Merge branch 'gerrit/stabilization-5949a1cb71'

Change-Id: Iaa206a731edf30d598d8b5eb8bd472ab8b9cc9f9
diff --git a/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityConfig.java b/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityConfig.java
index 9c65eea..b483158 100644
--- a/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityConfig.java
+++ b/hyracks-fullstack/hyracks/hyracks-api/src/main/java/org/apache/hyracks/api/network/INetworkSecurityConfig.java
@@ -53,9 +53,16 @@
     String getKeyStorePassword();
 
     /**
-     * Gets a trust store file to be used for validating certificates of secured connections.
+     * Gets the trust store to be used for validating certificates of secured connections
+     *
+     * @return the trust store to be used
+     */
+    KeyStore getTrustStore();
+
+    /**
+     * Gets a trust store file to be used if {@link INetworkSecurityConfig#getTrustStore()} returns null.
      *
      * @return the trust store file
      */
     File getTrustStoreFile();
-}
\ No newline at end of file
+}
diff --git a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityConfig.java b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityConfig.java
index 25ea787..770cbeb 100644
--- a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityConfig.java
+++ b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityConfig.java
@@ -30,43 +30,46 @@
     private final File keyStoreFile;
     private final File trustStoreFile;
     private final String keyStorePassword;
-    private final transient KeyStore keyStore;
 
     private NetworkSecurityConfig(boolean sslEnabled, String keyStoreFile, String keyStorePassword,
-            String trustStoreFile, KeyStore keyStore) {
+            String trustStoreFile) {
         this.sslEnabled = sslEnabled;
         this.keyStoreFile = keyStoreFile != null ? new File(keyStoreFile) : null;
         this.keyStorePassword = keyStorePassword;
         this.trustStoreFile = trustStoreFile != null ? new File(trustStoreFile) : null;
-        this.keyStore = keyStore;
     }
 
     public static NetworkSecurityConfig of(boolean sslEnabled, String keyStoreFile, String keyStorePassword,
             String trustStoreFile) {
-        return new NetworkSecurityConfig(sslEnabled, keyStoreFile, keyStorePassword, trustStoreFile, null);
+        return new NetworkSecurityConfig(sslEnabled, keyStoreFile, keyStorePassword, trustStoreFile);
     }
 
-    public static NetworkSecurityConfig of(boolean sslEnabled, KeyStore keyStore, String keyStorePassword,
-            String trustStoreFile) {
-        return new NetworkSecurityConfig(sslEnabled, null, keyStorePassword, trustStoreFile, keyStore);
-    }
-
+    @Override
     public boolean isSslEnabled() {
         return sslEnabled;
     }
 
+    @Override
     public File getKeyStoreFile() {
         return keyStoreFile;
     }
 
+    @Override
     public String getKeyStorePassword() {
         return keyStorePassword;
     }
 
+    @Override
     public KeyStore getKeyStore() {
-        return keyStore;
+        return null;
     }
 
+    @Override
+    public KeyStore getTrustStore() {
+        return null;
+    }
+
+    @Override
     public File getTrustStoreFile() {
         return trustStoreFile;
     }
diff --git a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
index b7c0d0f..42dacf5 100644
--- a/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
+++ b/hyracks-fullstack/hyracks/hyracks-ipc/src/main/java/org/apache/hyracks/ipc/security/NetworkSecurityManager.java
@@ -87,7 +87,10 @@
             KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
             TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(defaultAlgorithm);
             keyManagerFactory.init(engineKeyStore, password);
-            final KeyStore trustStore = loadTrustStoreFromFile(password, config);
+            KeyStore trustStore = config.getTrustStore();
+            if (trustStore == null) {
+                trustStore = loadTrustStoreFromFile(password, config);
+            }
             trustManagerFactory.init(trustStore);
             SSLContext ctx = SSLContext.getInstance(TSL_VERSION);
             ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());