From 4de581ef86784ad52f8989e3876625c0b6b57aec Mon Sep 17 00:00:00 2001 From: Ming Wang Date: Wed, 21 Aug 2024 14:31:26 -0400 Subject: [PATCH] optional password --- .../java/io/cryostat/agent/ConfigModule.java | 47 ++++++++++++++----- .../java/io/cryostat/agent/MainModule.java | 8 +++- 2 files changed, 40 insertions(+), 15 deletions(-) diff --git a/src/main/java/io/cryostat/agent/ConfigModule.java b/src/main/java/io/cryostat/agent/ConfigModule.java index 6c63b446..e84efa04 100644 --- a/src/main/java/io/cryostat/agent/ConfigModule.java +++ b/src/main/java/io/cryostat/agent/ConfigModule.java @@ -33,7 +33,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.NoSuchElementException; import java.util.Optional; import java.util.UUID; import java.util.function.Predicate; @@ -276,23 +275,21 @@ public static Optional provideCryostatAgentWebclientTlsTruststorePath(Co @Provides @Singleton @Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS_FILE) - public static Optional provideCryostatAgentWebclientTlsTruststorePassFromFile( + public static Optional provideCryostatAgentWebclientTlsTruststorePassFromFile( Config config, @Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS_CHARSET) String passCharset) { Optional truststorePassFile = config.getOptionalValue( CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS_FILE, String.class); - Optional password = Optional.empty(); + if (truststorePassFile.isEmpty()) { + return Optional.empty(); + } try (FileInputStream passFile = new FileInputStream(truststorePassFile.get())) { - String pass = IOUtils.toString(passFile, Charset.forName(passCharset)); - pass = pass.substring(0, pass.length() - 1); - password = Optional.ofNullable(pass); - } catch (NoSuchElementException e) { - return password; + String pass = IOUtils.toString(passFile, Charset.forName(passCharset)).trim(); + return Optional.ofNullable(new ByteBuffer(pass, passCharset)); } catch (IOException e) { throw new RuntimeException(e); } - return password; } @Provides @@ -305,13 +302,16 @@ public static String provideCryostatAgentWebclientTlsTruststorePassCharset(Confi @Provides @Singleton @Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS) - public static Optional provideCryostatAgentWebclientTlsTruststorePass( + public static Optional provideCryostatAgentWebclientTlsTruststorePass( Config config, @Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS_FILE) - Optional truststorePass) { + Optional truststorePass) { Optional opt = config.getOptionalValue(CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS, String.class); - return opt.or(() -> truststorePass); + if (opt.isEmpty()) { + return truststorePass; + } + return Optional.ofNullable(new ByteBuffer(opt.get(), "utf-8")); } @Provides @@ -326,7 +326,8 @@ public static String provideCryostatAgentWebclientTlsTruststoreType(Config confi @Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERTS) public static List provideCryostatAgentWecblientTlsTruststoreCerts( Config config, - @Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS) Optional truststorePass, + @Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS) + Optional truststorePass, @Named(CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PATH) Optional truststorePath) { Map truststoreBuilders = new HashMap<>(); List truststoreConfigs = new ArrayList<>(); @@ -709,4 +710,24 @@ public static URIRange fromString(String s) { return SITE_LOCAL; } } + + public static class ByteBuffer { + private final byte[] buf; + + public ByteBuffer(int len) { + this.buf = new byte[len]; + } + + public ByteBuffer(String s, String charset) { + this.buf = Arrays.copyOf(s.getBytes(Charset.forName(charset)), s.length()); + } + + public String get(String charset) { + return new String(this.buf, Charset.forName(charset)); + } + + public void clear() { + Arrays.fill(this.buf, (byte) 0); + } + } } diff --git a/src/main/java/io/cryostat/agent/MainModule.java b/src/main/java/io/cryostat/agent/MainModule.java index 8b528548..42b3a717 100644 --- a/src/main/java/io/cryostat/agent/MainModule.java +++ b/src/main/java/io/cryostat/agent/MainModule.java @@ -49,6 +49,7 @@ import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; +import io.cryostat.agent.ConfigModule.ByteBuffer; import io.cryostat.agent.harvest.HarvestModule; import io.cryostat.agent.remote.RemoteContext; import io.cryostat.agent.remote.RemoteModule; @@ -135,7 +136,9 @@ public static SSLContext provideClientSslContext( @Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PATH) Optional truststorePath, @Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS) - Optional truststorePass, + Optional truststorePass, + @Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_PASS_CHARSET) + String passCharset, @Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_TYPE) String truststoreType, @Named(ConfigModule.CRYOSTAT_AGENT_WEBCLIENT_TLS_TRUSTSTORE_CERTS) List truststoreCerts) { @@ -187,7 +190,8 @@ public X509Certificate[] getAcceptedIssuers() { // initialize truststore with user provided path and pass if (!truststorePath.isEmpty() && !truststorePass.isEmpty()) { try (InputStream truststore = new FileInputStream(truststorePath.get())) { - ts.load(truststore, truststorePass.get().toCharArray()); + ts.load(truststore, truststorePass.get().get(passCharset).toCharArray()); + truststorePass.get().clear(); } catch (IOException e) { throw new RuntimeException(e); }