diff options
author | HÃ¥kon Hallingstad <hakon.hallingstad@gmail.com> | 2022-09-26 11:59:26 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-26 11:59:26 +0200 |
commit | 80cb64862e355c1545d4fbac7fbbb362fe967b25 (patch) | |
tree | fb41017c649015bf71353e229673a525db41e7a0 | |
parent | 1c1ec5121a89c63a49ece4f1e8e84af1149c0c29 (diff) | |
parent | 550b73945237931ec726848ab7e65f9c9b933ced (diff) |
Merge pull request #24201 from vespa-engine/hakonhall/use-yahoo-certificate-bundle-against-zts-in-main
Trust store path is associated with ZTS
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index 9279442a345..70b9cc9cc16 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -63,8 +63,8 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { private static final String CONTAINER_SIA_DIRECTORY = "/var/lib/sia"; private final URI ztsEndpoint; - private final Path jksTrustStorePath; - private final Path pemTrustStorePath; + private final Path ztsTrustStoreJksPath; + private final Path ztsTrustStorePemPath; private final AthenzIdentity configserverIdentity; private final Clock clock; private final ServiceIdentityProvider hostIdentityProvider; @@ -76,16 +76,16 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { private final Map<ContainerName, Instant> lastRefreshAttempt = new ConcurrentHashMap<>(); public AthenzCredentialsMaintainer(URI ztsEndpoint, - Path jksTrustStorePath, - Path pemTrustStorePath, + Path ztsTrustStoreJksPath, + Path ztsTrustStorePemPath, ConfigServerInfo configServerInfo, String certificateDnsSuffix, ServiceIdentityProvider hostIdentityProvider, boolean useInternalZts, Clock clock) { this.ztsEndpoint = ztsEndpoint; - this.jksTrustStorePath = jksTrustStorePath; - this.pemTrustStorePath = pemTrustStorePath; + this.ztsTrustStoreJksPath = ztsTrustStoreJksPath; + this.ztsTrustStorePemPath = ztsTrustStorePemPath; this.configserverIdentity = configServerInfo.getConfigServerIdentity(); this.csrGenerator = new CsrGenerator(certificateDnsSuffix, configserverIdentity.getFullName()); this.hostIdentityProvider = hostIdentityProvider; @@ -212,10 +212,10 @@ public class AthenzCredentialsMaintainer implements CredentialsMaintainer { context.identity(), identityDocument.providerUniqueId(), identityDocument.ipAddresses(), keyPair); var sslContextBuilder = new SslContextBuilder().withKeyStore(privateKeyFile, certificateFile); - if (pemTrustStorePath != null) { - sslContextBuilder.withTrustStore(pemTrustStorePath); + if (ztsTrustStorePemPath != null) { + sslContextBuilder.withTrustStore(ztsTrustStorePemPath); } else { - sslContextBuilder.withTrustStore(jksTrustStorePath, KeyStoreType.JKS); + sslContextBuilder.withTrustStore(ztsTrustStoreJksPath, KeyStoreType.JKS); } SSLContext containerIdentitySslContext = sslContextBuilder.build(); |