zookeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From h...@apache.org
Subject zookeeper git commit: ZOOKEEPER-2581: Not handled NullPointerException while creating key manager and trustManager
Date Mon, 11 Sep 2017 20:57:36 GMT
Repository: zookeeper
Updated Branches:
  refs/heads/branch-3.5 4051b38bd -> 88c1c9347


ZOOKEEPER-2581: Not handled NullPointerException while creating key manager and trustManager

- when **zookeeper.ssl.keyStore.password**    is null,**keyStorePasswordProp** is **null**
,then **keyStorePassword.toCharArray()** is called,it will throw a NPE. we should handle this
NPE gracefully
- I just follow an example from [createSSLContext](https://github.com/apache/zookeeper/blob/master/src/java/main/org/apache/zookeeper/common/X509Util.java#L87)

Author: maoling <maoling199210191@sina.com>

Reviewers: Enrico Olivelli <eolivelli@gmail.com>, Michael Han <hanm@apache.org>

Closes #339 from maoling/ZOOKEEPER-2581


Project: http://git-wip-us.apache.org/repos/asf/zookeeper/repo
Commit: http://git-wip-us.apache.org/repos/asf/zookeeper/commit/88c1c934
Tree: http://git-wip-us.apache.org/repos/asf/zookeeper/tree/88c1c934
Diff: http://git-wip-us.apache.org/repos/asf/zookeeper/diff/88c1c934

Branch: refs/heads/branch-3.5
Commit: 88c1c934785e5c0964f433c4af83e22da2d0bdff
Parents: 4051b38
Author: maoling <maoling199210191@sina.com>
Authored: Mon Sep 11 13:56:46 2017 -0700
Committer: Michael Han <hanm@apache.org>
Committed: Mon Sep 11 13:57:30 2017 -0700

----------------------------------------------------------------------
 .../server/auth/X509AuthenticationProvider.java | 46 ++++++++++++++------
 1 file changed, 33 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/zookeeper/blob/88c1c934/src/java/main/org/apache/zookeeper/server/auth/X509AuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/src/java/main/org/apache/zookeeper/server/auth/X509AuthenticationProvider.java
b/src/java/main/org/apache/zookeeper/server/auth/X509AuthenticationProvider.java
index 902b307..93bc8fc 100644
--- a/src/java/main/org/apache/zookeeper/server/auth/X509AuthenticationProvider.java
+++ b/src/java/main/org/apache/zookeeper/server/auth/X509AuthenticationProvider.java
@@ -27,6 +27,7 @@ import javax.security.auth.x500.X500Principal;
 
 import org.apache.zookeeper.KeeperException;
 import org.apache.zookeeper.common.ZKConfig;
+import org.apache.zookeeper.common.X509Exception;
 import org.apache.zookeeper.common.X509Exception.KeyManagerException;
 import org.apache.zookeeper.common.X509Exception.TrustManagerException;
 import org.apache.zookeeper.common.X509Util;
@@ -64,7 +65,7 @@ public class X509AuthenticationProvider implements AuthenticationProvider
{
      * <br/><code>zookeeper.ssl.keyStore.password</code>
      * <br/><code>zookeeper.ssl.trustStore.password</code>
      */
-    public X509AuthenticationProvider() {
+    public X509AuthenticationProvider() throws X509Exception {
         String keyStoreLocationProp = System.getProperty(
                 ZKConfig.SSL_KEYSTORE_LOCATION);
         String keyStorePasswordProp = System.getProperty(
@@ -72,25 +73,44 @@ public class X509AuthenticationProvider implements AuthenticationProvider
{
 
         X509KeyManager km = null;
         X509TrustManager tm = null;
-        try {
-            km = X509Util.createKeyManager(
-                    keyStoreLocationProp, keyStorePasswordProp);
-        } catch (KeyManagerException e) {
-            LOG.error("Failed to create key manager", e);
+        if (keyStoreLocationProp == null && keyStorePasswordProp == null) {
+            LOG.warn("keystore not specified for client connection");
+        } else {
+            if (keyStoreLocationProp == null) {
+                throw new X509Exception("keystore location not specified for client connection");
+            }
+            if (keyStorePasswordProp == null) {
+                throw new X509Exception("keystore password not specified for client connection");
+            }
+            try {
+                km = X509Util.createKeyManager(
+                        keyStoreLocationProp, keyStorePasswordProp);
+            } catch (KeyManagerException e) {
+                LOG.error("Failed to create key manager", e);
+            }
         }
-
+        
         String trustStoreLocationProp = System.getProperty(
                 ZKConfig.SSL_TRUSTSTORE_LOCATION);
         String trustStorePasswordProp = System.getProperty(
                 ZKConfig.SSL_TRUSTSTORE_PASSWD);
 
-        try {
-            tm = X509Util.createTrustManager(
-                    trustStoreLocationProp, trustStorePasswordProp);
-        } catch (TrustManagerException e) {
-            LOG.error("Failed to create trust manager", e);
+        if (trustStoreLocationProp == null && trustStorePasswordProp == null) {
+            LOG.warn("Truststore not specified for client connection");
+        } else {
+            if (trustStoreLocationProp == null) {
+                throw new X509Exception("Truststore location not specified for client connection");
+            }
+            if (trustStorePasswordProp == null) {
+                throw new X509Exception("Truststore password not specified for client connection");
+            }
+            try {
+                tm = X509Util.createTrustManager(
+                        trustStoreLocationProp, trustStorePasswordProp);
+            } catch (TrustManagerException e) {
+                LOG.error("Failed to create trust manager", e);
+            }
         }
-
         this.keyManager = km;
         this.trustManager = tm;
     }


Mime
View raw message