[GitHub] [hbase] anmolnar commented on a diff in pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores

Tue, 30 Aug 2022 15:12:43 -0700 


anmolnar commented on code in PR #4747:
URL: https://github.com/apache/hbase/pull/4747#discussion_r958972207


##########
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/X509Util.java:
##########
@@ -272,23 +272,22 @@ static X509KeyManager createKeyManager(String 
keyStoreLocation, String keyStoreP
    * @return the trust manager.
    * @throws TrustManagerException if something goes wrong.
    */
-  static X509TrustManager createTrustManager(String trustStoreLocation, String 
trustStorePassword,
+  static X509TrustManager createTrustManager(String trustStoreLocation, char[] 
trustStorePassword,
     String trustStoreType, boolean crlEnabled, boolean ocspEnabled) throws 
TrustManagerException {
 
-    if (trustStorePassword == null) {
-      trustStorePassword = "";
-    }
-
     if (trustStoreType == null) {
       trustStoreType = "jks";
     }
 
+    if (trustStorePassword == null) {
+      trustStorePassword = EMPTY_CHAR_ARRAY;
+    }
+
     try {
-      char[] password = trustStorePassword.toCharArray();
       KeyStore ts = KeyStore.getInstance(trustStoreType);
       try (InputStream inputStream =

Review Comment:
   Done.



##########
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/X509Util.java:
##########
@@ -225,27 +226,26 @@ public static SslContext 
createSslContextForServer(Configuration config)
    * @return the key manager.
    * @throws KeyManagerException if something goes wrong.
    */
-  static X509KeyManager createKeyManager(String keyStoreLocation, String 
keyStorePassword,
+  static X509KeyManager createKeyManager(String keyStoreLocation, char[] 
keyStorePassword,
     String keyStoreType) throws KeyManagerException {
 
-    if (keyStorePassword == null) {
-      keyStorePassword = "";
-    }
-
     if (keyStoreType == null) {
       keyStoreType = "jks";
     }
 
+    if (keyStorePassword == null) {
+      keyStorePassword = EMPTY_CHAR_ARRAY;
+    }
+
     try {
-      char[] password = keyStorePassword.toCharArray();
       KeyStore ks = KeyStore.getInstance(keyStoreType);
       try (InputStream inputStream =
         new BufferedInputStream(Files.newInputStream(new 
File(keyStoreLocation).toPath()))) {

Review Comment:
   Done.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to