[GitHub] flink pull request #5973: [FLINK-9261][ssl] Fix SSL support for REST API and...

Wed, 09 May 2018 05:43:46 -0700 

Github user StephanEwen commented on a diff in the pull request:

    https://github.com/apache/flink/pull/5973#discussion_r187025268
  
    --- Diff: 
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java ---
    @@ -81,16 +85,62 @@ public static void 
setSSLVerAndCipherSuites(ServerSocket socket, Configuration c
                }
        }
     
    +   /**
    +    * Creates a {@link SSLEngineFactory} to be used by the Server.
    +    *
    +    * @param config The application configuration.
    +    */
    +   public static SSLEngineFactory createServerSSLEngineFactory(final 
Configuration config) throws Exception {
    +           return createSSLEngineFactory(config, false);
    +   }
    +
    +   /**
    +    * Creates a {@link SSLEngineFactory} to be used by the Client.
    +    * @param config The application configuration.
    +    */
    +   public static SSLEngineFactory createClientSSLEngineFactory(final 
Configuration config) throws Exception {
    +           return createSSLEngineFactory(config, true);
    +   }
    +
    +   private static SSLEngineFactory createSSLEngineFactory(
    +                   final Configuration config,
    +                   final boolean clientMode) throws Exception {
    +
    +           final SSLContext sslContext = clientMode ?
    +                   createSSLClientContext(config) :
    +                   createSSLServerContext(config);
    +
    +           checkState(sslContext != null, "%s it not enabled", 
SecurityOptions.SSL_ENABLED.key());
    +
    +           return new SSLEngineFactory(
    +                   sslContext,
    +                   getEnabledProtocols(config),
    +                   getEnabledCipherSuites(config),
    +                   clientMode);
    +   }
    +
        /**
         * Sets SSL version and cipher suites for SSLEngine.
    -    * @param engine
    -    *        SSLEngine to be handled
    -    * @param config
    -    *        The application configuration
    +    *
    +    * @param engine SSLEngine to be handled
    +    * @param config The application configuration
    +    * @deprecated Use {@link #createClientSSLEngineFactory(Configuration)} 
or
    +    * {@link #createServerSSLEngineFactory(Configuration)}.
         */
    +   @Deprecated
        public static void setSSLVerAndCipherSuites(SSLEngine engine, 
Configuration config) {
    -           
engine.setEnabledProtocols(config.getString(SecurityOptions.SSL_PROTOCOL).split(","));
    -           
engine.setEnabledCipherSuites(config.getString(SecurityOptions.SSL_ALGORITHMS).split(","));
    +           engine.setEnabledProtocols(getEnabledProtocols(config));
    +           engine.setEnabledCipherSuites(getEnabledCipherSuites(config));
    +   }
    +
    +   private static String[] getEnabledProtocols(final Configuration config) 
{
    +           requireNonNull(config, "config must not be null");
    --- End diff --
    
    For private internal utilities, I suggest to skip the null check in most 
places, especially when it will eagerly fail with an exception on null anyways.
    
    In any case, if you believe the check should be there, please use 
`Preconditions.checkNotNull` rather than `requireNonNull`.


---

Reply via email to