diff options
author | bjormel <bjormel@yahooinc.com> | 2023-10-26 13:59:28 +0000 |
---|---|---|
committer | bjormel <bjormel@yahooinc.com> | 2023-10-26 13:59:28 +0000 |
commit | 567be9a1f6353cec41c23bfd1fcd46b4b2a4d2d7 (patch) | |
tree | 4664a743e166a5e11aee7b9acd70ad8ee2617612 /config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java | |
parent | e9058b555d4dfea2f6c872d9a677e8678b569569 (diff) | |
parent | bce3b8e926bf9da880172acbe1ba4b12d5e026d6 (diff) |
Merge branch 'master' into bjormel/aws-main-controllerbjormel/aws-main-controller
Diffstat (limited to 'config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java')
-rw-r--r-- | config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java index 1874b5fa19a..18020f5df5d 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilder.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.model.container.xml; import com.yahoo.component.ComponentId; @@ -574,7 +574,12 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { Reader reader = file.createReader(); String certPem = IOUtils.readAll(reader); reader.close(); - List<X509Certificate> x509Certificates = X509CertificateUtils.certificateListFromPem(certPem); + List<X509Certificate> x509Certificates; + try { + x509Certificates = X509CertificateUtils.certificateListFromPem(certPem); + } catch (IllegalArgumentException e) { + throw new IllegalArgumentException("File %s contains an invalid certificate".formatted(file.getPath().getRelative()), e); + } if (x509Certificates.isEmpty()) { throw new IllegalArgumentException("File %s does not contain any certificates.".formatted(file.getPath().getRelative())); } @@ -601,6 +606,11 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { var endpointCert = state.endpointCertificateSecrets().orElse(null); if (endpointCert != null) { builder.endpointCertificate(endpointCert); + Set<String> mtlsEndpointNames = state.getEndpoints().stream() + .filter(endpoint -> endpoint.authMethod() == ApplicationClusterEndpoint.AuthMethod.mtls) + .flatMap(endpoint -> endpoint.names().stream()) + .collect(Collectors.toSet()); + builder.knownServerNames(mtlsEndpointNames); boolean isPublic = state.zone().system().isPublic(); List<X509Certificate> clientCertificates = getClientCertificates(cluster); if (isPublic) { @@ -654,6 +664,7 @@ public class ContainerModelBuilder extends ConfigModelBuilder<ContainerModel> { .remoteAddressHeader("X-Forwarded-For") .remotePortHeader("X-Forwarded-Port") .clientAuth(SslClientAuth.NEED) + .knownServerNames(tokenEndpoints) .build(); server.addConnector(connector); |