[kudu-CR] [Java] Fix TLS truststore init for FIPS providers

Sat, 10 Jan 2026 02:10:20 -0800 

Marton Greber has submitted this change and it was merged. ( 
http://gerrit.cloudera.org:8080/23841 )

Change subject: [Java] Fix TLS truststore init for FIPS providers
......................................................................

[Java] Fix TLS truststore init for FIPS providers

In some field deployments running with a proprietary FIPS-compliant
crypto provider, the default KeyStore implementation rejects
KeyStore.load((LoadStoreParameter) null) with
IllegalArgumentException("'param' arg cannot be null"), causing TLS
trust-store construction in SecurityContext.trustCertificates() to fail.

Fix SecurityContext to initialize the in-memory KeyStore via
load(null, new char[0]) instead of the 1-arg overload, avoiding the
null-parameter path while preserving "empty keystore" semantics.
This is not a breaking change: both calls are valid KeyStore
initialization forms and for JDK keystores load(null, ...) is the
documented way [1] to create an empty KeyStore. We only make the
initialization more compatible with FIPS-oriented providers.

[1]: 
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/KeyStore.html#load(java.io.InputStream,char%5B%5D)

Change-Id: I361341146c9115a17df182c397dbf4119ec68464
Reviewed-on: http://gerrit.cloudera.org:8080/23841
Tested-by: Marton Greber <[email protected]>
Reviewed-by: Zoltan Chovan <[email protected]>
Reviewed-by: Alexey Serbin <[email protected]>
---
M java/kudu-client/src/main/java/org/apache/kudu/client/SecurityContext.java
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Marton Greber: Verified
  Zoltan Chovan: Looks good to me, approved
  Alexey Serbin: Looks good to me, approved

--
To view, visit http://gerrit.cloudera.org:8080/23841
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I361341146c9115a17df182c397dbf4119ec68464
Gerrit-Change-Number: 23841
Gerrit-PatchSet: 2
Gerrit-Owner: Marton Greber <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Attila Bukor <[email protected]>
Gerrit-Reviewer: Kudu Jenkins (120)
Gerrit-Reviewer: Marton Greber <[email protected]>
Gerrit-Reviewer: Zoltan Chovan <[email protected]>

Reply via email to