[
https://issues.apache.org/jira/browse/DRILL-5663?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16087848#comment-16087848
]
ASF GitHub Bot commented on DRILL-5663:
---------------------------------------
Github user paul-rogers commented on a diff in the pull request:
https://github.com/apache/drill/pull/874#discussion_r127530151
--- Diff:
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/WebServer.java
---
@@ -264,19 +265,26 @@ private ServerConnector createHttpsConnector() throws
Exception {
final SslContextFactory sslContextFactory = new SslContextFactory();
- if (config.hasPath(ExecConstants.HTTP_KEYSTORE_PATH) &&
-
!Strings.isNullOrEmpty(config.getString(ExecConstants.HTTP_KEYSTORE_PATH))) {
- logger.info("Using configured SSL settings for web server");
-
sslContextFactory.setKeyStorePath(config.getString(ExecConstants.HTTP_KEYSTORE_PATH));
-
sslContextFactory.setKeyStorePassword(config.getString(ExecConstants.HTTP_KEYSTORE_PASSWORD));
-
- // TrustStore and TrustStore password are optional
- if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PATH)) {
-
sslContextFactory.setTrustStorePath(config.getString(ExecConstants.HTTP_TRUSTSTORE_PATH));
- if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PASSWORD)) {
-
sslContextFactory.setTrustStorePassword(config.getString(ExecConstants.HTTP_TRUSTSTORE_PASSWORD));
- }
+ final boolean hasPath =
config.hasPath(ExecConstants.HTTP_KEYSTORE_PATH);
+ final boolean hasPassword =
config.hasPath(ExecConstants.HTTP_KEYSTORE_PASSWORD);
+
+ // Check if both keypath and password are present or not
+ if (hasPath && hasPassword) {
+ final String pathValue =
config.getString(ExecConstants.HTTP_KEYSTORE_PATH);
+ final String passwordValue =
config.getString(ExecConstants.HTTP_KEYSTORE_PASSWORD);
+
+ // checking if any one of them is null or empty
+ if (!Strings.isNullOrEmpty(pathValue) &&
!Strings.isNullOrEmpty(passwordValue)) {
+ sslContextFactory.setKeyStorePath(pathValue);
+ sslContextFactory.setKeyStorePassword(passwordValue);
+ }
+
+ // Throwing an exception if anyone of them is null or empty
+ else {
+ throw new DrillbitStartupException("keystorepath and/or
keystorepassword can't be empty.");
--- End diff --
Please provide a bit of a clearer message. Also, provide the actual path
name. This will be the critical message for folks that made mistake, the
Drillbit won't start, and they have to figure out what's what.
Maybe,
```
"To enable web UI security, both " + ExecConstants.HTTP_KEYSTORE_PATH + "
and " + ... + " are required.";
```
Also, this is just for the Web UI? In that case, maybe just disable the web
UI, but don't fail the Drillbit.
```
"Web UI misconfiguration: web UI is disabled."
```
> Drillbit fails to start when only keystore path is provided without keystore
> password.
> --------------------------------------------------------------------------------------
>
> Key: DRILL-5663
> URL: https://issues.apache.org/jira/browse/DRILL-5663
> Project: Apache Drill
> Issue Type: Bug
> Reporter: Sorabh Hamirwasia
> Assignee: Sindhuri Ramanarayan Rayavaram
> Fix For: 1.11.0
>
>
> When we configure keystore path without keystore password inside
> drill-override.conf for WebServer, then Drillbit fails to start. We should
> explicitly check for either both being present or both being absent. If any
> one of them is only present then throw startup exception for Drill.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
