You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by xi...@apache.org on 2024/02/27 06:40:21 UTC
(pinot) branch master updated: auto renew jvm default sslconext when it's loaded from files (#12462)
This is an automated email from the ASF dual-hosted git repository.
xiangfu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git
The following commit(s) were added to refs/heads/master by this push:
new b42010a1ec auto renew jvm default sslconext when it's loaded from files (#12462)
b42010a1ec is described below
commit b42010a1ec39964ccd2bd79a2bdbaeb0c7ce1623
Author: Haitao Zhang <ha...@startree.ai>
AuthorDate: Mon Feb 26 22:40:15 2024 -0800
auto renew jvm default sslconext when it's loaded from files (#12462)
---
.../broker/broker/helix/BaseBrokerStarter.java | 2 +-
.../apache/pinot/client/utils/ConnectionUtils.java | 2 +-
.../java/org/apache/pinot/client/PinotDriver.java | 2 +-
.../org/apache/pinot/client/utils/DriverUtils.java | 2 +-
.../org/apache/pinot/common/config/GrpcConfig.java | 2 +-
.../pinot/common/utils/grpc/GrpcQueryClient.java | 2 +-
.../apache/pinot/common/utils/http/HttpClient.java | 2 +-
.../common/utils/tls/JvmDefaultSslContext.java | 108 +++++++++++++++++++++
.../pinot/common/utils/{ => tls}/TlsUtils.java | 11 +--
.../pinot/common/utils/{ => tls}/TlsUtilsTest.java | 2 +-
.../pinot/controller/BaseControllerStarter.java | 2 +-
.../core/transport/ChannelHandlerFactory.java | 2 +-
.../pinot/core/transport/grpc/GrpcQueryServer.java | 2 +-
.../apache/pinot/core/util/ListenerConfigUtil.java | 2 +-
.../integration/tests/TlsIntegrationTest.java | 2 +-
.../org/apache/pinot/minion/BaseMinionStarter.java | 2 +-
.../pinot/server/starter/ServerInstance.java | 2 +-
.../server/starter/helix/BaseServerStarter.java | 2 +-
.../org/apache/pinot/tools/BootstrapTableTool.java | 2 +-
.../pinot/tools/admin/PinotAdministrator.java | 2 +
.../command/LaunchDataIngestionJobCommand.java | 2 +-
21 files changed, 132 insertions(+), 25 deletions(-)
diff --git a/pinot-broker/src/main/java/org/apache/pinot/broker/broker/helix/BaseBrokerStarter.java b/pinot-broker/src/main/java/org/apache/pinot/broker/broker/helix/BaseBrokerStarter.java
index f593307289..5b0a254f80 100644
--- a/pinot-broker/src/main/java/org/apache/pinot/broker/broker/helix/BaseBrokerStarter.java
+++ b/pinot-broker/src/main/java/org/apache/pinot/broker/broker/helix/BaseBrokerStarter.java
@@ -60,9 +60,9 @@ import org.apache.pinot.common.metrics.BrokerMetrics;
import org.apache.pinot.common.utils.PinotAppConfigs;
import org.apache.pinot.common.utils.ServiceStartableUtils;
import org.apache.pinot.common.utils.ServiceStatus;
-import org.apache.pinot.common.utils.TlsUtils;
import org.apache.pinot.common.utils.config.TagNameUtils;
import org.apache.pinot.common.utils.helix.HelixHelper;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.common.version.PinotVersion;
import org.apache.pinot.core.query.executor.sql.SqlQueryExecutor;
import org.apache.pinot.core.query.utils.rewriter.ResultRewriterFactory;
diff --git a/pinot-clients/pinot-java-client/src/main/java/org/apache/pinot/client/utils/ConnectionUtils.java b/pinot-clients/pinot-java-client/src/main/java/org/apache/pinot/client/utils/ConnectionUtils.java
index bc75140511..1bdc151620 100644
--- a/pinot-clients/pinot-java-client/src/main/java/org/apache/pinot/client/utils/ConnectionUtils.java
+++ b/pinot-clients/pinot-java-client/src/main/java/org/apache/pinot/client/utils/ConnectionUtils.java
@@ -28,7 +28,7 @@ import org.apache.commons.configuration2.MapConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.pinot.common.config.TlsConfig;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.spi.env.PinotConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/pinot-clients/pinot-jdbc-client/src/main/java/org/apache/pinot/client/PinotDriver.java b/pinot-clients/pinot-jdbc-client/src/main/java/org/apache/pinot/client/PinotDriver.java
index d24e880b38..3597b69c03 100644
--- a/pinot-clients/pinot-jdbc-client/src/main/java/org/apache/pinot/client/PinotDriver.java
+++ b/pinot-clients/pinot-jdbc-client/src/main/java/org/apache/pinot/client/PinotDriver.java
@@ -38,7 +38,7 @@ import org.apache.commons.lang3.tuple.Pair;
import org.apache.pinot.client.controller.PinotControllerTransport;
import org.apache.pinot.client.controller.PinotControllerTransportFactory;
import org.apache.pinot.client.utils.DriverUtils;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.spi.utils.CommonConstants;
import org.slf4j.LoggerFactory;
diff --git a/pinot-clients/pinot-jdbc-client/src/main/java/org/apache/pinot/client/utils/DriverUtils.java b/pinot-clients/pinot-jdbc-client/src/main/java/org/apache/pinot/client/utils/DriverUtils.java
index 1bc7693c78..ac52810af9 100644
--- a/pinot-clients/pinot-jdbc-client/src/main/java/org/apache/pinot/client/utils/DriverUtils.java
+++ b/pinot-clients/pinot-jdbc-client/src/main/java/org/apache/pinot/client/utils/DriverUtils.java
@@ -38,7 +38,7 @@ import org.apache.http.NameValuePair;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.pinot.common.auth.BasicAuthUtils;
import org.apache.pinot.common.config.TlsConfig;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.spi.env.PinotConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/pinot-common/src/main/java/org/apache/pinot/common/config/GrpcConfig.java b/pinot-common/src/main/java/org/apache/pinot/common/config/GrpcConfig.java
index 3a5c8cdf9e..d70f83b99a 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/config/GrpcConfig.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/config/GrpcConfig.java
@@ -20,7 +20,7 @@ package org.apache.pinot.common.config;
import com.google.common.collect.ImmutableMap;
import java.util.Map;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.spi.env.PinotConfiguration;
diff --git a/pinot-common/src/main/java/org/apache/pinot/common/utils/grpc/GrpcQueryClient.java b/pinot-common/src/main/java/org/apache/pinot/common/utils/grpc/GrpcQueryClient.java
index 35af62de22..af4ddf0181 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/utils/grpc/GrpcQueryClient.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/utils/grpc/GrpcQueryClient.java
@@ -36,7 +36,7 @@ import org.apache.pinot.common.config.GrpcConfig;
import org.apache.pinot.common.config.TlsConfig;
import org.apache.pinot.common.proto.PinotQueryServerGrpc;
import org.apache.pinot.common.proto.Server;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
diff --git a/pinot-common/src/main/java/org/apache/pinot/common/utils/http/HttpClient.java b/pinot-common/src/main/java/org/apache/pinot/common/utils/http/HttpClient.java
index 7e657733f5..2ad8fb66c0 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/utils/http/HttpClient.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/utils/http/HttpClient.java
@@ -61,7 +61,7 @@ import org.apache.pinot.common.exception.HttpErrorStatusException;
import org.apache.pinot.common.utils.SimpleHttpErrorInfo;
import org.apache.pinot.common.utils.SimpleHttpResponse;
import org.apache.pinot.common.utils.TarGzCompressionUtils;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.spi.auth.AuthProvider;
import org.apache.pinot.spi.utils.CommonConstants;
import org.apache.pinot.spi.utils.JsonUtils;
diff --git a/pinot-common/src/main/java/org/apache/pinot/common/utils/tls/JvmDefaultSslContext.java b/pinot-common/src/main/java/org/apache/pinot/common/utils/tls/JvmDefaultSslContext.java
new file mode 100644
index 0000000000..bc80b77084
--- /dev/null
+++ b/pinot-common/src/main/java/org/apache/pinot/common/utils/tls/JvmDefaultSslContext.java
@@ -0,0 +1,108 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pinot.common.utils.tls;
+
+import java.security.KeyStore;
+import java.util.Optional;
+import javax.net.ssl.SSLContext;
+import nl.altindag.ssl.SSLFactory;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+public class JvmDefaultSslContext {
+ private static final Logger LOGGER = LoggerFactory.getLogger(JvmDefaultSslContext.class);
+
+ private static final String JVM_KEY_STORE = "javax.net.ssl.keyStore";
+ private static final String JVM_KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
+ private static final String JVM_KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
+ private static final String JVM_TRUST_STORE = "javax.net.ssl.trustStore";
+ private static final String JVM_TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
+ private static final String JVM_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
+
+ private static volatile boolean _initialized = false;
+
+ private JvmDefaultSslContext() {
+ throw new IllegalStateException("Should not instantiate JvmDefaultSslContext");
+ }
+
+ /**
+ * Initialize the default SSL context based on the system properties.
+ * When either key store "javax.net.ssl.keyStore" or trust store "javax.net.ssl.trustStore" is specified in
+ * system property and they are files:
+ * set the default SSL context to the default SSL context created by SSLFactory, and enable auto renewal of
+ * SSLFactory when either key store or trust store file changes.
+ * TODO: need to support "javax.net.ssl.keyStoreProvider", "javax.net.ssl.trustStoreProvider", "https.protocols" and
+ * "https.cipherSuites" system properties.
+ */
+ public static synchronized void initDefaultSslContext() {
+ LOGGER.info("Trying to initialize jvm default SSL context");
+ if (_initialized) {
+ LOGGER.info("Jvm default SSL context has already been initialized");
+ return;
+ }
+
+ String jvmKeyStorePath = System.getProperty(JVM_KEY_STORE);
+ String jvmTrustStorePath = System.getProperty(JVM_TRUST_STORE);
+
+ // Enable auto renewal of SSLFactory when either key store or trust store file is specified.
+ if (TlsUtils.isKeyOrTrustStorePathNullOrHasFileScheme(jvmKeyStorePath)
+ && TlsUtils.isKeyOrTrustStorePathNullOrHasFileScheme(jvmTrustStorePath)
+ && (StringUtils.isNotBlank(jvmKeyStorePath) || StringUtils.isNotBlank(jvmTrustStorePath))) {
+ SSLFactory.Builder jvmSslFactoryBuilder = SSLFactory.builder();
+
+ // If key store "javax.net.ssl.keyStore" is specified by system property, create a new SSLFactory with the
+ // keyStore
+ if (StringUtils.isNotBlank(jvmKeyStorePath)) {
+ jvmSslFactoryBuilder.withSwappableIdentityMaterial().withSystemPropertyDerivedIdentityMaterial();
+ }
+
+ // If trust store "javax.net.ssl.trustStore" is specified by system property, create a new SSLFactory with the
+ // trustStore; otherwise, use the default one.
+ if (StringUtils.isNotBlank(jvmTrustStorePath)) {
+ jvmSslFactoryBuilder.withSwappableTrustMaterial().withSystemPropertyDerivedTrustMaterial();
+ } else {
+ // Must use the default one when trust store is not specified since this is the default behavior
+ jvmSslFactoryBuilder.withDefaultTrustMaterial();
+ }
+
+ SSLFactory jvmSslFactory = jvmSslFactoryBuilder.build();
+ SSLContext.setDefault(jvmSslFactory.getSslContext());
+
+ // enable auto renewal
+ String jvmKeystoreType =
+ Optional.ofNullable(System.getProperty(JVM_TRUST_STORE_TYPE))
+ .map(String::trim).filter(StringUtils::isNotBlank).orElseGet(KeyStore::getDefaultType);
+ String jvmKeystorePassword =
+ Optional.ofNullable(System.getProperty(JVM_KEY_STORE_PASSWORD))
+ .map(String::trim).filter(StringUtils::isNotBlank).orElse(null);
+ String jvmTrustStoreType =
+ Optional.ofNullable(System.getProperty(JVM_TRUST_STORE_TYPE))
+ .map(String::trim).filter(StringUtils::isNotBlank).orElseGet(KeyStore::getDefaultType);
+ String jvmTrustStorePassword =
+ Optional.ofNullable(System.getProperty(JVM_TRUST_STORE_PASSWORD))
+ .map(String::trim).filter(StringUtils::isNotBlank).orElse(null);
+ TlsUtils.enableAutoRenewalFromFileStoreForSSLFactory(jvmSslFactory, jvmKeystoreType, jvmKeyStorePath,
+ jvmKeystorePassword, jvmTrustStoreType, jvmTrustStorePath, jvmTrustStorePassword, null, null, false);
+ }
+ _initialized = true;
+ LOGGER.info("Successfully initialized mvm default SSL context");
+ }
+}
diff --git a/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java b/pinot-common/src/main/java/org/apache/pinot/common/utils/tls/TlsUtils.java
similarity index 98%
rename from pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java
rename to pinot-common/src/main/java/org/apache/pinot/common/utils/tls/TlsUtils.java
index 054c072a13..56a14a97d4 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/utils/tls/TlsUtils.java
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.pinot.common.utils;
+package org.apache.pinot.common.utils.tls;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
@@ -382,11 +382,9 @@ public final class TlsUtils {
null, null, tlsConfig.isInsecure());
}
- private static void enableAutoRenewalFromFileStoreForSSLFactory(
- SSLFactory sslFactory,
- String keyStoreType, String keyStorePath, String keyStorePassword,
- String trustStoreType, String trustStorePath, String trustStorePassword,
- String sslContextProtocol, SecureRandom secureRandom, boolean isInsecure) {
+ static void enableAutoRenewalFromFileStoreForSSLFactory(SSLFactory sslFactory, String keyStoreType,
+ String keyStorePath, String keyStorePassword, String trustStoreType, String trustStorePath,
+ String trustStorePassword, String sslContextProtocol, SecureRandom secureRandom, boolean isInsecure) {
try {
URL keyStoreURL = keyStorePath == null ? null : makeKeyOrTrustStoreUrl(keyStorePath);
URL trustStoreURL = trustStorePath == null ? null : makeKeyOrTrustStoreUrl(trustStorePath);
@@ -525,7 +523,6 @@ public final class TlsUtils {
null, null, true, tlsConfig.isInsecure());
}
- @VisibleForTesting
static SSLFactory createSSLFactory(
String keyStoreType, String keyStorePath, String keyStorePassword,
String trustStoreType, String trustStorePath, String trustStorePassword,
diff --git a/pinot-common/src/test/java/org/apache/pinot/common/utils/TlsUtilsTest.java b/pinot-common/src/test/java/org/apache/pinot/common/utils/tls/TlsUtilsTest.java
similarity index 99%
rename from pinot-common/src/test/java/org/apache/pinot/common/utils/TlsUtilsTest.java
rename to pinot-common/src/test/java/org/apache/pinot/common/utils/tls/TlsUtilsTest.java
index 21c0e7b92a..2f28bbedf6 100644
--- a/pinot-common/src/test/java/org/apache/pinot/common/utils/TlsUtilsTest.java
+++ b/pinot-common/src/test/java/org/apache/pinot/common/utils/tls/TlsUtilsTest.java
@@ -16,7 +16,7 @@
* specific language governing permissions and limitations
* under the License.
*/
-package org.apache.pinot.common.utils;
+package org.apache.pinot.common.utils.tls;
import com.google.common.collect.ImmutableMap;
import java.io.File;
diff --git a/pinot-controller/src/main/java/org/apache/pinot/controller/BaseControllerStarter.java b/pinot-controller/src/main/java/org/apache/pinot/controller/BaseControllerStarter.java
index 281c397401..bb4127bab8 100644
--- a/pinot-controller/src/main/java/org/apache/pinot/controller/BaseControllerStarter.java
+++ b/pinot-controller/src/main/java/org/apache/pinot/controller/BaseControllerStarter.java
@@ -71,13 +71,13 @@ import org.apache.pinot.common.utils.PinotAppConfigs;
import org.apache.pinot.common.utils.SchemaUtils;
import org.apache.pinot.common.utils.ServiceStartableUtils;
import org.apache.pinot.common.utils.ServiceStatus;
-import org.apache.pinot.common.utils.TlsUtils;
import org.apache.pinot.common.utils.fetcher.SegmentFetcherFactory;
import org.apache.pinot.common.utils.helix.HelixHelper;
import org.apache.pinot.common.utils.helix.LeadControllerUtils;
import org.apache.pinot.common.utils.log.DummyLogFileServer;
import org.apache.pinot.common.utils.log.LocalLogFileServer;
import org.apache.pinot.common.utils.log.LogFileServer;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.common.version.PinotVersion;
import org.apache.pinot.controller.api.ControllerAdminApiApplication;
import org.apache.pinot.controller.api.access.AccessControlFactory;
diff --git a/pinot-core/src/main/java/org/apache/pinot/core/transport/ChannelHandlerFactory.java b/pinot-core/src/main/java/org/apache/pinot/core/transport/ChannelHandlerFactory.java
index aaa68018f3..00545f2607 100644
--- a/pinot-core/src/main/java/org/apache/pinot/core/transport/ChannelHandlerFactory.java
+++ b/pinot-core/src/main/java/org/apache/pinot/core/transport/ChannelHandlerFactory.java
@@ -28,7 +28,7 @@ import java.util.concurrent.ConcurrentHashMap;
import org.apache.pinot.common.config.TlsConfig;
import org.apache.pinot.common.metrics.BrokerMetrics;
import org.apache.pinot.common.metrics.ServerMetrics;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.core.query.scheduler.QueryScheduler;
import org.apache.pinot.server.access.AccessControl;
import org.apache.pinot.spi.env.PinotConfiguration;
diff --git a/pinot-core/src/main/java/org/apache/pinot/core/transport/grpc/GrpcQueryServer.java b/pinot-core/src/main/java/org/apache/pinot/core/transport/grpc/GrpcQueryServer.java
index 70f14e10cf..bb16c0742d 100644
--- a/pinot-core/src/main/java/org/apache/pinot/core/transport/grpc/GrpcQueryServer.java
+++ b/pinot-core/src/main/java/org/apache/pinot/core/transport/grpc/GrpcQueryServer.java
@@ -42,7 +42,7 @@ import org.apache.pinot.common.metrics.ServerMetrics;
import org.apache.pinot.common.proto.PinotQueryServerGrpc;
import org.apache.pinot.common.proto.Server.ServerRequest;
import org.apache.pinot.common.proto.Server.ServerResponse;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.core.operator.blocks.InstanceResponseBlock;
import org.apache.pinot.core.operator.streaming.StreamingResponseUtils;
import org.apache.pinot.core.query.executor.QueryExecutor;
diff --git a/pinot-core/src/main/java/org/apache/pinot/core/util/ListenerConfigUtil.java b/pinot-core/src/main/java/org/apache/pinot/core/util/ListenerConfigUtil.java
index bce2cfe36d..41215a13ad 100644
--- a/pinot-core/src/main/java/org/apache/pinot/core/util/ListenerConfigUtil.java
+++ b/pinot-core/src/main/java/org/apache/pinot/core/util/ListenerConfigUtil.java
@@ -38,7 +38,7 @@ import nl.altindag.ssl.SSLFactory;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.pinot.common.config.TlsConfig;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.core.transport.HttpServerThreadPoolConfig;
import org.apache.pinot.core.transport.ListenerConfig;
import org.apache.pinot.spi.env.PinotConfiguration;
diff --git a/pinot-integration-tests/src/test/java/org/apache/pinot/integration/tests/TlsIntegrationTest.java b/pinot-integration-tests/src/test/java/org/apache/pinot/integration/tests/TlsIntegrationTest.java
index a6e796953a..d292ef4c9b 100644
--- a/pinot-integration-tests/src/test/java/org/apache/pinot/integration/tests/TlsIntegrationTest.java
+++ b/pinot-integration-tests/src/test/java/org/apache/pinot/integration/tests/TlsIntegrationTest.java
@@ -52,8 +52,8 @@ import org.apache.pinot.client.PinotDriver;
import org.apache.pinot.client.ResultSetGroup;
import org.apache.pinot.common.helix.ExtraInstanceConfig;
import org.apache.pinot.common.utils.SimpleHttpResponse;
-import org.apache.pinot.common.utils.TlsUtils;
import org.apache.pinot.common.utils.helix.HelixHelper;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.controller.ControllerConf;
import org.apache.pinot.core.common.MinionConstants;
import org.apache.pinot.integration.tests.access.CertBasedTlsChannelAccessControlFactory;
diff --git a/pinot-minion/src/main/java/org/apache/pinot/minion/BaseMinionStarter.java b/pinot-minion/src/main/java/org/apache/pinot/minion/BaseMinionStarter.java
index e966e517a2..b82730288b 100644
--- a/pinot-minion/src/main/java/org/apache/pinot/minion/BaseMinionStarter.java
+++ b/pinot-minion/src/main/java/org/apache/pinot/minion/BaseMinionStarter.java
@@ -45,9 +45,9 @@ import org.apache.pinot.common.utils.ClientSSLContextGenerator;
import org.apache.pinot.common.utils.PinotAppConfigs;
import org.apache.pinot.common.utils.ServiceStartableUtils;
import org.apache.pinot.common.utils.ServiceStatus;
-import org.apache.pinot.common.utils.TlsUtils;
import org.apache.pinot.common.utils.fetcher.SegmentFetcherFactory;
import org.apache.pinot.common.utils.helix.HelixHelper;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.common.version.PinotVersion;
import org.apache.pinot.core.transport.ListenerConfig;
import org.apache.pinot.core.util.ListenerConfigUtil;
diff --git a/pinot-server/src/main/java/org/apache/pinot/server/starter/ServerInstance.java b/pinot-server/src/main/java/org/apache/pinot/server/starter/ServerInstance.java
index d596566a55..2a75ca7f5a 100644
--- a/pinot-server/src/main/java/org/apache/pinot/server/starter/ServerInstance.java
+++ b/pinot-server/src/main/java/org/apache/pinot/server/starter/ServerInstance.java
@@ -30,7 +30,7 @@ import org.apache.pinot.common.config.TlsConfig;
import org.apache.pinot.common.function.FunctionRegistry;
import org.apache.pinot.common.metrics.ServerGauge;
import org.apache.pinot.common.metrics.ServerMetrics;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.common.version.PinotVersion;
import org.apache.pinot.core.data.manager.InstanceDataManager;
import org.apache.pinot.core.operator.transform.function.TransformFunction;
diff --git a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/BaseServerStarter.java b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/BaseServerStarter.java
index 10d9e6bec1..98e6038f23 100644
--- a/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/BaseServerStarter.java
+++ b/pinot-server/src/main/java/org/apache/pinot/server/starter/helix/BaseServerStarter.java
@@ -58,10 +58,10 @@ import org.apache.pinot.common.utils.PinotAppConfigs;
import org.apache.pinot.common.utils.ServiceStartableUtils;
import org.apache.pinot.common.utils.ServiceStatus;
import org.apache.pinot.common.utils.ServiceStatus.Status;
-import org.apache.pinot.common.utils.TlsUtils;
import org.apache.pinot.common.utils.config.TagNameUtils;
import org.apache.pinot.common.utils.fetcher.SegmentFetcherFactory;
import org.apache.pinot.common.utils.helix.HelixHelper;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.common.version.PinotVersion;
import org.apache.pinot.core.common.datatable.DataTableBuilderFactory;
import org.apache.pinot.core.data.manager.InstanceDataManager;
diff --git a/pinot-tools/src/main/java/org/apache/pinot/tools/BootstrapTableTool.java b/pinot-tools/src/main/java/org/apache/pinot/tools/BootstrapTableTool.java
index cf688bade5..f27bf6b3a9 100644
--- a/pinot-tools/src/main/java/org/apache/pinot/tools/BootstrapTableTool.java
+++ b/pinot-tools/src/main/java/org/apache/pinot/tools/BootstrapTableTool.java
@@ -34,7 +34,7 @@ import org.apache.commons.io.FileUtils;
import org.apache.http.HttpException;
import org.apache.pinot.common.auth.AuthProviderUtils;
import org.apache.pinot.common.minion.MinionClient;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.core.common.MinionConstants;
import org.apache.pinot.spi.auth.AuthProvider;
import org.apache.pinot.spi.config.table.TableConfig;
diff --git a/pinot-tools/src/main/java/org/apache/pinot/tools/admin/PinotAdministrator.java b/pinot-tools/src/main/java/org/apache/pinot/tools/admin/PinotAdministrator.java
index 12c442fda9..760bbf95f2 100644
--- a/pinot-tools/src/main/java/org/apache/pinot/tools/admin/PinotAdministrator.java
+++ b/pinot-tools/src/main/java/org/apache/pinot/tools/admin/PinotAdministrator.java
@@ -21,6 +21,7 @@ package org.apache.pinot.tools.admin;
import java.util.HashMap;
import java.util.Map;
import org.apache.pinot.common.Utils;
+import org.apache.pinot.common.utils.tls.JvmDefaultSslContext;
import org.apache.pinot.spi.plugin.PluginManager;
import org.apache.pinot.tools.Command;
import org.apache.pinot.tools.admin.command.AddSchemaCommand;
@@ -93,6 +94,7 @@ public class PinotAdministrator {
private static final Map<String, Command> SUBCOMMAND_MAP = new HashMap<>();
static {
+ JvmDefaultSslContext.initDefaultSslContext();
SUBCOMMAND_MAP.put("QuickStart", new QuickStartCommand());
SUBCOMMAND_MAP.put("OperateClusterConfig", new OperateClusterConfigCommand());
SUBCOMMAND_MAP.put("GenerateData", new GenerateDataCommand());
diff --git a/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/LaunchDataIngestionJobCommand.java b/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/LaunchDataIngestionJobCommand.java
index ff129c91ce..bca3c1a93c 100644
--- a/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/LaunchDataIngestionJobCommand.java
+++ b/pinot-tools/src/main/java/org/apache/pinot/tools/admin/command/LaunchDataIngestionJobCommand.java
@@ -22,7 +22,7 @@ import java.util.Arrays;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.pinot.common.auth.AuthProviderUtils;
-import org.apache.pinot.common.utils.TlsUtils;
+import org.apache.pinot.common.utils.tls.TlsUtils;
import org.apache.pinot.spi.auth.AuthProvider;
import org.apache.pinot.spi.ingestion.batch.IngestionJobLauncher;
import org.apache.pinot.spi.ingestion.batch.spec.SegmentGenerationJobSpec;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org