diff --git a/flink-filesystems/flink-azure-fs-hadoop/pom.xml b/flink-filesystems/flink-azure-fs-hadoop/pom.xml
index 49f0d66e72e43..6c2e0ce77bb09 100644
--- a/flink-filesystems/flink-azure-fs-hadoop/pom.xml
+++ b/flink-filesystems/flink-azure-fs-hadoop/pom.xml
@@ -35,7 +35,6 @@ under the License.
1.16.0
2.9.4
- 9.3.24.v20180605
diff --git a/flink-filesystems/flink-azure-fs-hadoop/src/main/resources/META-INF/NOTICE b/flink-filesystems/flink-azure-fs-hadoop/src/main/resources/META-INF/NOTICE
index b5cec2b61ec0e..da67a717ab983 100644
--- a/flink-filesystems/flink-azure-fs-hadoop/src/main/resources/META-INF/NOTICE
+++ b/flink-filesystems/flink-azure-fs-hadoop/src/main/resources/META-INF/NOTICE
@@ -16,8 +16,8 @@ This project bundles the following dependencies under the Apache Software Licens
- org.apache.httpcomponents:httpcore:4.4.14
- org.codehaus.jackson:jackson-core-asl:1.9.13
- org.codehaus.jackson:jackson-mapper-asl:1.9.14.jdk17-redhat-00001
-- org.eclipse.jetty:jetty-util-ajax:9.3.24.v20180605
-- org.eclipse.jetty:jetty-util:9.3.24.v20180605
+- org.eclipse.jetty:jetty-util-ajax:9.4.56.v20240826
+- org.eclipse.jetty:jetty-util:9.4.56.v20240826
- org.wildfly.openssl:wildfly-openssl:1.0.7.Final
This project bundles the following dependencies under the MIT (https://opensource.org/licenses/MIT)
diff --git a/flink-runtime/pom.xml b/flink-runtime/pom.xml
index b2ed2b6041da7..99914a0e141c9 100644
--- a/flink-runtime/pom.xml
+++ b/flink-runtime/pom.xml
@@ -311,6 +311,14 @@ under the License.
mockito-subclass
test
+
+
+ org.eclipse.jetty
+ jetty-util
+ ${jetty.version}
+ compile
+
+
diff --git a/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java b/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java
index 0660873b1cb88..39afcca0ba3d6 100644
--- a/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java
+++ b/flink-runtime/src/main/java/org/apache/flink/runtime/net/SSLUtils.java
@@ -35,6 +35,8 @@
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslProvider;
import org.apache.flink.shaded.netty4.io.netty.handler.ssl.util.FingerprintTrustManagerFactory;
+import org.eclipse.jetty.util.security.Password;
+
import javax.annotation.Nullable;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
@@ -303,7 +305,7 @@ private static KeyManagerFactory getKeyManagerFactory(
KeyStore keyStore = KeyStore.getInstance(keystoreType);
try (InputStream keyStoreFile = Files.newInputStream(new File(keystoreFilePath).toPath())) {
- keyStore.load(keyStoreFile, keystorePassword.toCharArray());
+ keyStore.load(keyStoreFile, SSLUtils.decryptPassword(keystorePassword).toCharArray());
}
final KeyManagerFactory kmf;
@@ -312,11 +314,18 @@ private static KeyManagerFactory getKeyManagerFactory(
} else {
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
}
- kmf.init(keyStore, certPassword.toCharArray());
+ kmf.init(keyStore, SSLUtils.decryptPassword(certPassword).toCharArray());
return kmf;
}
+ private static String decryptPassword(String certPassword) {
+ if (certPassword.startsWith("OBF:")) {
+ return new Password(certPassword).toString();
+ }
+ return certPassword;
+ }
+
/**
* Creates the SSL Context for internal SSL, if internal SSL is configured. For internal SSL,
* the client and server side configuration are identical, because of mutual authentication.
diff --git a/pom.xml b/pom.xml
index 237140fefdcfe..84905037b8718 100644
--- a/pom.xml
+++ b/pom.xml
@@ -176,6 +176,7 @@ under the License.
-->
3.2.4
2.3.10
+ 9.4.56.v20240826
1.5.6
2.0.0
tools/japicmp-output