You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by lm...@apache.org on 2018/11/01 16:38:07 UTC
knox git commit: KNOX-1547 - Add Ability to set the Truststore
Location and Password to KnoxShell
Repository: knox
Updated Branches:
refs/heads/master 124b3368e -> 91d8cdcc3
KNOX-1547 - Add Ability to set the Truststore Location and Password to KnoxShell
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/91d8cdcc
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/91d8cdcc
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/91d8cdcc
Branch: refs/heads/master
Commit: 91d8cdcc313280953448c77bbfce7c97179955c3
Parents: 124b336
Author: Larry McCay <lm...@apache.org>
Authored: Thu Nov 1 12:37:35 2018 -0400
Committer: Larry McCay <lm...@apache.org>
Committed: Thu Nov 1 12:37:59 2018 -0400
----------------------------------------------------------------------
.../knox/gateway/shell/ClientContext.java | 15 +++++
.../apache/knox/gateway/shell/KnoxSession.java | 58 ++++++++++++++------
2 files changed, 56 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/91d8cdcc/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
index 30692ad..b9d52ca 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/ClientContext.java
@@ -169,6 +169,21 @@ public class ClientContext {
configuration.addProperty("buffer-size", size);
return this;
}
+
+ public ConnectionContext withTruststore(final String truststoreLocation,
+ final String truststorePass) {
+ configuration.addProperty("truststoreLocation", truststoreLocation);
+ configuration.addProperty("truststorePass", truststorePass);
+ return this;
+ }
+
+ public String truststoreLocation() {
+ return configuration.getString("truststoreLocation");
+ }
+
+ public String truststorePass() {
+ return configuration.getString("truststorePass");
+ }
}
public PoolContext pool() {
http://git-wip-us.apache.org/repos/asf/knox/blob/91d8cdcc/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
----------------------------------------------------------------------
diff --git a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
index ac0b753..3bf9836 100644
--- a/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
+++ b/gateway-shell/src/main/java/org/apache/knox/gateway/shell/KnoxSession.java
@@ -102,6 +102,13 @@ public class KnoxSession implements Closeable {
return new KnoxSession(ClientContext.with(username, password, url));
}
+ public static KnoxSession login( String url, String username, String password,
+ String truststoreLocation, String truststorePass ) throws URISyntaxException {
+
+ return new KnoxSession(ClientContext.with(username, password, url)
+ .connection().withTruststore(truststoreLocation, truststorePass).end());
+ }
+
public static KnoxSession loginInsecure(String url, String username, String password) throws URISyntaxException {
return new KnoxSession(ClientContext.with(username, password, url)
.connection().secure(false).end());
@@ -139,7 +146,7 @@ public class KnoxSession implements Closeable {
+ "*******************************************");
}
- KeyStore trustStore = getTrustStore();
+ KeyStore trustStore = getTrustStore(clientContext);
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, trustStrategy).build();
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
@@ -188,29 +195,22 @@ public class KnoxSession implements Closeable {
}
- private static KeyStore getTrustStore() throws GeneralSecurityException {
+ private KeyStore getTrustStore(ClientContext clientContext) throws GeneralSecurityException {
KeyStore ks = null;
- String truststoreDir = System.getenv(KNOX_CLIENT_TRUSTSTORE_DIR);
- if (truststoreDir == null) {
- truststoreDir = System.getProperty("user.home");
- }
- String truststoreFileName = System.getenv(KNOX_CLIENT_TRUSTSTORE_FILENAME);
- if (truststoreFileName == null) {
- truststoreFileName = GATEWAY_CLIENT_TRUST;
- }
- String truststorePass = System.getenv(KNOX_CLIENT_TRUSTSTORE_PASS);
- if (truststorePass == null) {
- truststorePass = GATEWAY_CLIENT_TRUST_DEFAULT_PASS;
- }
+ String truststorePass = null;
+
+ discoverTruststoreDetails(clientContext);
InputStream is = null;
try {
ks = KeyStore.getInstance("JKS");
- File file = new File(truststoreDir, truststoreFileName);
- if (!file.exists()) {
+ File file = new File(clientContext.connection().truststoreLocation());
+ if (file.exists()) {
+ truststorePass = clientContext.connection().truststorePass();
+ } else {
String truststore = System.getProperty("javax.net.ssl.trustStore");
if (truststore == null) {
- truststoreDir = System.getProperty("java.home");
+ String truststoreDir = System.getProperty("java.home");
truststore = truststoreDir + File.separator + "lib" + File.separator
+ "security" + File.separator + "cacerts";
truststorePass = System.getProperty("javax.net.ssl.trustStorePassword", "changeit");
@@ -251,6 +251,30 @@ public class KnoxSession implements Closeable {
return ks;
}
+ protected void discoverTruststoreDetails(ClientContext clientContext) {
+ String truststoreDir = null;
+ String truststoreFileName = null;
+ if (clientContext.connection().truststoreLocation() != null &&
+ clientContext.connection().truststorePass() != null) {
+ return;
+ } else {
+ truststoreDir = System.getenv(KNOX_CLIENT_TRUSTSTORE_DIR);
+ if (truststoreDir == null) {
+ truststoreDir = System.getProperty("user.home");
+ }
+ truststoreFileName = System.getenv(KNOX_CLIENT_TRUSTSTORE_FILENAME);
+ if (truststoreFileName == null) {
+ truststoreFileName = GATEWAY_CLIENT_TRUST;
+ }
+ }
+ String truststorePass = System.getenv(KNOX_CLIENT_TRUSTSTORE_PASS);
+ if (truststorePass == null) {
+ truststorePass = GATEWAY_CLIENT_TRUST_DEFAULT_PASS;
+ }
+ String truststoreLocation = truststoreDir + File.separator + truststoreFileName;
+ clientContext.connection().withTruststore(truststoreLocation, truststorePass);
+ }
+
public String base() {
return base;
}