diff options
author | Morten Tokle <mortent@yahooinc.com> | 2024-02-13 13:56:15 +0100 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2024-02-13 14:06:27 +0100 |
commit | 283af757b42ccb5ac6bfa8339a0a0674ae51c733 (patch) | |
tree | 4cc341356c98687e8e475b42e2cd4248c0f9fd35 /configserver | |
parent | 9169389c9806bec8353107660932d508a0b56f02 (diff) |
Send certificate issuer on deploy
Diffstat (limited to 'configserver')
3 files changed, 33 insertions, 6 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java index 7b8987a22b2..d3c026dbc0d 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java @@ -4,8 +4,13 @@ package com.yahoo.vespa.config.server.tenant; import com.yahoo.config.model.api.EndpointCertificateMetadata; import com.yahoo.slime.Cursor; import com.yahoo.slime.Inspector; +import com.yahoo.slime.SlimeUtils; import com.yahoo.slime.Type; +import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.digicert; +import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.globalsign; +import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.zerossl; + /** * (de)serializes endpoint certificate metadata * @@ -23,11 +28,13 @@ public class EndpointCertificateMetadataSerializer { private final static String keyNameField = "keyName"; private final static String certNameField = "certName"; private final static String versionField = "version"; + private final static String issuerField = "issuer"; public static void toSlime(EndpointCertificateMetadata metadata, Cursor object) { object.setString(keyNameField, metadata.keyName()); object.setString(certNameField, metadata.certName()); object.setLong(versionField, metadata.version()); + object.setString(issuerField, serializedValue(metadata.issuer())); } public static EndpointCertificateMetadata fromSlime(Inspector inspector) { @@ -35,9 +42,26 @@ public class EndpointCertificateMetadataSerializer { return new EndpointCertificateMetadata( inspector.field(keyNameField).asString(), inspector.field(certNameField).asString(), - Math.toIntExact(inspector.field(versionField).asLong()) - ); + Math.toIntExact(inspector.field(versionField).asLong()), + providerOf(SlimeUtils.optionalString(inspector.field(issuerField)).orElse(""))); } throw new IllegalArgumentException("Unknown format encountered for endpoint certificate metadata!"); } + + private static EndpointCertificateMetadata.Provider providerOf(String name) { + return switch (name) { + case "digicert" -> digicert; + case "globalsign" -> globalsign; + case "zerossl" -> zerossl; + default -> digicert; + }; + } + + private static String serializedValue(EndpointCertificateMetadata.Provider provider) { + return switch (provider) { + case digicert -> "digicert"; + case globalsign -> "globalsign"; + case zerossl -> "zerossl"; + }; + } } diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java index 9f2ddafd028..1e694be0480 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java @@ -28,6 +28,7 @@ import java.time.Duration; import java.util.List; import java.util.OptionalInt; +import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.digicert; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; @@ -119,7 +120,7 @@ public class PrepareParamsTest { @Test public void testEndpointCertificateParsing() throws IOException { - var certMeta = new EndpointCertificateMetadata("key", "cert", 3); + var certMeta = new EndpointCertificateMetadata("key", "cert", 3, digicert); var slime = new Slime(); EndpointCertificateMetadataSerializer.toSlime(certMeta, slime.setObject()); String encoded = URLEncoder.encode(new String(SlimeUtils.toJsonBytes(slime), StandardCharsets.UTF_8), StandardCharsets.UTF_8); diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java index 69b9d458962..99dccf6d418 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java @@ -23,7 +23,9 @@ import java.security.KeyPair; import java.security.cert.X509Certificate; import java.time.Instant; import java.time.temporal.ChronoUnit; +import java.util.List; +import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.digicert; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; @@ -46,7 +48,7 @@ public class EndpointCertificateMetadataStoreTest { public void setUp() { curator = new MockCurator(); endpointCertificateMetadataStore = new EndpointCertificateMetadataStore(curator, tenantPath); - endpointCertificateRetriever = new EndpointCertificateRetriever(secretStore); + endpointCertificateRetriever = new EndpointCertificateRetriever(List.of(new DefaultEndpointCertificateSecretStore(secretStore))); secretStore.put("vespa.tlskeys.tenant1--app1-cert", X509CertificateUtils.toPem(certificate)); secretStore.put("vespa.tlskeys.tenant1--app1-key", KeyUtils.toPem(keyPair.getPrivate())); @@ -68,11 +70,11 @@ public class EndpointCertificateMetadataStoreTest { @Test public void can_write_object_format() { - var endpointCertificateMetadata = new EndpointCertificateMetadata("key-name", "cert-name", 1); + var endpointCertificateMetadata = new EndpointCertificateMetadata("key-name", "cert-name", 1, digicert); endpointCertificateMetadataStore.writeEndpointCertificateMetadata(applicationId, endpointCertificateMetadata); - assertEquals("{\"keyName\":\"key-name\",\"certName\":\"cert-name\",\"version\":1}", + assertEquals("{\"keyName\":\"key-name\",\"certName\":\"cert-name\",\"version\":1,\"issuer\":\"digicert\"}", new String(curator.getData(endpointCertificateMetadataPath).orElseThrow())); } } |