[jira] [Work logged] (KNOX-1793) DefaultKeystoreService should not validate the signing key on initialization

Wed, 27 Feb 2019 06:05:20 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-1793?focusedWorklogId=205157&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-205157
 ]

ASF GitHub Bot logged work on KNOX-1793:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 27/Feb/19 14:04
            Start Date: 27/Feb/19 14:04
    Worklog Time Spent: 10m 
      Work Description: risdenk commented on pull request #61: KNOX-1793 - 
DefaultKeystoreService should not validate the signing key on initialization
URL: https://github.com/apache/knox/pull/61#discussion_r260761314
 
 

 ##########
 File path: 
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java
 ##########
 @@ -184,7 +191,7 @@ public boolean verifyToken(JWT token, RSAPublicKey 
publicKey)
     PublicKey key;
     try {
       if (publicKey == null) {
-        key = 
ks.getSigningKeystore().getCertificate(getSigningKeyAlias(signingKeyAlias)).getPublicKey();
+        key = 
ks.getSigningKeystore().getCertificate(getSigningKeyAlias(null)).getPublicKey();
 
 Review comment:
   How about something like this:
   ```
   private String getSigningKeyAlias(String signingKeystoreAlias) {
       if(signingKeystoreAlias != null) {
        return signingKeystoreAlias;
       }
   
       // Fallback to defaults
       return getSigningKeyAlias();
     }
   
     private String getSigningKeyAlias() {
       String alias = config.getSigningKeyAlias();
       return (alias == null) ? GatewayConfig.DEFAULT_SIGNING_KEY_ALIAS : alias;
     }
   ```
   
   The places where `getSigningKeyAlias(null)` can be changed to 
`getSigningKeyAlias()`
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 205157)
    Time Spent: 2h  (was: 1h 50m)

> DefaultKeystoreService should not validate the signing key on initialization
> ----------------------------------------------------------------------------
>
>                 Key: KNOX-1793
>                 URL: https://issues.apache.org/jira/browse/KNOX-1793
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 1.3.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Major
>             Fix For: 1.3.0
>
>          Time Spent: 2h
>  Remaining Estimate: 0h
>
> The {{org.apache.knox.gateway.services.security.impl.DefaultKeystoreService}} 
> implementation should not validate the _signing_ key on initialization.  This 
> should be a validation task for users of the signing key.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to