[
https://issues.apache.org/jira/browse/KNOX-1418?focusedWorklogId=205173&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-205173
]
ASF GitHub Bot logged work on KNOX-1418:
----------------------------------------
Author: ASF GitHub Bot
Created on: 27/Feb/19 14:22
Start Date: 27/Feb/19 14:22
Worklog Time Spent: 10m
Work Description: risdenk commented on pull request #60: KNOX-1418 - New
KnoxShell command to build truststore using the gateway server's public
certificate
URL: https://github.com/apache/knox/pull/60#discussion_r260768810
##########
File path:
gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSh.java
##########
@@ -155,6 +171,84 @@ public boolean validate() {
public abstract String getUsage();
}
+ private class KnoxBuildTrustStore extends Command {
+
+ private static final String USAGE = "buildTrustStore --gateway server-url";
+ private static final String DESC = "Downloads the gateway server's public
certificate and builds a trust store.";
+ private static final String GATEWAY_CERT_NOT_EXPORTED = "Finished work
without building truststore";
+ private static final String GATEWAY_CERT_EXPORTED_MESSAGE_PREFIX =
"Gateway server's certificate is exported into ";
+
+ @Override
+ public void execute() throws Exception {
+ String result = GATEWAY_CERT_NOT_EXPORTED;
+ try {
+ final X509Certificate gatewayServerPublicCert =
fetchPublicCertFromGatewayServer();
+ if (gatewayServerPublicCert != null) {
+ final File trustStoreFile =
Paths.get(System.getProperty("user.home"),
KnoxSession.GATEWAY_CLIENT_TRUST).toFile();
+ X509CertificateUtil.writeCertificateToJks(gatewayServerPublicCert,
trustStoreFile);
+ result = GATEWAY_CERT_EXPORTED_MESSAGE_PREFIX +
trustStoreFile.getAbsolutePath();
+ }
+ } catch(Exception e) {
+ //NOP
Review comment:
I think in this case, we aren't printing anything on failure. Previously the
else part of the if/else would not have been reached since the exception would
be thrown by `execute()`. Do we need the try/catch? Can we let the exception
propagate? Maybe we should wrap the exception with a nicer message?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 205173)
Time Spent: 4h 10m (was: 4h)
> Knox Shell command for downloading the public cert from a Knox instance
> -----------------------------------------------------------------------
>
> Key: KNOX-1418
> URL: https://issues.apache.org/jira/browse/KNOX-1418
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxShell
> Affects Versions: 1.1.0
> Reporter: Phil Zampino
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 1.3.0
>
> Time Spent: 4h 10m
> Remaining Estimate: 0h
>
> To support the containerization of Knox, it would be helpful to have a
> KnoxShell command for getting the public cert from a Knox instance
> (equivalent to the knoxcli export-cert command, but remote).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
