rlevas commented on a change in pull request #61: KNOX-1793 -
DefaultKeystoreService should not validate the signing key on initialization
URL: https://github.com/apache/knox/pull/61#discussion_r260528949
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java
##########
@@ -184,7 +191,7 @@ public boolean verifyToken(JWT token, RSAPublicKey
publicKey)
PublicKey key;
try {
if (publicKey == null) {
- key =
ks.getSigningKeystore().getCertificate(getSigningKeyAlias(signingKeyAlias)).getPublicKey();
+ key =
ks.getSigningKeystore().getCertificate(getSigningKeyAlias(null)).getPublicKey();
Review comment:
In the original code, `signingKeyAlias` was set to
`config.getSigningKeyAlias()`.
In the new code `getSigningKeyAlias(String signingKeystoreAlias)` is set to
return `signingKeystoreAlias` if `signingKeystoreAlias` is not null or
`config.getSigningKeyAlias()` if `signingKeystoreAlias` is null.
This is the same thing. I don't particularly like the code, but I was
trying not to change too much. Since nothing is broken, I left it.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
