Update test and clean up

author: jonmv <venstad@gmail.com> 2022-11-03 18:38:44 +0100
committer: jonmv <venstad@gmail.com> 2022-11-03 18:38:44 +0100
commit: f571f9c77b811275a923528890455e20c1d53628 (patch)
tree: b534063942b82f5ea7a0c15a43deb7cd99096dad
parent: ca439b0dcb570d8eda73f1177dcef31f647e287f (diff)
3 files changed, 14 insertions, 21 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackage.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackage.java
index f0c278c51cf..53c78d7c8ec 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackage.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackage.java
@@ -59,9 +59,7 @@ import static java.util.stream.Collectors.toMap;
  * A representation of the content of an application package.
  * Only meta-data content can be accessed as anything other than compressed data.
  * A package is identified by a hash of the content.
- * 
- * This is immutable.
- * 
+ *
  * @author bratseth
  * @author jonmv
  */
@@ -124,17 +122,6 @@ public class ApplicationPackage {
         preProcessAndPopulateCache();
     }
 
-    /** Returns a copy of this with the given certificate appended. */
-    public ApplicationPackage withTrustedCertificate(X509Certificate certificate) {
-        List<X509Certificate> trustedCertificates = new ArrayList<>(this.trustedCertificates);
-        trustedCertificates.add(certificate);
-        byte[] certificatesBytes = X509CertificateUtils.toPem(trustedCertificates).getBytes(UTF_8);
-
-        ByteArrayOutputStream modified = new ByteArrayOutputStream(zippedContent.length + certificatesBytes.length);
-        ZipEntries.transferAndWrite(modified, new ByteArrayInputStream(zippedContent), trustedCertificatesFile, certificatesBytes);
-        return new ApplicationPackage(modified.toByteArray());
-    }
-
     /** Hash of all files and settings that influence what is deployed to config servers. */
     public String bundleHash() {
         return bundleHash;
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageStream.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageStream.java
index 4bdba3f2864..3288759b174 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageStream.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageStream.java
@@ -9,6 +9,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.UncheckedIOException;
 import java.security.cert.X509Certificate;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -20,6 +21,7 @@ import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
 import java.util.zip.ZipOutputStream;
 
+import static com.yahoo.security.X509CertificateUtils.certificateListFromPem;
 import static java.io.OutputStream.nullOutputStream;
 import static java.lang.Math.min;
 import static java.nio.charset.StandardCharsets.UTF_8;
@@ -52,9 +54,10 @@ public class ApplicationPackageStream {
                           .orElse(Replacer.of(Map.of()));
     }
 
-    static InputStream append(InputStream trustBytes, X509Certificate cert) {
+    static InputStream append(InputStream trustIn, X509Certificate cert) {
         try {
-            List<X509Certificate> trusted = X509CertificateUtils.certificateListFromPem(new String(trustBytes.readAllBytes(), UTF_8));
+            List<X509Certificate> trusted = trustIn == null ? new ArrayList<>()
+                                                            : new ArrayList<>(certificateListFromPem(new String(trustIn.readAllBytes(), UTF_8)));
             trusted.add(cert);
             return new ByteArrayInputStream(X509CertificateUtils.toPem(trusted).getBytes(UTF_8));
         }
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageTest.java
index 7b951889a44..609b7abf5f0 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/application/pkg/ApplicationPackageTest.java
@@ -24,12 +24,14 @@ import java.security.cert.X509Certificate;
 import java.time.Instant;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.function.Predicate;
 import java.util.function.UnaryOperator;
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
 
 import static com.yahoo.vespa.hosted.controller.application.pkg.ApplicationPackage.filesZip;
+import static com.yahoo.vespa.hosted.controller.application.pkg.ApplicationPackageStream.addingCertificate;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -170,8 +172,8 @@ public class ApplicationPackageTest {
     }
 
     @Test
-    void test_replacement() {
-        ApplicationPackage applicationPackage = new ApplicationPackage(new byte[0]);
+    void test_replacement() throws IOException {
+        byte[] zip = zip(Map.of());
         List<X509Certificate> certificates = IntStream.range(0, 3)
                                                       .mapToObj(i -> {
                                                           KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256);
@@ -185,10 +187,11 @@ public class ApplicationPackageTest {
                                                                                        .build();
                                                       }).toList();
 
-        assertEquals(List.of(), applicationPackage.trustedCertificates());
+        assertEquals(List.of(), new ApplicationPackage(zip).trustedCertificates());
         for (int i = 0; i < certificates.size(); i++) {
-            applicationPackage = applicationPackage.withTrustedCertificate(certificates.get(i));
-            assertEquals(certificates.subList(0, i + 1), applicationPackage.trustedCertificates());
+            InputStream in = new ByteArrayInputStream(zip);
+            zip = new ApplicationPackageStream(() -> in, __ -> false, addingCertificate(Optional.of(certificates.get(i)))).zipStream().readAllBytes();
+            assertEquals(certificates.subList(0, i + 1), new ApplicationPackage(zip).trustedCertificates());
         }
     }
author	jonmv <venstad@gmail.com>	2022-11-03 18:38:44 +0100
committer	jonmv <venstad@gmail.com>	2022-11-03 18:38:44 +0100
commit	f571f9c77b811275a923528890455e20c1d53628 (patch)
tree	b534063942b82f5ea7a0c15a43deb7cd99096dad
parent	ca439b0dcb570d8eda73f1177dcef31f647e287f (diff)