merge conflicts

bbeaudreault · bbeaudreault · commit 4ef95b03267d · 2022-09-08T17:31:40.000-04:00
diff --git a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestX509Util.java b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/TestX509Util.java
@@ -196,7 +196,7 @@ public void testLoadPEMTrustStore() throws Exception {
     X509Util.createTrustManager(
       x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath(),
       x509TestContext.getTrustStorePassword(), KeyStoreFileType.PEM.getPropertyValue(), false,
-      false);
+      false, true, true);
   }
 
   @Test
@@ -205,7 +205,7 @@ public void testLoadPEMTrustStoreNullPassword() throws Exception {
     // Make sure that empty password and null password are treated the same
     X509Util.createTrustManager(
       x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath(), null,
-      KeyStoreFileType.PEM.getPropertyValue(), false, false);
+      KeyStoreFileType.PEM.getPropertyValue(), false, false, true, true);
   }
 
   @Test
@@ -215,7 +215,7 @@ public void testLoadPEMTrustStoreAutodetectStoreFileType() throws Exception {
       x509TestContext.getTrustStoreFile(KeyStoreFileType.PEM).getAbsolutePath(),
       x509TestContext.getTrustStorePassword(), null, // null StoreFileType means 'autodetect from
                                                      // file extension'
-      false, false);
+      false, false, true, true);
   }
 
   @Test
@@ -288,7 +288,8 @@ public void testLoadJKSTrustStoreWithWrongPassword() {
       // Attempting to load with the wrong key password should fail
       X509Util.createTrustManager(
         x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(),
-        "wrong password".toCharArray(), KeyStoreFileType.JKS.getPropertyValue(), true, true, true, true);
+        "wrong password".toCharArray(), KeyStoreFileType.JKS.getPropertyValue(), true, true, true,
+        true);
     });
   }
 
@@ -353,7 +354,7 @@ public void testLoadPKCS12TrustStoreAutodetectStoreFileType() throws Exception {
       x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(),
       x509TestContext.getTrustStorePassword(), null, // null StoreFileType means 'autodetect from
                                                      // file extension'
-      true, true);
+      true, true, true, true);
   }
 
   @Test
@@ -362,7 +363,8 @@ public void testLoadPKCS12TrustStoreWithWrongPassword() {
       // Attempting to load with the wrong key password should fail
       X509Util.createTrustManager(
         x509TestContext.getTrustStoreFile(KeyStoreFileType.PKCS12).getAbsolutePath(),
-        "wrong password".toCharArray(), KeyStoreFileType.PKCS12.getPropertyValue(), true, true, true, true);
+        "wrong password".toCharArray(), KeyStoreFileType.PKCS12.getPropertyValue(), true, true,
+        true, true);
     });
   }
 
diff --git a/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/X509TestContext.java b/hbase-common/src/test/java/org/apache/hadoop/hbase/io/crypto/tls/X509TestContext.java
@@ -124,9 +124,9 @@ private X509TestContext(Configuration conf, File tempDir, KeyPair trustStoreKeyP
    * generated keystore path fields
    */
   private X509TestContext(File tempDir, Configuration conf, X509Certificate trustStoreCertificate,
-    String trustStorePassword, KeyPair trustStoreKeyPair, File trustStoreJksFile,
+    char[] trustStorePassword, KeyPair trustStoreKeyPair, File trustStoreJksFile,
     File trustStorePemFile, File trustStorePkcs12File, KeyPair keyStoreKeyPair,
-    String keyStorePassword, X509Certificate keyStoreCertificate) {
+    char[] keyStorePassword, X509Certificate keyStoreCertificate) {
     this.tempDir = tempDir;
     this.conf = conf;
     this.trustStoreCertificate = trustStoreCertificate;
@@ -416,7 +416,8 @@ public void setKeystoreConfigurations(KeyStoreFileType keyStoreFileType, Configu
 
     confToSet.set(X509Util.TLS_CONFIG_KEYSTORE_LOCATION,
       this.getKeyStoreFile(keyStoreFileType).getAbsolutePath());
-    confToSet.set(X509Util.TLS_CONFIG_KEYSTORE_PASSWORD, String.valueOf(this.getKeyStorePassword()));
+    confToSet.set(X509Util.TLS_CONFIG_KEYSTORE_PASSWORD,
+      String.valueOf(this.getKeyStorePassword()));
     confToSet.set(X509Util.TLS_CONFIG_KEYSTORE_TYPE, keyStoreFileType.getPropertyValue());
   }
 
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestMutualTls.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/security/AbstractTestMutualTls.java
@@ -142,7 +142,7 @@ protected abstract void initialize(Configuration serverConf, Configuration clien
 
   @Before
   public void setUp() throws Exception {
-    x509TestContext = PROVIDER.get(caKeyType, certKeyType, keyPassword);
+    x509TestContext = PROVIDER.get(caKeyType, certKeyType, keyPassword.toCharArray());
     x509TestContext.setConfigurations(KeyStoreFileType.JKS, KeyStoreFileType.JKS);
 
     Configuration serverConf = new Configuration(UTIL.getConfiguration());
@@ -172,7 +172,8 @@ protected void handleCertConfig(Configuration confToSet)
         // but since the new client keystore cert is created from a new CA (which the server doesn't
         // have),
         // the server will not be able to verify it.
-        X509TestContext context = PROVIDER.get(caKeyType, certKeyType, "random value");
+        X509TestContext context =
+          PROVIDER.get(caKeyType, certKeyType, "random value".toCharArray());
         context.setKeystoreConfigurations(KeyStoreFileType.JKS, confToSet);
         break;
       case VERIFIABLE_CERT_WITH_BAD_HOST:
