From 46da8e3ee38b6bfcb31d89fed301912f05f7e1d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=B0nan=C3=A7=20Dokurel?= Date: Tue, 11 Apr 2023 16:06:34 +0300 Subject: [PATCH] allow empty ldap keystore path --- .../researchgate/azkaban/LdapUserManager.java | 53 ++++++++++--------- 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/src/main/java/net/researchgate/azkaban/LdapUserManager.java b/src/main/java/net/researchgate/azkaban/LdapUserManager.java index 0a0c6ab..622ee5d 100644 --- a/src/main/java/net/researchgate/azkaban/LdapUserManager.java +++ b/src/main/java/net/researchgate/azkaban/LdapUserManager.java @@ -111,35 +111,38 @@ public LdapUserManager(Props props) { ldapEmbeddedGroups = props.getBoolean(LDAP_EMBEDDED_GROUPS, false); String ldapKeystorePath = props.getString(LDAP_KEYSTORE); String ldapKeystorePassword = props.getString(LDAP_KEYSTORE_PASSWORD); - if((startTLS || useSsl) && ldapKeystorePath == null){ - throw new IllegalArgumentException("startTLS or useSsl require keystorepath"); - } - if (ldapKeystorePath != null) { - try { - ldapKeystore = KeyStore.getInstance(KeyStore.getDefaultType()); - if (ldapKeystorePassword!=null){ - ldapKeystore.load(new FileInputStream(ldapKeystorePath), ldapKeystorePassword.toCharArray()); - }else { - ldapKeystore.load(new FileInputStream(ldapKeystorePath),null); - } - TrustManagerFactory tmf = TrustManagerFactory - .getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(ldapKeystore); - - for (TrustManager tm : tmf.getTrustManagers()) { - if (tm instanceof X509TrustManager) { - keystoreTrustManager = (X509TrustManager) tm; - break; + if(startTLS || useSsl){ + if(ldapKeystorePath == null){ + throw new IllegalArgumentException("startTLS or useSsl require keystorepath"); + } + if (ldapKeystorePath != null) { + try { + ldapKeystore = KeyStore.getInstance(KeyStore.getDefaultType()); + if (ldapKeystorePassword!=null){ + ldapKeystore.load(new FileInputStream(ldapKeystorePath), ldapKeystorePassword.toCharArray()); + }else { + ldapKeystore.load(new FileInputStream(ldapKeystorePath),null); + } + TrustManagerFactory tmf = TrustManagerFactory + .getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(ldapKeystore); + + for (TrustManager tm : tmf.getTrustManagers()) { + if (tm instanceof X509TrustManager) { + keystoreTrustManager = (X509TrustManager) tm; + break; + } + } + if(keystoreTrustManager==null){ + throw new IllegalStateException("keystoreTrustManager could not be initialized"); } - } - if(keystoreTrustManager==null){ - throw new IllegalStateException("keystoreTrustManager could not be initialized"); - } - } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException e) { - logger.error("could not load keystore",e); + } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException e) { + logger.error("could not load keystore",e); + } } } + // Support local salt account for admin privileges localSaltAccount = props.getString(LOCAL_SALT_ACCOUNT).trim(); localSaltPassword = props.getString(LOCAL_SALT_PASSWORD);