You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by co...@apache.org on 2017/06/22 08:39:40 UTC
ranger git commit: RANGER-1646 : Instead of catching the errors and throwing a meaningless error in case of SSL problem in the plugin ('SSLContext must not be null'), Ranger should throw a more specific and helpful message

Repository: ranger
Updated Branches:
  refs/heads/master 84de2f030 -> fd9abc800


RANGER-1646 : Instead of catching the errors and throwing a meaningless error in case of SSL problem in the plugin ('SSLContext must not be null'), Ranger should throw a more specific and helpful message

Signed-off-by: Colm O hEigeartaigh <co...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/fd9abc80
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/fd9abc80
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/fd9abc80

Branch: refs/heads/master
Commit: fd9abc800bbac553434b7a2d911a277ed6b70119
Parents: 84de2f0
Author: Zsombor Gegesy <gz...@gmail.com>
Authored: Thu Jun 15 23:46:01 2017 +0200
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jun 22 09:39:34 2017 +0100

----------------------------------------------------------------------
 .../ranger/plugin/util/RangerRESTClient.java    | 54 ++++++++++++--------
 1 file changed, 33 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/fd9abc80/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
index 784023b..0d94edc 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java
@@ -41,6 +41,7 @@ import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 
 import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang.Validate;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
@@ -284,19 +285,26 @@ public class RangerRESTClient {
 					kmList = keyManagerFactory.getKeyManagers();
 				} else {
 					LOG.error("Unable to obtain keystore from file [" + mKeyStoreFile + "]");
+					throw new IllegalStateException("Unable to find keystore file :" + mKeyStoreFile);
 				}
 			} catch (KeyStoreException e) {
-				LOG.error("Unable to obtain from KeyStore", e);
+				LOG.error("Unable to obtain from KeyStore :" + e.getMessage(), e);
+				throw new IllegalStateException("Unable to init keystore:" + e.getMessage(), e);
 			} catch (NoSuchAlgorithmException e) {
-				LOG.error("SSL algorithm is available in the environment", e);
+				LOG.error("SSL algorithm is NOT available in the environment", e);
+				throw new IllegalStateException("SSL algorithm is NOT available in the environment :" + e.getMessage(), e);
 			} catch (CertificateException e) {
 				LOG.error("Unable to obtain the requested certification ", e);
+				throw new IllegalStateException("Unable to obtain the requested certification :" + e.getMessage(), e);
 			} catch (FileNotFoundException e) {
-				LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
+				LOG.error("Unable to find the necessary SSL Keystore Files", e);
+				throw new IllegalStateException("Unable to find keystore file :" + mKeyStoreFile + ", error :" + e.getMessage(), e);
 			} catch (IOException e) {
-				LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
+				LOG.error("Unable to read the necessary SSL Keystore Files", e);
+				throw new IllegalStateException("Unable to read keystore file :" + mKeyStoreFile + ", error :" + e.getMessage(), e);
 			} catch (UnrecoverableKeyException e) {
 				LOG.error("Unable to recover the key from keystore", e);
+				throw new IllegalStateException("Unable to recover the key from keystore :" + mKeyStoreFile+", error :" + e.getMessage(), e);
 			} finally {
 				close(in, mKeyStoreFile);
 			}
@@ -327,18 +335,24 @@ public class RangerRESTClient {
 
 					tmList = trustManagerFactory.getTrustManagers();
 				} else {
-					LOG.error("Unable to obtain keystore from file [" + mTrustStoreFile + "]");
+					LOG.error("Unable to obtain truststore from file [" + mTrustStoreFile + "]");
+					throw new IllegalStateException("Unable to find truststore file :" + mTrustStoreFile);
 				}
 			} catch (KeyStoreException e) {
 				LOG.error("Unable to obtain from KeyStore", e);
+				throw new IllegalStateException("Unable to init keystore:" + e.getMessage(), e);
 			} catch (NoSuchAlgorithmException e) {
-				LOG.error("SSL algorithm is available in the environment", e);
+				LOG.error("SSL algorithm is NOT available in the environment :" + e.getMessage(), e);
+				throw new IllegalStateException("SSL algorithm is NOT available in the environment :" + e.getMessage(), e);
 			} catch (CertificateException e) {
-				LOG.error("Unable to obtain the requested certification ", e);
+				LOG.error("Unable to obtain the requested certification :" + e.getMessage(), e);
+				throw new IllegalStateException("Unable to obtain the requested certification :" + e.getMessage(), e);
 			} catch (FileNotFoundException e) {
-				LOG.error("Unable to find the necessary SSL Keystore and TrustStore Files", e);
+				LOG.error("Unable to find the necessary SSL TrustStore File:" + mTrustStoreFile, e);
+				throw new IllegalStateException("Unable to find trust store file :" + mTrustStoreFile + ", error :" + e.getMessage(), e);
 			} catch (IOException e) {
-				LOG.error("Unable to read the necessary SSL Keystore and TrustStore Files", e);
+				LOG.error("Unable to read the necessary SSL TrustStore Files :" + mTrustStoreFile, e);
+				throw new IllegalStateException("Unable to read the trust store file :" + mTrustStoreFile + ", error :" + e.getMessage(), e);
 			} finally {
 				close(in, mTrustStoreFile);
 			}
@@ -346,24 +360,22 @@ public class RangerRESTClient {
 		
 		return tmList;
 	}
-	
+
 	private SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) {
+	        Validate.notNull(tmList, "TrustManager is not specified");
 		try {
-			if(tmList != null) {
-				SSLContext sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE);
-	
-				sslContext.init(kmList, tmList, new SecureRandom());
-				
-				return sslContext;
-			}
+			SSLContext sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE);
+
+			sslContext.init(kmList, tmList, new SecureRandom());
+
+			return sslContext;
 		} catch (NoSuchAlgorithmException e) {
-			LOG.error("SSL algorithm is available in the environment", e);
+			LOG.error("SSL algorithm is not available in the environment", e);
+			throw new IllegalStateException("SSL algorithm is not available in the environment: " + e.getMessage(), e);
 		} catch (KeyManagementException e) {
 			LOG.error("Unable to initials the SSLContext", e);
-		}catch (Exception e) {
-			LOG.error("Unable to initialize the SSLContext", e);
+			throw new IllegalStateException("Unable to initials the SSLContex: " + e.getMessage(), e);
 		}
-		return null;
 	}
 
 	private String getCredential(String url, String alias) {