[GitHub] rlevas commented on a change in pull request #56: KNOX-1756 - Knox Gateway TLS Keystore and Alias Should be Configurable

Thu, 21 Feb 2019 07:57:29 -0800 

rlevas commented on a change in pull request #56: KNOX-1756 - Knox Gateway TLS 
Keystore and Alias Should be Configurable
URL: https://github.com/apache/knox/pull/56#discussion_r258992614
 
 

 ##########
 File path: 
gateway-server/src/main/java/org/apache/knox/gateway/services/security/impl/RemoteAliasService.java
 ##########
 @@ -379,8 +378,44 @@ public void generateAliasForCluster(final String 
clusterName,
 
   @Override
   public char[] getGatewayIdentityPassphrase() throws AliasServiceException {
-    char[] passphrase = getPasswordFromAliasForGateway(
-        GATEWAY_IDENTITY_PASSPHRASE);
+    char[] passphrase = 
getPasswordFromAliasForGateway(config.getIdentityKeyPassphraseAlias());
+    if (passphrase == null) {
+      // Fall back to the keystore password if a key-specific password was not 
explicitly set.
+      passphrase = getGatewayIdentityKeystorePassword();
+    }
+    if (passphrase == null) {
+      // Use the master password if not password was found
+      passphrase = ms.getMasterSecret();
+    }
+    return passphrase;
+  }
+
+  @Override
+  public char[] getGatewayIdentityKeystorePassword() throws 
AliasServiceException {
+    char[] passphrase = 
getPasswordFromAliasForGateway(config.getIdentityKeystorePasswordAlias());
+    if (passphrase == null) {
+      passphrase = ms.getMasterSecret();
+    }
+    return passphrase;
+  }
+
+  @Override
+  public char[] getSigningKeyPassphrase() throws AliasServiceException {
 
 Review comment:
   I thought of this, but the fall back call `getSigningKeystorePassword` vs 
`getSigningKeystorePassword` would cause the need to provide some implemented 
interface.  I think that may be more work than the duplicated code.  However 
`getSigningKeystorePassword` and `getGatewayIdentityKeystorePassword` may all 
into this category for code reuse. 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to