diff options
| author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-09-12 12:15:25 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-09-12 12:15:25 +0200 |
| commit | c65822c82b71dfbcd49fc403d3a503914e044de3 (patch) | |
| tree | d5693fd58bca2367ae053293e6e05717c209945d /config-model | |
| parent | 9f404a93ef9a986c1ef8afb2f05630d97f3dccf5 (diff) | |
| parent | 3ac0420f32e9841bd53705603ab7f9a67a8c8700 (diff) | |
Merge pull request #6920 from vespa-engine/bjorncs/ssl-cleanup
Remove SslKeyStoreConfigurator/SslTrustStoreConfigurator concept
Diffstat (limited to 'config-model')
5 files changed, 3 insertions, 110 deletions
diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java index 8bfd0b1e4da..1365eb43a30 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/ConnectorFactory.java @@ -4,16 +4,12 @@ package com.yahoo.vespa.model.container.http; import com.yahoo.component.ComponentId; import com.yahoo.container.bundle.BundleInstantiationSpecification; import com.yahoo.jdisc.http.ConnectorConfig; -import com.yahoo.jdisc.http.ssl.DefaultSslKeyStoreConfigurator; -import com.yahoo.jdisc.http.ssl.DefaultSslTrustStoreConfigurator; import com.yahoo.osgi.provider.model.ComponentModel; import com.yahoo.text.XML; import com.yahoo.vespa.model.container.component.SimpleComponent; import com.yahoo.vespa.model.container.http.ssl.DummySslProvider; import org.w3c.dom.Element; -import java.util.Optional; - import static com.yahoo.component.ComponentSpecification.fromString; import static com.yahoo.jdisc.http.ConnectorConfig.Ssl.KeyStoreType; @@ -29,14 +25,12 @@ public class ConnectorFactory extends SimpleComponent implements ConnectorConfig private final Element legacyConfig; public ConnectorFactory(String name, int listenPort) { - this(name, listenPort, null, null, null, new DummySslProvider(name)); + this(name, listenPort, null, new DummySslProvider(name)); } public ConnectorFactory(String name, int listenPort, Element legacyConfig, - Element sslKeystoreConfigurator, - Element sslTruststoreConfigurator, SimpleComponent sslProviderComponent) { super(new ComponentModel( new BundleInstantiationSpecification(new ComponentId(name), @@ -47,8 +41,6 @@ public class ConnectorFactory extends SimpleComponent implements ConnectorConfig this.legacyConfig = legacyConfig; addChild(sslProviderComponent); inject(sslProviderComponent); - addSslKeyStoreConfigurator(name, sslKeystoreConfigurator); - addSslTrustStoreConfigurator(name, sslTruststoreConfigurator); } @Override @@ -159,30 +151,4 @@ public class ConnectorFactory extends SimpleComponent implements ConnectorConfig } } } - - - private void addSslKeyStoreConfigurator(String name, Element sslKeystoreConfigurator) { - addSslConfigurator("ssl-keystore-configurator@" + name, - DefaultSslKeyStoreConfigurator.class, - sslKeystoreConfigurator); - } - - private void addSslTrustStoreConfigurator(String name, Element sslKeystoreConfigurator) { - addSslConfigurator("ssl-truststore-configurator@" + name, - DefaultSslTrustStoreConfigurator.class, - sslKeystoreConfigurator); - } - - private void addSslConfigurator(String idSpec, Class<?> defaultImplementation, Element configuratorElement) { - SimpleComponent configuratorComponent; - if (configuratorElement != null) { - String className = configuratorElement.getAttribute("class"); - String bundleName = configuratorElement.getAttribute("bundle"); - configuratorComponent = new SimpleComponent(new ComponentModel(idSpec, className, bundleName)); - } else { - configuratorComponent = new SimpleComponent(new ComponentModel(idSpec, defaultImplementation.getName(), "jdisc_http_service")); - } - addChild(configuratorComponent); - inject(configuratorComponent); - } } diff --git a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java index 6061ce45ce4..91cf25002e6 100644 --- a/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java +++ b/config-model/src/main/java/com/yahoo/vespa/model/container/http/xml/JettyConnectorBuilder.java @@ -38,10 +38,8 @@ public class JettyConnectorBuilder extends VespaDomBuilder.DomConfigProducerBuil legacyServerConfig = null; } } - Element sslKeystoreConfigurator = XML.getChild(serverSpec, "ssl-keystore-configurator"); - Element sslTruststoreConfigurator = XML.getChild(serverSpec, "ssl-truststore-configurator"); SimpleComponent sslProviderComponent = getSslConfigComponents(name, serverSpec); - return new ConnectorFactory(name, port, legacyServerConfig, sslKeystoreConfigurator, sslTruststoreConfigurator, sslProviderComponent); + return new ConnectorFactory(name, port, legacyServerConfig, sslProviderComponent); } SimpleComponent getSslConfigComponents(String serverName, Element serverSpec) { diff --git a/config-model/src/main/resources/schema/containercluster.rnc b/config-model/src/main/resources/schema/containercluster.rnc index 991bd13f4a0..4934ce113bb 100644 --- a/config-model/src/main/resources/schema/containercluster.rnc +++ b/config-model/src/main/resources/schema/containercluster.rnc @@ -64,8 +64,6 @@ HttpServer = element server { attribute port { xsd:nonNegativeInteger } & ComponentId & (Ssl | SslProvider)? & - element ssl-keystore-configurator { BundleSpec }? & # FOR INTERNAL USE ONLY - SUBJECT TO CHANGE - element ssl-truststore-configurator { BundleSpec }? & # FOR INTERNAL USE ONLY - SUBJECT TO CHANGE GenericConfig* } diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java index ff50acce3f0..1815befab88 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/JettyContainerModelBuilderTest.java @@ -3,30 +3,21 @@ package com.yahoo.vespa.model.container.xml; import com.yahoo.config.model.builder.xml.test.DomBuilderTest; import com.yahoo.container.ComponentsConfig; -import com.yahoo.container.bundle.BundleInstantiationSpecification; import com.yahoo.container.jdisc.FilterBindingsProvider; import com.yahoo.jdisc.http.ConnectorConfig; -import com.yahoo.jdisc.http.ssl.DefaultSslKeyStoreConfigurator; -import com.yahoo.jdisc.http.ssl.DefaultSslTrustStoreConfigurator; import com.yahoo.vespa.model.container.ContainerCluster; import com.yahoo.vespa.model.container.component.SimpleComponent; import com.yahoo.vespa.model.container.http.ConnectorFactory; import com.yahoo.vespa.model.container.http.JettyHttpServer; - import com.yahoo.vespa.model.container.http.ssl.DefaultSslProvider; import org.junit.Test; import org.w3c.dom.Element; -import org.xml.sax.SAXException; -import java.io.IOException; -import java.util.Arrays; import java.util.List; import java.util.Optional; -import java.util.Set; import static com.yahoo.jdisc.http.ConnectorConfig.Ssl.KeyStoreType; import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.hasItem; import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.not; import static org.hamcrest.CoreMatchers.nullValue; @@ -197,44 +188,6 @@ public class JettyContainerModelBuilderTest extends ContainerModelBuilderTestBas } @Test - public void ssl_keystore_and_truststore_configurator_can_be_overriden() throws IOException, SAXException { - Element clusterElem = DomBuilderTest.parse( - "<jdisc id='default' version='1.0' jetty='true'>", - " <http>", - " <server port='9000' id='foo'>", - " <ssl-keystore-configurator class='com.yahoo.MySslKeyStoreConfigurator' bundle='mybundle'/>", - " <ssl-truststore-configurator class='com.yahoo.MySslTrustStoreConfigurator' bundle='mybundle'/>", - " </server>", - " <server port='9001' id='bar'/>", - " </http>", - nodesXml, - "</jdisc>"); - createModel(root, clusterElem); - ContainerCluster cluster = (ContainerCluster) root.getChildren().get("default"); - List<ConnectorFactory> connectorFactories = cluster.getChildrenByTypeRecursive(ConnectorFactory.class); - { - ConnectorFactory firstConnector = connectorFactories.get(0); - assertConnectorHasInjectedComponents(firstConnector, "ssl-keystore-configurator@foo", "ssl-truststore-configurator@foo", "dummy-ssl-provider@foo"); - assertComponentHasClassNameAndBundle(getChildComponent(firstConnector, 0), - "com.yahoo.MySslKeyStoreConfigurator", - "mybundle"); - assertComponentHasClassNameAndBundle(getChildComponent(firstConnector, 1), - "com.yahoo.MySslTrustStoreConfigurator", - "mybundle"); - } - { - ConnectorFactory secondConnector = connectorFactories.get(1); - assertConnectorHasInjectedComponents(secondConnector, "ssl-keystore-configurator@bar", "ssl-truststore-configurator@bar", "dummy-ssl-provider@bar"); - assertComponentHasClassNameAndBundle(getChildComponent(secondConnector, 0), - DefaultSslKeyStoreConfigurator.class.getName(), - "jdisc_http_service"); - assertComponentHasClassNameAndBundle(getChildComponent(secondConnector, 1), - DefaultSslTrustStoreConfigurator.class.getName(), - "jdisc_http_service"); - } - } - - @Test public void verify_that_ssl_element_generates_connector_config_and_inject_provider_component() { Element clusterElem = DomBuilderTest.parse( "<jdisc id='default' version='1.0' jetty='true'>", @@ -315,25 +268,6 @@ public class JettyContainerModelBuilderTest extends ContainerModelBuilderTestBas assertChildComponentExists(connectorFactory, "com.yahoo.CustomSslProvider"); } - private static void assertConnectorHasInjectedComponents(ConnectorFactory connectorFactory, String... componentNames) { - Set<String> injectedComponentIds = connectorFactory.getInjectedComponentIds(); - assertThat(injectedComponentIds.size(), equalTo(componentNames.length)); - Arrays.stream(componentNames) - .forEach(name -> assertThat(injectedComponentIds, hasItem(name))); - } - - private static SimpleComponent getChildComponent(ConnectorFactory connectorFactory, int index) { - return connectorFactory.getChildrenByTypeRecursive(SimpleComponent.class).get(index); - } - - private static void assertComponentHasClassNameAndBundle(SimpleComponent simpleComponent, - String className, - String bundleName) { - BundleInstantiationSpecification spec = simpleComponent.model.bundleInstantiationSpec; - assertThat(spec.classId.toString(), is(className)); - assertThat(spec.bundle.toString(), is(bundleName)); - } - private static void assertChildComponentExists(ConnectorFactory connectorFactory, String className) { Optional<SimpleComponent> simpleComponent = connectorFactory.getChildren().values().stream() .map(z -> (SimpleComponent) z) diff --git a/config-model/src/test/schema-test-files/services.xml b/config-model/src/test/schema-test-files/services.xml index 21d6693720e..632abe68ab7 100644 --- a/config-model/src/test/schema-test-files/services.xml +++ b/config-model/src/test/schema-test-files/services.xml @@ -112,10 +112,7 @@ </request-chain> </filtering> - <server port="4080" id="myServer"> - <ssl-keystore-configurator class="com.yahoo.MySslKeyStoreConfigurator" bundle="mybundle" /> - <ssl-truststore-configurator class="com.yahoo.MySslTrustStoreConfigurator" bundle="mybundle" /> - </server> + <server port="4080" id="myServer"/> <server port="4081" id="anotherServer"> <config name="container.jdisc.config.http-server"> <maxChunkSize>9999</maxChunkSize> |