diff options
author | Morten Tokle <mortent@yahooinc.com> | 2023-06-07 11:29:07 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2023-06-07 11:29:07 +0200 |
commit | e8e31b8f7ff1a77a47a8e9cf1bb884123ca2469a (patch) | |
tree | 55ae69cceca99e955f455348dd18c46f97d8b4fb /config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | |
parent | 17680e5bd51252b282e011e4f9929653f78be016 (diff) |
Generate proxy certificate and inject in trust store
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java index 72d2927f910..5bf348e5bb5 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ssl/HostedSslConnectorFactory.java @@ -33,9 +33,9 @@ public class HostedSslConnectorFactory extends ConnectorFactory { public static HostedSslConnectorFactory withProvidedCertificate( String serverName, EndpointCertificateSecrets endpointCertificateSecrets, boolean enforceHandshakeClientAuth, Collection<String> tlsCiphersOverride, boolean enableProxyProtocolMixedMode, int port, - Duration endpointConnectionTtl) { - ConfiguredDirectSslProvider sslProvider = createConfiguredDirectSslProvider( - serverName, endpointCertificateSecrets, DEFAULT_HOSTED_TRUSTSTORE, /*tlsCaCertificates*/null, enforceHandshakeClientAuth); + Duration endpointConnectionTtl, boolean enableTokenSupport) { + CloudSslProvider sslProvider = createConfiguredDirectSslProvider( + serverName, endpointCertificateSecrets, DEFAULT_HOSTED_TRUSTSTORE, /*tlsCaCertificates*/null, enforceHandshakeClientAuth, enableTokenSupport); return new HostedSslConnectorFactory(sslProvider, false, enforceHandshakeClientAuth, tlsCiphersOverride, enableProxyProtocolMixedMode, port, endpointConnectionTtl); } @@ -46,9 +46,9 @@ public class HostedSslConnectorFactory extends ConnectorFactory { public static HostedSslConnectorFactory withProvidedCertificateAndTruststore( String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificates, Collection<String> tlsCiphersOverride, boolean enableProxyProtocolMixedMode, int port, - Duration endpointConnectionTtl) { - ConfiguredDirectSslProvider sslProvider = createConfiguredDirectSslProvider( - serverName, endpointCertificateSecrets, /*tlsCaCertificatesPath*/null, tlsCaCertificates, false); + Duration endpointConnectionTtl, boolean enableTokenSupport) { + CloudSslProvider sslProvider = createConfiguredDirectSslProvider( + serverName, endpointCertificateSecrets, /*tlsCaCertificatesPath*/null, tlsCaCertificates, false, enableTokenSupport); return new HostedSslConnectorFactory(sslProvider, true, false, tlsCiphersOverride, enableProxyProtocolMixedMode, port, endpointConnectionTtl); } @@ -74,16 +74,17 @@ public class HostedSslConnectorFactory extends ConnectorFactory { this.endpointConnectionTtl = endpointConnectionTtl; } - private static ConfiguredDirectSslProvider createConfiguredDirectSslProvider( - String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificatesPath, String tlsCaCertificates, boolean enforceHandshakeClientAuth) { + private static CloudSslProvider createConfiguredDirectSslProvider( + String serverName, EndpointCertificateSecrets endpointCertificateSecrets, String tlsCaCertificatesPath, String tlsCaCertificates, boolean enforceHandshakeClientAuth, boolean enableTokenSupport) { var clientAuthentication = enforceHandshakeClientAuth ? ClientAuth.Enum.NEED_AUTH : ClientAuth.Enum.WANT_AUTH; - return new ConfiguredDirectSslProvider( + return new CloudSslProvider( serverName, endpointCertificateSecrets.key(), endpointCertificateSecrets.certificate(), tlsCaCertificatesPath, tlsCaCertificates, - clientAuthentication); + clientAuthentication, + enableTokenSupport); } @Override |