zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ivmaykov <...@git.apache.org>
Subject [GitHub] zookeeper pull request #678: ZOOKEEPER-3173: Quorum TLS - support PEM trust/...
Date Fri, 02 Nov 2018 15:50:30 GMT
Github user ivmaykov commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/678#discussion_r230421926
  
    --- Diff: zookeeper-server/src/main/java/org/apache/zookeeper/common/X509Util.java ---
    @@ -221,27 +229,47 @@ public SSLContext createSSLContext(ZKConfig config) throws SSLContextException
{
             }
         }
     
    -    public static X509KeyManager createKeyManager(String keyStoreLocation, String keyStorePassword)
    +    /**
    +     * Creates a key manager by loading the key store from the given file of
    +     * the given type, optionally decrypting it using the given password.
    +     * @param keyStoreLocation the location of the key store file.
    +     * @param keyStorePassword optional password to decrypt the key store. If
    +     *                         empty, assumes the key store is not encrypted.
    +     * @param keyStoreTypeProp must be JKS, PEM, or null. If null, attempts to
    +     *                         autodetect the key store type from the file
    +     *                         extension (.jks / .pem).
    +     * @return the key manager.
    +     * @throws KeyManagerException if something goes wrong.
    +     */
    +    public static X509KeyManager createKeyManager(
    +            String keyStoreLocation,
    +            String keyStorePassword,
    +            String keyStoreTypeProp)
                 throws KeyManagerException {
             FileInputStream inputStream = null;
    +        if (keyStorePassword == null) {
    +            keyStorePassword = "";
    +        }
             try {
    -            char[] keyStorePasswordChars = keyStorePassword.toCharArray();
    -            File keyStoreFile = new File(keyStoreLocation);
    -            KeyStore ks = KeyStore.getInstance("JKS");
    -            inputStream = new FileInputStream(keyStoreFile);
    -            ks.load(inputStream, keyStorePasswordChars);
    +            KeyStoreFileType storeFileType =
    --- End diff --
    
    Will fix. This also made me realize that `JKSFileLoader` and `PEMFileLoader` are leaking
file input streams. Will fix that as well.


---

Mime
View raw message