * from.
+ * @return the trust manager.
+ * @throws TrustManagerException if something goes wrong.
+ */
+ public static X509TrustManager createTrustManager(
+ String trustStoreLocation,
+ String trustStorePassword,
+ String trustStoreTypeProp,
+ boolean crlEnabled,
+ boolean ocspEnabled,
+ final boolean serverHostnameVerificationEnabled,
+ final boolean clientHostnameVerificationEnabled)
throws TrustManagerException {
FileInputStream inputStream = null;
+ if (trustStorePassword == null) {
+ trustStorePassword = "";
+ }
try {
- File trustStoreFile = new File(trustStoreLocation);
- KeyStore ts = KeyStore.getInstance("JKS");
- inputStream = new FileInputStream(trustStoreFile);
- if (trustStorePassword != null) {
- char[] trustStorePasswordChars =
trustStorePassword.toCharArray();
- ts.load(inputStream, trustStorePasswordChars);
- } else {
- ts.load(inputStream, null);
- }
-
+ KeyStoreFileType storeFileType =
--- End diff --
IllegalArgumentException is possible here. I see it not handled
---
