kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ij...@apache.org
Subject kafka git commit: MINOR: Always specify the keystore type in system tests
Date Fri, 08 Sep 2017 01:30:07 GMT
Repository: kafka
Updated Branches:
  refs/heads/trunk a1ec6527d -> 07a428e0c


MINOR: Always specify the keystore type in system tests

Also throw an exception if a null keystore type is seen
in `SecurityStore`. This should never happen.

The default keystore type has changed in Java 9 (
http://openjdk.java.net/jeps/229), so we need to
be explicit to have consistent behaviour across
Java versions.

Author: Ismael Juma <ismael@juma.me.uk>

Reviewers: Rajini Sivaram <rajinisivaram@googlemail.com>

Closes #3808 from ijuma/set-jks-explicitly-in-system-tests


Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/07a428e0
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/07a428e0
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/07a428e0

Branch: refs/heads/trunk
Commit: 07a428e0c8fea498f084f5918fa88d5334ae8028
Parents: a1ec652
Author: Ismael Juma <ismael@juma.me.uk>
Authored: Fri Sep 8 02:29:03 2017 +0100
Committer: Ismael Juma <ismael@juma.me.uk>
Committed: Fri Sep 8 02:29:03 2017 +0100

----------------------------------------------------------------------
 .../org/apache/kafka/common/security/ssl/SslFactory.java  |  4 +++-
 tests/kafkatest/services/security/security_config.py      | 10 +++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kafka/blob/07a428e0/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java
----------------------------------------------------------------------
diff --git a/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java b/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java
index 6572488..c7905bb 100644
--- a/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java
+++ b/clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java
@@ -29,6 +29,7 @@ import java.security.KeyStore;
 import java.security.SecureRandom;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
@@ -204,7 +205,8 @@ public class SslFactory implements Configurable {
         private final Password password;
 
         private SecurityStore(String type, String path, Password password) {
-            this.type = type == null ? KeyStore.getDefaultType() : type;
+            Objects.requireNonNull(type, "type must not be null");
+            this.type = type;
             this.path = path;
             this.password = password;
         }

http://git-wip-us.apache.org/repos/asf/kafka/blob/07a428e0/tests/kafkatest/services/security/security_config.py
----------------------------------------------------------------------
diff --git a/tests/kafkatest/services/security/security_config.py b/tests/kafkatest/services/security/security_config.py
index beb3795..89ffe01 100644
--- a/tests/kafkatest/services/security/security_config.py
+++ b/tests/kafkatest/services/security/security_config.py
@@ -65,11 +65,11 @@ class SslStores(object):
         csr_path = os.path.join(ks_dir, "test.kafka.csr")
         crt_path = os.path.join(ks_dir, "test.kafka.crt")
 
-        self.runcmd("keytool -genkeypair -alias kafka -keyalg RSA -keysize 2048 -keystore
%s -storepass %s -keypass %s -dname CN=systemtest -ext SAN=DNS:%s -startdate %s" % (ks_path,
self.keystore_passwd, self.key_passwd, self.hostname(node), self.startdate))
-        self.runcmd("keytool -certreq -keystore %s -storepass %s -keypass %s -alias kafka
-file %s" % (ks_path, self.keystore_passwd, self.key_passwd, csr_path))
-        self.runcmd("keytool -gencert -keystore %s -storepass %s -alias ca -infile %s -outfile
%s -dname CN=systemtest -ext SAN=DNS:%s -startdate %s" % (self.ca_jks_path, self.ca_passwd,
csr_path, crt_path, self.hostname(node), self.startdate))
-        self.runcmd("keytool -importcert -keystore %s -storepass %s -alias ca -file %s -noprompt"
% (ks_path, self.keystore_passwd, self.ca_crt_path))
-        self.runcmd("keytool -importcert -keystore %s -storepass %s -keypass %s -alias kafka
-file %s -noprompt" % (ks_path, self.keystore_passwd, self.key_passwd, crt_path))
+        self.runcmd("keytool -genkeypair -alias kafka -keyalg RSA -keysize 2048 -keystore
%s -storepass %s -storetype JKS -keypass %s -dname CN=systemtest -ext SAN=DNS:%s -startdate
%s" % (ks_path, self.keystore_passwd, self.key_passwd, self.hostname(node), self.startdate))
+        self.runcmd("keytool -certreq -keystore %s -storepass %s -storetype JKS -keypass
%s -alias kafka -file %s" % (ks_path, self.keystore_passwd, self.key_passwd, csr_path))
+        self.runcmd("keytool -gencert -keystore %s -storepass %s -storetype JKS -alias ca
-infile %s -outfile %s -dname CN=systemtest -ext SAN=DNS:%s -startdate %s" % (self.ca_jks_path,
self.ca_passwd, csr_path, crt_path, self.hostname(node), self.startdate))
+        self.runcmd("keytool -importcert -keystore %s -storepass %s -storetype JKS -alias
ca -file %s -noprompt" % (ks_path, self.keystore_passwd, self.ca_crt_path))
+        self.runcmd("keytool -importcert -keystore %s -storepass %s -storetype JKS -keypass
%s -alias kafka -file %s -noprompt" % (ks_path, self.keystore_passwd, self.key_passwd, crt_path))
         node.account.copy_to(ks_path, SecurityConfig.KEYSTORE_PATH)
         rmtree(ks_dir)
 


Mime
View raw message