risdenk commented on a change in pull request #60: KNOX-1418 - New KnoxShell 
command to build truststore using the gateway server's public certificate
URL: https://github.com/apache/knox/pull/60#discussion_r260499035
 
 

 ##########
 File path: 
gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSh.java
 ##########
 @@ -155,6 +170,81 @@ public boolean validate() {
     public abstract String getUsage();
   }
 
+  private class KnoxBuildTrustStore extends Command {
+
+    private static final String USAGE = "buildTrustStore --gateway server-url";
+    private static final String DESC = "Downloads the gateway server's public 
certificate and builds a trust store.";
+    private static final String CLIENT_TRUST_STORE_FILE_NAME = 
"gateway-client-trust.jks";
+
+    @Override
+    public void execute() throws Exception {
+      final X509Certificate gatewayServerPublicCert = 
fetchPublicCertFromGatewayServer();
+      if (gatewayServerPublicCert != null) {
+        final File trustStoreFile = new File(System.getProperty("user.home"), 
CLIENT_TRUST_STORE_FILE_NAME);
+        X509CertificateUtil.writeCertificateToJks(gatewayServerPublicCert, 
trustStoreFile);
+        out.println("Gateway server's certificate is exported into " + 
trustStoreFile.getAbsolutePath());
+      } else {
+        out.println("Could not obtain server certificate chain");
 
 Review comment:
   Will this happen in a non exception case? Assuming an exception is thrown 
from fetchPublicCertFromGatewayServer it would propagate up and this message 
wouldn't be printed.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to