public static void setupSSLConfig()

in phoenix-queryserver-it/src/it/java/org/apache/phoenix/end2end/TlsUtil.java [167:209]

• 35 lines of code
• 2 McCabe index (conditional complexity)

    public static void setupSSLConfig(String keystoresDir, String sslConfDir, Configuration conf,
            boolean useClientCert) throws Exception {
        String clientKS = keystoresDir + "/clientKS.jks";
        String clientPassword = "clientP";
        String serverKS = keystoresDir + "/serverKS.jks";
        String serverPassword = "serverP";
        String trustKS = keystoresDir + "/trustKS.jks";
        String trustPassword = "trustP";

        File sslClientConfFile = new File(sslConfDir + "/ssl-client.xml");
        File sslServerConfFile = new File(sslConfDir + "/ssl-server.xml");

        Map<String, X509Certificate> certs = new HashMap<>();

        if (useClientCert) {
            KeyPair cKP = generateKeyPair("RSA");
            X509Certificate cCert =
                    generateCertificate("CN=localhost, O=client", cKP, 30, "SHA1withRSA");
            createKeyStore(clientKS, clientPassword, "client", cKP.getPrivate(), cCert);
            certs.put("client", cCert);
        }

        KeyPair sKP = generateKeyPair("RSA");
        X509Certificate sCert =
                generateCertificate("CN=localhost, O=server", sKP, 30, "SHA1withRSA");
        createKeyStore(serverKS, serverPassword, "server", sKP.getPrivate(), sCert);
        certs.put("server", sCert);

        createTrustStore(trustKS, trustPassword, certs);

        Configuration clientSSLConf =
                createClientSSLConfig(clientKS, clientPassword, clientPassword, trustKS);
        Configuration serverSSLConf =
                createServerSSLConfig(serverKS, serverPassword, serverPassword, trustKS);

        saveConfig(sslClientConfFile, clientSSLConf);
        saveConfig(sslServerConfFile, serverSSLConf);

        conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "ALLOW_ALL");
        conf.set(SSLFactory.SSL_CLIENT_CONF_KEY, sslClientConfFile.getName());
        conf.set(SSLFactory.SSL_SERVER_CONF_KEY, sslServerConfFile.getName());
        conf.setBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, useClientCert);
    }