diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-07-02 15:21:04 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-07-03 15:15:56 +0200 |
commit | 11a5942edc867ef783568e0c5f43c571895232d1 (patch) | |
tree | c53cbe88817c179dec6ca2bfe3b3dd48e34d4419 | |
parent | 76f07e1fdafcda1bcf1c178b2fc8d32b30d9b681 (diff) |
Rename 'ReloadingTlsContext' -> 'ConfigFiledBasedTlsContext'
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java | 4 | ||||
-rw-r--r-- | jrt/src/com/yahoo/jrt/CryptoEngine.java | 4 | ||||
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/ConfigFiledBasedTlsContext.java (renamed from security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java) | 9 | ||||
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java | 2 | ||||
-rw-r--r-- | security-utils/src/test/java/com/yahoo/security/tls/ConfigFiledBasedTlsContextTest.java (renamed from security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java) | 4 |
5 files changed, 12 insertions, 11 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java index 0bbe6207294..a3c1c79fa76 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java @@ -3,7 +3,7 @@ package com.yahoo.jdisc.http.ssl.impl; import com.yahoo.component.AbstractComponent; import com.yahoo.jdisc.http.ssl.SslContextFactoryProvider; -import com.yahoo.security.tls.ReloadingTlsContext; +import com.yahoo.security.tls.ConfigFiledBasedTlsContext; import com.yahoo.security.tls.TlsContext; import com.yahoo.security.tls.TransportSecurityUtils; import org.eclipse.jetty.util.ssl.SslContextFactory; @@ -16,7 +16,7 @@ import org.eclipse.jetty.util.ssl.SslContextFactory; public class DefaultSslContextFactoryProvider extends AbstractComponent implements SslContextFactoryProvider { private final TlsContext tlsContext = TransportSecurityUtils.getConfigFile() - .map(configFile -> new ReloadingTlsContext(configFile, TransportSecurityUtils.getInsecureAuthorizationMode())) + .map(configFile -> new ConfigFiledBasedTlsContext(configFile, TransportSecurityUtils.getInsecureAuthorizationMode())) .orElse(null); @Override diff --git a/jrt/src/com/yahoo/jrt/CryptoEngine.java b/jrt/src/com/yahoo/jrt/CryptoEngine.java index 81bf10be187..16ebdf105fc 100644 --- a/jrt/src/com/yahoo/jrt/CryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/CryptoEngine.java @@ -4,7 +4,7 @@ package com.yahoo.jrt; import com.yahoo.security.tls.AuthorizationMode; import com.yahoo.security.tls.MixedMode; -import com.yahoo.security.tls.ReloadingTlsContext; +import com.yahoo.security.tls.ConfigFiledBasedTlsContext; import com.yahoo.security.tls.TlsContext; import com.yahoo.security.tls.TransportSecurityUtils; @@ -24,7 +24,7 @@ public interface CryptoEngine extends AutoCloseable { return new NullCryptoEngine(); } AuthorizationMode mode = TransportSecurityUtils.getInsecureAuthorizationMode(); - TlsContext tlsContext = new ReloadingTlsContext(TransportSecurityUtils.getConfigFile().get(), mode); + TlsContext tlsContext = new ConfigFiledBasedTlsContext(TransportSecurityUtils.getConfigFile().get(), mode); TlsCryptoEngine tlsCryptoEngine = new TlsCryptoEngine(tlsContext); MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(); switch (mixedMode) { diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFiledBasedTlsContext.java index 7e60abb2ee6..c30f92cec63 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ReloadingTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFiledBasedTlsContext.java @@ -31,20 +31,21 @@ import java.util.logging.Level; import java.util.logging.Logger; /** - * A {@link TlsContext} that regularly reloads the credentials referred to from the transport security options file. + * A {@link TlsContext} that uses the tls configuration specified in the transport security options file. + * The credentials are regularly reloaded to support short-lived certificates. * * @author bjorncs */ -public class ReloadingTlsContext implements TlsContext { +public class ConfigFiledBasedTlsContext implements TlsContext { private static final Duration UPDATE_PERIOD = Duration.ofHours(1); - private static final Logger log = Logger.getLogger(ReloadingTlsContext.class.getName()); + private static final Logger log = Logger.getLogger(ConfigFiledBasedTlsContext.class.getName()); private final TlsContext tlsContext; private final ScheduledExecutorService scheduler = Executors.newSingleThreadScheduledExecutor(new ReloaderThreadFactory()); - public ReloadingTlsContext(Path tlsOptionsConfigFile, AuthorizationMode mode) { + public ConfigFiledBasedTlsContext(Path tlsOptionsConfigFile, AuthorizationMode mode) { TransportSecurityOptions options = TransportSecurityOptions.fromJsonFile(tlsOptionsConfigFile); MutableX509TrustManager trustManager = new MutableX509TrustManager(); MutableX509KeyManager keyManager = new MutableX509KeyManager(); diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java index a4e508e0d2a..514a538f0f9 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java @@ -66,7 +66,7 @@ public class TransportSecurityUtils { public static Optional<TlsContext> createTlsContext() { return getConfigFile() - .map(configFile -> new ReloadingTlsContext(configFile, getInsecureAuthorizationMode())); + .map(configFile -> new ConfigFiledBasedTlsContext(configFile, getInsecureAuthorizationMode())); } private static Optional<String> getEnvironmentVariable(Map<String, String> environmentVariables, String variableName) { diff --git a/security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/ConfigFiledBasedTlsContextTest.java index bcdb0793348..5b0fcfc9d65 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/ConfigFiledBasedTlsContextTest.java @@ -26,7 +26,7 @@ import static org.assertj.core.api.Assertions.assertThat; /** * @author bjorncs */ -public class ReloadingTlsContextTest { +public class ConfigFiledBasedTlsContextTest { @Rule public TemporaryFolder tempDirectory = new TemporaryFolder(); @@ -55,7 +55,7 @@ public class ReloadingTlsContextTest { Path optionsFile = tempDirectory.newFile().toPath(); options.toJsonFile(optionsFile); - try (TlsContext tlsContext = new ReloadingTlsContext(optionsFile, AuthorizationMode.ENFORCE)) { + try (TlsContext tlsContext = new ConfigFiledBasedTlsContext(optionsFile, AuthorizationMode.ENFORCE)) { SSLEngine sslEngine = tlsContext.createSslEngine(); assertThat(sslEngine).isNotNull(); String[] enabledCiphers = sslEngine.getEnabledCipherSuites(); |