This is an automated email from the ASF dual-hosted git repository. justinchen pushed a commit to branch opc-small-fix-13 in repository https://gitbox.apache.org/repos/asf/iotdb.git
commit 6b4301de4857e95541bbfd316e76976c5ea41d5b Author: Caideyipi <[email protected]> AuthorDate: Mon Mar 30 17:13:02 2026 +0800 fix --- .../pipe/sink/protocol/opcua/server/OpcUaKeyStoreLoader.java | 12 +++++++++--- .../db/pipe/sink/protocol/opcua/server/OpcUaNameSpace.java | 7 +++++-- .../pipe/sink/protocol/opcua/server/OpcUaServerBuilder.java | 1 + 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaKeyStoreLoader.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaKeyStoreLoader.java index 56b231fb460..f79d15bb941 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaKeyStoreLoader.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaKeyStoreLoader.java @@ -30,6 +30,8 @@ import org.slf4j.LoggerFactory; import java.io.File; import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; import java.nio.file.Files; import java.nio.file.Path; import java.security.Key; @@ -61,8 +63,8 @@ class OpcUaKeyStoreLoader { LOGGER.info("Loading KeyStore at {}", serverKeyStore); if (serverKeyStore.exists()) { - try { - keyStore.load(Files.newInputStream(serverKeyStore.toPath()), password); + try (InputStream is = Files.newInputStream(serverKeyStore.toPath())){ + keyStore.load(is, password); } catch (final IOException e) { LOGGER.warn("Load keyStore failed, the existing keyStore may be stale, re-constructing..."); FileUtils.deleteFileOrDirectory(serverKeyStore); @@ -105,7 +107,9 @@ class OpcUaKeyStoreLoader { keyStore.setKeyEntry( SERVER_ALIAS, keyPair.getPrivate(), password, new X509Certificate[] {certificate}); - keyStore.store(Files.newOutputStream(serverKeyStore.toPath()), password); + try (final OutputStream os = Files.newOutputStream(serverKeyStore.toPath())) { + keyStore.store(os, password); + } } final Key serverPrivateKey = keyStore.getKey(SERVER_ALIAS, password); @@ -114,6 +118,8 @@ class OpcUaKeyStoreLoader { final PublicKey serverPublicKey = serverCertificate.getPublicKey(); serverKeyPair = new KeyPair(serverPublicKey, (PrivateKey) serverPrivateKey); + } else { + throw new Exception("Invalid keyStore"); } return this; diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaNameSpace.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaNameSpace.java index 04cc251d655..43144cbdd15 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaNameSpace.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaNameSpace.java @@ -91,8 +91,11 @@ public class OpcUaNameSpace extends ManagedNamespaceWithLifecycle { @Override public void shutdown() { - getServer().shutdown(); - builder.close(); + try { + getServer().shutdown(); + } finally { + builder.close(); + } } }); } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaServerBuilder.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaServerBuilder.java index 61818ecf852..f029031b617 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaServerBuilder.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/pipe/sink/protocol/opcua/server/OpcUaServerBuilder.java @@ -117,6 +117,7 @@ public class OpcUaServerBuilder implements Closeable { return this; } + // Must be a modifiable set. public OpcUaServerBuilder setSecurityPolicies(final Set<SecurityPolicy> securityPolicies) { this.securityPolicies = securityPolicies; return this;
