maulin-vasavada commented on code in PR #3908:
URL: https://github.com/apache/cassandra/pull/3908#discussion_r1974215190
##########
src/java/org/apache/cassandra/security/FileBasedSslContextFactory.java:
##########
@@ -294,5 +301,38 @@ protected boolean passwordMatchesIfPresent(String
keyPassword)
{
return StringUtils.isEmpty(password) ||
keyPassword.equals(password);
}
+
+ private static String resolvePassword(String keystoreFilePath, String
password, String passwordFilePath)
+ {
+ if (password != null)
+ return password;
+
+ if (StringUtils.isEmpty(passwordFilePath))
+ return password;
+
+ File keystorePasswordFile = new File(passwordFilePath);
+
+ if (!keystorePasswordFile.exists())
+ {
+ final String msg = format("keystore password file %s does not
exist", keystorePasswordFile.path());
+ throw new ConfigurationException(msg);
+ }
+
+ try
+ {
+ // we expect a password to be on the first line
+ List<String> lines = FileUtils.readLines(keystorePasswordFile);
Review Comment:
I feel it should be okay to have the real first line expectation. Any
password configuration gets many eyes for review generally so it should be
straightforward to remove first empty line if that got there by accident. Also,
as you note we do not support comments either with `#` in this file preceding
the password. For me, that is intentional. I don't see a strong reason to make
it less strict by allowing empty first line.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
