fix fabric8io#5126: fallback to changeit only if null/empty does not …

…work

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 #### Bugs
 * Fix #5125: TLS 1.3 only should be supported
+* Fix #5126: fallback to changeit only if null/empty does not work
 * Fix #5145: [java-generator] handle `additionalProperties: true` emitting a field of type `AnyType`
 * Fix #5164: [java-generator] handle more special characters in field names
 
@@ -2006,4 +2007,3 @@ like the delete of a custom resource.
    * Fixed issue of SecurityContextConstraints not working - https://github.com/fabric8io/kubernetes-client/pull/982
      Note :- This got fixed by fixing model - https://github.com/fabric8io/kubernetes-model/pull/274
      Dependencies Upgrade
-

kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java

@@ -43,6 +43,7 @@
 import org.slf4j.LoggerFactory;
 
 import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileReader;
 import java.io.IOException;
@@ -957,8 +958,8 @@ public static String getKeyAlgorithm(String clientKeyFile, String clientKeyData)
 
     // Detect algorithm
     try {
-      InputStream keyInputStream = CertUtils.getInputStreamFromDataOrFile(clientKeyData, clientKeyFile);
-      if (keyInputStream != null) {
+      if (clientKeyData != null || clientKeyFile != null) {
+        ByteArrayInputStream keyInputStream = CertUtils.getInputStreamFromDataOrFile(clientKeyData, clientKeyFile);
         return getKeyAlgorithm(keyInputStream);
       }
     } catch (IOException exception) {

kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java

@@ -38,6 +38,7 @@
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.Security;
+import java.security.UnrecoverableKeyException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -65,24 +66,14 @@ public static ByteArrayInputStream getInputStreamFromDataOrFile(String data, Str
     if (data != null) {
       return createInputStreamFromBase64EncodedString(data);
     }
-    if (file != null) {
-      return new ByteArrayInputStream(new String(Files.readAllBytes(Paths.get(file))).trim().getBytes());
-    }
-    return null;
+    return new ByteArrayInputStream(new String(Files.readAllBytes(Paths.get(file))).trim().getBytes());
   }
 
   public static KeyStore createTrustStore(String caCertData, String caCertFile, String trustStoreFile,
       String trustStorePassphrase) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
-    try (ByteArrayInputStream pemInputStream = getInputStreamFromDataOrFile(caCertData, caCertFile)) {
-      return createTrustStore(pemInputStream, trustStoreFile, getTrustStorePassphrase(trustStorePassphrase));
-    }
-  }
-
-  private static char[] getTrustStorePassphrase(String trustStorePassphrase) {
-    if (Utils.isNullOrEmpty(trustStorePassphrase)) {
-      return System.getProperty(TRUST_STORE_PASSWORD_SYSTEM_PROPERTY, "changeit").toCharArray();
-    }
-    return trustStorePassphrase.toCharArray();
+    ByteArrayInputStream pemInputStream = getInputStreamFromDataOrFile(caCertData, caCertFile);
+    return createTrustStore(pemInputStream, trustStoreFile,
+        getPassphrase(TRUST_STORE_PASSWORD_SYSTEM_PROPERTY, trustStorePassphrase));
   }
 
   private static KeyStore createTrustStore(ByteArrayInputStream pemInputStream, String trustStoreFile,
@@ -233,40 +224,48 @@ private static void loadDefaultKeyStoreFile(KeyStore keyStore, char[] keyStorePa
   }
 
   private static boolean loadDefaultStoreFile(KeyStore keyStore, File fileToLoad, char[] passphrase) {
-
-    String notLoadedMessage = "There is a problem with reading default keystore/truststore file %s with the passphrase %s "
-        + "- the file won't be loaded. The reason is: %s";
-
-    if (fileToLoad.exists() && fileToLoad.isFile() && fileToLoad.length() > 0) {
-      try {
-        try (FileInputStream fis = new FileInputStream(fileToLoad)) {
-          keyStore.load(fis, passphrase);
-        }
+    if (!fileToLoad.exists() || !fileToLoad.isFile() || fileToLoad.length() == 0) {
+      return false;
+    }
+    Exception ex = null;
+    try (FileInputStream fis = new FileInputStream(fileToLoad)) {
+      keyStore.load(fis, passphrase);
+      return true;
+    } catch (Exception e) {
+      ex = e;
+    }
+    // last chance, try changeit
+    if ((passphrase == null || passphrase.length == 0) && ex.getCause() instanceof UnrecoverableKeyException) {
+      try (FileInputStream fis1 = new FileInputStream(fileToLoad)) {
+        keyStore.load(fis1, passphrase);
         return true;
-      } catch (Exception e) {
-        String passphraseToPrint = passphrase != null ? String.valueOf(passphrase) : null;
-        LOG.info(String.format(notLoadedMessage, fileToLoad, passphraseToPrint, e.getMessage()));
+      } catch (Exception e1) {
+        // still no good
       }
     }
+    LOG.info("There is a problem with reading default keystore/truststore file {} "
+        + "- the file won't be loaded. The reason is: {}", fileToLoad, ex.getMessage());
     return false;
   }
 
   public static KeyStore createKeyStore(String clientCertData, String clientCertFile, String clientKeyData,
       String clientKeyFile, String clientKeyAlgo, String clientKeyPassphrase, String keyStoreFile,
       String keyStorePassphrase)
       throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {
-    try (InputStream certInputStream = getInputStreamFromDataOrFile(clientCertData, clientCertFile);
-        InputStream keyInputStream = getInputStreamFromDataOrFile(clientKeyData, clientKeyFile)) {
-      return createKeyStore(certInputStream, keyInputStream, clientKeyAlgo, clientKeyPassphrase.toCharArray(),
-          keyStoreFile, getKeyStorePassphrase(keyStorePassphrase));
-    }
+    ByteArrayInputStream certInputStream = getInputStreamFromDataOrFile(clientCertData, clientCertFile);
+    ByteArrayInputStream keyInputStream = getInputStreamFromDataOrFile(clientKeyData, clientKeyFile);
+    return createKeyStore(certInputStream, keyInputStream, clientKeyAlgo, clientKeyPassphrase.toCharArray(),
+        keyStoreFile, getPassphrase(KEY_STORE_PASSWORD_SYSTEM_PROPERTY, keyStorePassphrase));
   }
 
-  private static char[] getKeyStorePassphrase(String keyStorePassphrase) {
-    if (Utils.isNullOrEmpty(keyStorePassphrase)) {
-      return System.getProperty(KEY_STORE_PASSWORD_SYSTEM_PROPERTY, "changeit").toCharArray();
+  private static char[] getPassphrase(String property, String passphrase) {
+    if (Utils.isNullOrEmpty(passphrase)) {
+      passphrase = System.getProperty(property, passphrase);
+    }
+    if (passphrase != null) {
+      return passphrase.toCharArray();
     }
-    return keyStorePassphrase.toCharArray();
+    return null;
   }
 
   // This method is inspired and partly taken over from