[
https://issues.apache.org/jira/browse/HDFS-14951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16967093#comment-16967093
]
Siyao Meng commented on HDFS-14951:
-----------------------------------
I dug a little bit. {{trustStorePassword}} is
[set|https://github.com/apache/hadoop/blob/3d41f330186f6481850b46e0c345d3ecf7b1b818/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java#L423]
in {{loadSSLConfiguration()}}:
{code:title=loadSSLConfiguration()}
trustStorePassword = getPasswordString(sslConf,
SSLFactory.SSL_SERVER_TRUSTSTORE_PASSWORD);
{code}
Looking into {{getPasswordString()}}:
{code:title=getPasswordString()}
private static String getPasswordString(Configuration conf, String name)
throws IOException {
char[] passchars = conf.getPassword(name);
if (passchars == null) {
return null;
}
return new String(passchars);
}
{code}
{{passchars}} gets {{null}} from {{conf.getPassword(name)}} when it can't get
password either from credential providers or {{ssl.server.truststore.password}}
clear text config (in case of {{trustStorePassword}}).
Then I notice that {{keyPassword}} (just above setting {{trustStorePassword}})
also uses {{getPasswordString()}}, so it could also be null.
{code:title=loadSSLConfiguration()}
keyPassword = getPasswordString(sslConf,
SSLFactory.SSL_SERVER_KEYSTORE_KEYPASSWORD);
{code}
Would a null {{keyPassword}} cause similar problem? If that's the case we want
to do the same check for {{keyPassword}} as well.
> KMS Jetty server does not startup if trust store password is null
> -----------------------------------------------------------------
>
> Key: HDFS-14951
> URL: https://issues.apache.org/jira/browse/HDFS-14951
> Project: Hadoop HDFS
> Issue Type: Bug
> Reporter: Hanisha Koneru
> Assignee: Hanisha Koneru
> Priority: Major
> Attachments: HDFS-14951.001.patch
>
>
> In HttpServe2, if the trustStore is set but the trust store password is not,
> then we set the TrustStorePassword of SSLContextFactory to null. This results
> in the Jetty server not starting up.
> {code:java}
> In HttpServer2#createHttpsChannelConnector(),
> if (trustStore != null) {
> sslContextFactory.setTrustStorePath(trustStore);
> sslContextFactory.setTrustStoreType(trustStoreType);
> sslContextFactory.setTrustStorePassword(trustStorePassword);
> }
> {code}
> Before setting the trust store password, we should check that it is not null.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
