[GitHub] flink pull request #5973: [FLINK-9261][ssl] Fix SSL support for REST API and...

[GJL]

Github user GJL commented on a diff in the pull request:

    https://github.com/apache/flink/pull/5973#discussion_r187194770
  
    --- Diff: 
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java ---
    @@ -81,16 +85,62 @@ public static void 
setSSLVerAndCipherSuites(ServerSocket socket, Configuration c
                }
        }
     
    +   /**
    +    * Creates a {@link SSLEngineFactory} to be used by the Server.
    +    *
    +    * @param config The application configuration.
    +    */
    +   public static SSLEngineFactory createServerSSLEngineFactory(final 
Configuration config) throws Exception {
    +           return createSSLEngineFactory(config, false);
    +   }
    +
    +   /**
    +    * Creates a {@link SSLEngineFactory} to be used by the Client.
    +    * @param config The application configuration.
    +    */
    +   public static SSLEngineFactory createClientSSLEngineFactory(final 
Configuration config) throws Exception {
    +           return createSSLEngineFactory(config, true);
    +   }
    +
    +   private static SSLEngineFactory createSSLEngineFactory(
    +                   final Configuration config,
    +                   final boolean clientMode) throws Exception {
    +
    +           final SSLContext sslContext = clientMode ?
    +                   createSSLClientContext(config) :
    +                   createSSLServerContext(config);
    +
    +           checkState(sslContext != null, "%s it not enabled", 
SecurityOptions.SSL_ENABLED.key());
    +
    +           return new SSLEngineFactory(
    +                   sslContext,
    +                   getEnabledProtocols(config),
    +                   getEnabledCipherSuites(config),
    +                   clientMode);
    +   }
    +
        /**
         * Sets SSL version and cipher suites for SSLEngine.
    -    * @param engine
    -    *        SSLEngine to be handled
    -    * @param config
    -    *        The application configuration
    +    *
    +    * @param engine SSLEngine to be handled
    +    * @param config The application configuration
    +    * @deprecated Use {@link #createClientSSLEngineFactory(Configuration)} 
or
    +    * {@link #createServerSSLEngineFactory(Configuration)}.
         */
    +   @Deprecated
        public static void setSSLVerAndCipherSuites(SSLEngine engine, 
Configuration config) {
    -           
engine.setEnabledProtocols(config.getString(SecurityOptions.SSL_PROTOCOL).split(","));
    -           
engine.setEnabledCipherSuites(config.getString(SecurityOptions.SSL_ALGORITHMS).split(","));
    +           engine.setEnabledProtocols(getEnabledProtocols(config));
    +           engine.setEnabledCipherSuites(getEnabledCipherSuites(config));
    +   }
    +
    +   private static String[] getEnabledProtocols(final Configuration config) 
{
    +           requireNonNull(config, "config must not be null");
    --- End diff --
    
    Ok, I will use Flink's `checkNotNull` next time.


---