You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by is...@apache.org on 2022/07/07 00:15:14 UTC
[airavata-custos] branch berametal updated: Fix runtime issues of trustore loading
This is an automated email from the ASF dual-hosted git repository.
isjarana pushed a commit to branch berametal
in repository https://gitbox.apache.org/repos/asf/airavata-custos.git
The following commit(s) were added to refs/heads/berametal by this push:
new b8e8dacc Fix runtime issues of trustore loading
new ef453582 Merge pull request #291 from isururanawaka/berametalWithMerge
b8e8dacc is described below
commit b8e8dacc9f8d4dbf488f1eab8b89954a3aedee98
Author: Isuru Ranawaka <ir...@gmail.com>
AuthorDate: Wed Jul 6 20:14:21 2022 -0400
Fix runtime issues of trustore loading
---
.../services/clients/keycloak/KeycloakUtils.java | 103 ++++++++++-----------
.../clients/keycloak/auth/KeycloakAuthClient.java | 3 +-
2 files changed, 51 insertions(+), 55 deletions(-)
diff --git a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakUtils.java b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakUtils.java
index f79fdb6c..2f8180f9 100644
--- a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakUtils.java
+++ b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/KeycloakUtils.java
@@ -20,9 +20,6 @@
package org.apache.custos.federated.services.clients.keycloak;
import org.apache.catalina.security.SecurityUtil;
-import org.apache.custos.cluster.management.client.ClusterManagementClient;
-import org.apache.custos.cluster.management.service.GetServerCertificateRequest;
-import org.apache.custos.cluster.management.service.GetServerCertificateResponse;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.keycloak.admin.client.Keycloak;
@@ -33,14 +30,15 @@ import org.slf4j.LoggerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
-import java.io.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
-import java.security.cert.Certificate;
import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
import java.util.concurrent.TimeUnit;
public class KeycloakUtils {
@@ -110,25 +108,25 @@ public class KeycloakUtils {
//
// } else {
- File trustStoreFile = new File(trustStorePath);
-
- if (trustStoreFile.exists()) {
- LOGGER.debug("Loading trust store file from path " + trustStorePath);
- is = new FileInputStream(trustStorePath);
- } else {
- LOGGER.debug("Trying to load trust store file form class path " + trustStorePath);
- is = SecurityUtil.class.getClassLoader().getResourceAsStream(trustStorePath);
- if (is != null) {
- LOGGER.debug("Trust store file was loaded form class path " + trustStorePath);
- }
- }
+ File trustStoreFile = new File(trustStorePath);
- if (is == null) {
- throw new RuntimeException("Could not find a trust store file in path " + trustStorePath);
+ if (trustStoreFile.exists()) {
+ LOGGER.debug("Loading trust store file from path " + trustStorePath);
+ is = new FileInputStream(trustStorePath);
+ } else {
+ LOGGER.debug("Trying to load trust store file form class path " + trustStorePath);
+ is = SecurityUtil.class.getClassLoader().getResourceAsStream(trustStorePath);
+ if (is != null) {
+ LOGGER.debug("Trust store file was loaded form class path " + trustStorePath);
}
+ }
+
+ if (is == null) {
+ throw new RuntimeException("Could not find a trust store file in path " + trustStorePath);
+ }
- ks.load(is, trustorePassword.toCharArray());
+ ks.load(is, trustorePassword.toCharArray());
// }
return ks;
} catch (Exception e) {
@@ -145,44 +143,43 @@ public class KeycloakUtils {
}
- public static SSLContext initializeTrustStoreManager(String trustStorePath, String trustStorePassword,
- String profile, ClusterManagementClient clusterManagementClient) throws
+ public static SSLContext initializeTrustStoreManager(String trustStorePath, String trustStorePassword) throws
IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, KeyManagementException {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
- if (profile.equals("staging") || profile.equals("production")) {
- GetServerCertificateRequest getServerCertificateRequest = GetServerCertificateRequest
- .newBuilder()
- .setNamespace("keycloak")
- .setSecretName("tls-keycloak-secret")
- .build();
- GetServerCertificateResponse response = clusterManagementClient.getCustosServerCertificate(getServerCertificateRequest);
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- InputStream targetStream = new ByteArrayInputStream(response.getCertificate().getBytes());
- Certificate certs = cf.generateCertificate(targetStream);
- trustStore.load(null, null);
- trustStore.setCertificateEntry("custos", certs);
-
- } else {
- File trustStoreFile = new File(trustStorePath);
- InputStream is;
- if (trustStoreFile.exists()) {
- LOGGER.debug("Loading trust store file from path " + trustStorePath);
- is = new FileInputStream(trustStorePath);
- } else {
- LOGGER.debug("Trying to load trust store file form class path " + trustStorePath);
- is = SecurityUtil.class.getClassLoader().getResourceAsStream(trustStorePath);
- if (is != null) {
- LOGGER.debug("Trust store file was loaded form class path " + trustStorePath);
- }
+// if (profile.equals("staging") || profile.equals("production")) {
+// GetServerCertificateRequest getServerCertificateRequest = GetServerCertificateRequest
+// .newBuilder()
+// .setNamespace("keycloak")
+// .setSecretName("tls-keycloak-secret")
+// .build();
+// GetServerCertificateResponse response = clusterManagementClient.getCustosServerCertificate(getServerCertificateRequest);
+// CertificateFactory cf = CertificateFactory.getInstance("X.509");
+// InputStream targetStream = new ByteArrayInputStream(response.getCertificate().getBytes());
+// Certificate certs = cf.generateCertificate(targetStream);
+// trustStore.load(null, null);
+// trustStore.setCertificateEntry("custos", certs);
+//
+// } else {
+ File trustStoreFile = new File(trustStorePath);
+ InputStream is;
+ if (trustStoreFile.exists()) {
+ LOGGER.debug("Loading trust store file from path " + trustStorePath);
+ is = new FileInputStream(trustStorePath);
+ } else {
+ LOGGER.debug("Trying to load trust store file form class path " + trustStorePath);
+ is = SecurityUtil.class.getClassLoader().getResourceAsStream(trustStorePath);
+ if (is != null) {
+ LOGGER.debug("Trust store file was loaded form class path " + trustStorePath);
}
+ }
- if (is == null) {
- throw new RuntimeException("Could not find a trust store file in path " + trustStorePath);
- }
- char[] trustPassword = trustStorePassword.toCharArray();
- trustStore.load(is, trustPassword);
+ if (is == null) {
+ throw new RuntimeException("Could not find a trust store file in path " + trustStorePath);
}
+ char[] trustPassword = trustStorePassword.toCharArray();
+ trustStore.load(is, trustPassword);
+// }
// initialize a trust manager factory
TrustManagerFactory trustFactory =
diff --git a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/auth/KeycloakAuthClient.java b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/auth/KeycloakAuthClient.java
index bc973d97..6f1290ed 100644
--- a/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/auth/KeycloakAuthClient.java
+++ b/custos-federated-services-clients/src/main/java/org/apache/custos/federated/services/clients/keycloak/auth/KeycloakAuthClient.java
@@ -116,8 +116,7 @@ public class KeycloakAuthClient {
KeyStoreException, KeyManagementException, IOException {
try {
LOGGER.info("initializing security requirements");
- KeycloakUtils.initializeTrustStoreManager(trustStorePath, trustStorePassword,
- activeProfile, clusterManagementClient);
+ KeycloakUtils.initializeTrustStoreManager(trustStorePath, trustStorePassword);
} catch (Exception ex) {
LOGGER.error("Keycloak Authclient initialization failed " + ex.getMessage());
throw ex;