You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by Jason Copeland <co...@adobe.com> on 2009/04/07 00:43:41 UTC

Qpid java client using non-password protected keystore

org.apache.qpid.ssl.SSLContextFactory getInitializedKeyStore() line # 177 (ks.load(in, storePassword.toCharArray());) requires storePassword to be non-null.

However the constructor signature used by IoTransport.createSSLContext() uses:

 SSLContextFactory(String trustStorePath, String trustStorePassword, String trustStoreCertType,
            String keyStorePath, String keyStorePassword, String keyStoreCertType)

Which has logic that detects if trustStorePassword / keyStorePassword is equal to "none" and if so sets the value to null of which the code is:

        if (_trustStorePassword.equals("none"))
        {
            _trustStorePassword = null;
        }

Which then causes a NPE exception in the getInitializedKeyStore code.

I think in this case, it is easily fixed by SSlContextFactory.getInializedKeyStore.java line # 177  changed from:

ks.load(in, storePassword.toCharArray());

To:

ks.load(in, (storePassword != null) ? storePassword.toCharArray(): null);

Though perhaps I'm missing a code path in which dealing with an unprotected keystore doesn't require that change?

Note this is based off of trunk code.

Thanks,
Jason