Repository: cassandra Updated Branches: refs/heads/cassandra-2.2 ab2b8a60c -> 19b4b637a refs/heads/cassandra-3.0 5dbeef3f5 -> 4238cdd99 refs/heads/trunk cb1a63474 -> 6d43fc981
CqlConfigHelper no longer requires both a keystore and truststore to work. patch by Jacek Lewandowski; reviewed by Jeremiah Jordan for CASSANDRA-11532 Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/19b4b637 Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/19b4b637 Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/19b4b637 Branch: refs/heads/cassandra-2.2 Commit: 19b4b637ac79b5d53b9384bd95bed8e08b43f111 Parents: ab2b8a6 Author: Jacek Lewandowski <lewandowski.ja...@gmail.com> Authored: Fri Apr 8 10:31:00 2016 -0500 Committer: Aleksey Yeschenko <alek...@apache.org> Committed: Mon Apr 11 20:02:27 2016 +0100 ---------------------------------------------------------------------- CHANGES.txt | 1 + .../cassandra/hadoop/cql3/CqlConfigHelper.java | 58 +++++++++++++------- 2 files changed, 40 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cassandra/blob/19b4b637/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index 419ed21..54013a3 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 2.2.6 + * CqlConfigHelper no longer requires both a keystore and truststore to work (CASSANDRA-11532) * Make deprecated repair methods backward-compatible with previous notification service (CASSANDRA-11430) * IncomingStreamingConnection version check message wrong (CASSANDRA-11462) * DatabaseDescriptor should log stacktrace in case of Eception during seed provider creation (CASSANDRA-11312) http://git-wip-us.apache.org/repos/asf/cassandra/blob/19b4b637/src/java/org/apache/cassandra/hadoop/cql3/CqlConfigHelper.java ---------------------------------------------------------------------- diff --git a/src/java/org/apache/cassandra/hadoop/cql3/CqlConfigHelper.java b/src/java/org/apache/cassandra/hadoop/cql3/CqlConfigHelper.java index fe62ea7..35cdca8 100644 --- a/src/java/org/apache/cassandra/hadoop/cql3/CqlConfigHelper.java +++ b/src/java/org/apache/cassandra/hadoop/cql3/CqlConfigHelper.java @@ -517,13 +517,13 @@ public class CqlConfigHelper Optional<String> truststorePassword = getInputNativeSSLTruststorePassword(conf); Optional<String> keystorePassword = getInputNativeSSLKeystorePassword(conf); Optional<String> cipherSuites = getInputNativeSSLCipherSuites(conf); - - if (truststorePath.isPresent() && keystorePath.isPresent() && truststorePassword.isPresent() && keystorePassword.isPresent()) + + if (truststorePath.isPresent()) { SSLContext context; try { - context = getSSLContext(truststorePath.get(), truststorePassword.get(), keystorePath.get(), keystorePassword.get()); + context = getSSLContext(truststorePath, truststorePassword, keystorePath, keystorePassword); } catch (UnrecoverableKeyException | KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) @@ -585,26 +585,46 @@ public class CqlConfigHelper } } - private static SSLContext getSSLContext(String truststorePath, String truststorePassword, String keystorePath, String keystorePassword) - throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, UnrecoverableKeyException, KeyManagementException + private static SSLContext getSSLContext(Optional<String> truststorePath, + Optional<String> truststorePassword, + Optional<String> keystorePath, + Optional<String> keystorePassword) + throws NoSuchAlgorithmException, + KeyStoreException, + CertificateException, + IOException, + UnrecoverableKeyException, + KeyManagementException { - SSLContext ctx; - try (FileInputStream tsf = new FileInputStream(truststorePath); FileInputStream ksf = new FileInputStream(keystorePath)) - { - ctx = SSLContext.getInstance("SSL"); + SSLContext ctx = SSLContext.getInstance("SSL"); - KeyStore ts = KeyStore.getInstance("JKS"); - ts.load(tsf, truststorePassword.toCharArray()); - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(ts); - - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(ksf, keystorePassword.toCharArray()); - KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - kmf.init(ks, keystorePassword.toCharArray()); + TrustManagerFactory tmf = null; + if (truststorePath.isPresent()) + { + try (FileInputStream tsf = new FileInputStream(truststorePath.get())) + { + KeyStore ts = KeyStore.getInstance("JKS"); + ts.load(tsf, truststorePassword.isPresent() ? truststorePassword.get().toCharArray() : null); + tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(ts); + } + } - ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); + KeyManagerFactory kmf = null; + if (keystorePath.isPresent()) + { + try (FileInputStream ksf = new FileInputStream(keystorePath.get())) + { + KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(ksf, keystorePassword.isPresent() ? keystorePassword.get().toCharArray() : null); + kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(ks, keystorePassword.isPresent() ? keystorePassword.get().toCharArray() : null); + } } + + ctx.init(kmf != null ? kmf.getKeyManagers() : null, + tmf != null ? tmf.getTrustManagers() : null, + new SecureRandom()); return ctx; } }