smolnar82 commented on a change in pull request #56: KNOX-1756 - Knox Gateway
TLS Keystore and Alias Should be Configurable
URL: https://github.com/apache/knox/pull/56#discussion_r258819798
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java
##########
@@ -379,8 +378,44 @@ public void generateAliasForCluster(final String
clusterName,
@Override
public char[] getGatewayIdentityPassphrase() throws AliasServiceException {
- char[] passphrase = getPasswordFromAliasForGateway(
- GATEWAY_IDENTITY_PASSPHRASE);
+ char[] passphrase =
getPasswordFromAliasForGateway(config.getIdentityKeyPassphraseAlias());
+ if (passphrase == null) {
+ // Fall back to the keystore password if a key-specific password was not
explicitly set.
+ passphrase = getGatewayIdentityKeystorePassword();
+ }
+ if (passphrase == null) {
+ // Use the master password if not password was found
+ passphrase = ms.getMasterSecret();
+ }
+ return passphrase;
+ }
+
+ @Override
+ public char[] getGatewayIdentityKeystorePassword() throws
AliasServiceException {
+ char[] passphrase =
getPasswordFromAliasForGateway(config.getIdentityKeystorePasswordAlias());
+ if (passphrase == null) {
+ passphrase = ms.getMasterSecret();
+ }
+ return passphrase;
+ }
+
+ @Override
+ public char[] getSigningKeyPassphrase() throws AliasServiceException {
Review comment:
This is almost the same as `getGatewayIdentityPassphrase` except for the
passphrase alias; consider creating a private method and invoke it using the
proper parameters.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
