This is an automated email from the ASF dual-hosted git repository.
smolnar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 644132219 KNOX-3255 - Allow fetching Knox public cert when SSL is
disabled (#1149)
644132219 is described below
commit 6441322199be71048a924492b73e7d61d327ae87
Author: Sandor Molnar <[email protected]>
AuthorDate: Thu Feb 19 15:24:22 2026 +0100
KNOX-3255 - Allow fetching Knox public cert when SSL is disabled (#1149)
---
.../knox/gateway/service/metadata/KnoxMetadataResource.java | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git
a/gateway-service-metadata/src/main/java/org/apache/knox/gateway/service/metadata/KnoxMetadataResource.java
b/gateway-service-metadata/src/main/java/org/apache/knox/gateway/service/metadata/KnoxMetadataResource.java
index 03846150e..6e458fd44 100644
---
a/gateway-service-metadata/src/main/java/org/apache/knox/gateway/service/metadata/KnoxMetadataResource.java
+++
b/gateway-service-metadata/src/main/java/org/apache/knox/gateway/service/metadata/KnoxMetadataResource.java
@@ -63,6 +63,7 @@ import org.apache.knox.gateway.services.ServiceType;
import org.apache.knox.gateway.services.registry.ServiceDefinitionRegistry;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.AliasServiceException;
+import org.apache.knox.gateway.services.security.KeystoreService;
import org.apache.knox.gateway.services.security.token.impl.TokenMAC;
import org.apache.knox.gateway.services.topology.TopologyService;
import org.apache.knox.gateway.topology.Service;
@@ -135,9 +136,9 @@ public class KnoxMetadataResource {
@GET
@Produces(APPLICATION_OCTET_STREAM)
@Path("publicCert")
- public Response getPublicCertification(@QueryParam("type")
@DefaultValue("pem") String certType) {
+ public Response getPublicCertification(@QueryParam("type")
@DefaultValue("pem") String certType) throws Exception {
final GatewayConfig config = (GatewayConfig)
request.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
- final Certificate[] certificateChain = getPublicCertificates();
+ final Certificate[] certificateChain = config.isSSLEnabled() ?
getPublicCertificates() : getSigningkeyCerts(config);
if (certificateChain != null) {
if ("pem".equals(certType)) {
generateCertificatePem(certificateChain, config);
@@ -152,6 +153,12 @@ public class KnoxMetadataResource {
return generateFailureFileDownloadResponse(Status.SERVICE_UNAVAILABLE,
"Could not generate public certificate");
}
+ private Certificate[] getSigningkeyCerts(final GatewayConfig config) throws
Exception {
+ final GatewayServices gatewayServices = (GatewayServices)
request.getServletContext().getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
+ final KeystoreService keystoreService =
gatewayServices.getService(ServiceType.KEYSTORE_SERVICE);
+ return
keystoreService.getSigningKeystore().getCertificateChain(config.getSigningKeyAlias());
+ }
+
private Response generateSuccessFileDownloadResponse(java.nio.file.Path
publicCertFilePath) {
final ResponseBuilder responseBuilder =
Response.ok(publicCertFilePath.toFile());
responseBuilder.header("Content-Disposition", "attachment;filename=" +
publicCertFilePath.getFileName().toString());