Re: [PR] KNOX-3107 - Alias Support for the RemoteAuthProvider truststore password [knox]

Fri, 07 Mar 2025 18:19:38 -0800 


lmccay commented on code in PR #1002:
URL: https://github.com/apache/knox/pull/1002#discussion_r1985939585


##########
gateway-provider-security-authc-remote/src/main/java/org/apache/knox/gateway/filter/RemoteAuthFilter.java:
##########
@@ -132,12 +132,69 @@ public void init(FilterConfig filterConfig) throws 
ServletException {
       groupHeaders = Arrays.asList(groupHeaderParam.split("\\s*,\\s*"));
     }
 
-    truststorePath = filterConfig.getInitParameter(CONFIG_TRUSTSTORE_PATH);
-    truststorePassword = 
filterConfig.getInitParameter(CONFIG_TRUSTSTORE_PASSWORD);
-    truststoreType = filterConfig.getInitParameter(CONFIG_TRUSTSTORE_TYPE);
+    buildTrustStore(filterConfig);
+  }
+
+  private void buildTrustStore(FilterConfig filterConfig) throws 
ServletException {
+    String truststorePath = 
filterConfig.getInitParameter(CONFIG_TRUSTSTORE_PATH);
+    String truststorePassword = 
filterConfig.getInitParameter(CONFIG_TRUSTSTORE_PASSWORD);
+    String truststoreType = 
filterConfig.getInitParameter(CONFIG_TRUSTSTORE_TYPE);
     if (truststoreType == null || truststoreType.isEmpty()) {
       truststoreType = DEFAULT_TRUSTSTORE_TYPE;
     }
+
+    ServletContext context = filterConfig.getServletContext();
+    if (context != null) {
+      String topologyName = (String) 
context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
+      GatewayServices services = (GatewayServices) 
context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
+      if (services != null) {
+        try {
+          final AliasService aliasService =  
services.getService(ServiceType.ALIAS_SERVICE);
+          if (truststorePath != null && !truststorePath.isEmpty()) {
+            if (truststorePassword == null || truststorePassword.isEmpty()) {
+              // let's check the for an alias given the intent to specify a 
truststore path
+              char[] passChars = 
aliasService.getPasswordFromAliasForCluster(topologyName,
+                      CONFIG_TRUSTSTORE_PASSWORD, false);
+              if (passChars != null) {
+                truststorePassword = new String(passChars);
+              }
+              if (truststorePassword == null || truststorePassword.isEmpty()) {
+                truststorePassword = new 
String(aliasService.getPasswordFromAliasForGateway(CONFIG_TRUSTSTORE_PASSWORD));
+              }
+            }
+          }
+          KeystoreService keystoreService = 
services.getService(ServiceType.KEYSTORE_SERVICE);
+          trustStore = getTrustStore(truststorePath, truststoreType, 
truststorePassword, keystoreService);
+        } catch (AliasServiceException | IOException e) {
+          throw new ServletException("Error while initializing 
RemoteAuthProvider", e);
+        }
+      }
+    } else if (truststorePath != null && !truststorePath.isEmpty()) {

Review Comment:
   Good catch. Working on a fix.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to