[
https://issues.apache.org/jira/browse/KNOX-1793?focusedWorklogId=205153&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-205153
]
ASF GitHub Bot logged work on KNOX-1793:
----------------------------------------
Author: ASF GitHub Bot
Created on: 27/Feb/19 14:04
Start Date: 27/Feb/19 14:04
Worklog Time Spent: 10m
Work Description: risdenk commented on pull request #61: KNOX-1793 -
DefaultKeystoreService should not validate the signing key on initialization
URL: https://github.com/apache/knox/pull/61#discussion_r260760405
##########
File path:
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java
##########
@@ -205,26 +212,64 @@ public void init(GatewayConfig config, Map<String,
String> options)
if (as == null || ks == null) {
throw new ServiceLifecycleException("Alias or Keystore service is not
set");
}
- signingKeyAlias = config.getSigningKeyAlias();
+ this.config = config;
+ }
+
+ @Override
+ public void start() throws ServiceLifecycleException {
+ // Ensure that the default signing keystore is available
+ KeyStore keystore;
+ try {
+ keystore = ks.getSigningKeystore();
+ if (keystore == null) {
+ throw new
ServiceLifecycleException(RESOURCES.signingKeystoreNotAvailable(config.getSigningKeystorePath()));
+ }
+ } catch (KeystoreServiceException e) {
+ throw new
ServiceLifecycleException(RESOURCES.signingKeystoreNotAvailable(config.getSigningKeystorePath()),
e);
+ }
- RSAPrivateKey key;
+ // Ensure that the password for the signing key is available
char[] passphrase;
try {
passphrase = as.getSigningKeyPassphrase();
- if (passphrase != null) {
- key = (RSAPrivateKey)
ks.getSigningKey(getSigningKeyAlias(signingKeyAlias),
- passphrase);
- if (key == null) {
- throw new ServiceLifecycleException("Provisioned passphrase cannot
be used to acquire signing key.");
- }
+ if (passphrase == null) {
+ throw new
ServiceLifecycleException(RESOURCES.signingKeyPassphraseNotAvailable(config.getSigningKeyAlias()));
Review comment:
should be `config.getSigningKeyPassphraseAlias()`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 205153)
Time Spent: 1.5h (was: 1h 20m)
> DefaultKeystoreService should not validate the signing key on initialization
> ----------------------------------------------------------------------------
>
> Key: KNOX-1793
> URL: https://issues.apache.org/jira/browse/KNOX-1793
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.3.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Major
> Fix For: 1.3.0
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> The {{org.apache.knox.gateway.services.security.impl.DefaultKeystoreService}}
> implementation should not validate the _signing_ key on initialization. This
> should be a validation task for users of the signing key.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
