Merge pull request apache#2 from MandMTrust/sslcontext-fix

Fix issue with SSLContext initialized globally at JVM level
relango · Mar 28, 2014 · c07decf · c07decf
2 parents dec022a + 0f9d92a
commit c07decf
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 6 deletions.
diff --git a/core/src/main/scala/kafka/security/Authentication.scala b/core/src/main/scala/kafka/security/Authentication.scala
@@ -28,6 +28,15 @@ object Authentication extends Logging {
   private var initialized = false
 
   def isInitialized = initialized;
+
+  private var _sslContext : SSLContext = null;
+
+  def sslContext = {
+    if (!initialized){
+        throw new IllegalStateException("Authentication is not initialized. Authentication.initialize() should be called before using sslContext");
+    }
+    _sslContext;
+  }
 
   def initialize(config: SecurityConfig) {
     // If secure setup SSLContext
@@ -58,9 +67,10 @@ object Authentication extends Logging {
 	      case _ => null
 	    }
 
-	    val sslContext = SSLContext.getInstance("TLS")
-	    sslContext.init(kms, tms, null)
-	    SSLContext.setDefault(sslContext)
+	    _sslContext = SSLContext.getInstance("TLS")
+	    _sslContext.init(kms, tms, null)
     }
   }
+
+
 }
diff --git a/core/src/main/scala/kafka/security/SSLSocketChannel.scala b/core/src/main/scala/kafka/security/SSLSocketChannel.scala
@@ -41,7 +41,7 @@ object SSLSocketChannel {
    */
   def makeSecureClientConnection(sch: SocketChannel, host: String, port: Int) = {
     // Pass host and port and try to use SSL session reuse as much as possible
-    val engine = SSLContext.getDefault.createSSLEngine(host, port)
+    val engine = Authentication.sslContext.createSSLEngine(host, port)
     engine.setEnabledProtocols(Array("SSLv3"))
     engine.setUseClientMode(true)
     new SSLSocketChannel(sch, engine)
@@ -61,9 +61,9 @@ object SSLSocketChannel {
   	needClientAuth: Boolean = true) = {
     val engine = sch.socket.getRemoteSocketAddress match {
       case ise: InetSocketAddress =>
-        SSLContext.getDefault.createSSLEngine(ise.getHostName, ise.getPort)
+        Authentication.sslContext.createSSLEngine(ise.getHostName, ise.getPort)
       case _ =>
-        SSLContext.getDefault.createSSLEngine()
+        Authentication.sslContext.createSSLEngine()
     }
     engine.setEnabledProtocols(Array("SSLv3"))
     engine.setUseClientMode(false)