Support custom SslKeyStoreConfigurator implementation in services.xml

author: Bjørn Christian Seime <bjorncs@oath.com> 2017-11-14 17:34:14 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2017-11-14 17:34:14 +0100
commit: eed46ca2384f088132d776fd88520ddf1a0b194f (patch)
tree: 23f44af7c72f6f3b0df7e22a27b5962f6e072dea /config-model
parent: 59f7db352ea4ef2dd6a96fe986a18b61f28211f7 (diff)
7 files changed, 56 insertions, 4 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/Container.java b/config-model/src/main/java/com/yahoo/vespa/model/container/Container.java
index 5915f0cea0b..8991bfa6215 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/Container.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/Container.java
@@ -201,7 +201,7 @@ public class Container extends AbstractService implements
     }
 
     private void initDefaultJettyConnector() {
-        defaultHttpServer.addConnector(new ConnectorFactory("SearchServer", getSearchPort(), null));
+        defaultHttpServer.addConnector(new ConnectorFactory("SearchServer", getSearchPort()));
     }
 
     private boolean hasDocproc() {
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java b/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java
index 91d5b7fe267..274fb290f03 100755
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/ContainerCluster.java
@@ -27,6 +27,7 @@ import com.yahoo.container.handler.ThreadPoolProvider;
 import com.yahoo.container.handler.ThreadpoolConfig;
 import com.yahoo.container.jdisc.ContainerMbusConfig;
 import com.yahoo.container.jdisc.JdiscBindingsConfig;
+import com.yahoo.container.jdisc.SslKeyStoreConfiguratorProvider;
 import com.yahoo.container.jdisc.config.HealthMonitorConfig;
 import com.yahoo.container.jdisc.config.MetricDefaultsConfig;
 import com.yahoo.container.jdisc.messagebus.MbusServerProvider;
@@ -221,6 +222,7 @@ public final class ContainerCluster
         addSimpleComponent(SIMPLE_LINGUISTICS_PROVIDER);
         addSimpleComponent("com.yahoo.container.jdisc.SecretStoreProvider");
         addSimpleComponent("com.yahoo.container.jdisc.CertificateStoreProvider");
+        addSimpleComponent(SslKeyStoreConfiguratorProvider.class.getName());
         addSimpleComponent("com.yahoo.container.jdisc.metric.MetricConsumerProviderProvider");
         addSimpleComponent("com.yahoo.container.jdisc.metric.MetricProvider");
         addSimpleComponent("com.yahoo.container.jdisc.metric.MetricUpdater");
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java
index 9d3d8b32ddb..abc2575bee5 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java
@@ -22,7 +22,14 @@ public class ConnectorFactory extends SimpleComponent implements ConnectorConfig
     private volatile int listenPort;
     private final Element legacyConfig;
 
-    public ConnectorFactory(final String name, final int listenPort, final Element legacyConfig) {
+    public ConnectorFactory(String name, int listenPort) {
+        this(name, listenPort, null, null);
+    }
+
+    public ConnectorFactory(final String name,
+                            final int listenPort,
+                            final Element legacyConfig,
+                            Element sslKeystoreConfigurator) {
         super(new ComponentModel(
                 new BundleInstantiationSpecification(new ComponentId(name),
                                                      fromString("com.yahoo.jdisc.http.server.jetty.ConnectorFactory"),
@@ -34,6 +41,13 @@ public class ConnectorFactory extends SimpleComponent implements ConnectorConfig
         this.name = name;
         this.listenPort = listenPort;
         this.legacyConfig = legacyConfig;
+        if (sslKeystoreConfigurator != null) {
+            String className = sslKeystoreConfigurator.getAttribute("class");
+            String bundleName = sslKeystoreConfigurator.getAttribute("bundle");
+            SimpleComponent sslKeyStoreConfiguratorComponent =
+                    new SimpleComponent(new ComponentModel(name, className, bundleName));
+            addChild(sslKeyStoreConfiguratorComponent);
+        }
     }
 
     @Override
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java
index 6271ff817bb..f2012a609a7 100644
--- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java
+++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java
@@ -33,6 +33,8 @@ public class JettyConnectorBuilder extends VespaDomBuilder.DomConfigProducerBuil
                 legacyServerConfig = null;
             }
         }
-        return new ConnectorFactory(name, port, legacyServerConfig);
+        Element sslKeystoreConfigurator = XML.getChild(serverSpec, "ssl-keystore-configurator");
+        return new ConnectorFactory(name, port, legacyServerConfig, sslKeystoreConfigurator);
     }
+
 }
diff --git a/config-model/src/main/resources/schema/containercluster.rnc b/config-model/src/main/resources/schema/containercluster.rnc
index af9b89b8553..d8df4e07f23 100644
--- a/config-model/src/main/resources/schema/containercluster.rnc
+++ b/config-model/src/main/resources/schema/containercluster.rnc
@@ -62,6 +62,7 @@ Filtering = element filtering {
 HttpServer =  element server {
     attribute port { xsd:nonNegativeInteger } &
     ComponentId &
+    element ssl-keystore-configurator { BundleSpec }? &
     GenericConfig*
 }
 
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java
index 4621b5ebe50..cc9a17c0bea 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java
@@ -3,13 +3,18 @@ package com.yahoo.vespa.model.container.xml;
 
 import com.yahoo.config.model.builder.xml.test.DomBuilderTest;
 import com.yahoo.container.ComponentsConfig;
+import com.yahoo.container.bundle.BundleInstantiationSpecification;
 import com.yahoo.container.jdisc.FilterBindingsProvider;
 import com.yahoo.jdisc.http.ConnectorConfig;
 import com.yahoo.vespa.model.container.ContainerCluster;
+import com.yahoo.vespa.model.container.component.SimpleComponent;
+import com.yahoo.vespa.model.container.http.ConnectorFactory;
 import com.yahoo.vespa.model.container.http.JettyHttpServer;
 import org.junit.Test;
 import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
 
+import java.io.IOException;
 import java.util.List;
 
 import static com.yahoo.jdisc.http.ConnectorConfig.Ssl.KeyStoreType;
@@ -182,6 +187,32 @@ public class JettyContainerModelBuilderTest extends ContainerModelBuilderTestBas
                 is(not(nullValue())));
     }
 
+    @Test
+    public void ssl_keystore_configurator_can_be_overriden() throws IOException, SAXException {
+        Element clusterElem = DomBuilderTest.parse(
+                "<jdisc id='default' version='1.0' jetty='true'>",
+                "  <http>",
+                "    <server port='9000' id='foo'>",
+                "      <ssl-keystore-configurator class='com.yahoo.MySslKeyStoreConfigurator' bundle='mybundle'/>",
+                "    </server>",
+                "    <server port='9001' id='bar'/>",
+                "  </http>",
+                nodesXml,
+                "</jdisc>");
+        createModel(root, clusterElem);
+        ContainerCluster cluster = (ContainerCluster) root.getChildren().get("default");
+        List<ConnectorFactory> connectorFactories = cluster.getChildrenByTypeRecursive(ConnectorFactory.class);
+
+        ConnectorFactory firstConnector = connectorFactories.get(0);
+        SimpleComponent sslKeystoreConfigurator = firstConnector.getChildrenByTypeRecursive(SimpleComponent.class).get(0);
+        BundleInstantiationSpecification spec = sslKeystoreConfigurator.model.bundleInstantiationSpec;
+        assertThat(spec.classId.toString(), is("com.yahoo.MySslKeyStoreConfigurator"));
+        assertThat(spec.bundle.toString(), is("mybundle"));
+
+        ConnectorFactory secondFactory = connectorFactories.get(1);
+        assertThat(secondFactory.getChildrenByTypeRecursive(SimpleComponent.class).size(), is(0));
+    }
+
     private void assertJettyServerInConfig() {
         ContainerCluster cluster = (ContainerCluster) root.getChildren().get("default");
         List<JettyHttpServer> jettyServers = cluster.getChildrenByTypeRecursive(JettyHttpServer.class);
diff --git a/config-model/src/test/schema-test-files/services.xml b/config-model/src/test/schema-test-files/services.xml
index 380ce7f5a3d..88983103616 100644
--- a/config-model/src/test/schema-test-files/services.xml
+++ b/config-model/src/test/schema-test-files/services.xml
@@ -111,7 +111,9 @@
         </request-chain>
       </filtering>
 
-      <server port="4080" id="myServer" />
+      <server port="4080" id="myServer">
+        <ssl-keystore-configurator class="com.yahoo.MySslKeyStoreConfigurator" bundle="mybundle" />
+      </server>
       <server port="4081" id="anotherServer">
         <config name="container.jdisc.config.http-server">
           <maxChunkSize>9999</maxChunkSize>
author	Bjørn Christian Seime <bjorncs@oath.com>	2017-11-14 17:34:14 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2017-11-14 17:34:14 +0100
commit	eed46ca2384f088132d776fd88520ddf1a0b194f (patch)
tree	23f44af7c72f6f3b0df7e22a27b5962f6e072dea /config-model
parent	59f7db352ea4ef2dd6a96fe986a18b61f28211f7 (diff)