gtully commented on code in PR #5407:
URL: https://github.com/apache/activemq-artemis/pull/5407#discussion_r1891654528
##########
artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/kubernetes/client/KubernetesClientImpl.java:
##########
@@ -157,18 +161,12 @@ private SSLContext buildSSLContext() throws Exception {
logger.debug("Kubernetes CA certificate not found at: {}. Truststore
not configured", caPath);
return ctx;
}
- try (InputStream fis = new FileInputStream(certFile)) {
- KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
- CertificateFactory certFactory =
CertificateFactory.getInstance("X.509");
- X509Certificate certificate = (X509Certificate)
certFactory.generateCertificate(fis);
- trustStore.load(null, null);
- trustStore.setCertificateEntry(certFile.getName(), certificate);
- TrustManagerFactory tmFactory = TrustManagerFactory
- .getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmFactory.init(trustStore);
-
- ctx.init(null, tmFactory.getTrustManagers(), new SecureRandom());
- }
+ KeyStore trustStore = SSLSupport.loadKeystore(null, "PEMCA", caPath,
null);
Review Comment:
this looks good. I think it is the correct approach.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@activemq.apache.org
For additional commands, e-mail: gitbox-h...@activemq.apache.org
For further information, visit: https://activemq.apache.org/contact
