smolnar82 commented on a change in pull request #397:
URL: https://github.com/apache/knox/pull/397#discussion_r561935873
##########
File path:
gateway-spi/src/main/java/org/apache/knox/gateway/services/security/token/TokenUtils.java
##########
@@ -67,4 +75,26 @@ public static boolean
isServerManagedTokenStateEnabled(FilterConfig filterConfig
return isServerManaged;
}
+ public static String getSignatureAlgorithm(String
configuredSignatureAlgorithm, AliasService aliasService, String
signingKeystoreName) throws AliasServiceException {
+ final char[] hmacSecret =
aliasService.getPasswordFromAliasForGateway(SIGNING_HMAC_SECRET_ALIAS);
+ final String hmacSecretAsString = hmacSecret == null ? null : new
String(hmacSecret);
+ return getSignatureAlgorithm(configuredSignatureAlgorithm,
hmacSecretAsString, signingKeystoreName);
+ }
+
+ public static String getSignatureAlgorithm(String
configuredSignatureAlgorithm, String hmacSecret, String signingKeystoreName) {
+ if (StringUtils.isNotBlank(configuredSignatureAlgorithm)) {
+ return configuredSignatureAlgorithm;
+ } else {
+ return useHMAC(hmacSecret == null ? null :
hmacSecret.getBytes(StandardCharsets.UTF_8), signingKeystoreName) ?
DEFAULT_HMAC_SIG_ALG : DEFAULT_RSA_SIG_ALG;
+ }
+ }
+
+ /**
+ * @return true, if the HMAC secret is configured via the alias service for
the gateway AND there is no previously pre-configured
+ * gateway.signing.keystore.name ; false otherwise
+ */
+ public static boolean useHMAC(byte[] hmacSecret, String signingKeystoreName)
{
+ return hmacSecret != null && StringUtils.isBlank(signingKeystoreName);
Review comment:
This makes sense; I fixed the code.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
