Copilot commented on code in PR #15994:
URL: https://github.com/apache/iotdb/pull/15994#discussion_r2227278856
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/pool/TableSessionPoolBuilder.java:
##########
@@ -255,24 +255,24 @@ public TableSessionPoolBuilder useSSL(boolean useSSL) {
/**
* Sets the trust store path for SSL connections.
*
Review Comment:
The parameter name in the javadoc comment is incorrect. It should be '@param
trustStore' not '@param keyStore' since the method parameter is named
'trustStore'.
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/TableSessionBuilder.java:
##########
@@ -213,24 +213,24 @@ public TableSessionBuilder useSSL(boolean useSSL) {
/**
* Sets the trust store path for SSL connections.
*
- * @param keyStore the trust store path.
+ * @param trustStore the trust store path.
* @return the current {@link TableSessionBuilder} instance.
* @defaultValue null
*/
- public TableSessionBuilder trustStore(String keyStore) {
- this.trustStore = keyStore;
+ public TableSessionBuilder trustStore(String trustStore) {
+ this.trustStore = trustStore;
return this;
}
/**
* Sets the trust store password for SSL connections.
*
Review Comment:
The parameter name in the javadoc comment is incorrect. It should be '@param
trustStorePwd' not '@param keyStorePwd' since the method parameter is named
'trustStorePwd'.
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/pool/TableSessionPoolBuilder.java:
##########
@@ -255,24 +255,24 @@ public TableSessionPoolBuilder useSSL(boolean useSSL) {
/**
* Sets the trust store path for SSL connections.
*
- * @param keyStore the trust store path.
+ * @param trustStore the trust store path.
* @return the current {@link TableSessionPoolBuilder} instance.
* @defaultValue null
*/
- public TableSessionPoolBuilder trustStore(String keyStore) {
- this.trustStore = keyStore;
+ public TableSessionPoolBuilder trustStore(String trustStore) {
+ this.trustStore = trustStore;
return this;
}
/**
* Sets the trust store password for SSL connections.
*
Review Comment:
The parameter name in the javadoc comment is incorrect. It should be '@param
trustStorePwd' not '@param keyStorePwd' since the method parameter is named
'trustStorePwd'.
##########
iotdb-core/ainode/ainode/core/config.py:
##########
@@ -301,6 +333,21 @@ def _load_config_from_file(self) -> None:
int(file_configs["ain_thrift_compression_enabled"])
)
+ if "ain_internal_ssl_enabled" in config_keys:
Review Comment:
The configuration loading for 'ain_cluster_ingress_ssl_enabled' is missing.
While 'ain_internal_ssl_enabled' is loaded, there's no corresponding loading
for 'ain_cluster_ingress_ssl_enabled' which is referenced in other parts of the
code.
##########
iotdb-core/consensus/src/main/java/org/apache/iotdb/consensus/ratis/utils/Utils.java:
##########
@@ -345,6 +356,38 @@ public static void initRatisConfig(RaftProperties
properties, RatisConfig config
final TimeDuration clientMaxRetryGap =
getMaxRetrySleepTime(config.getClient());
RaftServerConfigKeys.RetryCache.setExpiryTime(properties,
clientMaxRetryGap);
+
+ Parameters parameters = new Parameters();
+ if (config.getGrpc().isEnableSSL()) {
+ String keyStorePath = config.getGrpc().getSslKeyStorePath();
+ String keyStorePassword = config.getGrpc().getSslKeyStorePassword();
+ String trustStorePath = config.getGrpc().getSslTrustStorePath();
+ String trustStorePassword = config.getGrpc().getSslTrustStorePassword();
+ try {
+ // === 1) create KeyManager ===
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(
+ Files.newInputStream(Paths.get(keyStorePath)),
keyStorePassword.toCharArray());
+
+ KeyManagerFactory kmf =
+
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(keyStore, keyStorePassword.toCharArray());
+ KeyManager keyManager = kmf.getKeyManagers()[0];
+
+ // === 2) create TrustManager ===
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+ trustStore.load(
+ Files.newInputStream(Paths.get(trustStorePath)),
trustStorePassword.toCharArray());
+
+ TrustManagerFactory tmf =
+
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(trustStore);
+ TrustManager trustManager = tmf.getTrustManagers()[0];
+ GrpcConfigKeys.TLS.setConf(parameters, new GrpcTlsConfig(keyManager,
trustManager, true));
+ } catch (Exception ignored) {
Review Comment:
SSL configuration exceptions are being silently ignored. This could lead to
security issues where SSL appears to be configured but is actually failing
silently. Consider logging the exception or throwing a more specific exception.
##########
iotdb-client/session/src/main/java/org/apache/iotdb/session/TableSessionBuilder.java:
##########
@@ -213,24 +213,24 @@ public TableSessionBuilder useSSL(boolean useSSL) {
/**
* Sets the trust store path for SSL connections.
*
Review Comment:
The parameter name in the javadoc comment is incorrect. It should be '@param
trustStore' not '@param keyStore' since the method parameter is named
'trustStore'.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
