[fix](bdbje)fix bdbje can't set truststore password (#347)

Author: koarz

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CHANGELOG
 
+## bdbje-18.3.15-doris-SNAPSHOT (20250813)
+
+1. fix TrustStore can't set password
+
 ## bdbje-18.3.14-doris-SNAPSHOT (20221116)
 
 1. support ipv6 address parsing

pom.xml

@@ -10,7 +10,7 @@
     </parent>
     <groupId>org.apache.doris</groupId>
     <artifactId>je</artifactId>
-    <version>18.3.14-doris-SNAPSHOT</version>
+    <version>18.3.15-doris-SNAPSHOT</version>
     <name>bdb-je apache doris release</name>
     <url>https://doris.apache.org/</url>
     <description>fork from bdb-je 18.3.12 from maven with starrocks bdbje patches</description>

src/main/java/com/sleepycat/je/rep/ReplicationSSLConfig.java

@@ -96,6 +96,7 @@ public class ReplicationSSLConfig extends ReplicationNetworkConfig {
      *   {@link #SSL_SERVER_KEY_ALIAS je.rep.ssl.serverKeyAlias}
      *   {@link #SSL_TRUSTSTORE_FILE je.rep.ssl.trustStoreFile}
      *   {@link #SSL_TRUSTSTORE_TYPE je.rep.ssl.trustStoreType}
+     *   {@link #SSL_KEYSTORE_PASSWORD je.rep.ssl.keyStorePassword}
      *   {@link #SSL_CIPHER_SUITES je.rep.ssl.cipherSuites}
      *   {@link #SSL_PROTOCOLS je.rep.ssl.protocols}
      *   {@link #SSL_AUTHENTICATOR je.rep.ssl.authenticator}
@@ -243,6 +244,25 @@ public class ReplicationSSLConfig extends ReplicationNetworkConfig {
     public static final String SSL_CLIENT_KEY_ALIAS =
         EnvironmentParams.REP_PARAM_PREFIX + "ssl.clientKeyAlias";
 
+    /**
+     * The password for accessing the Java truststore file for SSL data channnel
+     * factories. If this parameter is not set or has an empty value, the Java
+     * system property <code>javax.net.ssl.trustStorePassword</code> is used.
+     *
+     * <p><table border="1"
+     *           summary="Information about configuration option">
+     * <tr><td>Name</td><td>Type</td><td>Mutable</td><td>Default</td></tr>
+     * <tr>
+     * <td>{@value}</td>
+     * <td>String</td>
+     * <td>No</td>
+     * <td>""</td>
+     * </tr>
+     * </table>
+     */
+    public static final String SSL_TRUSTSTORE_PASSWORD =
+        EnvironmentParams.REP_PARAM_PREFIX + "ssl.trustStorePassword";
+
     /**
      * The path to the Java truststore file for SSL data channel factories.
      * The specified path must be absolute.
@@ -501,6 +521,7 @@ public class ReplicationSSLConfig extends ReplicationNetworkConfig {
         repSSLProperties.add(SSL_KEYSTORE_TYPE);
         repSSLProperties.add(SSL_SERVER_KEY_ALIAS);
         repSSLProperties.add(SSL_CLIENT_KEY_ALIAS);
+        repSSLProperties.add(SSL_TRUSTSTORE_PASSWORD);
         repSSLProperties.add(SSL_TRUSTSTORE_FILE);
         repSSLProperties.add(SSL_TRUSTSTORE_TYPE);
         repSSLProperties.add(SSL_CIPHER_SUITES);
@@ -806,6 +827,40 @@ public void setSSLClientKeyAliasVoid(String alias) {
                                validateParams);
     }
 
+    /**
+     * Returns the password for the Java TrustStore file to be used for SSL key
+     * pair retrieval.
+     *
+     * @return the TrustStore password
+     */
+    public String getSSLTrustStorePassword() {
+        return DbConfigManager.getVal(props, RepParams.SSL_TRUSTSTORE_PASSWORD);
+    }
+
+    /**
+     * Sets the password for the Java TrustStore file to be used when creating
+     * SSL connections.
+     *
+     * @param password the TrustStore password
+     *
+     * @return this
+     */
+    public ReplicationNetworkConfig setSSLTrustStorePassword(String password) {
+
+        setSSLTrustStorePasswordVoid(password);
+        return this;
+    }
+
+    /**
+     * @hidden
+     * The void return setter for use by Bean editors.
+     */
+    public void setSSLTrustStorePasswordVoid(String password) {
+
+        DbConfigManager.setVal(props, RepParams.SSL_TRUSTSTORE_PASSWORD, password,
+                               validateParams);
+    }
+
     /**
      * Returns the name of the Java TrustStore file to be used for SSL
      * certificate validation.

src/main/java/com/sleepycat/je/rep/impl/RepParams.java

@@ -1382,6 +1382,16 @@ public void validateValue(String value) {
                         false,               // mutable
                         true);               // forReplication
 
+    /**
+     * SSL TrustStore password
+     * @see ReplicationSSLConfig#SSL_TRUSTSTORE_PASSWORD
+     */
+    public static final ConfigParam SSL_TRUSTSTORE_PASSWORD =
+        new ConfigParam(ReplicationSSLConfig.SSL_TRUSTSTORE_PASSWORD,
+                        "",                  // default
+                        false,               // mutable
+                        true);               // forReplication
+
     /**
      * SSL TrustStore file
      * @see ReplicationSSLConfig#SSL_TRUSTSTORE_FILE

src/main/java/com/sleepycat/je/rep/utilint/net/SSLChannelFactory.java

@@ -526,6 +526,32 @@ private static TrustManager[] buildTrustManagerList(KeyStoreInfo tsInfo) {
         return tmf.getTrustManagers();
     }
 
+    /**
+     * Finds the truststore password based on the input config.
+     */
+    private static char[] getTrustStorePassword(InstanceContext context) {
+
+        final ReplicationSSLConfig config =
+            (ReplicationSSLConfig) context.getRepNetConfig();
+
+        char[] ksPw = null;
+
+        String ksPwProp = config.getSSLTrustStorePassword();
+        if (ksPwProp == null || ksPwProp.isEmpty()) {
+            /*
+             * Finally, consider the standard Java Keystore
+             * password system property
+             */
+            ksPwProp =
+                System.getProperty("javax.net.ssl.trustStorePassword");
+        }
+        if (ksPwProp != null) {
+            ksPw = ksPwProp.toCharArray();
+        }
+
+        return ksPw;
+    }
+
     /**
      * Based on the input config, read the configured TrustStore into memory.
      */
@@ -553,12 +579,12 @@ private static KeyStoreInfo readTrustStoreInfo(InstanceContext context) {
         /*
          * Build a TrustStore, if specified
          */
+        final char[] tsPw = getTrustStorePassword(context);
 
         if (tsProp != null) {
-            final KeyStore ts =
-                loadStore(tsProp, null, "truststore", tsTypeProp);
+            final KeyStore ts = loadStore(tsProp, tsPw, "truststore", tsTypeProp);
 
-            return new KeyStoreInfo(tsProp, ts, null);
+            return new KeyStoreInfo(tsProp, ts, tsPw);
         }
 
         return null;