rlevas commented on a change in pull request #61: KNOX-1793 - DefaultKeystoreService should not validate the signing key on initialization URL: https://github.com/apache/knox/pull/61#discussion_r260528949
########## File path: gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java ########## @@ -184,7 +191,7 @@ public boolean verifyToken(JWT token, RSAPublicKey publicKey) PublicKey key; try { if (publicKey == null) { - key = ks.getSigningKeystore().getCertificate(getSigningKeyAlias(signingKeyAlias)).getPublicKey(); + key = ks.getSigningKeystore().getCertificate(getSigningKeyAlias(null)).getPublicKey(); Review comment: In the original code, `signingKeyAlias` was set to `config.getSigningKeyAlias()`. In the new code `getSigningKeyAlias(String signingKeystoreAlias)` is set to return `signingKeystoreAlias` if `signingKeystoreAlias` is not null or `config.getSigningKeyAlias()` if `signingKeystoreAlias` is null. This is the same thing. I don't particularly like the code, but I was trying not to change too much. Since nothing is broken, I left it. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services