This is an automated email from the ASF dual-hosted git repository.
spmallette pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tinkerpop.git
commit 6083dc4fcb214df64be72483f8779d81e73c0fac
Merge: a233097 bb0a9df
Author: Stephen Mallette <sp...@genoprime.com>
AuthorDate: Wed Feb 26 15:36:41 2020 -0500
Merge branch '3.4-dev'
CHANGELOG.asciidoc | 3 +
.../apache/tinkerpop/gremlin/driver/Cluster.java | 17 ++++-
.../apache/tinkerpop/gremlin/driver/Settings.java | 9 +++
.../tinkerpop/gremlin/driver/SettingsTest.java | 2 +
.../gremlin/server/AbstractChannelizer.java | 6 +-
.../apache/tinkerpop/gremlin/server/Settings.java | 5 ++
.../AbstractGremlinServerIntegrationTest.java | 2 +
.../gremlin/server/GremlinServerIntegrateTest.java | 2 +
.../server/GremlinServerSslIntegrateTest.java | 78 ++++++++++++++++++++++
9 files changed, 119 insertions(+), 5 deletions(-)
diff --cc
gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
index 21d1619,77cd465..e6987c1
---
a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
+++
b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
@@@ -265,41 -272,58 +265,43 @@@ public abstract class AbstractChanneliz
final SslContextBuilder builder;
- // DEPRECATED: If the config has the required, deprecated settings,
then use it
- if (null != sslSettings.keyCertChainFile && null !=
sslSettings.keyFile) {
- logger.warn("Using deprecated SSL keyFile support");
- final File keyCertChainFile = new
File(sslSettings.keyCertChainFile);
- final File keyFile = new File(sslSettings.keyFile);
- final File trustCertChainFile = null ==
sslSettings.trustCertChainFile ? null : new
File(sslSettings.trustCertChainFile);
-
- // note that keyPassword may be null here if the keyFile is not
- // password-protected. passing null to
- // trustManager is also ok (default will be used)
- builder = SslContextBuilder.forServer(keyCertChainFile, keyFile,
sslSettings.keyPassword).trustManager(trustCertChainFile);
- } else {
-
- // Build JSSE SSLContext
- try {
- final KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-
- // Load private key and signed cert
- if (null != sslSettings.keyStore) {
- final String keyStoreType = null ==
sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType;
- final KeyStore keystore =
KeyStore.getInstance(keyStoreType);
- final char[] password = null ==
sslSettings.keyStorePassword ? null :
sslSettings.keyStorePassword.toCharArray();
- try (final InputStream in = new
FileInputStream(sslSettings.keyStore)) {
- keystore.load(in, password);
- }
- kmf.init(keystore, password);
- } else {
- throw new IllegalStateException("keyStore must be
configured when SSL is enabled.");
+ // Build JSSE SSLContext
+ try {
+ final KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+
+ // Load private key and signed cert
+ if (null != sslSettings.keyStore) {
+ final String keyStoreType = null == sslSettings.keyStoreType
? KeyStore.getDefaultType() : sslSettings.keyStoreType;
+ final KeyStore keystore = KeyStore.getInstance(keyStoreType);
+ final char[] password = null == sslSettings.keyStorePassword
? null : sslSettings.keyStorePassword.toCharArray();
+ try (final InputStream in = new
FileInputStream(sslSettings.keyStore)) {
+ keystore.load(in, password);
}
+ kmf.init(keystore, password);
+ } else {
+ throw new IllegalStateException("keyStore must be configured
when SSL is enabled.");
+ }
- builder = SslContextBuilder.forServer(kmf);
+ builder = SslContextBuilder.forServer(kmf);
- // Load custom truststore for client auth certs
- if (null != sslSettings.trustStore) {
- final String trustStoreType = null !=
sslSettings.trustStoreType ? sslSettings.trustStoreType
+ // Load custom truststore for client auth certs
+ if (null != sslSettings.trustStore) {
- final String keystoreType = null == sslSettings.keyStoreType
? KeyStore.getDefaultType() : sslSettings.keyStoreType;
- final KeyStore truststore =
KeyStore.getInstance(keystoreType);
++ final String trustStoreType = null !=
sslSettings.trustStoreType ? sslSettings.trustStoreType
+ : sslSettings.keyStoreType != null ?
sslSettings.keyStoreType : KeyStore.getDefaultType();
+
- final KeyStore truststore =
KeyStore.getInstance(trustStoreType);
- final char[] password = null ==
sslSettings.trustStorePassword ? null :
sslSettings.trustStorePassword.toCharArray();
- try (final InputStream in = new
FileInputStream(sslSettings.trustStore)) {
- truststore.load(in, password);
- }
- final TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(truststore);
- builder.trustManager(tmf);
++ final KeyStore truststore =
KeyStore.getInstance(trustStoreType);
+ final char[] password = null ==
sslSettings.trustStorePassword ? null :
sslSettings.trustStorePassword.toCharArray();
+ try (final InputStream in = new
FileInputStream(sslSettings.trustStore)) {
+ truststore.load(in, password);
}
-
- } catch (UnrecoverableKeyException | NoSuchAlgorithmException |
KeyStoreException | CertificateException | IOException e) {
- logger.error(e.getMessage());
- throw new RuntimeException("There was an error enabling
SSL.", e);
+ final TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(truststore);
+ builder.trustManager(tmf);
}
+ } catch (UnrecoverableKeyException | NoSuchAlgorithmException |
KeyStoreException | CertificateException | IOException e) {
+ logger.error(e.getMessage());
+ throw new RuntimeException("There was an error enabling SSL.", e);
}
if (null != sslSettings.sslCipherSuites &&
!sslSettings.sslCipherSuites.isEmpty()) {
