From ca7dd82a59bbd1aad5b7fcc9176108a868f59353 Mon Sep 17 00:00:00 2001
From: utkarsh-opsmx <utkarsh.shukla@opsmx.io>
Date: Tue, 11 Feb 2025 17:53:07 +0530
Subject: [PATCH] OP-23081: Removed cert usage for secure redis connection.
 (#505)

---
 .../spinnaker/gate/config/GateConfig.groovy   |  3 +-
 .../gate/config/GateWebConfig.groovy          |  1 -
 ...tionConfiguringJedisConnectionFactory.java | 46 -------------------
 3 files changed, 1 insertion(+), 49 deletions(-)

diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy
index 33130a4ac3..b7442984f2 100644
--- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy
+++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy
@@ -121,8 +121,7 @@ class GateConfig extends RedisHttpSessionConfiguration {
    */
   @Bean
   JedisPool jedis(@Value('${redis.connection:redis://localhost:6379}') String connection,
-                  @Value('${redis.timeout:2000}') int timeout,
-                  @Value('${redis.certificate_location:#{null}}') String certFilePath) {
+                  @Value('${redis.timeout:2000}') int timeout) {
     return new JedisPool(new URI(connection), timeout)
   }
 
diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateWebConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateWebConfig.groovy
index 000d2f4209..59d9b2db90 100644
--- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateWebConfig.groovy
+++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateWebConfig.groovy
@@ -48,7 +48,6 @@ import org.springframework.web.bind.annotation.ExceptionHandler
 import org.springframework.web.bind.annotation.ResponseBody
 import org.springframework.web.servlet.config.annotation.ContentNegotiationConfigurer
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry
-import org.springframework.web.servlet.config.annotation.PathMatchConfigurer
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector
diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/PostConnectionConfiguringJedisConnectionFactory.java b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/PostConnectionConfiguringJedisConnectionFactory.java
index bce5c691d6..2c63c01e6e 100644
--- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/PostConnectionConfiguringJedisConnectionFactory.java
+++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/PostConnectionConfiguringJedisConnectionFactory.java
@@ -1,16 +1,11 @@
 package com.netflix.spinnaker.gate.config;
 
 import com.google.common.base.Splitter;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 import java.net.URI;
-import java.security.KeyStore;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateFactory;
 import java.util.List;
 import java.util.Optional;
 import lombok.extern.slf4j.Slf4j;
@@ -47,13 +42,10 @@ public class PostConnectionConfiguringJedisConnectionFactory extends JedisConnec
 
   private volatile boolean ranConfigureRedisAction;
 
-  private String password = "keyStorePass";
-
   @Autowired
   public PostConnectionConfiguringJedisConnectionFactory(
       @Value("${redis.connection:redis://localhost:6379}") String connectionUri,
       @Value("${redis.timeout:2000}") int timeout,
-      @Value(value = "${redis.certificate_location:#{null}}") String certFilePath,
       @ConnectionPostProcessor Optional<ConfigureRedisAction> configureRedisAction)
       throws Exception {
 
@@ -74,44 +66,6 @@ public PostConnectionConfiguringJedisConnectionFactory(
 
     if (redisUri.getScheme().equals("rediss")) {
       setUseSsl(true);
-      String jksFilePath = "/opsmx/conf/redis-truststore.jks";
-      String alias = "redis-truststore"; // An alias to identify the certificate in the keystore
-      char[] password = this.password.toCharArray(); // Keystore password
-
-      FileInputStream certInputStream = null;
-      FileOutputStream jksOutputStream = null;
-
-      /**
-       * If SSL is used then below steps add the certificate necessary for connection to redis as a
-       * java keystore and then add java keystore file's path as a system property for use in
-       * connection.
-       */
-      try {
-        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
-        certInputStream = new FileInputStream(certFilePath);
-        Certificate certificate = certificateFactory.generateCertificate(certInputStream);
-
-        KeyStore keyStore = KeyStore.getInstance("JKS");
-        keyStore.load(null, password);
-        keyStore.setCertificateEntry(alias, certificate);
-        jksOutputStream = new FileOutputStream(jksFilePath);
-        keyStore.store(jksOutputStream, password);
-
-        log.info("Certificate has been added to the KeyStore successfully.");
-      } catch (Exception e) {
-        log.error("Error in creating jks file: ", e);
-        throw e;
-      } finally {
-        if (certInputStream != null) {
-          certInputStream.close();
-        }
-        if (jksOutputStream != null) {
-          jksOutputStream.close();
-        }
-      }
-
-      System.setProperty("javax.net.ssl.trustStore", jksFilePath);
-      System.setProperty("javax.net.ssl.trustStorePassword", this.password);
     }
   }