weizhouapache commented on code in PR #11055:
URL: https://github.com/apache/cloudstack/pull/11055#discussion_r2155437602
##########
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapContextFactory.java:
##########
@@ -72,8 +72,32 @@ private void enableSSL(final Hashtable<String, String>
environment, Long domainI
if (sslStatus) {
s_logger.info("LDAP SSL enabled.");
environment.put(Context.SECURITY_PROTOCOL, "ssl");
- System.setProperty("javax.net.ssl.trustStore",
_ldapConfiguration.getTrustStore(domainId));
- System.setProperty("javax.net.ssl.trustStorePassword",
_ldapConfiguration.getTrustStorePassword(domainId));
+ String trustStore = _ldapConfiguration.getTrustStore(domainId);
+ String trustStorePassword =
_ldapConfiguration.getTrustStorePassword(domainId);
+
+ if (!validateTrustStore(trustStore, trustStorePassword)) {
+ throw new RuntimeException("Invalid truststore or truststore
password");
+ }
+
+ System.setProperty("javax.net.ssl.trustStore", trustStore);
+ System.setProperty("javax.net.ssl.trustStorePassword",
trustStorePassword);
+ }
+ }
+
+ private boolean validateTrustStore(String trustStore, String
trustStorePassword) {
+ if (trustStore == null || trustStorePassword == null) {
+ return false;
+ }
+
+ try {
+ java.security.KeyStore.getInstance("JKS").load(
+ new java.io.FileInputStream(trustStore),
+ trustStorePassword.toCharArray()
Review Comment:
why not import KeyStore and FileInputStream ?
##########
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapContextFactory.java:
##########
@@ -72,8 +72,32 @@ private void enableSSL(final Hashtable<String, String>
environment, Long domainI
if (sslStatus) {
s_logger.info("LDAP SSL enabled.");
environment.put(Context.SECURITY_PROTOCOL, "ssl");
- System.setProperty("javax.net.ssl.trustStore",
_ldapConfiguration.getTrustStore(domainId));
- System.setProperty("javax.net.ssl.trustStorePassword",
_ldapConfiguration.getTrustStorePassword(domainId));
+ String trustStore = _ldapConfiguration.getTrustStore(domainId);
+ String trustStorePassword =
_ldapConfiguration.getTrustStorePassword(domainId);
+
+ if (!validateTrustStore(trustStore, trustStorePassword)) {
+ throw new RuntimeException("Invalid truststore or truststore
password");
+ }
+
+ System.setProperty("javax.net.ssl.trustStore", trustStore);
+ System.setProperty("javax.net.ssl.trustStorePassword",
trustStorePassword);
+ }
+ }
+
+ private boolean validateTrustStore(String trustStore, String
trustStorePassword) {
+ if (trustStore == null || trustStorePassword == null) {
Review Comment:
my opinion
- if (trustStore == null), return true
- otherwise, validate truststore by truststorepassword (even if it is null)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
