This is an automated email from the ASF dual-hosted git repository.
zixuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 6d3e483bab0 [fix][client] Fix load the trust store file (#19483)
6d3e483bab0 is described below
commit 6d3e483bab0f960b21cb521fb3908eccd55993b6
Author: Zixuan Liu <[email protected]>
AuthorDate: Fri Feb 24 17:09:20 2023 +0800
[fix][client] Fix load the trust store file (#19483)
Signed-off-by: Zixuan Liu <[email protected]>
---
.../util/keystoretls/KeyStoreSSLContext.java | 30 +++++++++++++---------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git
a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
index 4ed1826cfe9..c717127d085 100644
---
a/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
+++
b/pulsar-common/src/main/java/org/apache/pulsar/common/util/keystoretls/KeyStoreSSLContext.java
@@ -34,6 +34,7 @@ import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
@@ -150,25 +151,30 @@ public class KeyStoreSSLContext {
}
// trust store
- TrustManagerFactory trustManagerFactory;
+ TrustManagerFactory trustManagerFactory = null;
if (this.allowInsecureConnection) {
trustManagerFactory = InsecureTrustManagerFactory.INSTANCE;
} else {
- trustManagerFactory = provider != null
- ? TrustManagerFactory.getInstance(tmfAlgorithm, provider)
- : TrustManagerFactory.getInstance(tmfAlgorithm);
- KeyStore trustStore = KeyStore.getInstance(trustStoreTypeString);
- char[] passwordChars = trustStorePassword.toCharArray();
- try (FileInputStream inputStream = new
FileInputStream(trustStorePath)) {
- trustStore.load(inputStream, passwordChars);
+ if (!Strings.isNullOrEmpty(trustStorePath)) {
+ trustManagerFactory = provider != null
+ ? TrustManagerFactory.getInstance(tmfAlgorithm,
provider)
+ : TrustManagerFactory.getInstance(tmfAlgorithm);
+ KeyStore trustStore =
KeyStore.getInstance(trustStoreTypeString);
+ char[] passwordChars = trustStorePassword.toCharArray();
+ try (FileInputStream inputStream = new
FileInputStream(trustStorePath)) {
+ trustStore.load(inputStream, passwordChars);
+ }
+ trustManagerFactory.init(trustStore);
}
- trustManagerFactory.init(trustStore);
+ }
+
+ TrustManager[] trustManagers = null;
+ if (trustManagerFactory != null) {
+ trustManagers =
SecurityUtility.processConscryptTrustManagers(trustManagerFactory.getTrustManagers());
}
// init
- sslContext.init(keyManagers, SecurityUtility
-
.processConscryptTrustManagers(trustManagerFactory.getTrustManagers()),
- new SecureRandom());
+ sslContext.init(keyManagers, trustManagers, new SecureRandom());
this.sslContext = sslContext;
return sslContext;
}
