This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new c81fb094e KNOX-2895 - KnoxShell supports dynamic truststore type when
connecting to Knox (#746)
c81fb094e is described below
commit c81fb094e7e140c46ace11c292108053604f127e
Author: Sandor Molnar <[email protected]>
AuthorDate: Tue Apr 4 08:13:42 2023 +0200
KNOX-2895 - KnoxShell supports dynamic truststore type when connecting to
Knox (#746)
---
.../apache/knox/gateway/shell/ClientContext.java | 11 +++++++--
.../org/apache/knox/gateway/shell/KnoxSession.java | 28 +++++++++++++---------
.../gateway/shell/util/ClientTrustStoreHelper.java | 6 +++++
.../apache/knox/gateway/shell/KnoxSessionTest.java | 12 ++++++++++
4 files changed, 44 insertions(+), 13 deletions(-)
diff --git
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
index a9b057756..a94124459 100644
---
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
+++
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
@@ -20,7 +20,9 @@ package org.apache.knox.gateway.shell;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.MapConfiguration;
import org.apache.commons.configuration.SubsetConfiguration;
+import org.apache.commons.lang3.StringUtils;
+import java.security.KeyStore;
import java.util.HashMap;
public class ClientContext {
@@ -172,10 +174,10 @@ public class ClientContext {
return this;
}
- public ConnectionContext withTruststore(final String truststoreLocation,
- final String truststorePass) {
+ public ConnectionContext withTruststore(final String truststoreLocation,
final String truststorePass, final String truststoreType) {
configuration.addProperty("truststoreLocation", truststoreLocation);
configuration.addProperty("truststorePass", truststorePass);
+ configuration.addProperty("truststoreType", truststoreType);
return this;
}
@@ -192,6 +194,11 @@ public class ClientContext {
return configuration.getString("truststorePass");
}
+ public String truststoreType() {
+ final String truststoreType = configuration.getString("truststoreType");
+ return StringUtils.isBlank(truststoreType) ? KeyStore.getDefaultType() :
truststoreType;
+ }
+
public String endpointPublicCertPem() {
return configuration.getString("endpointPublicCertPem");
}
diff --git
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
index b6a25762d..69ebeccdf 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
@@ -175,10 +175,12 @@ public class KnoxSession implements Closeable {
Map<String,String> headers,
String truststoreLocation,
String truststorePass ) throws
URISyntaxException {
- KnoxSession instance = new KnoxSession(ClientContext.with(url)
- .connection()
-
.withTruststore(truststoreLocation, truststorePass)
- .end());
+ return login(url, headers, truststoreLocation, truststorePass, null);
+ }
+
+ public static KnoxSession login(String url, Map<String, String> headers,
String truststoreLocation, String truststorePass, String truststoreType)
+ throws URISyntaxException {
+ final KnoxSession instance = new
KnoxSession(ClientContext.with(url).connection().withTruststore(truststoreLocation,
truststorePass, truststoreType).end());
instance.setHeaders(headers);
return instance;
}
@@ -187,11 +189,13 @@ public class KnoxSession implements Closeable {
return new KnoxSession(ClientContext.with(username, password, url));
}
- public static KnoxSession login( String url, String username, String
password,
- String truststoreLocation, String truststorePass ) throws
URISyntaxException {
+ public static KnoxSession login( String url, String username, String
password, String truststoreLocation, String truststorePass ) throws
URISyntaxException {
+ return login(url, username, password, truststoreLocation, truststorePass,
null);
+ }
+ public static KnoxSession login( String url, String username, String
password, String truststoreLocation, String truststorePass, String
truststoreType) throws URISyntaxException {
return new KnoxSession(ClientContext.with(username, password, url)
- .connection().withTruststore(truststoreLocation,
truststorePass).end());
+ .connection().withTruststore(truststoreLocation, truststorePass,
truststoreType).end());
}
public static KnoxSession login(ClientContext context) throws
URISyntaxException {
@@ -405,7 +409,7 @@ public class KnoxSession implements Closeable {
}
try {
byte[] bytes = Base64.decodeBase64(pem);
- KeyStore keystore = KeyStore.getInstance("JKS");
+ KeyStore keystore =
KeyStore.getInstance(clientContext.connection().truststoreType());
keystore.load(null);
keystore.setCertificateEntry("knox-gateway",
generateCertificateFromBytes(bytes));
@@ -433,7 +437,7 @@ public class KnoxSession implements Closeable {
if (file.exists()) {
try (InputStream is = Files.newInputStream(file.toPath())) {
- ks = KeyStore.getInstance("JKS");
+ ks = KeyStore.getInstance(clientContext.connection().truststoreType());
ks.load(is, truststorePass.toCharArray());
} catch (KeyStoreException e) {
throw new KnoxShellException("Unable to create keystore of expected
type.", e);
@@ -464,12 +468,14 @@ public class KnoxSession implements Closeable {
protected void discoverTruststoreDetails(ClientContext clientContext) {
if (clientContext.connection().truststoreLocation() != null &&
- clientContext.connection().truststorePass() != null) {
+ clientContext.connection().truststorePass() != null &&
+ clientContext.connection().truststoreType()!= null) {
return;
} else {
final String truststoreLocation =
ClientTrustStoreHelper.getClientTrustStoreFile().getAbsolutePath();
final String truststorePass =
ClientTrustStoreHelper.getClientTrustStoreFilePassword();
- clientContext.connection().withTruststore(truststoreLocation,
truststorePass);
+ final String truststoreType =
ClientTrustStoreHelper.getClientTrustStoreType();
+ clientContext.connection().withTruststore(truststoreLocation,
truststorePass, truststoreType);
}
}
diff --git
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/util/ClientTrustStoreHelper.java
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/util/ClientTrustStoreHelper.java
index b2bd1c379..f280f0cfd 100644
---
a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/util/ClientTrustStoreHelper.java
+++
b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/util/ClientTrustStoreHelper.java
@@ -19,6 +19,7 @@ package org.apache.knox.gateway.shell.util;
import java.io.File;
import java.nio.file.Paths;
+import java.security.KeyStore;
/**
* Provides useful helper methods related to gateway client trust store
@@ -33,6 +34,7 @@ public class ClientTrustStoreHelper {
private static final String ENV_GATEWAY_CLIENT_TRUSTSTORE_DIR =
"GATEWAY_CLIENT_TRUSTSTORE_DIR";
private static final String ENV_GATEWAY_CLIENT_TRUSTSTORE_FILENAME =
"GATEWAY_CLIENT_TRUSTSTORE_FILENAME";
private static final String ENV_GATEWAY_CLIENT_TRUSTSTORE_PASSWORD =
"GATEWAY_CLIENT_TRUSTSTORE_PASS";
+ private static final String ENV_GATEWAY_CLIENT_TRUSTSTORE_TYPE =
"GATEWAY_CLIENT_TRUSTSTORE_TYPE";
public static File getClientTrustStoreFile() {
final String truststoreDir =
fetchTrustStoreAttribute(ENV_GATEWAY_CLIENT_TRUSTSTORE_DIR,
DEFAULT_GATEWAY_CLIENT_TRUSTSTORE_DIR);
@@ -44,6 +46,10 @@ public class ClientTrustStoreHelper {
return fetchTrustStoreAttribute(ENV_GATEWAY_CLIENT_TRUSTSTORE_PASSWORD,
DEFAULT_GATEWAY_CLIENT_TRUSTSTORE_PASSWORD);
}
+ public static String getClientTrustStoreType() {
+ return fetchTrustStoreAttribute(ENV_GATEWAY_CLIENT_TRUSTSTORE_TYPE,
KeyStore.getDefaultType());
+ }
+
private static String fetchTrustStoreAttribute(String
environmentVariableName, String defaultValue) {
final String trustStoreAttribute = System.getenv(environmentVariableName);
return trustStoreAttribute == null ? defaultValue : trustStoreAttribute;
diff --git
a/gateway-shell/src/test/java/org/apache/knox/gateway/shell/KnoxSessionTest.java
b/gateway-shell/src/test/java/org/apache/knox/gateway/shell/KnoxSessionTest.java
index 3a4a2d1fa..1aa68ef79 100644
---
a/gateway-shell/src/test/java/org/apache/knox/gateway/shell/KnoxSessionTest.java
+++
b/gateway-shell/src/test/java/org/apache/knox/gateway/shell/KnoxSessionTest.java
@@ -27,11 +27,14 @@ import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.bootstrap.HttpServer;
import org.apache.http.impl.bootstrap.ServerBootstrap;
+import org.apache.knox.gateway.shell.ClientContext.ConnectionContext;
import org.junit.Test;
import javax.security.auth.Subject;
import java.io.IOException;
import java.net.ServerSocket;
+import java.net.URISyntaxException;
+import java.security.KeyStore;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
@@ -199,6 +202,15 @@ public class KnoxSessionTest {
}
}
+ @Test
+ public void testTrustStoreTypeConfig() throws URISyntaxException {
+ final String url = "https://localhost:8443/gateway/dt";;
+ ConnectionContext connectionContext =
ClientContext.with(url).connection().withTruststore(null, null, null);
+ assertEquals(KeyStore.getDefaultType(),
connectionContext.truststoreType());
+ connectionContext =
ClientContext.with("https://localhost:8443/gateway/dt";).connection().withTruststore(null,
null, "BCFKS");
+ assertEquals("BCFKS", connectionContext.truststoreType());
+ }
+
public static int findFreePort() throws IOException {
try(ServerSocket socket = new ServerSocket(0)) {
return socket.getLocalPort();
