[GitHub] flink pull request #6355: [FLINK-9878][network][ssl] add more low-level ssl ...

Mon, 23 Jul 2018 02:29:53 -0700 

Github user pnowojski commented on a diff in the pull request:

    https://github.com/apache/flink/pull/6355#discussion_r204329262
  
    --- Diff: 
flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java ---
    @@ -249,14 +357,73 @@ public static SSLContext 
createSSLServerContext(Configuration sslConfig) throws
     
                        // Set up key manager factory to use the server key 
store
                        KeyManagerFactory kmf = KeyManagerFactory.getInstance(
    -                                   
KeyManagerFactory.getDefaultAlgorithm());
    +                           KeyManagerFactory.getDefaultAlgorithm());
                        kmf.init(ks, certPassword.toCharArray());
     
    +                   return new SSLServerConfiguration(
    +                           sslProtocolVersion,
    +                           sslCipherSuites,
    +                           kmf,
    +                           sessionCacheSize,
    +                           sessionTimeoutMs,
    +                           handshakeTimeoutMs,
    +                           closeNotifyFlushTimeoutMs);
    +           }
    +
    +           return null;
    +   }
    +
    +   /**
    +    * Creates the SSL Context for the server assuming SSL is configured.
    +    *
    +    * @param sslConfig
    +    *        The application configuration
    +    * @return The SSLContext object which can be used by the ssl transport 
server
    +    * @throws Exception
    +    *         Thrown if there is any misconfiguration
    +    */
    +   @Nullable
    +   public static SSLContext createSSLServerContext(SSLServerConfiguration 
sslConfig) throws Exception {
    +           Preconditions.checkNotNull(sslConfig);
    +
    +           LOG.debug("Creating server SSL context from configuration");
    +           SSLContext serverSSLContext = 
SSLContext.getInstance(sslConfig.sslProtocolVersion);
    +           
serverSSLContext.init(sslConfig.keyManagerFactory.getKeyManagers(), null, null);
    +           if (sslConfig.sessionCacheSize >= 0) {
    +                   
serverSSLContext.getServerSessionContext().setSessionCacheSize(sslConfig.sessionCacheSize);
    +           }
    +           if (sslConfig.sessionTimeoutMs >= 0) {
    +                   
serverSSLContext.getServerSessionContext().setSessionTimeout(sslConfig.sessionTimeoutMs
 / 1000);
    +           }
    +
    +           return serverSSLContext;
    +   }
    +
    +   /**
    +    * Creates the SSL Context for the server if SSL is configured.
    +    *
    +    * @param sslConfig
    +    *        The application configuration
    +    * @return The SSLContext object which can be used by the ssl transport 
server
    +    *             Returns null if SSL is disabled
    +    * @throws Exception
    +    *         Thrown if there is any misconfiguration
    +    */
    +   @Nullable
    +   public static SSLContext createSSLServerContext(Configuration 
sslConfig) throws Exception {
    +
    +           Preconditions.checkNotNull(sslConfig);
    +           SSLContext serverSSLContext = null;
    +
    +           if (getSSLEnabled(sslConfig)) {
    --- End diff --
    
    ditto: reverse if branch and `Optional`


---

Reply via email to