diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-01-14 17:26:36 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-01-16 10:35:40 +0100 |
commit | cf0cced3466d9facb79deba4e31a5ef962d57191 (patch) | |
tree | 6ab3e4d1e9166986c2fca4532d30b6cff429a83c /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | |
parent | c6aa2756b12e3a3c1f15329bd6883829b6d5a785 (diff) |
Always add container port 4443 in hosted Vespa
- Refactor HostedSslConnectorFactory constructors to expose static factory methods instead.
- Modify ContainerModelBuilder to always add hosted Vespa connector (based on presence of TlsSecrets).
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index d00ce3974fa..7a08a3c1a7b 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.model.container.http.ssl; import com.yahoo.config.model.api.TlsSecrets; import com.yahoo.jdisc.http.ConnectorConfig; import com.yahoo.jdisc.http.ConnectorConfig.Ssl.ClientAuth; +import com.yahoo.vespa.model.container.component.SimpleComponent; import com.yahoo.vespa.model.container.http.ConnectorFactory; import java.util.List; @@ -19,16 +20,33 @@ public class HostedSslConnectorFactory extends ConnectorFactory { private final boolean enforceClientAuth; - public HostedSslConnectorFactory(String serverName, TlsSecrets tlsSecrets) { - this(serverName, tlsSecrets, null, false); + /** + * Create connector factory that uses a certificate provided by the config-model / configserver. + */ + public static HostedSslConnectorFactory withProvidedCertificate(String serverName, TlsSecrets tlsSecrets) { + return new HostedSslConnectorFactory(createConfiguredDirectSslProvider(serverName, tlsSecrets, /*tlsCaCertificates*/null), false); } - public HostedSslConnectorFactory(String serverName, TlsSecrets tlsSecrets, String tlsCaCertificates, boolean enforceClientAuth) { - super("tls4443", 4443, createSslProvider(serverName, tlsSecrets, tlsCaCertificates)); + /** + * Create connector factory that uses a certificate provided by the config-model / configserver and a truststore configured by the application. + */ + public static HostedSslConnectorFactory withProvidedCertificateAndTruststore(String serverName, TlsSecrets tlsSecrets, String tlsCaCertificates) { + return new HostedSslConnectorFactory(createConfiguredDirectSslProvider(serverName, tlsSecrets, tlsCaCertificates), true); + } + + /** + * Create connector factory that uses the default certificate and truststore provided by Vespa (through Vespa-global TLS configuration). + */ + public static HostedSslConnectorFactory withDefaultCertificateAndTruststore(String serverName) { + return new HostedSslConnectorFactory(new DefaultSslProvider(serverName), true); + } + + private HostedSslConnectorFactory(SimpleComponent sslProviderComponent, boolean enforceClientAuth) { + super("tls4443", 4443, sslProviderComponent); this.enforceClientAuth = enforceClientAuth; } - private static ConfiguredDirectSslProvider createSslProvider( + private static ConfiguredDirectSslProvider createConfiguredDirectSslProvider( String serverName, TlsSecrets tlsSecrets, String tlsCaCertificates) { return new ConfiguredDirectSslProvider( serverName, |