This is an automated email from the ASF dual-hosted git repository. spmallette pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tinkerpop.git
commit 6083dc4fcb214df64be72483f8779d81e73c0fac Merge: a233097 bb0a9df Author: Stephen Mallette <sp...@genoprime.com> AuthorDate: Wed Feb 26 15:36:41 2020 -0500 Merge branch '3.4-dev' CHANGELOG.asciidoc | 3 + .../apache/tinkerpop/gremlin/driver/Cluster.java | 17 ++++- .../apache/tinkerpop/gremlin/driver/Settings.java | 9 +++ .../tinkerpop/gremlin/driver/SettingsTest.java | 2 + .../gremlin/server/AbstractChannelizer.java | 6 +- .../apache/tinkerpop/gremlin/server/Settings.java | 5 ++ .../AbstractGremlinServerIntegrationTest.java | 2 + .../gremlin/server/GremlinServerIntegrateTest.java | 2 + .../server/GremlinServerSslIntegrateTest.java | 78 ++++++++++++++++++++++ 9 files changed, 119 insertions(+), 5 deletions(-) diff --cc gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java index 21d1619,77cd465..e6987c1 --- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java +++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java @@@ -265,41 -272,58 +265,43 @@@ public abstract class AbstractChanneliz final SslContextBuilder builder; - // DEPRECATED: If the config has the required, deprecated settings, then use it - if (null != sslSettings.keyCertChainFile && null != sslSettings.keyFile) { - logger.warn("Using deprecated SSL keyFile support"); - final File keyCertChainFile = new File(sslSettings.keyCertChainFile); - final File keyFile = new File(sslSettings.keyFile); - final File trustCertChainFile = null == sslSettings.trustCertChainFile ? null : new File(sslSettings.trustCertChainFile); - - // note that keyPassword may be null here if the keyFile is not - // password-protected. passing null to - // trustManager is also ok (default will be used) - builder = SslContextBuilder.forServer(keyCertChainFile, keyFile, sslSettings.keyPassword).trustManager(trustCertChainFile); - } else { - - // Build JSSE SSLContext - try { - final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - - // Load private key and signed cert - if (null != sslSettings.keyStore) { - final String keyStoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType; - final KeyStore keystore = KeyStore.getInstance(keyStoreType); - final char[] password = null == sslSettings.keyStorePassword ? null : sslSettings.keyStorePassword.toCharArray(); - try (final InputStream in = new FileInputStream(sslSettings.keyStore)) { - keystore.load(in, password); - } - kmf.init(keystore, password); - } else { - throw new IllegalStateException("keyStore must be configured when SSL is enabled."); + // Build JSSE SSLContext + try { + final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + + // Load private key and signed cert + if (null != sslSettings.keyStore) { + final String keyStoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType; + final KeyStore keystore = KeyStore.getInstance(keyStoreType); + final char[] password = null == sslSettings.keyStorePassword ? null : sslSettings.keyStorePassword.toCharArray(); + try (final InputStream in = new FileInputStream(sslSettings.keyStore)) { + keystore.load(in, password); } + kmf.init(keystore, password); + } else { + throw new IllegalStateException("keyStore must be configured when SSL is enabled."); + } - builder = SslContextBuilder.forServer(kmf); + builder = SslContextBuilder.forServer(kmf); - // Load custom truststore for client auth certs - if (null != sslSettings.trustStore) { - final String trustStoreType = null != sslSettings.trustStoreType ? sslSettings.trustStoreType + // Load custom truststore for client auth certs + if (null != sslSettings.trustStore) { - final String keystoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType; - final KeyStore truststore = KeyStore.getInstance(keystoreType); ++ final String trustStoreType = null != sslSettings.trustStoreType ? sslSettings.trustStoreType + : sslSettings.keyStoreType != null ? sslSettings.keyStoreType : KeyStore.getDefaultType(); + - final KeyStore truststore = KeyStore.getInstance(trustStoreType); - final char[] password = null == sslSettings.trustStorePassword ? null : sslSettings.trustStorePassword.toCharArray(); - try (final InputStream in = new FileInputStream(sslSettings.trustStore)) { - truststore.load(in, password); - } - final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(truststore); - builder.trustManager(tmf); ++ final KeyStore truststore = KeyStore.getInstance(trustStoreType); + final char[] password = null == sslSettings.trustStorePassword ? null : sslSettings.trustStorePassword.toCharArray(); + try (final InputStream in = new FileInputStream(sslSettings.trustStore)) { + truststore.load(in, password); } - - } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) { - logger.error(e.getMessage()); - throw new RuntimeException("There was an error enabling SSL.", e); + final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(truststore); + builder.trustManager(tmf); } + } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) { + logger.error(e.getMessage()); + throw new RuntimeException("There was an error enabling SSL.", e); } if (null != sslSettings.sslCipherSuites && !sslSettings.sslCipherSuites.isEmpty()) {