Repository: knox Updated Branches: refs/heads/master 124b3368e -> 91d8cdcc3
KNOX-1547 - Add Ability to set the Truststore Location and Password to KnoxShell Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/91d8cdcc Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/91d8cdcc Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/91d8cdcc Branch: refs/heads/master Commit: 91d8cdcc313280953448c77bbfce7c97179955c3 Parents: 124b336 Author: Larry McCay <lmc...@apache.org> Authored: Thu Nov 1 12:37:35 2018 -0400 Committer: Larry McCay <lmc...@apache.org> Committed: Thu Nov 1 12:37:59 2018 -0400 ---------------------------------------------------------------------- .../knox/gateway/shell/ClientContext.java | 15 +++++ .../apache/knox/gateway/shell/KnoxSession.java | 58 ++++++++++++++------ 2 files changed, 56 insertions(+), 17 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/91d8cdcc/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java ---------------------------------------------------------------------- diff --git a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java index 30692ad..b9d52ca 100644 --- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java +++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java @@ -169,6 +169,21 @@ public class ClientContext { configuration.addProperty("buffer-size", size); return this; } + + public ConnectionContext withTruststore(final String truststoreLocation, + final String truststorePass) { + configuration.addProperty("truststoreLocation", truststoreLocation); + configuration.addProperty("truststorePass", truststorePass); + return this; + } + + public String truststoreLocation() { + return configuration.getString("truststoreLocation"); + } + + public String truststorePass() { + return configuration.getString("truststorePass"); + } } public PoolContext pool() { http://git-wip-us.apache.org/repos/asf/knox/blob/91d8cdcc/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java ---------------------------------------------------------------------- diff --git a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java index ac0b753..3bf9836 100644 --- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java +++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java @@ -102,6 +102,13 @@ public class KnoxSession implements Closeable { return new KnoxSession(ClientContext.with(username, password, url)); } + public static KnoxSession login( String url, String username, String password, + String truststoreLocation, String truststorePass ) throws URISyntaxException { + + return new KnoxSession(ClientContext.with(username, password, url) + .connection().withTruststore(truststoreLocation, truststorePass).end()); + } + public static KnoxSession loginInsecure(String url, String username, String password) throws URISyntaxException { return new KnoxSession(ClientContext.with(username, password, url) .connection().secure(false).end()); @@ -139,7 +146,7 @@ public class KnoxSession implements Closeable { + "*******************************************"); } - KeyStore trustStore = getTrustStore(); + KeyStore trustStore = getTrustStore(clientContext); SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, trustStrategy).build(); Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.getSocketFactory()) @@ -188,29 +195,22 @@ public class KnoxSession implements Closeable { } - private static KeyStore getTrustStore() throws GeneralSecurityException { + private KeyStore getTrustStore(ClientContext clientContext) throws GeneralSecurityException { KeyStore ks = null; - String truststoreDir = System.getenv(KNOX_CLIENT_TRUSTSTORE_DIR); - if (truststoreDir == null) { - truststoreDir = System.getProperty("user.home"); - } - String truststoreFileName = System.getenv(KNOX_CLIENT_TRUSTSTORE_FILENAME); - if (truststoreFileName == null) { - truststoreFileName = GATEWAY_CLIENT_TRUST; - } - String truststorePass = System.getenv(KNOX_CLIENT_TRUSTSTORE_PASS); - if (truststorePass == null) { - truststorePass = GATEWAY_CLIENT_TRUST_DEFAULT_PASS; - } + String truststorePass = null; + + discoverTruststoreDetails(clientContext); InputStream is = null; try { ks = KeyStore.getInstance("JKS"); - File file = new File(truststoreDir, truststoreFileName); - if (!file.exists()) { + File file = new File(clientContext.connection().truststoreLocation()); + if (file.exists()) { + truststorePass = clientContext.connection().truststorePass(); + } else { String truststore = System.getProperty("javax.net.ssl.trustStore"); if (truststore == null) { - truststoreDir = System.getProperty("java.home"); + String truststoreDir = System.getProperty("java.home"); truststore = truststoreDir + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts"; truststorePass = System.getProperty("javax.net.ssl.trustStorePassword", "changeit"); @@ -251,6 +251,30 @@ public class KnoxSession implements Closeable { return ks; } + protected void discoverTruststoreDetails(ClientContext clientContext) { + String truststoreDir = null; + String truststoreFileName = null; + if (clientContext.connection().truststoreLocation() != null && + clientContext.connection().truststorePass() != null) { + return; + } else { + truststoreDir = System.getenv(KNOX_CLIENT_TRUSTSTORE_DIR); + if (truststoreDir == null) { + truststoreDir = System.getProperty("user.home"); + } + truststoreFileName = System.getenv(KNOX_CLIENT_TRUSTSTORE_FILENAME); + if (truststoreFileName == null) { + truststoreFileName = GATEWAY_CLIENT_TRUST; + } + } + String truststorePass = System.getenv(KNOX_CLIENT_TRUSTSTORE_PASS); + if (truststorePass == null) { + truststorePass = GATEWAY_CLIENT_TRUST_DEFAULT_PASS; + } + String truststoreLocation = truststoreDir + File.separator + truststoreFileName; + clientContext.connection().withTruststore(truststoreLocation, truststorePass); + } + public String base() { return base; }