Removed unnecessary loading of Redshift CA certs into default truststore

aws · Dec 13, 2023 · a504374 · a504374
1 parent ff8264d
commit a504374
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 70 deletions.
diff --git a/src/main/java/com/amazon/redshift/ssl/LibPQFactory.java b/src/main/java/com/amazon/redshift/ssl/LibPQFactory.java
@@ -376,9 +376,6 @@ private KeyStore getDefaultKeystore() throws RedshiftException
           keystore.load(keystoreStream, passphraseArray);
           keystoreStream.close();
 
-          loadDefaultCA(keystore, "redshift.crt");
-          loadDefaultCA(keystore, "bjs.redshift.crt");
-          loadDefaultCA(keystore, "pdt.redshift.crt");
           return keystore;
       }
       catch (Exception e)
@@ -426,10 +423,7 @@ private KeyStore fallbackKeyStores(String keystorePath,
 	        }
 	        keystore.load(keystoreStream, passphraseArray);
 	        keystoreStream.close();
-
-	        loadDefaultCA(keystore, "redshift.crt");
-	        loadDefaultCA(keystore, "bjs.redshift.crt");
-	        loadDefaultCA(keystore, "pdt.redshift.crt");
+
 	        return keystore;
 		    }
 	  		catch (RedshiftException rsex) 
@@ -460,6 +454,7 @@ private KeyStore fallbackKeyStores(String keystorePath,
   private void loadDefaultCA(KeyStore keystore, String name)
           throws IOException, GeneralSecurityException
   {
+      // This method is no longer used, and kept around for historical purposes
       InputStream is = null;
 
       try

diff --git a/src/main/resources/com/amazon/redshift/ssl/bjs.redshift.crt b/src/main/resources/com/amazon/redshift/ssl/bjs.redshift.crt
diff --git a/src/main/resources/com/amazon/redshift/ssl/pdt.redshift.crt b/src/main/resources/com/amazon/redshift/ssl/pdt.redshift.crt
diff --git a/src/main/resources/com/amazon/redshift/ssl/redshift.crt b/src/main/resources/com/amazon/redshift/ssl/redshift.crt