You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by GitBox <gi...@apache.org> on 2022/08/30 12:14:12 UTC
[GitHub] [hbase] anmolnar opened a new pull request, #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
anmolnar opened a new pull request, #4747:
URL: https://github.com/apache/hbase/pull/4747
cc @bbeaudreault @Apache9 @apurtell
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4747:
URL: https://github.com/apache/hbase/pull/4747#issuecomment-1232383340
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 19s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +0 :ok: | shelldocs | 0m 0s | Shelldocs was not available. |
| +1 :green_heart: | hbaseanti | 0m 0s | Patch does not have any anti-patterns. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 12s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 2m 9s | master passed |
| +1 :green_heart: | compile | 6m 14s | master passed |
| +1 :green_heart: | checkstyle | 1m 0s | master passed |
| +1 :green_heart: | spotless | 0m 39s | branch has no errors when running spotless:check. |
| +1 :green_heart: | spotbugs | 9m 50s | master passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 11s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 2m 12s | the patch passed |
| +1 :green_heart: | compile | 6m 10s | the patch passed |
| +1 :green_heart: | javac | 6m 10s | the patch passed |
| +1 :green_heart: | checkstyle | 0m 59s | the patch passed |
| +1 :green_heart: | shellcheck | 0m 1s | There were no new shellcheck issues. |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | hadoopcheck | 7m 49s | Patch does not cause any errors with Hadoop 3.2.4 3.3.4. |
| +1 :green_heart: | spotless | 0m 39s | patch has no errors when running spotless:check. |
| +1 :green_heart: | spotbugs | 10m 11s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | asflicense | 0m 38s | The patch does not generate ASF License warnings. |
| | | 55m 8s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/3/artifact/yetus-general-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4747 |
| Optional Tests | dupname asflicense spotless shellcheck shelldocs javac spotbugs hadoopcheck hbaseanti checkstyle compile |
| uname | Linux 35cc7e8c8cf5 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 61f02fc011 |
| Default Java | AdoptOpenJDK-1.8.0_282-b08 |
| Max. process+thread count | 139 (vs. ulimit of 30000) |
| modules | C: hbase-common hbase-client hbase-server . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/3/console |
| versions | git=2.17.1 maven=3.6.3 shellcheck=0.4.6 spotbugs=4.2.2 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] anmolnar commented on a diff in pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
anmolnar commented on code in PR #4747:
URL: https://github.com/apache/hbase/pull/4747#discussion_r958892912
##########
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/X509Util.java:
##########
@@ -225,27 +226,26 @@ public static SslContext createSslContextForServer(Configuration config)
* @return the key manager.
* @throws KeyManagerException if something goes wrong.
*/
- static X509KeyManager createKeyManager(String keyStoreLocation, String keyStorePassword,
+ static X509KeyManager createKeyManager(String keyStoreLocation, char[] keyStorePassword,
String keyStoreType) throws KeyManagerException {
- if (keyStorePassword == null) {
- keyStorePassword = "";
- }
-
if (keyStoreType == null) {
keyStoreType = "jks";
}
+ if (keyStorePassword == null) {
+ keyStorePassword = EMPTY_CHAR_ARRAY;
+ }
+
try {
- char[] password = keyStorePassword.toCharArray();
KeyStore ks = KeyStore.getInstance(keyStoreType);
try (InputStream inputStream =
new BufferedInputStream(Files.newInputStream(new File(keyStoreLocation).toPath()))) {
Review Comment:
Why should we use unbuffered stream here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4747:
URL: https://github.com/apache/hbase/pull/4747#issuecomment-1231924212
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 39s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 13s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 2m 40s | master passed |
| +1 :green_heart: | compile | 1m 43s | master passed |
| +1 :green_heart: | shadedjars | 3m 55s | branch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 38s | master passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 10s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 2m 25s | the patch passed |
| +1 :green_heart: | compile | 1m 43s | the patch passed |
| +1 :green_heart: | javac | 1m 43s | the patch passed |
| +1 :green_heart: | shadedjars | 3m 52s | patch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 34s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 248m 39s | root in the patch passed. |
| | | 274m 51s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/1/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4747 |
| Optional Tests | javac javadoc unit shadedjars compile |
| uname | Linux 5aa539768e72 5.4.0-1081-aws #88~18.04.1-Ubuntu SMP Thu Jun 23 16:29:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 61f02fc011 |
| Default Java | AdoptOpenJDK-11.0.10+9 |
| Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/1/testReport/ |
| Max. process+thread count | 4700 (vs. ulimit of 30000) |
| modules | C: hbase-common hbase-client hbase-server . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/1/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] anmolnar commented on a diff in pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
anmolnar commented on code in PR #4747:
URL: https://github.com/apache/hbase/pull/4747#discussion_r958972207
##########
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/X509Util.java:
##########
@@ -272,23 +272,22 @@ static X509KeyManager createKeyManager(String keyStoreLocation, String keyStoreP
* @return the trust manager.
* @throws TrustManagerException if something goes wrong.
*/
- static X509TrustManager createTrustManager(String trustStoreLocation, String trustStorePassword,
+ static X509TrustManager createTrustManager(String trustStoreLocation, char[] trustStorePassword,
String trustStoreType, boolean crlEnabled, boolean ocspEnabled) throws TrustManagerException {
- if (trustStorePassword == null) {
- trustStorePassword = "";
- }
-
if (trustStoreType == null) {
trustStoreType = "jks";
}
+ if (trustStorePassword == null) {
+ trustStorePassword = EMPTY_CHAR_ARRAY;
+ }
+
try {
- char[] password = trustStorePassword.toCharArray();
KeyStore ts = KeyStore.getInstance(trustStoreType);
try (InputStream inputStream =
Review Comment:
Done.
##########
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/X509Util.java:
##########
@@ -225,27 +226,26 @@ public static SslContext createSslContextForServer(Configuration config)
* @return the key manager.
* @throws KeyManagerException if something goes wrong.
*/
- static X509KeyManager createKeyManager(String keyStoreLocation, String keyStorePassword,
+ static X509KeyManager createKeyManager(String keyStoreLocation, char[] keyStorePassword,
String keyStoreType) throws KeyManagerException {
- if (keyStorePassword == null) {
- keyStorePassword = "";
- }
-
if (keyStoreType == null) {
keyStoreType = "jks";
}
+ if (keyStorePassword == null) {
+ keyStorePassword = EMPTY_CHAR_ARRAY;
+ }
+
try {
- char[] password = keyStorePassword.toCharArray();
KeyStore ks = KeyStore.getInstance(keyStoreType);
try (InputStream inputStream =
new BufferedInputStream(Files.newInputStream(new File(keyStoreLocation).toPath()))) {
Review Comment:
Done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4747:
URL: https://github.com/apache/hbase/pull/4747#issuecomment-1232512544
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 39s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 13s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 2m 55s | master passed |
| +1 :green_heart: | compile | 1m 53s | master passed |
| +1 :green_heart: | shadedjars | 4m 4s | branch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 53s | master passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 9s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 2m 43s | the patch passed |
| +1 :green_heart: | compile | 1m 52s | the patch passed |
| +1 :green_heart: | javac | 1m 52s | the patch passed |
| +1 :green_heart: | shadedjars | 3m 59s | patch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 39s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 251m 40s | root in the patch passed. |
| | | 278m 23s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/3/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4747 |
| Optional Tests | javac javadoc unit shadedjars compile |
| uname | Linux 4cc9b6ab8303 5.4.0-1081-aws #88~18.04.1-Ubuntu SMP Thu Jun 23 16:29:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 61f02fc011 |
| Default Java | AdoptOpenJDK-11.0.10+9 |
| Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/3/testReport/ |
| Max. process+thread count | 4934 (vs. ulimit of 30000) |
| modules | C: hbase-common hbase-client hbase-server . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/3/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] meszibalu commented on pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
meszibalu commented on PR #4747:
URL: https://github.com/apache/hbase/pull/4747#issuecomment-1232780611
Signed-off-by: Andrew Purtell <ap...@apache.org>
Signed-off-by: Duo Zhang <zh...@apache.org>
Signed-off-by: Balazs Meszaros <me...@apache.org>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] meszibalu commented on a diff in pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
meszibalu commented on code in PR #4747:
URL: https://github.com/apache/hbase/pull/4747#discussion_r958686273
##########
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/X509Util.java:
##########
@@ -225,27 +226,26 @@ public static SslContext createSslContextForServer(Configuration config)
* @return the key manager.
* @throws KeyManagerException if something goes wrong.
*/
- static X509KeyManager createKeyManager(String keyStoreLocation, String keyStorePassword,
+ static X509KeyManager createKeyManager(String keyStoreLocation, char[] keyStorePassword,
String keyStoreType) throws KeyManagerException {
- if (keyStorePassword == null) {
- keyStorePassword = "";
- }
-
if (keyStoreType == null) {
keyStoreType = "jks";
}
+ if (keyStorePassword == null) {
+ keyStorePassword = EMPTY_CHAR_ARRAY;
+ }
+
try {
- char[] password = keyStorePassword.toCharArray();
KeyStore ks = KeyStore.getInstance(keyStoreType);
try (InputStream inputStream =
new BufferedInputStream(Files.newInputStream(new File(keyStoreLocation).toPath()))) {
Review Comment:
```suggestion
try (InputStream inputStream = Files.newInputStream(Paths.get(trustStoreLocation))) {
```
##########
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/X509Util.java:
##########
@@ -272,23 +272,22 @@ static X509KeyManager createKeyManager(String keyStoreLocation, String keyStoreP
* @return the trust manager.
* @throws TrustManagerException if something goes wrong.
*/
- static X509TrustManager createTrustManager(String trustStoreLocation, String trustStorePassword,
+ static X509TrustManager createTrustManager(String trustStoreLocation, char[] trustStorePassword,
String trustStoreType, boolean crlEnabled, boolean ocspEnabled) throws TrustManagerException {
- if (trustStorePassword == null) {
- trustStorePassword = "";
- }
-
if (trustStoreType == null) {
trustStoreType = "jks";
}
+ if (trustStorePassword == null) {
+ trustStorePassword = EMPTY_CHAR_ARRAY;
+ }
+
try {
- char[] password = trustStorePassword.toCharArray();
KeyStore ts = KeyStore.getInstance(trustStoreType);
try (InputStream inputStream =
Review Comment:
Same here.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4747:
URL: https://github.com/apache/hbase/pull/4747#issuecomment-1231687551
:broken_heart: **-1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 41s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +0 :ok: | shelldocs | 0m 1s | Shelldocs was not available. |
| +1 :green_heart: | hbaseanti | 0m 0s | Patch does not have any anti-patterns. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 19s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 4m 34s | master passed |
| +1 :green_heart: | compile | 13m 47s | master passed |
| +1 :green_heart: | checkstyle | 2m 1s | master passed |
| +1 :green_heart: | spotless | 1m 15s | branch has no errors when running spotless:check. |
| +1 :green_heart: | spotbugs | 15m 29s | master passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 13s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 4m 18s | the patch passed |
| +1 :green_heart: | compile | 11m 33s | the patch passed |
| +1 :green_heart: | javac | 11m 33s | the patch passed |
| -0 :warning: | checkstyle | 1m 28s | root: The patch generated 5 new + 0 unchanged - 0 fixed = 5 total (was 0) |
| +1 :green_heart: | shellcheck | 0m 1s | There were no new shellcheck issues. |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | hadoopcheck | 8m 23s | Patch does not cause any errors with Hadoop 3.2.4 3.3.4. |
| -1 :x: | spotless | 0m 14s | patch has 56 errors when running spotless:check, run spotless:apply to fix. |
| +1 :green_heart: | spotbugs | 10m 15s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | asflicense | 0m 40s | The patch does not generate ASF License warnings. |
| | | 81m 26s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/1/artifact/yetus-general-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4747 |
| Optional Tests | dupname asflicense spotless shellcheck shelldocs javac spotbugs hadoopcheck hbaseanti checkstyle compile |
| uname | Linux c3322fbeca26 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 61f02fc011 |
| Default Java | AdoptOpenJDK-1.8.0_282-b08 |
| checkstyle | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/1/artifact/yetus-general-check/output/diff-checkstyle-root.txt |
| spotless | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/1/artifact/yetus-general-check/output/patch-spotless.txt |
| Max. process+thread count | 137 (vs. ulimit of 30000) |
| modules | C: hbase-common hbase-client hbase-server . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/1/console |
| versions | git=2.17.1 maven=3.6.3 shellcheck=0.4.6 spotbugs=4.2.2 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] meszibalu merged pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
meszibalu merged PR #4747:
URL: https://github.com/apache/hbase/pull/4747
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4747:
URL: https://github.com/apache/hbase/pull/4747#issuecomment-1232121545
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 20s | Docker mode activated. |
||| _ Prechecks _ |
| +1 :green_heart: | dupname | 0m 0s | No case conflicting files found. |
| +0 :ok: | shelldocs | 0m 0s | Shelldocs was not available. |
| +1 :green_heart: | hbaseanti | 0m 0s | Patch does not have any anti-patterns. |
| +1 :green_heart: | @author | 0m 0s | The patch does not contain any @author tags. |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 12s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 2m 33s | master passed |
| +1 :green_heart: | compile | 6m 19s | master passed |
| +1 :green_heart: | checkstyle | 1m 2s | master passed |
| +1 :green_heart: | spotless | 0m 42s | branch has no errors when running spotless:check. |
| +1 :green_heart: | spotbugs | 9m 55s | master passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 10s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 2m 14s | the patch passed |
| +1 :green_heart: | compile | 6m 14s | the patch passed |
| +1 :green_heart: | javac | 6m 14s | the patch passed |
| +1 :green_heart: | checkstyle | 1m 0s | the patch passed |
| +1 :green_heart: | shellcheck | 0m 2s | There were no new shellcheck issues. |
| +1 :green_heart: | whitespace | 0m 0s | The patch has no whitespace issues. |
| +1 :green_heart: | hadoopcheck | 8m 8s | Patch does not cause any errors with Hadoop 3.2.4 3.3.4. |
| +1 :green_heart: | spotless | 0m 39s | patch has no errors when running spotless:check. |
| +1 :green_heart: | spotbugs | 10m 19s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | asflicense | 0m 39s | The patch does not generate ASF License warnings. |
| | | 56m 24s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/2/artifact/yetus-general-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4747 |
| Optional Tests | dupname asflicense spotless shellcheck shelldocs javac spotbugs hadoopcheck hbaseanti checkstyle compile |
| uname | Linux e68802b8febb 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 61f02fc011 |
| Default Java | AdoptOpenJDK-1.8.0_282-b08 |
| Max. process+thread count | 139 (vs. ulimit of 30000) |
| modules | C: hbase-common hbase-client hbase-server . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/2/console |
| versions | git=2.17.1 maven=3.6.3 shellcheck=0.4.6 spotbugs=4.2.2 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] anmolnar commented on a diff in pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
anmolnar commented on code in PR #4747:
URL: https://github.com/apache/hbase/pull/4747#discussion_r958892912
##########
hbase-common/src/main/java/org/apache/hadoop/hbase/io/crypto/tls/X509Util.java:
##########
@@ -225,27 +226,26 @@ public static SslContext createSslContextForServer(Configuration config)
* @return the key manager.
* @throws KeyManagerException if something goes wrong.
*/
- static X509KeyManager createKeyManager(String keyStoreLocation, String keyStorePassword,
+ static X509KeyManager createKeyManager(String keyStoreLocation, char[] keyStorePassword,
String keyStoreType) throws KeyManagerException {
- if (keyStorePassword == null) {
- keyStorePassword = "";
- }
-
if (keyStoreType == null) {
keyStoreType = "jks";
}
+ if (keyStorePassword == null) {
+ keyStorePassword = EMPTY_CHAR_ARRAY;
+ }
+
try {
- char[] password = keyStorePassword.toCharArray();
KeyStore ks = KeyStore.getInstance(keyStoreType);
try (InputStream inputStream =
new BufferedInputStream(Files.newInputStream(new File(keyStoreLocation).toPath()))) {
Review Comment:
Why should we use unbuffered stream here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4747:
URL: https://github.com/apache/hbase/pull/4747#issuecomment-1232606577
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 6s | Docker mode activated. |
| -0 :warning: | yetus | 0m 4s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 16s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 2m 11s | master passed |
| +1 :green_heart: | compile | 1m 37s | master passed |
| +1 :green_heart: | shadedjars | 3m 46s | branch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 26s | master passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 11s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 2m 11s | the patch passed |
| +1 :green_heart: | compile | 1m 36s | the patch passed |
| +1 :green_heart: | javac | 1m 36s | the patch passed |
| +1 :green_heart: | shadedjars | 3m 46s | patch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 18s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 359m 42s | root in the patch passed. |
| | | 383m 32s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/3/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4747 |
| Optional Tests | javac javadoc unit shadedjars compile |
| uname | Linux 273f63dcb29e 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 61f02fc011 |
| Default Java | AdoptOpenJDK-1.8.0_282-b08 |
| Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/3/testReport/ |
| Max. process+thread count | 4032 (vs. ulimit of 30000) |
| modules | C: hbase-common hbase-client hbase-server . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/3/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4747:
URL: https://github.com/apache/hbase/pull/4747#issuecomment-1232288202
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 0m 38s | Docker mode activated. |
| -0 :warning: | yetus | 0m 3s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 13s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 2m 34s | master passed |
| +1 :green_heart: | compile | 1m 42s | master passed |
| +1 :green_heart: | shadedjars | 3m 56s | branch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 43s | master passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 10s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 2m 31s | the patch passed |
| +1 :green_heart: | compile | 1m 43s | the patch passed |
| +1 :green_heart: | javac | 1m 43s | the patch passed |
| +1 :green_heart: | shadedjars | 3m 55s | patch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 35s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 249m 38s | root in the patch passed. |
| | | 274m 49s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/2/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4747 |
| Optional Tests | javac javadoc unit shadedjars compile |
| uname | Linux 9ebf068a3173 5.4.0-1081-aws #88~18.04.1-Ubuntu SMP Thu Jun 23 16:29:17 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 61f02fc011 |
| Default Java | AdoptOpenJDK-11.0.10+9 |
| Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/2/testReport/ |
| Max. process+thread count | 4882 (vs. ulimit of 30000) |
| modules | C: hbase-common hbase-client hbase-server . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/2/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4747:
URL: https://github.com/apache/hbase/pull/4747#issuecomment-1232351717
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 1m 8s | Docker mode activated. |
| -0 :warning: | yetus | 0m 4s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 9s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 2m 21s | master passed |
| +1 :green_heart: | compile | 1m 41s | master passed |
| +1 :green_heart: | shadedjars | 3m 46s | branch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 20s | master passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 11s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 2m 15s | the patch passed |
| +1 :green_heart: | compile | 1m 38s | the patch passed |
| +1 :green_heart: | javac | 1m 38s | the patch passed |
| +1 :green_heart: | shadedjars | 3m 47s | patch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 21s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 358m 48s | root in the patch passed. |
| | | 383m 11s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/2/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4747 |
| Optional Tests | javac javadoc unit shadedjars compile |
| uname | Linux 61f6c1548580 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 61f02fc011 |
| Default Java | AdoptOpenJDK-1.8.0_282-b08 |
| Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/2/testReport/ |
| Max. process+thread count | 4160 (vs. ulimit of 30000) |
| modules | C: hbase-common hbase-client hbase-server . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/2/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [hbase] Apache-HBase commented on pull request #4747: HBASE-27342 Use Hadoop Credentials API to retrieve passwords of TLS key/trust stores
Posted by GitBox <gi...@apache.org>.
Apache-HBase commented on PR #4747:
URL: https://github.com/apache/hbase/pull/4747#issuecomment-1232065837
:confetti_ball: **+1 overall**
| Vote | Subsystem | Runtime | Comment |
|:----:|----------:|--------:|:--------|
| +0 :ok: | reexec | 3m 31s | Docker mode activated. |
| -0 :warning: | yetus | 0m 2s | Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --whitespace-eol-ignore-list --whitespace-tabs-ignore-list --quick-hadoopcheck |
||| _ Prechecks _ |
||| _ master Compile Tests _ |
| +0 :ok: | mvndep | 0m 13s | Maven dependency ordering for branch |
| +1 :green_heart: | mvninstall | 2m 21s | master passed |
| +1 :green_heart: | compile | 1m 27s | master passed |
| +1 :green_heart: | shadedjars | 3m 58s | branch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 2s | master passed |
||| _ Patch Compile Tests _ |
| +0 :ok: | mvndep | 0m 10s | Maven dependency ordering for patch |
| +1 :green_heart: | mvninstall | 2m 3s | the patch passed |
| +1 :green_heart: | compile | 1m 26s | the patch passed |
| +1 :green_heart: | javac | 1m 26s | the patch passed |
| +1 :green_heart: | shadedjars | 3m 58s | patch has no errors when building our shaded downstream artifacts. |
| +1 :green_heart: | javadoc | 2m 2s | the patch passed |
||| _ Other Tests _ |
| +1 :green_heart: | unit | 390m 45s | root in the patch passed. |
| | | 417m 3s | |
| Subsystem | Report/Notes |
|----------:|:-------------|
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/1/artifact/yetus-jdk8-hadoop3-check/output/Dockerfile |
| GITHUB PR | https://github.com/apache/hbase/pull/4747 |
| Optional Tests | javac javadoc unit shadedjars compile |
| uname | Linux 91169ef1f182 5.4.0-1071-aws #76~18.04.1-Ubuntu SMP Mon Mar 28 17:49:57 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | dev-support/hbase-personality.sh |
| git revision | master / 61f02fc011 |
| Default Java | AdoptOpenJDK-1.8.0_282-b08 |
| Test Results | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/1/testReport/ |
| Max. process+thread count | 4806 (vs. ulimit of 30000) |
| modules | C: hbase-common hbase-client hbase-server . U: . |
| Console output | https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-4747/1/console |
| versions | git=2.17.1 maven=3.6.3 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |
This message was automatically generated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org