Generate proxy certificate and inject in trust store

author: Morten Tokle <mortent@yahooinc.com> 2023-06-07 11:29:07 +0200
committer: Morten Tokle <mortent@yahooinc.com> 2023-06-07 11:29:07 +0200
commit: e8e31b8f7ff1a77a47a8e9cf1bb884123ca2469a (patch)
tree: 55ae69cceca99e955f455348dd18c46f97d8b4fb /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
parent: 17680e5bd51252b282e011e4f9929653f78be016 (diff)
1 files changed, 11 insertions, 10 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
index 72d2927f910..5bf348e5bb5 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
@@ -33,9 +33,9 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
     public static HostedSslConnectorFactory withProvidedCertificate(
             String serverName, EndpointCertificateSecrets endpointCertificateSecrets, boolean enforceHandshakeClientAuth,
             Collection<String> tlsCiphersOverride, boolean enableProxyProtocolMixedMode, int port,
-            Duration endpointConnectionTtl) {
-        ConfiguredDirectSslProvider sslProvider = createConfiguredDirectSslProvider(
-                serverName, endpointCertificateSecrets, DEFAULT_HOSTED_TRUSTSTORE, /*tlsCaCertificates*/null, enforceHandshakeClientAuth);
+            Duration endpointConnectionTtl, boolean enableTokenSupport) {
+        CloudSslProvider sslProvider = createConfiguredDirectSslProvider(
+                serverName, endpointCertificateSecrets, DEFAULT_HOSTED_TRUSTSTORE, /*tlsCaCertificates*/null, enforceHandshakeClientAuth, enableTokenSupport);
         return new HostedSslConnectorFactory(sslProvider, false, enforceHandshakeClientAuth, tlsCiphersOverride,
                                              enableProxyProtocolMixedMode, port, endpointConnectionTtl);
     }
@@ -46,9 +46,9 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
     public static HostedSslConnectorFactory withProvidedCertificateAndTruststore(
             String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificates,
             Collection<String> tlsCiphersOverride, boolean enableProxyProtocolMixedMode, int port,
-            Duration endpointConnectionTtl) {
-        ConfiguredDirectSslProvider sslProvider = createConfiguredDirectSslProvider(
-                serverName, endpointCertificateSecrets, /*tlsCaCertificatesPath*/null, tlsCaCertificates, false);
+            Duration endpointConnectionTtl, boolean enableTokenSupport) {
+        CloudSslProvider sslProvider = createConfiguredDirectSslProvider(
+                serverName, endpointCertificateSecrets, /*tlsCaCertificatesPath*/null, tlsCaCertificates, false, enableTokenSupport);
         return new HostedSslConnectorFactory(sslProvider, true, false, tlsCiphersOverride, enableProxyProtocolMixedMode,
                                              port, endpointConnectionTtl);
     }
@@ -74,16 +74,17 @@ public class HostedSslConnectorFactory extends ConnectorFactory {
         this.endpointConnectionTtl = endpointConnectionTtl;
     }
 
-    private static ConfiguredDirectSslProvider createConfiguredDirectSslProvider(
-            String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificatesPath, String tlsCaCertificates, boolean enforceHandshakeClientAuth) {
+    private static CloudSslProvider createConfiguredDirectSslProvider(
+            String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificatesPath, String tlsCaCertificates, boolean enforceHandshakeClientAuth, boolean enableTokenSupport) {
         var clientAuthentication = enforceHandshakeClientAuth ? ClientAuth.Enum.NEED_AUTH : ClientAuth.Enum.WANT_AUTH;
-        return new ConfiguredDirectSslProvider(
+        return new CloudSslProvider(
                 serverName,
                 endpointCertificateSecrets.key(),
                 endpointCertificateSecrets.certificate(),
                 tlsCaCertificatesPath,
                 tlsCaCertificates,
-                clientAuthentication);
+                clientAuthentication,
+                enableTokenSupport);
     }
 
     @Override
author	Morten Tokle <mortent@yahooinc.com>	2023-06-07 11:29:07 +0200
committer	Morten Tokle <mortent@yahooinc.com>	2023-06-07 11:29:07 +0200
commit	e8e31b8f7ff1a77a47a8e9cf1bb884123ca2469a (patch)
tree	55ae69cceca99e955f455348dd18c46f97d8b4fb /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java
parent	17680e5bd51252b282e011e4f9929653f78be016 (diff)