From 48d579cff95a39958383fcfc6269963fd3ac6ae8 Mon Sep 17 00:00:00 2001 From: Steve Hawkins Date: Mon, 15 May 2023 12:35:12 -0400 Subject: [PATCH] fix #5126: fallback to changeit only if null/empty does not work --- CHANGELOG.md | 2 +- .../io/fabric8/kubernetes/client/Config.java | 5 +- .../kubernetes/client/internal/CertUtils.java | 69 +++++++++---------- 3 files changed, 38 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 81a92fc4e73..8c7be0d9cb3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ #### Bugs * Fix #5125: TLS 1.3 only should be supported +* Fix #5126: fallback to changeit only if null/empty does not work * Fix #5145: [java-generator] handle `additionalProperties: true` emitting a field of type `AnyType` * Fix #5164: [java-generator] handle more special characters in field names @@ -2006,4 +2007,3 @@ like the delete of a custom resource. * Fixed issue of SecurityContextConstraints not working - https://github.com/fabric8io/kubernetes-client/pull/982 Note :- This got fixed by fixing model - https://github.com/fabric8io/kubernetes-model/pull/274 Dependencies Upgrade - diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java index ed42c383c1b..0337a7e02f2 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/Config.java @@ -43,6 +43,7 @@ import org.slf4j.LoggerFactory; import java.io.BufferedReader; +import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileReader; import java.io.IOException; @@ -957,8 +958,8 @@ public static String getKeyAlgorithm(String clientKeyFile, String clientKeyData) // Detect algorithm try { - InputStream keyInputStream = CertUtils.getInputStreamFromDataOrFile(clientKeyData, clientKeyFile); - if (keyInputStream != null) { + if (clientKeyData != null || clientKeyFile != null) { + ByteArrayInputStream keyInputStream = CertUtils.getInputStreamFromDataOrFile(clientKeyData, clientKeyFile); return getKeyAlgorithm(keyInputStream); } } catch (IOException exception) { diff --git a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java index 3bb1697727a..b3ec5ae2de0 100644 --- a/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java +++ b/kubernetes-client-api/src/main/java/io/fabric8/kubernetes/client/internal/CertUtils.java @@ -38,6 +38,7 @@ import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.Security; +import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; @@ -65,24 +66,14 @@ public static ByteArrayInputStream getInputStreamFromDataOrFile(String data, Str if (data != null) { return createInputStreamFromBase64EncodedString(data); } - if (file != null) { - return new ByteArrayInputStream(new String(Files.readAllBytes(Paths.get(file))).trim().getBytes()); - } - return null; + return new ByteArrayInputStream(new String(Files.readAllBytes(Paths.get(file))).trim().getBytes()); } public static KeyStore createTrustStore(String caCertData, String caCertFile, String trustStoreFile, String trustStorePassphrase) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { - try (ByteArrayInputStream pemInputStream = getInputStreamFromDataOrFile(caCertData, caCertFile)) { - return createTrustStore(pemInputStream, trustStoreFile, getTrustStorePassphrase(trustStorePassphrase)); - } - } - - private static char[] getTrustStorePassphrase(String trustStorePassphrase) { - if (Utils.isNullOrEmpty(trustStorePassphrase)) { - return System.getProperty(TRUST_STORE_PASSWORD_SYSTEM_PROPERTY, "changeit").toCharArray(); - } - return trustStorePassphrase.toCharArray(); + ByteArrayInputStream pemInputStream = getInputStreamFromDataOrFile(caCertData, caCertFile); + return createTrustStore(pemInputStream, trustStoreFile, + getPassphrase(TRUST_STORE_PASSWORD_SYSTEM_PROPERTY, trustStorePassphrase)); } private static KeyStore createTrustStore(ByteArrayInputStream pemInputStream, String trustStoreFile, @@ -233,21 +224,27 @@ private static void loadDefaultKeyStoreFile(KeyStore keyStore, char[] keyStorePa } private static boolean loadDefaultStoreFile(KeyStore keyStore, File fileToLoad, char[] passphrase) { - - String notLoadedMessage = "There is a problem with reading default keystore/truststore file %s with the passphrase %s " - + "- the file won't be loaded. The reason is: %s"; - - if (fileToLoad.exists() && fileToLoad.isFile() && fileToLoad.length() > 0) { - try { - try (FileInputStream fis = new FileInputStream(fileToLoad)) { - keyStore.load(fis, passphrase); - } + if (!fileToLoad.exists() || !fileToLoad.isFile() || fileToLoad.length() == 0) { + return false; + } + Exception ex = null; + try (FileInputStream fis = new FileInputStream(fileToLoad)) { + keyStore.load(fis, passphrase); + return true; + } catch (Exception e) { + ex = e; + } + // last chance, try changeit + if ((passphrase == null || passphrase.length == 0) && ex.getCause() instanceof UnrecoverableKeyException) { + try (FileInputStream fis1 = new FileInputStream(fileToLoad)) { + keyStore.load(fis1, passphrase); return true; - } catch (Exception e) { - String passphraseToPrint = passphrase != null ? String.valueOf(passphrase) : null; - LOG.info(String.format(notLoadedMessage, fileToLoad, passphraseToPrint, e.getMessage())); + } catch (Exception e1) { + // still no good } } + LOG.info("There is a problem with reading default keystore/truststore file {} " + + "- the file won't be loaded. The reason is: {}", fileToLoad, ex.getMessage()); return false; } @@ -255,18 +252,20 @@ public static KeyStore createKeyStore(String clientCertData, String clientCertFi String clientKeyFile, String clientKeyAlgo, String clientKeyPassphrase, String keyStoreFile, String keyStorePassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException { - try (InputStream certInputStream = getInputStreamFromDataOrFile(clientCertData, clientCertFile); - InputStream keyInputStream = getInputStreamFromDataOrFile(clientKeyData, clientKeyFile)) { - return createKeyStore(certInputStream, keyInputStream, clientKeyAlgo, clientKeyPassphrase.toCharArray(), - keyStoreFile, getKeyStorePassphrase(keyStorePassphrase)); - } + ByteArrayInputStream certInputStream = getInputStreamFromDataOrFile(clientCertData, clientCertFile); + ByteArrayInputStream keyInputStream = getInputStreamFromDataOrFile(clientKeyData, clientKeyFile); + return createKeyStore(certInputStream, keyInputStream, clientKeyAlgo, clientKeyPassphrase.toCharArray(), + keyStoreFile, getPassphrase(KEY_STORE_PASSWORD_SYSTEM_PROPERTY, keyStorePassphrase)); } - private static char[] getKeyStorePassphrase(String keyStorePassphrase) { - if (Utils.isNullOrEmpty(keyStorePassphrase)) { - return System.getProperty(KEY_STORE_PASSWORD_SYSTEM_PROPERTY, "changeit").toCharArray(); + private static char[] getPassphrase(String property, String passphrase) { + if (Utils.isNullOrEmpty(passphrase)) { + passphrase = System.getProperty(property, passphrase); + } + if (passphrase != null) { + return passphrase.toCharArray(); } - return keyStorePassphrase.toCharArray(); + return null; } // This method is inspired and partly taken over from