You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tika.apache.org by ta...@apache.org on 2022/04/20 21:08:47 UTC

[tika] branch TIKA-3719 updated: TIKA-3719 -- try to add trust store

This is an automated email from the ASF dual-hosted git repository.

tallison pushed a commit to branch TIKA-3719
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/TIKA-3719 by this push:
     new 85046e3f3 TIKA-3719 -- try to add trust store
85046e3f3 is described below

commit 85046e3f30f7e24900bec45d18d487ba57107098
Author: tallison <ta...@apache.org>
AuthorDate: Wed Apr 20 17:08:33 2022 -0400

    TIKA-3719 -- try to add trust store
---
 .../apache/tika/server/core/TikaServerProcess.java | 12 +++++++++++
 .../org/apache/tika/server/core/TlsConfig.java     | 24 ++++++++++++++++------
 2 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TikaServerProcess.java b/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TikaServerProcess.java
index 0d3761991..1b34916c7 100644
--- a/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TikaServerProcess.java
+++ b/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TikaServerProcess.java
@@ -40,6 +40,7 @@ import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
 import org.apache.cxf.configuration.jsse.TLSServerParameters;
 import org.apache.cxf.configuration.security.KeyManagersType;
 import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.TrustManagersType;
 import org.apache.cxf.endpoint.Server;
 import org.apache.cxf.jaxrs.JAXRSBindingFactory;
 import org.apache.cxf.jaxrs.JAXRSServerFactoryBean;
@@ -291,6 +292,17 @@ public class TikaServerProcess {
         kmt.setKeyPassword(tlsConfig.getKeyStorePassword());
         TLSServerParameters parameters = new TLSServerParameters();
         parameters.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
+
+        if (tlsConfig.hasTrustStore()) {
+            KeyStoreType trustKeyStore = new KeyStoreType();
+            trustKeyStore.setType(tlsConfig.getTrustStoreType());
+            trustKeyStore.setPassword(tlsConfig.getTrustStorePassword());
+            trustKeyStore.setResource(tlsConfig.getTrustStoreFile());
+
+            TrustManagersType tmt = new TrustManagersType();
+            tmt.setKeyStore(trustKeyStore);
+            parameters.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, true));
+        }
         return parameters;
     }
 
diff --git a/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TlsConfig.java b/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TlsConfig.java
index 8a85679e0..20ad36bc0 100644
--- a/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TlsConfig.java
+++ b/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TlsConfig.java
@@ -111,12 +111,18 @@ public class TlsConfig implements Initializable {
                 throw new TikaConfigException("must initialize keyStoreFile");
             } else if (StringUtils.isBlank(keyStorePassword)) {
                 throw new TikaConfigException("must initialize keyStorePassword");
-            } else if (StringUtils.isBlank(trustStoreType)) {
-                throw new TikaConfigException("must initialize trustStoreType");
-            } else if (StringUtils.isBlank(trustStoreFile)) {
-                throw new TikaConfigException("must initialize trustStoreFile");
-            } else if (StringUtils.isBlank(trustStorePassword)) {
-                throw new TikaConfigException("must initialize trustStorePassword");
+            }
+            if (hasTrustStore()) {
+                if (StringUtils.isBlank(trustStoreType)) {
+                    throw new TikaConfigException("must initialize trustStoreType " +
+                            "if there's any trustStore info");
+                } else if (StringUtils.isBlank(trustStoreFile)) {
+                    throw new TikaConfigException("must initialize trustStoreFile " +
+                            "if there's any trustStore info");
+                } else if (StringUtils.isBlank(trustStorePassword)) {
+                    throw new TikaConfigException("must initialize trustStorePassword " +
+                            "if there's any trustStore info");
+                }
             }
         }
     }
@@ -130,4 +136,10 @@ public class TlsConfig implements Initializable {
                 ", trustStorePassword='" + trustStorePassword + '\'' + ", trustStoreFile='" +
                 trustStoreFile + '\'' + '}';
     }
+
+    public boolean hasTrustStore() {
+        return ! StringUtils.isBlank(trustStoreType) &&
+                ! StringUtils.isBlank(trustStorePassword) &&
+                ! StringUtils.isBlank(trustStoreFile);
+    }
 }