diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-01-30 12:35:01 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-30 12:35:01 +0100 |
commit | 08b55bd6f23e3dccf896febf8de24db273f2b0e8 (patch) | |
tree | 33b94fc7fcff369c2224caad694a6f327a8d1a3c | |
parent | 249a7ed614590fb95ba34925e310e00b3815d875 (diff) | |
parent | f3ca4b5e328de165bc13e912dc0dedf20b61090d (diff) |
Merge pull request #4811 from vespa-engine/freva/use-AthenzSslContextBuilder
Use AthenzSslContextBuilder in node-admin
2 files changed, 7 insertions, 37 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java index 010fd99f124..850161d9801 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java @@ -6,6 +6,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.yahoo.concurrent.ThreadFactoryFactory; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier; +import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder; import org.apache.http.HttpHeaders; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpDelete; @@ -17,15 +18,12 @@ import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.entity.StringEntity; -import org.apache.http.ssl.SSLContextBuilder; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URI; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; import java.time.Duration; import java.util.ArrayList; import java.util.Collection; @@ -197,24 +195,11 @@ public class ConfigServerHttpRequestExecutor implements AutoCloseable { } } - private static SSLContext makeSslContext(Optional<KeyStoreOptions> keyStoreOptions, Optional<KeyStoreOptions> trustStoreOptions) - throws KeyManagementException, NoSuchAlgorithmException { - SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); - keyStoreOptions.ifPresent(options -> { - try { - sslContextBuilder.loadKeyMaterial(options.getKeyStore(), options.password); - } catch (Exception e) { - throw new RuntimeException(e); - } - }); - - trustStoreOptions.ifPresent(options -> { - try { - sslContextBuilder.loadTrustMaterial(options.getKeyStore(), null); - } catch (Exception e) { - throw new RuntimeException(e); - } - }); + private static SSLContext makeSslContext(Optional<KeyStoreOptions> keyStoreOptions, Optional<KeyStoreOptions> trustStoreOptions) { + AthenzSslContextBuilder sslContextBuilder = new AthenzSslContextBuilder(); + trustStoreOptions.ifPresent(options -> sslContextBuilder.withTrustStore(options.path.toFile(), options.type)); + keyStoreOptions.ifPresent(options -> + sslContextBuilder.withKeyStore(options.path.toFile(), options.password, options.type)); return sslContextBuilder.build(); } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/KeyStoreOptions.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/KeyStoreOptions.java index 84db5840909..643abde101b 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/KeyStoreOptions.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/KeyStoreOptions.java @@ -1,15 +1,9 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.node.admin.util; -import java.io.FileInputStream; -import java.io.IOException; import java.nio.file.Path; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -class KeyStoreOptions { +public class KeyStoreOptions { public final Path path; public final char[] password; public final String type; @@ -19,13 +13,4 @@ class KeyStoreOptions { this.password = password; this.type = type; } - - public KeyStore getKeyStore() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException { - try (FileInputStream fis = new FileInputStream(path.toFile())) { - KeyStore keyStore = KeyStore.getInstance(type); - keyStore.load(fis, password); - - return keyStore; - } - } } |