pzampino commented on a change in pull request #436:
URL: https://github.com/apache/knox/pull/436#discussion_r616790154
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java
##########
@@ -311,4 +327,8 @@ else if (! (key instanceof RSAPrivateKey)) {
@Override
public void stop() throws ServiceLifecycleException {
}
+
+ protected Optional<String> getCachedSigningKeyKID() {
Review comment:
"KID" is an acronym for "KeyID", correct? If so, then I think this
should be named `getCachedSigningKeyID()`
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java
##########
@@ -86,6 +89,8 @@
private byte[] cachedSigningHmacSecret;
private RSAPrivateKey signingKey;
+ private Optional<String> cachedSigningKeyKID = Optional.empty();
Review comment:
`cachedSigningKeyID` ?
##########
File path:
gateway-spi/src/main/java/org/apache/knox/gateway/services/security/token/impl/JWTToken.java
##########
@@ -80,12 +82,17 @@ public JWTToken(String alg, String[] claimsArray,
List<String> audiences, boolea
if(claimsArray[3] != null) {
builder = builder.expirationTime(new
Date(Long.parseLong(claimsArray[3])));
}
+ if(claimsArray[4] != null) {
Review comment:
Are there any callers of this which may not have a claims array of this
length? In other words, ought this check the length of the claimsArray before
checking whether the value is null? I think it only gets used by Knox issuers.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
