diff options
author | Kristian Aune <kkraune@users.noreply.github.com> | 2019-10-03 16:32:45 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-10-03 16:32:45 +0200 |
commit | c49935e9a413712f6eb0d0de921fedc5e89307cf (patch) | |
tree | 0b42051a3e74990a5ed875e8f97f0659be0543df | |
parent | 5df01bd67213f34a8ee8f2cceed3df094c981349 (diff) | |
parent | a0536ff31abbe4a2ea0a97c26927b94c0dfd44fb (diff) |
Merge pull request #10869 from vespa-engine/jvenstad/specify-cert-and-key-independently-for-dataplane-for-tests
Support aliases for key and cert independently, and WARN when nothing…
-rw-r--r-- | tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java | 48 |
1 files changed, 34 insertions, 14 deletions
diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java index c1cca56f1b9..c9640763ac8 100644 --- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java +++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java @@ -15,6 +15,7 @@ import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.time.Instant; import java.util.Optional; +import java.util.logging.Logger; import static ai.vespa.hosted.api.Properties.getNonBlankProperty; @@ -25,6 +26,8 @@ import static ai.vespa.hosted.api.Properties.getNonBlankProperty; */ public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthenticator { + private static final Logger logger = Logger.getLogger(EndpointAuthenticator.class.getName()); + /** Don't touch. */ public EndpointAuthenticator(@SuppressWarnings("unused") SystemName __) { } @@ -35,22 +38,39 @@ public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthen @Override public SSLContext sslContext() { try { + Path certificateFile = null; + Path privateKeyFile = null; Optional<String> credentialsRootProperty = getNonBlankProperty("vespa.test.credentials.root"); - if (credentialsRootProperty.isEmpty()) - return SSLContext.getDefault(); - - Path credentialsRoot = Path.of(credentialsRootProperty.get()); - Path certificateFile = credentialsRoot.resolve("cert"); - Path privateKeyFile = credentialsRoot.resolve("key"); - - X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile))); - if ( Instant.now().isBefore(certificate.getNotBefore().toInstant()) - || Instant.now().isAfter(certificate.getNotAfter().toInstant())) - throw new IllegalStateException("Certificate at '" + certificateFile + "' is valid between " + - certificate.getNotBefore() + " and " + certificate.getNotAfter() + " — not now."); + if (credentialsRootProperty.isPresent()) { + Path credentialsRoot = Path.of(credentialsRootProperty.get()); + certificateFile = credentialsRoot.resolve("cert"); + privateKeyFile = credentialsRoot.resolve("key"); + } + else { + Optional<String> certificateFileProperty = getNonBlankProperty("dataPlaneCertificateFile"); + if (certificateFileProperty.isPresent()) + certificateFile = Path.of(certificateFileProperty.get()); + Optional<String> privateKeyFileProperty = getNonBlankProperty("dataPlaneKeyFile"); + if (privateKeyFileProperty.isPresent()) + privateKeyFile = Path.of(privateKeyFileProperty.get()); + } + if (certificateFile != null && privateKeyFile != null) { + X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile))); + if ( Instant.now().isBefore(certificate.getNotBefore().toInstant()) + || Instant.now().isAfter(certificate.getNotAfter().toInstant())) + throw new IllegalStateException("Certificate at '" + certificateFile + "' is valid between " + + certificate.getNotBefore() + " and " + certificate.getNotAfter() + " — not now."); - PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyFile))); - return new SslContextBuilder().withKeyStore(privateKey, certificate).build(); + PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyFile))); + return new SslContextBuilder().withKeyStore(privateKey, certificate).build(); + } + logger.warning( "##################################################################################\n" + + "# Data plane key and/or certificate missing; please specify #\n" + + "# '-DdataPlaneCertificateFile=/path/to/certificate' and #\n" + + "# '-DdataPlaneKeyFile=/path/to/private_key. #\n" + + "# Trying the default SSLContext, but this will most likely cause HTTP error 401. #\n" + + "##################################################################################"); + return SSLContext.getDefault(); } catch (IOException e) { throw new UncheckedIOException(e); } |