keith-turner commented on a change in pull request #371: ACCUMULO-4792 Improve 
crypto configuration checks
URL: https://github.com/apache/accumulo/pull/371#discussion_r168203325
 
 

 ##########
 File path: 
core/src/main/java/org/apache/accumulo/core/conf/ConfigSanityCheck.java
 ##########
 @@ -98,13 +110,17 @@ else if (!prop.getType().isValidFormat(value))
       log.warn("Use of {} and {} are deprecated. Consider using {} instead.", 
INSTANCE_DFS_URI, INSTANCE_DFS_DIR, Property.INSTANCE_VOLUMES);
     }
 
-    if (cipherSuite.equals("NullCipher") && 
!keyAlgorithm.equals("NullCipher")) {
-      fatal(Property.CRYPTO_CIPHER_SUITE.getKey() + " should be configured 
when " + Property.CRYPTO_CIPHER_KEY_ALGORITHM_NAME.getKey() + " is set.");
+    if ((cipherSuite.equals(NULL_CIPHER) || keyAlgorithm.equals(NULL_CIPHER)) 
&& !cipherSuite.equals(keyAlgorithm)) {
+      fatal(Property.CRYPTO_CIPHER_SUITE.getKey() + " and " + 
Property.CRYPTO_CIPHER_KEY_ALGORITHM_NAME + " must both be configured.");
     }
 
-    if (!cipherSuite.equals("NullCipher") && 
keyAlgorithm.equals("NullCipher")) {
-      fatal(Property.CRYPTO_CIPHER_KEY_ALGORITHM_NAME.getKey() + " should be 
configured when " + Property.CRYPTO_CIPHER_SUITE.getKey() + " is set.");
+    if (cryptoModule.equals(NULL_CRYPTO_MODULE) && 
!secretKeyEncryptionStrategy.equals(NULL_SECRET_KEY_ENCRYPTION_STRATEGY)) {
 
 Review comment:
   As @ctubbsii suggested, could use xor to simplify this, but not if you want 
the same error message.
   
   ```java
   if(cryptoModule.equals(NULL_CRYPTO_MODULE) ^ 
secretKeyEncryptionStrategy.equals(NULL_SECRET_KEY_ENCRYPTION_STRATEGY)){
     fatal("For "+CRYPTO_MODULE_CLASS.getKey() + " and " + 
CRYPTO_SECRET_KEY_ENCRYPTION_STRATEGY_CLASS.getKey() +" must set both or 
neither");
   }
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to