zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anmolnar <...@git.apache.org>
Subject [GitHub] zookeeper pull request #678: ZOOKEEPER-3173: Quorum TLS - support PEM trust/...
Date Mon, 29 Oct 2018 15:20:46 GMT
Github user anmolnar commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/678#discussion_r228958680
  
    --- Diff: zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java ---
    @@ -167,47 +222,50 @@ public SSLContext createSSLContext(ZKConfig config) throws SSLContextException
{
             KeyManager[] keyManagers = null;
             TrustManager[] trustManagers = null;
     
    -        String keyStoreLocationProp = config.getProperty(sslKeystoreLocationProperty);
    -        String keyStorePasswordProp = config.getProperty(sslKeystorePasswdProperty);
    +        String keyStoreLocationProp = config.getProperty(sslKeystoreLocationProperty,
"");
    +        String keyStorePasswordProp = config.getProperty(sslKeystorePasswdProperty, "");
    +        String keyStoreTypeProp = config.getProperty(sslKeystoreTypeProperty);
     
             // There are legal states in some use cases for null KeyManager or TrustManager.
    -        // But if a user wanna specify one, location and password are required.
    +        // But if a user wanna specify one, location is required. Password defaults to
empty string if it is not
    +        // specified by the user.
     
    -        if (keyStoreLocationProp == null && keyStorePasswordProp == null) {
    +        if (keyStoreLocationProp.isEmpty()) {
                 LOG.warn(getSslKeystoreLocationProperty() + " not specified");
             } else {
    -            if (keyStoreLocationProp == null) {
    -                throw new SSLContextException(getSslKeystoreLocationProperty() + " not
specified");
    -            }
    -            if (keyStorePasswordProp == null) {
    -                throw new SSLContextException(getSslKeystorePasswdProperty() + " not
specified");
    -            }
                 try {
    +                StoreFileType keyStoreType = StoreFileType.fromPropertyValue(keyStoreTypeProp);
                     keyManagers = new KeyManager[]{
    -                        createKeyManager(keyStoreLocationProp, keyStorePasswordProp)};
    +                        createKeyManager(keyStoreLocationProp, keyStorePasswordProp,
keyStoreType)};
                 } catch (KeyManagerException keyManagerException) {
                     throw new SSLContextException("Failed to create KeyManager", keyManagerException);
    +            } catch (IllegalArgumentException e) {
    +                throw new SSLContextException("Bad value for " + sslKeystoreTypeProperty
+ ": " + keyStoreTypeProp, e);
                 }
             }
     
    -        String trustStoreLocationProp = config.getProperty(sslTruststoreLocationProperty);
    -        String trustStorePasswordProp = config.getProperty(sslTruststorePasswdProperty);
    +        String trustStoreLocationProp = config.getProperty(sslTruststoreLocationProperty,
"");
    --- End diff --
    
    Same here. Previously it was checked against null value, why have you changed that?


---

Mime
View raw message