diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-12-05 11:33:35 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-12-05 11:36:31 +0100 |
commit | 58a753db8860f939e417ad308460f6585ead5237 (patch) | |
tree | 6c8f8f0d7830b517bd477da50fa311a9302d24d2 /athenz-identity-provider-service/src/main | |
parent | 43e141e0567ae7eb67c0d7eeb9eb8177a59fab04 (diff) |
Load Athenz CA certificates to JDisc truststore
Diffstat (limited to 'athenz-identity-provider-service/src/main')
2 files changed, 7 insertions, 2 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslTrustStoreConfigurator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslTrustStoreConfigurator.java index 059c91aecd3..8c8b5de2a30 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslTrustStoreConfigurator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslTrustStoreConfigurator.java @@ -20,6 +20,7 @@ import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import java.io.FileInputStream; import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; @@ -35,7 +36,6 @@ import java.util.logging.Logger; /** * @author bjorncs */ -// TODO Add Athenz CA certificates to trust store public class AthenzSslTrustStoreConfigurator implements SslTrustStoreConfigurator { private static final Logger log = Logger.getLogger(AthenzSslTrustStoreConfigurator.class.getName()); @@ -64,7 +64,9 @@ public class AthenzSslTrustStoreConfigurator implements SslTrustStoreConfigurato X509Certificate selfSignedCertificate = createSelfSignedCertificate(keyPair, configserverConfig); log.log(LogLevel.FINE, "Generated self-signed certificate: " + selfSignedCertificate); KeyStore trustStore = KeyStore.getInstance("JKS"); - trustStore.load(null); + try (FileInputStream in = new FileInputStream(athenzProviderServiceConfig.athenzCaTrustStore())) { + trustStore.load(in, "changeit".toCharArray()); + } trustStore.setCertificateEntry("cfgselfsigned", selfSignedCertificate); return trustStore; } catch (Exception e) { diff --git a/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def b/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def index 13cc78b0bd0..21f2aea6ab0 100644 --- a/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def +++ b/athenz-identity-provider-service/src/main/resources/configdefinitions/athenz-provider-service.def @@ -21,3 +21,6 @@ ztsUrl string # Certificate DNS suffix certDnsSuffix string + +# Path to Athenz CA JKS trust store +athenzCaTrustStore string |