[GitHub] [hbase] meszibalu commented on a diff in pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores

Tue, 30 Aug 2022 09:20:17 -0700 


meszibalu commented on code in PR #4747:
URL: https://github.com/apache/hbase/pull/4747#discussion_r958686273


##########
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/X509Util.java:
##########
@@ -225,27 +226,26 @@ public static SslContext 
createSslContextForServer(Configuration config)
    * @return the key manager.
    * @throws KeyManagerException if something goes wrong.
    */
-  static X509KeyManager createKeyManager(String keyStoreLocation, String 
keyStorePassword,
+  static X509KeyManager createKeyManager(String keyStoreLocation, char[] 
keyStorePassword,
     String keyStoreType) throws KeyManagerException {
 
-    if (keyStorePassword == null) {
-      keyStorePassword = "";
-    }
-
     if (keyStoreType == null) {
       keyStoreType = "jks";
     }
 
+    if (keyStorePassword == null) {
+      keyStorePassword = EMPTY_CHAR_ARRAY;
+    }
+
     try {
-      char[] password = keyStorePassword.toCharArray();
       KeyStore ks = KeyStore.getInstance(keyStoreType);
       try (InputStream inputStream =
         new BufferedInputStream(Files.newInputStream(new 
File(keyStoreLocation).toPath()))) {

Review Comment:
   ```suggestion
         try (InputStream inputStream = 
Files.newInputStream(Paths.get(trustStoreLocation))) {
   ```



##########
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/X509Util.java:
##########
@@ -272,23 +272,22 @@ static X509KeyManager createKeyManager(String 
keyStoreLocation, String keyStoreP
    * @return the trust manager.
    * @throws TrustManagerException if something goes wrong.
    */
-  static X509TrustManager createTrustManager(String trustStoreLocation, String 
trustStorePassword,
+  static X509TrustManager createTrustManager(String trustStoreLocation, char[] 
trustStorePassword,
     String trustStoreType, boolean crlEnabled, boolean ocspEnabled) throws 
TrustManagerException {
 
-    if (trustStorePassword == null) {
-      trustStorePassword = "";
-    }
-
     if (trustStoreType == null) {
       trustStoreType = "jks";
     }
 
+    if (trustStorePassword == null) {
+      trustStorePassword = EMPTY_CHAR_ARRAY;
+    }
+
     try {
-      char[] password = trustStorePassword.toCharArray();
       KeyStore ts = KeyStore.getInstance(trustStoreType);
       try (InputStream inputStream =

Review Comment:
   Same here.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@hbase.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to