diff options
author | Valerij Fredriksen <valerijf@oath.com> | 2018-01-30 14:07:54 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-02-08 16:18:57 +0100 |
commit | 2bcdfcaf991b4029925383c33b03fa002ca08691 (patch) | |
tree | c44b435d95ea32d4e635d93d29aa56da028cf67a | |
parent | b9d9078e2aeeb0dce906f8c39b15537db9a7cf16 (diff) |
Use BouncyCastle provider
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java index 850161d9801..13bfc949533 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/util/ConfigServerHttpRequestExecutor.java @@ -18,12 +18,18 @@ import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.entity.StringEntity; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; +import java.io.FileInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URI; +import java.nio.file.Path; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.Security; import java.time.Duration; import java.util.ArrayList; import java.util.Collection; @@ -65,6 +71,8 @@ public class ConfigServerHttpRequestExecutor implements AutoCloseable { Optional<KeyStoreOptions> keyStoreOptions, Optional<KeyStoreOptions> trustStoreOptions, Optional<AthenzIdentity> athenzIdentity) { + Security.addProvider(new BouncyCastleProvider()); + Supplier<SelfCloseableHttpClient> clientSupplier = () -> createHttpClient(keyStoreOptions, trustStoreOptions, athenzIdentity); ConfigServerHttpRequestExecutor requestExecutor = new ConfigServerHttpRequestExecutor( randomizeConfigServerUris(configServerUris), clientSupplier.get()); @@ -198,8 +206,14 @@ public class ConfigServerHttpRequestExecutor implements AutoCloseable { private static SSLContext makeSslContext(Optional<KeyStoreOptions> keyStoreOptions, Optional<KeyStoreOptions> trustStoreOptions) { AthenzSslContextBuilder sslContextBuilder = new AthenzSslContextBuilder(); trustStoreOptions.ifPresent(options -> sslContextBuilder.withTrustStore(options.path.toFile(), options.type)); - keyStoreOptions.ifPresent(options -> - sslContextBuilder.withKeyStore(options.path.toFile(), options.password, options.type)); + keyStoreOptions.ifPresent(options -> { + try { + KeyStore keyStore = loadKeyStoreFromFileWithProvider(options.path, options.password, options.type, "BC"); + sslContextBuilder.withKeyStore(keyStore, options.password); + } catch (Exception e) { + throw new RuntimeException("Failed to read key store", e); + } + }); return sslContextBuilder.build(); } @@ -223,4 +237,13 @@ public class ConfigServerHttpRequestExecutor implements AutoCloseable { client.close(); } + + private static KeyStore loadKeyStoreFromFileWithProvider(Path path, char[] password, String keyStoreType, String provider) + throws IOException, GeneralSecurityException { + KeyStore keyStore = KeyStore.getInstance(keyStoreType, provider); + try (FileInputStream in = new FileInputStream(path.toFile())) { + keyStore.load(in, password); + } + return keyStore; + } } |