ptupitsyn commented on code in PR #1690:
URL: https://github.com/apache/ignite-3/pull/1690#discussion_r1112102652
##########
modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java:
##########
@@ -228,11 +242,75 @@ private Map<String, Object> properties(int port, int
sslPort) {
"micronaut.server.ssl.key-store.password",
keyStorePassword,
"micronaut.server.ssl.key-store.type", keyStoreType
);
+
+ ClientAuth clientAuth =
ClientAuth.valueOf(sslCfg.clientAuth().value().toUpperCase());
+ if (ClientAuth.NONE == clientAuth) {
+ return micronautSslConfig;
+ }
+
+
+ String trustStorePath = sslCfg.trustStore().path().value();
+ // todo: replace with configuration-level validation
https://issues.apache.org/jira/browse/IGNITE-18850
+ validateTrustStore(trustStorePath);
+
+ String trustStoreType = sslCfg.trustStore().type().value();
+ String trustStorePassword = sslCfg.trustStore().password().value();
+
+ Map<String, Object> micronautClientAuthConfig = Map.of(
+ "micronaut.server.ssl.client-authentication",
toMicronautClientAuth(clientAuth),
+ "micronaut.server.ssl.trust-store.path", "file:" +
trustStorePath,
+ "micronaut.server.ssl.trust-store.password",
trustStorePassword,
+ "micronaut.server.ssl.trust-store.type", trustStoreType
+ );
+
+ HashMap<String, Object> result = new HashMap<>();
+ result.putAll(micronautSslConfig);
+ result.putAll(micronautClientAuthConfig);
+
+ return result;
} else {
return Map.of("micronaut.server.port", port);
}
}
+ private static void validateKeyStorePath(String keyStorePath) {
+ if (keyStorePath.trim().isEmpty()) {
+ throw new IgniteException(
+ Common.UNEXPECTED_ERR,
Review Comment:
Here and below - I think we should use
`ErrorGroups.Common.SSL_CONFIGURATION_ERR`.
##########
modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java:
##########
@@ -228,11 +242,75 @@ private Map<String, Object> properties(int port, int
sslPort) {
"micronaut.server.ssl.key-store.password",
keyStorePassword,
"micronaut.server.ssl.key-store.type", keyStoreType
);
+
+ ClientAuth clientAuth =
ClientAuth.valueOf(sslCfg.clientAuth().value().toUpperCase());
+ if (ClientAuth.NONE == clientAuth) {
+ return micronautSslConfig;
+ }
+
+
+ String trustStorePath = sslCfg.trustStore().path().value();
+ // todo: replace with configuration-level validation
https://issues.apache.org/jira/browse/IGNITE-18850
+ validateTrustStore(trustStorePath);
+
+ String trustStoreType = sslCfg.trustStore().type().value();
+ String trustStorePassword = sslCfg.trustStore().password().value();
+
+ Map<String, Object> micronautClientAuthConfig = Map.of(
+ "micronaut.server.ssl.client-authentication",
toMicronautClientAuth(clientAuth),
+ "micronaut.server.ssl.trust-store.path", "file:" +
trustStorePath,
+ "micronaut.server.ssl.trust-store.password",
trustStorePassword,
+ "micronaut.server.ssl.trust-store.type", trustStoreType
+ );
+
+ HashMap<String, Object> result = new HashMap<>();
+ result.putAll(micronautSslConfig);
+ result.putAll(micronautClientAuthConfig);
+
+ return result;
} else {
return Map.of("micronaut.server.port", port);
}
}
+ private static void validateKeyStorePath(String keyStorePath) {
+ if (keyStorePath.trim().isEmpty()) {
+ throw new IgniteException(
+ Common.UNEXPECTED_ERR,
+ "Trust store path is not configured. Please check your
rest.ssl.keyStore.path configuration."
+ );
+ }
+ if (!Files.exists(Path.of(keyStorePath))) {
Review Comment:
Do we need those checks for existing file? Can Micronaut take care of this
for us?
##########
modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java:
##########
@@ -228,11 +242,75 @@ private Map<String, Object> properties(int port, int
sslPort) {
"micronaut.server.ssl.key-store.password",
keyStorePassword,
"micronaut.server.ssl.key-store.type", keyStoreType
);
+
+ ClientAuth clientAuth =
ClientAuth.valueOf(sslCfg.clientAuth().value().toUpperCase());
+ if (ClientAuth.NONE == clientAuth) {
+ return micronautSslConfig;
+ }
+
+
+ String trustStorePath = sslCfg.trustStore().path().value();
+ // todo: replace with configuration-level validation
https://issues.apache.org/jira/browse/IGNITE-18850
+ validateTrustStore(trustStorePath);
+
+ String trustStoreType = sslCfg.trustStore().type().value();
+ String trustStorePassword = sslCfg.trustStore().password().value();
+
+ Map<String, Object> micronautClientAuthConfig = Map.of(
+ "micronaut.server.ssl.client-authentication",
toMicronautClientAuth(clientAuth),
+ "micronaut.server.ssl.trust-store.path", "file:" +
trustStorePath,
+ "micronaut.server.ssl.trust-store.password",
trustStorePassword,
+ "micronaut.server.ssl.trust-store.type", trustStoreType
+ );
+
+ HashMap<String, Object> result = new HashMap<>();
+ result.putAll(micronautSslConfig);
+ result.putAll(micronautClientAuthConfig);
+
+ return result;
} else {
return Map.of("micronaut.server.port", port);
}
}
+ private static void validateKeyStorePath(String keyStorePath) {
+ if (keyStorePath.trim().isEmpty()) {
+ throw new IgniteException(
+ Common.UNEXPECTED_ERR,
+ "Trust store path is not configured. Please check your
rest.ssl.keyStore.path configuration."
+ );
+ }
+ if (!Files.exists(Path.of(keyStorePath))) {
Review Comment:
Here and below - please add a blank line between code blocks for readability
(not sure why checkstyle does not catch this).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
