Skip to content

Commit

Permalink
cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrewazores
andrewazores committed Sep 26, 2024
1 parent 54f1ee3 commit bdc3efd
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 66 deletions.
42 changes: 0 additions & 42 deletions src/main/java/io/cryostat/agent/ConfigModule.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -115,12 +115,6 @@ public abstract class ConfigModule {
"cryostat.agent.webclient.tls.client-auth.key.pass-charset";
public static final String CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_PASS =
"cryostat.agent.webclient.tls.client-auth.key.pass";
public static final String CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS_FILE =
"cryostat.agent.webclient.tls.client-auth.keystore.pass.file";
public static final String CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS_CHARSET =
"cryostat.agent.webclient.tls.client-auth.keystore.pass-charset";
public static final String CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS =
"cryostat.agent.webclient.tls.client-auth.keystore.pass";
public static final String CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_TYPE =
"cryostat.agent.webclient.tls.client-auth.keystore.type";
public static final String CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_MANAGER_TYPE =
Expand Down Expand Up @@ -491,42 +485,6 @@ public static String provideCryostatAgentWebclientTlsClientAuthKeyPassCharset(Co
CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_PASS_CHARSET, String.class);
}

@Provides
@Singleton
@Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_PASS)
public static Optional<String> provideCryostatAgentWebclientTlsClientAuthKeyPass(
Config config) {
return config.getOptionalValue(
CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS, String.class);
}

@Provides
@Singleton
@Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS_FILE)
public static Optional<String> provideCryostatAgentWebclientTlsClientAuthKeystorePassFile(
Config config) {
return config.getOptionalValue(
CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS_FILE, String.class);
}

@Provides
@Singleton
@Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS_CHARSET)
public static String provideCryostatAgentWebclientTlsClientAuthKeystorePassCharset(
Config config) {
return config.getValue(
CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS_CHARSET, String.class);
}

@Provides
@Singleton
@Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS)
public static Optional<String> provideCryostatAgentWebclientTlsClientAuthKeystorePass(
Config config) {
return config.getOptionalValue(
CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS, String.class);
}

@Provides
@Singleton
@Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_TYPE)
Expand Down
37 changes: 18 additions & 19 deletions src/main/java/io/cryostat/agent/MainModule.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,12 +223,6 @@ public static SSLContext provideClientSslContext(
String clientAuthKeyEncoding,
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_TYPE)
String clientAuthKeystoreType,
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS)
Optional<String> clientAuthKeystorePass,
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS_FILE)
Optional<String> clientAuthKeystorePassFile,
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEYSTORE_PASS_CHARSET)
String clientAuthKeystorePassFileCharset,
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_PASS)
Optional<String> clientAuthKeyPass,
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_PASS_FILE)
Expand All @@ -239,13 +233,8 @@ public static SSLContext provideClientSslContext(
String clientAuthKeyManagerType) {
try {
KeyManager[] keyManagers = null;
if (clientAuthCertPath.isPresent()) {
if (clientAuthCertPath.isPresent() && clientAuthKeyPath.isPresent()) {
KeyStore ks = KeyStore.getInstance(clientAuthKeystoreType);
Optional<CharBuffer> keystorePass =
readPass(
clientAuthKeystorePass,
clientAuthKeystorePassFile,
clientAuthKeystorePassFileCharset);
Optional<CharBuffer> keyPass =
readPass(
clientAuthKeyPass,
Expand All @@ -260,7 +249,7 @@ public static SSLContext provideClientSslContext(
new BufferedInputStream(
new FileInputStream(
Path.of(clientAuthKeyPath.get()).toFile()))) {
ks.load(null, keystorePass.map(CharBuffer::array).orElse(null));
ks.load(null, null);
CertificateFactory certFactory =
CertificateFactory.getInstance(clientAuthCertType);
Certificate[] certChain =
Expand Down Expand Up @@ -295,13 +284,19 @@ public static SSLContext provideClientSslContext(
keyPass.map(CharBuffer::array).orElse(null),
certChain);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(clientAuthKeyManagerType);
kmf.init(ks, keystorePass.map(CharBuffer::array).orElse(null));
kmf.init(ks, null);
keyManagers = kmf.getKeyManagers();
} finally {
Arrays.fill(keyBytes, (byte) 0);
clearBuffer(keystorePass);
clearBuffer(keyPass);
}
} else if (clientAuthCertPath.isPresent() || clientAuthKeyPath.isPresent()) {
throw new IllegalArgumentException(
String.format(
"To use TLS client authentication, both the certificate (%s) and"
+ " private key (%s) properties must be set.",
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_CERT_PATH,
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_PATH));
}

X509TrustManager trustManager = null;
Expand Down Expand Up @@ -338,7 +333,7 @@ public X509Certificate[] getAcceptedIssuers() {
KeyStore ts = KeyStore.getInstance(truststoreType);
ts.load(null, null);
// initialize truststore with user provided path and pass
if (!truststorePath.isEmpty() && !truststorePass.isEmpty()) {
if (truststorePath.isPresent() && truststorePass.isPresent()) {
Charset charset = Charset.forName(passCharset);
CharsetDecoder decoder = charset.newDecoder();
ByteBuffer byteBuffer = ByteBuffer.wrap(truststorePass.get().get());
Expand All @@ -352,12 +347,16 @@ public X509Certificate[] getAcceptedIssuers() {
Arrays.fill(charBuffer.array(), '\0');
truststorePass.get().clear();
}
} else if (!truststorePath.isEmpty() || !truststorePass.isEmpty()) {
} else if (truststorePath.isPresent() || truststorePass.isPresent()) {
throw new IllegalArgumentException(
String.format(
"To import a truststore, provide both the path to the"
+ " truststore and the pass, or a path to a file containing"
+ " the pass"));
+ " truststore (%s) and the pass (%s), or a path to a file"
+ " containing the pass (%s)",
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PATH,
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS,
ConfigModule
.CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS_FILE));
}

// initialize truststore with user provided certs
Expand Down
5 changes: 0 additions & 5 deletions src/main/resources/META-INF/microprofile-config.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,7 @@ cryostat.agent.webclient.tls.client-auth.key.type=RSA
cryostat.agent.webclient.tls.client-auth.key.pass=
cryostat.agent.webclient.tls.client-auth.key.pass.file=
cryostat.agent.webclient.tls.client-auth.key.pass-charset=utf-8
cryostat.agent.webclient.tls.client-auth.keystore.path=
cryostat.agent.webclient.tls.client-auth.keystore.pass.file=
cryostat.agent.webclient.tls.client-auth.keystore.pass=
cryostat.agent.webclient.tls.client-auth.keystore.cert=
cryostat.agent.webclient.tls.client-auth.keystore.type=PKCS12
cryostat.agent.webclient.tls.client-auth.keystore.pass-charset=utf-8
cryostat.agent.webclient.tls.client-auth.key-manager.type=SunX509
cryostat.agent.webserver.host=0.0.0.0
cryostat.agent.webserver.port=9977
Expand Down

0 comments on commit bdc3efd

Please sign in to comment.