PircDef commented on a change in pull request #371: ACCUMULO-4792 Improve 
crypto configuration checks
URL: https://github.com/apache/accumulo/pull/371#discussion_r168236489
 
 

 ##########
 File path: 
core/src/main/java/org/apache/accumulo/core/conf/ConfigSanityCheck.java
 ##########
 @@ -98,13 +110,17 @@ else if (!prop.getType().isValidFormat(value))
       log.warn("Use of {} and {} are deprecated. Consider using {} instead.", 
INSTANCE_DFS_URI, INSTANCE_DFS_DIR, Property.INSTANCE_VOLUMES);
     }
 
-    if (cipherSuite.equals("NullCipher") && 
!keyAlgorithm.equals("NullCipher")) {
-      fatal(Property.CRYPTO_CIPHER_SUITE.getKey() + " should be configured 
when " + Property.CRYPTO_CIPHER_KEY_ALGORITHM_NAME.getKey() + " is set.");
+    if ((cipherSuite.equals(NULL_CIPHER) || keyAlgorithm.equals(NULL_CIPHER)) 
&& !cipherSuite.equals(keyAlgorithm)) {
+      fatal(Property.CRYPTO_CIPHER_SUITE.getKey() + " and " + 
Property.CRYPTO_CIPHER_KEY_ALGORITHM_NAME + " must both be configured.");
     }
 
-    if (!cipherSuite.equals("NullCipher") && 
keyAlgorithm.equals("NullCipher")) {
-      fatal(Property.CRYPTO_CIPHER_KEY_ALGORITHM_NAME.getKey() + " should be 
configured when " + Property.CRYPTO_CIPHER_SUITE.getKey() + " is set.");
+    if (cryptoModule.equals(NULL_CRYPTO_MODULE) && 
!secretKeyEncryptionStrategy.equals(NULL_SECRET_KEY_ENCRYPTION_STRATEGY)) {
 
 Review comment:
   There's value in consistent style. Lasted push updated this, too

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to