Merge pull request #4811 from vespa-engine/freva/use-AthenzSslContextBuilder

Use AthenzSslContextBuilder in node-admin
author: Bjørn Christian Seime <bjorn.christian@seime.no> 2018-01-30 12:35:01 +0100
committer: GitHub <noreply@github.com> 2018-01-30 12:35:01 +0100
commit: 08b55bd6f23e3dccf896febf8de24db273f2b0e8 (patch)
tree: 33b94fc7fcff369c2224caad694a6f327a8d1a3c
parent: 249a7ed614590fb95ba34925e310e00b3815d875 (diff)
parent: f3ca4b5e328de165bc13e912dc0dedf20b61090d (diff)
2 files changed, 7 insertions, 37 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java
index 010fd99f124..850161d9801 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java
@@ -6,6 +6,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.yahoo.concurrent.ThreadFactoryFactory;
 import com.yahoo.vespa.athenz.api.AthenzIdentity;
 import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier;
+import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder;
 import org.apache.http.HttpHeaders;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpDelete;
@@ -17,15 +18,12 @@ import org.apache.http.client.methods.HttpRequestBase;
 import org.apache.http.client.methods.HttpUriRequest;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.entity.StringEntity;
-import org.apache.http.ssl.SSLContextBuilder;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
 import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -197,24 +195,11 @@ public class ConfigServerHttpRequestExecutor implements AutoCloseable {
         }
     }
 
-    private static SSLContext makeSslContext(Optional<KeyStoreOptions> keyStoreOptions, Optional<KeyStoreOptions> trustStoreOptions)
-            throws KeyManagementException, NoSuchAlgorithmException {
-        SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
-        keyStoreOptions.ifPresent(options -> {
-            try {
-                sslContextBuilder.loadKeyMaterial(options.getKeyStore(), options.password);
-            } catch (Exception e) {
-                throw new RuntimeException(e);
-            }
-        });
-
-        trustStoreOptions.ifPresent(options -> {
-            try {
-                sslContextBuilder.loadTrustMaterial(options.getKeyStore(), null);
-            } catch (Exception e) {
-                throw new RuntimeException(e);
-            }
-        });
+    private static SSLContext makeSslContext(Optional<KeyStoreOptions> keyStoreOptions, Optional<KeyStoreOptions> trustStoreOptions) {
+        AthenzSslContextBuilder sslContextBuilder = new AthenzSslContextBuilder();
+        trustStoreOptions.ifPresent(options -> sslContextBuilder.withTrustStore(options.path.toFile(), options.type));
+        keyStoreOptions.ifPresent(options ->
+                sslContextBuilder.withKeyStore(options.path.toFile(), options.password, options.type));
 
         return sslContextBuilder.build();
     }
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/KeyStoreOptions.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/KeyStoreOptions.java
index 84db5840909..643abde101b 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/KeyStoreOptions.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/KeyStoreOptions.java
@@ -1,15 +1,9 @@
 // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.node.admin.util;
 
-import java.io.FileInputStream;
-import java.io.IOException;
 import java.nio.file.Path;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
 
-class KeyStoreOptions {
+public class KeyStoreOptions {
     public final Path path;
     public final char[] password;
     public final String type;
@@ -19,13 +13,4 @@ class KeyStoreOptions {
         this.password = password;
         this.type = type;
     }
-
-    public KeyStore getKeyStore() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
-        try (FileInputStream fis = new FileInputStream(path.toFile())) {
-            KeyStore keyStore = KeyStore.getInstance(type);
-            keyStore.load(fis, password);
-
-            return keyStore;
-        }
-    }
 }
author	Bjørn Christian Seime <bjorn.christian@seime.no>	2018-01-30 12:35:01 +0100
committer	GitHub <noreply@github.com>	2018-01-30 12:35:01 +0100
commit	08b55bd6f23e3dccf896febf8de24db273f2b0e8 (patch)
tree	33b94fc7fcff369c2224caad694a6f327a8d1a3c
parent	249a7ed614590fb95ba34925e310e00b3815d875 (diff)
parent	f3ca4b5e328de165bc13e912dc0dedf20b61090d (diff)