Include operator certificates in application trust store

2 files changed, 33 insertions, 1 deletions

diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java
index 7b9420b6b9e..0acf4404326 100644
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java
+++ b/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java
@@ -74,7 +74,8 @@ public class ModelContextImplTest {
                         Optional.empty(),
                         Optional.empty(),
                         List.of(),
-                        new SecretStoreProvider().get()),
+                        new SecretStoreProvider().get(),
+                        List.of()),
                 Optional.empty(),
                 Optional.empty(),
                 new Version(7),
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java
index f50238f2b85..06ff9f4b3f6 100644
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java
+++ b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java
@@ -7,6 +7,11 @@ import com.yahoo.config.model.api.EndpointCertificateMetadata;
 import com.yahoo.config.provision.ApplicationId;
 import com.yahoo.config.provision.TenantName;
 import com.yahoo.container.jdisc.HttpRequest;
+import com.yahoo.security.KeyAlgorithm;
+import com.yahoo.security.KeyUtils;
+import com.yahoo.security.SignatureAlgorithm;
+import com.yahoo.security.X509CertificateBuilder;
+import com.yahoo.security.X509CertificateUtils;
 import com.yahoo.slime.ArrayInserter;
 import com.yahoo.slime.Cursor;
 import com.yahoo.slime.Injector;
@@ -20,10 +25,16 @@ import com.yahoo.vespa.config.server.tenant.ContainerEndpointSerializer;
 import com.yahoo.vespa.config.server.tenant.EndpointCertificateMetadataSerializer;
 import org.junit.Test;
 
+import javax.security.auth.x500.X500Principal;
 import java.io.IOException;
+import java.math.BigInteger;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
+import java.security.KeyPair;
+import java.security.cert.X509Certificate;
 import java.time.Duration;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
@@ -179,6 +190,26 @@ public class PrepareParamsTest {
         assertPrepareParamsEqual(urlPrepareParams, jsonPrepareParams);
     }
 
+    @Test
+    public void testOperatorCertificates() throws IOException {
+        Slime slime = SlimeUtils.jsonToSlime(json);
+        Cursor cursor = slime.get();
+        Cursor array = cursor.setArray(PrepareParams.OPERATOR_CERTIFICATES);
+
+        KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256);
+        X500Principal subject = new X500Principal("CN=myservice");
+        X509Certificate cert =
+                X509CertificateBuilder.fromKeypair(keyPair, subject, Instant.now(),
+                                                   Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA256_WITH_ECDSA,
+                                                   BigInteger.valueOf(1))
+                        .setBasicConstraints(true, true)
+                        .build();
+        array.addString(X509CertificateUtils.toPem(cert));
+        PrepareParams prepareParams = PrepareParams.fromJson(SlimeUtils.toJsonBytes(slime), TenantName.from("foo"), Duration.ofSeconds(60));
+        assertEquals(1, prepareParams.operatorCertificates().size());
+        assertEquals(cert, prepareParams.operatorCertificates().get(0));
+    }
+
     private void assertPrepareParamsEqual(PrepareParams urlParams, PrepareParams jsonParams) {
         assertEquals(urlParams.ignoreValidationErrors(), jsonParams.ignoreValidationErrors());
         assertEquals(urlParams.isDryRun(), jsonParams.isDryRun());