diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2017-11-29 14:34:04 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-29 14:34:04 +0100 |
commit | 7b91729fda17a57f768b4e73aeee4765a99bf07d (patch) | |
tree | 3b1359a008666b228e27e6368742e2992f353d2e /config-model | |
parent | f4bace7c470cca2db836c8039dc42154e87ee5f0 (diff) | |
parent | 5a24610fab32f9df42f3fec475ea72cd67ae9d49 (diff) |
Merge pull request #4299 from vespa-engine/bjorncs/ssl-truststore-configurator
Bjorncs/ssl truststore configurator
Diffstat (limited to 'config-model')
5 files changed, 75 insertions, 32 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java index 22c42056b3f..33f5edded3c 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java @@ -5,6 +5,7 @@ import com.yahoo.component.ComponentId; import com.yahoo.container.bundle.BundleInstantiationSpecification; import com.yahoo.jdisc.http.ConnectorConfig; import com.yahoo.jdisc.http.ssl.DefaultSslKeyStoreConfigurator; +import com.yahoo.jdisc.http.ssl.DefaultSslTrustStoreConfigurator; import com.yahoo.osgi.provider.model.ComponentModel; import com.yahoo.text.XML; import com.yahoo.vespa.model.container.component.SimpleComponent; @@ -24,10 +25,14 @@ public class ConnectorFactory extends SimpleComponent implements ConnectorConfig private final Element legacyConfig; public ConnectorFactory(String name, int listenPort) { - this(name, listenPort, null, null); + this(name, listenPort, null, null, null); } - public ConnectorFactory(String name, int listenPort, Element legacyConfig, Element sslKeystoreConfigurator) { + public ConnectorFactory(String name, + int listenPort, + Element legacyConfig, + Element sslKeystoreConfigurator, + Element sslTruststoreConfigurator) { super(new ComponentModel( new BundleInstantiationSpecification(new ComponentId(name), fromString("com.yahoo.jdisc.http.server.jetty.ConnectorFactory"), @@ -35,9 +40,8 @@ public class ConnectorFactory extends SimpleComponent implements ConnectorConfig this.name = name; this.listenPort = listenPort; this.legacyConfig = legacyConfig; - SimpleComponent sslKeyStoreConfigurator = getSslKeyStoreConfigurator(name, sslKeystoreConfigurator); - addChild(sslKeyStoreConfigurator); - inject(sslKeyStoreConfigurator); + addSslKeyStoreConfigurator(name, sslKeystoreConfigurator); + addSslTrustStoreConfigurator(name, sslTruststoreConfigurator); } @Override @@ -149,16 +153,30 @@ public class ConnectorFactory extends SimpleComponent implements ConnectorConfig } } - private static SimpleComponent getSslKeyStoreConfigurator(String name, Element sslKeystoreConfigurator) { - String idSpec = "ssl-keystore-configurator@" + name; - if (sslKeystoreConfigurator != null) { - String className = sslKeystoreConfigurator.getAttribute("class"); - String bundleName = sslKeystoreConfigurator.getAttribute("bundle"); - return new SimpleComponent(new ComponentModel(idSpec, className, bundleName)); + private void addSslKeyStoreConfigurator(String name, Element sslKeystoreConfigurator) { + addSslConfigurator("ssl-keystore-configurator@" + name, + DefaultSslKeyStoreConfigurator.class, + sslKeystoreConfigurator); + } + + private void addSslTrustStoreConfigurator(String name, Element sslKeystoreConfigurator) { + addSslConfigurator("ssl-truststore-configurator@" + name, + DefaultSslTrustStoreConfigurator.class, + sslKeystoreConfigurator); + } + + private void addSslConfigurator(String idSpec, Class<?> defaultImplementation, Element configuratorElement) { + SimpleComponent configuratorComponent; + if (configuratorElement != null) { + String className = configuratorElement.getAttribute("class"); + String bundleName = configuratorElement.getAttribute("bundle"); + configuratorComponent = new SimpleComponent(new ComponentModel(idSpec, className, bundleName)); } else { - return new SimpleComponent( - new ComponentModel(idSpec, DefaultSslKeyStoreConfigurator.class.getName(), "jdisc_http_service")); + configuratorComponent = + new SimpleComponent(new ComponentModel(idSpec, defaultImplementation.getName(), "jdisc_http_service")); } + addChild(configuratorComponent); + inject(configuratorComponent); } } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java index f2012a609a7..f88c091cd37 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java @@ -12,8 +12,7 @@ import java.util.logging.Level; import java.util.logging.Logger; /** - * @author <a href="mailto:einarmr@yahoo-inc.com">Einar M R Rosenvinge</a> - * @since 5.21.0 + * @author Einar M R Rosenvinge */ public class JettyConnectorBuilder extends VespaDomBuilder.DomConfigProducerBuilder<ConnectorFactory> { private static final Logger log = Logger.getLogger(JettyConnectorBuilder.class.getName()); @@ -34,7 +33,8 @@ public class JettyConnectorBuilder extends VespaDomBuilder.DomConfigProducerBuil } } Element sslKeystoreConfigurator = XML.getChild(serverSpec, "ssl-keystore-configurator"); - return new ConnectorFactory(name, port, legacyServerConfig, sslKeystoreConfigurator); + Element sslTruststoreConfigurator = XML.getChild(serverSpec, "ssl-truststore-configurator"); + return new ConnectorFactory(name, port, legacyServerConfig, sslKeystoreConfigurator, sslTruststoreConfigurator); } } diff --git a/config-model/src/main/resources/schema/containercluster.rnc b/config-model/src/main/resources/schema/containercluster.rnc index 6a90bef7bb2..95ac198adc4 100644 --- a/config-model/src/main/resources/schema/containercluster.rnc +++ b/config-model/src/main/resources/schema/containercluster.rnc @@ -62,6 +62,7 @@ HttpServer = element server { attribute port { xsd:nonNegativeInteger } & ComponentId & element ssl-keystore-configurator { BundleSpec }? & # FOR INTERNAL USE ONLY - SUBJECT TO CHANGE + element ssl-truststore-configurator { BundleSpec }? & # FOR INTERNAL USE ONLY - SUBJECT TO CHANGE GenericConfig* } diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java index 1e24b055095..54c4aabf44c 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java @@ -7,6 +7,7 @@ import com.yahoo.container.bundle.BundleInstantiationSpecification; import com.yahoo.container.jdisc.FilterBindingsProvider; import com.yahoo.jdisc.http.ConnectorConfig; import com.yahoo.jdisc.http.ssl.DefaultSslKeyStoreConfigurator; +import com.yahoo.jdisc.http.ssl.DefaultSslTrustStoreConfigurator; import com.yahoo.vespa.model.container.ContainerCluster; import com.yahoo.vespa.model.container.component.SimpleComponent; import com.yahoo.vespa.model.container.http.ConnectorFactory; @@ -16,7 +17,9 @@ import org.w3c.dom.Element; import org.xml.sax.SAXException; import java.io.IOException; +import java.util.Arrays; import java.util.List; +import java.util.Set; import static com.yahoo.jdisc.http.ConnectorConfig.Ssl.KeyStoreType; import static org.hamcrest.CoreMatchers.equalTo; @@ -28,7 +31,6 @@ import static org.junit.Assert.assertThat; /** * @author einarmr - * @since 5.15 */ public class JettyContainerModelBuilderTest extends ContainerModelBuilderTestBase { @@ -190,12 +192,13 @@ public class JettyContainerModelBuilderTest extends ContainerModelBuilderTestBas } @Test - public void ssl_keystore_configurator_can_be_overriden() throws IOException, SAXException { + public void ssl_keystore_and_truststore_configurator_can_be_overriden() throws IOException, SAXException { Element clusterElem = DomBuilderTest.parse( "<jdisc id='default' version='1.0' jetty='true'>", " <http>", " <server port='9000' id='foo'>", " <ssl-keystore-configurator class='com.yahoo.MySslKeyStoreConfigurator' bundle='mybundle'/>", + " <ssl-truststore-configurator class='com.yahoo.MySslTrustStoreConfigurator' bundle='mybundle'/>", " </server>", " <server port='9001' id='bar'/>", " </http>", @@ -204,27 +207,47 @@ public class JettyContainerModelBuilderTest extends ContainerModelBuilderTestBas createModel(root, clusterElem); ContainerCluster cluster = (ContainerCluster) root.getChildren().get("default"); List<ConnectorFactory> connectorFactories = cluster.getChildrenByTypeRecursive(ConnectorFactory.class); - { ConnectorFactory firstConnector = connectorFactories.get(0); - assertThat(firstConnector.getInjectedComponentIds(), hasItem("ssl-keystore-configurator@foo")); - assertThat(firstConnector.getInjectedComponentIds().size(), equalTo(1)); - SimpleComponent sslKeystoreConfigurator = firstConnector.getChildrenByTypeRecursive(SimpleComponent.class).get(0); - BundleInstantiationSpecification spec = sslKeystoreConfigurator.model.bundleInstantiationSpec; - assertThat(spec.classId.toString(), is("com.yahoo.MySslKeyStoreConfigurator")); - assertThat(spec.bundle.toString(), is("mybundle")); + assertConnectorHasInjectedComponents(firstConnector, "ssl-keystore-configurator@foo", "ssl-truststore-configurator@foo"); + assertComponentHasClassNameAndBundle(getChildComponent(firstConnector, 0), + "com.yahoo.MySslKeyStoreConfigurator", + "mybundle"); + assertComponentHasClassNameAndBundle(getChildComponent(firstConnector, 1), + "com.yahoo.MySslTrustStoreConfigurator", + "mybundle"); } { - ConnectorFactory secondFactory = connectorFactories.get(1); - assertThat(secondFactory.getInjectedComponentIds(), hasItem("ssl-keystore-configurator@bar")); - assertThat(secondFactory.getInjectedComponentIds().size(), equalTo(1)); - SimpleComponent sslKeystoreConfigurator = secondFactory.getChildrenByTypeRecursive(SimpleComponent.class).get(0); - BundleInstantiationSpecification spec = sslKeystoreConfigurator.model.bundleInstantiationSpec; - assertThat(spec.classId.toString(), is(DefaultSslKeyStoreConfigurator.class.getName())); - assertThat(spec.bundle.toString(), is("jdisc_http_service")); + ConnectorFactory secondConnector = connectorFactories.get(1); + assertConnectorHasInjectedComponents(secondConnector, "ssl-keystore-configurator@bar", "ssl-truststore-configurator@bar"); + assertComponentHasClassNameAndBundle(getChildComponent(secondConnector, 0), + DefaultSslKeyStoreConfigurator.class.getName(), + "jdisc_http_service"); + assertComponentHasClassNameAndBundle(getChildComponent(secondConnector, 1), + DefaultSslTrustStoreConfigurator.class.getName(), + "jdisc_http_service"); } } + private static void assertConnectorHasInjectedComponents(ConnectorFactory connectorFactory, String... componentNames) { + Set<String> injectedComponentIds = connectorFactory.getInjectedComponentIds(); + assertThat(injectedComponentIds.size(), equalTo(componentNames.length)); + Arrays.stream(componentNames) + .forEach(name -> assertThat(injectedComponentIds, hasItem(name))); + } + + private static SimpleComponent getChildComponent(ConnectorFactory connectorFactory, int index) { + return connectorFactory.getChildrenByTypeRecursive(SimpleComponent.class).get(index); + } + + private static void assertComponentHasClassNameAndBundle(SimpleComponent simpleComponent, + String className, + String bundleName) { + BundleInstantiationSpecification spec = simpleComponent.model.bundleInstantiationSpec; + assertThat(spec.classId.toString(), is(className)); + assertThat(spec.bundle.toString(), is(bundleName)); + } + private void assertJettyServerInConfig() { ContainerCluster cluster = (ContainerCluster) root.getChildren().get("default"); List<JettyHttpServer> jettyServers = cluster.getChildrenByTypeRecursive(JettyHttpServer.class); diff --git a/config-model/src/test/schema-test-files/services.xml b/config-model/src/test/schema-test-files/services.xml index a02346193cc..af316c2e3a7 100644 --- a/config-model/src/test/schema-test-files/services.xml +++ b/config-model/src/test/schema-test-files/services.xml @@ -108,6 +108,7 @@ <server port="4080" id="myServer"> <ssl-keystore-configurator class="com.yahoo.MySslKeyStoreConfigurator" bundle="mybundle" /> + <ssl-truststore-configurator class="com.yahoo.MySslTrustStoreConfigurator" bundle="mybundle" /> </server> <server port="4081" id="anotherServer"> <config name="container.jdisc.config.http-server"> |