[
https://issues.apache.org/jira/browse/KNOX-3315?focusedWorklogId=1018897&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1018897
]
ASF GitHub Bot logged work on KNOX-3315:
----------------------------------------
Author: ASF GitHub Bot
Created on: 06/May/26 07:30
Start Date: 06/May/26 07:30
Worklog Time Spent: 10m
Work Description: smolnar82 commented on code in PR #1221:
URL: https://github.com/apache/knox/pull/1221#discussion_r3193733097
##########
gateway-service-metadata/src/main/java/org/apache/knox/gateway/service/metadata/KnoxMetadataResource.java:
##########
@@ -208,6 +212,17 @@ private void generateCertificateJks(Certificate[]
certificateChain, GatewayConfi
}
}
+ private void generateCertificateBcfks(Certificate[] certificateChain,
GatewayConfig gatewayConfig) {
+ try {
+ if (bcfksFilePath == null || !bcfksFilePath.toFile().exists()) {
+ bcfksFilePath = Paths.get(gatewayConfig.getGatewaySecurityDir(),
"gateway-client-trust.bcfks");
+ X509CertificateUtil.writeCertificatesToKeyStore(certificateChain,
bcfksFilePath.toFile(), "bcfks", null);
Review Comment:
nit: ff we had that `writeCertificateToBcfks` I referred above, we could use
it here.
##########
gateway-server/src/main/java/org/apache/knox/gateway/util/KnoxCLI.java:
##########
@@ -808,6 +808,9 @@ public void execute() throws Exception {
} else if ("PKCS12".equalsIgnoreCase(type)) {
X509CertificateUtil.writeCertificateToPkcs12(cert, new
File(keyStoreDir + "gateway-client-trust.pkcs12"));
out.println("Certificate gateway-identity has been successfully
exported to: " + keyStoreDir + "gateway-client-trust.pkcs12");
+ } else if ("BCFKS".equalsIgnoreCase(type)) {
+ X509CertificateUtil.writeCertificatesToKeyStore(new Certificate[]
{ cert }, new File(keyStoreDir + "gateway-client-trust.bcfks"), "bcfks", null);
Review Comment:
nit: there are some type-based methods in
`org.apache.knox.gateway.util.X509CertificateUtil` such as
`writeCertificateToJks`, etc..
To follow the same pattern we may want to add a new one for BCFKS too.
##########
gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java:
##########
@@ -172,7 +172,7 @@ private static void writeCertificateToKeyStore(Certificate
cert, final File file
/*
* Writes an arbitrary number of certificates into the given keystore file
protected by the given password
*/
- private static void writeCertificatesToKeyStore(Certificate[] certs, final
File file, String type, String keystorePassword)
+ public static void writeCertificatesToKeyStore(Certificate[] certs, final
File file, String type, String keystorePassword)
Review Comment:
nit: this could remain `private`.
Issue Time Tracking
-------------------
Worklog Id: (was: 1018897)
Time Spent: 0.5h (was: 20m)
> Update publicCert endpoint to be able to generate BCFKS as well
> ---------------------------------------------------------------
>
> Key: KNOX-3315
> URL: https://issues.apache.org/jira/browse/KNOX-3315
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Affects Versions: 2.1.0
> Reporter: Tamás Hanicz
> Assignee: Tamás Hanicz
> Priority: Major
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
