Skip to content

Commit

Permalink
Separate out TLS requirement check, rename variable
Browse files Browse the repository at this point in the history
  • Loading branch information
Josh-Matsuoka committed Dec 20, 2024
1 parent 1694b6a commit 96f6c7f
Showing 1 changed file with 7 additions and 9 deletions.
16 changes: 7 additions & 9 deletions src/main/java/io/cryostat/agent/MainModule.java
Original file line number Diff line number Diff line change
Expand Up @@ -238,10 +238,10 @@ public static SSLContext provideClientSslContext(
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_MANAGER_TYPE)
String clientAuthKeyManagerType,
@Named(ConfigModule.CRYOSTAT_AGENT_BASEURI) URI baseUri,
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED) boolean tlsEnabled) {
@Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED) boolean tlsRequired) {
try {
KeyManager[] keyManagers = null;
if (clientAuthCertPath.isPresent() && clientAuthKeyPath.isPresent() && tlsEnabled) {
if (tlsRequired) {
if (!baseUri.getScheme().equals("https")) {
throw new IllegalArgumentException(
String.format(
Expand All @@ -250,6 +250,8 @@ public static SSLContext provideClientSslContext(
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED,
ConfigModule.CRYOSTAT_AGENT_BASEURI));
}
}
if (clientAuthCertPath.isPresent() && clientAuthKeyPath.isPresent()) {
KeyStore ks = KeyStore.getInstance(clientAuthKeystoreType);
Optional<CharBuffer> keystorePass =
readPass(
Expand Down Expand Up @@ -312,17 +314,13 @@ public static SSLContext provideClientSslContext(
clearBuffer(keystorePass);
clearBuffer(keyPass);
}
} else if (clientAuthCertPath.isPresent()
|| clientAuthKeyPath.isPresent()
|| tlsEnabled) {
} else if (clientAuthCertPath.isPresent() || clientAuthKeyPath.isPresent()) {
throw new IllegalArgumentException(
String.format(
"To use TLS client authentication, both the certificate (%s) and"
+ " private key (%s) properties must be set. The (%s) property"
+ " must be true as well.",
+ " private key (%s) properties must be set.",
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_CERT_PATH,
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_PATH,
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_REQUIRED));
ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_CLIENT_AUTH_KEY_PATH));
}

X509TrustManager trustManager = null;
Expand Down

0 comments on commit 96f6c7f

Please sign in to comment.