Send certificate issuer on deploy

author: Morten Tokle <mortent@yahooinc.com> 2024-02-13 13:56:15 +0100
committer: Morten Tokle <mortent@yahooinc.com> 2024-02-13 14:06:27 +0100
commit: 283af757b42ccb5ac6bfa8339a0a0674ae51c733 (patch)
tree: 4cc341356c98687e8e475b42e2cd4248c0f9fd35 /configserver
parent: 9169389c9806bec8353107660932d508a0b56f02 (diff)
3 files changed, 33 insertions, 6 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java
index 7b8987a22b2..d3c026dbc0d 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java
@@ -4,8 +4,13 @@ package com.yahoo.vespa.config.server.tenant;
 import com.yahoo.config.model.api.EndpointCertificateMetadata;
 import com.yahoo.slime.Cursor;
 import com.yahoo.slime.Inspector;
+import com.yahoo.slime.SlimeUtils;
 import com.yahoo.slime.Type;
 
+import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.digicert;
+import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.globalsign;
+import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.zerossl;
+
 /**
  * (de)serializes endpoint certificate metadata
  *
@@ -23,11 +28,13 @@ public class EndpointCertificateMetadataSerializer {
     private final static String keyNameField = "keyName";
     private final static String certNameField = "certName";
     private final static String versionField = "version";
+    private final static String issuerField = "issuer";
 
     public static void toSlime(EndpointCertificateMetadata metadata, Cursor object) {
         object.setString(keyNameField, metadata.keyName());
         object.setString(certNameField, metadata.certName());
         object.setLong(versionField, metadata.version());
+        object.setString(issuerField, serializedValue(metadata.issuer()));
     }
 
     public static EndpointCertificateMetadata fromSlime(Inspector inspector) {
@@ -35,9 +42,26 @@ public class EndpointCertificateMetadataSerializer {
             return new EndpointCertificateMetadata(
                     inspector.field(keyNameField).asString(),
                     inspector.field(certNameField).asString(),
-                    Math.toIntExact(inspector.field(versionField).asLong())
-            );
+                    Math.toIntExact(inspector.field(versionField).asLong()),
+                    providerOf(SlimeUtils.optionalString(inspector.field(issuerField)).orElse("")));
         }
         throw new IllegalArgumentException("Unknown format encountered for endpoint certificate metadata!");
     }
+
+    private static EndpointCertificateMetadata.Provider providerOf(String name) {
+        return switch (name) {
+            case "digicert" -> digicert;
+            case "globalsign" -> globalsign;
+            case "zerossl" -> zerossl;
+            default -> digicert;
+        };
+    }
+
+    private static String serializedValue(EndpointCertificateMetadata.Provider provider) {
+        return switch (provider) {
+            case digicert -> "digicert";
+            case globalsign -> "globalsign";
+            case zerossl -> "zerossl";
+        };
+    }
 }
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java
index 9f2ddafd028..1e694be0480 100644
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java
+++ b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java
@@ -28,6 +28,7 @@ import java.time.Duration;
 import java.util.List;
 import java.util.OptionalInt;
 
+import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.digicert;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
@@ -119,7 +120,7 @@ public class PrepareParamsTest {
 
     @Test
     public void testEndpointCertificateParsing() throws IOException {
-        var certMeta = new EndpointCertificateMetadata("key", "cert", 3);
+        var certMeta = new EndpointCertificateMetadata("key", "cert", 3, digicert);
         var slime = new Slime();
         EndpointCertificateMetadataSerializer.toSlime(certMeta, slime.setObject());
         String encoded = URLEncoder.encode(new String(SlimeUtils.toJsonBytes(slime), StandardCharsets.UTF_8), StandardCharsets.UTF_8);
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java
index 69b9d458962..99dccf6d418 100644
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java
+++ b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java
@@ -23,7 +23,9 @@ import java.security.KeyPair;
 import java.security.cert.X509Certificate;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
+import java.util.List;
 
+import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.digicert;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
@@ -46,7 +48,7 @@ public class EndpointCertificateMetadataStoreTest {
     public void setUp() {
         curator = new MockCurator();
         endpointCertificateMetadataStore = new EndpointCertificateMetadataStore(curator, tenantPath);
-        endpointCertificateRetriever = new EndpointCertificateRetriever(secretStore);
+        endpointCertificateRetriever = new EndpointCertificateRetriever(List.of(new DefaultEndpointCertificateSecretStore(secretStore)));
 
         secretStore.put("vespa.tlskeys.tenant1--app1-cert", X509CertificateUtils.toPem(certificate));
         secretStore.put("vespa.tlskeys.tenant1--app1-key", KeyUtils.toPem(keyPair.getPrivate()));
@@ -68,11 +70,11 @@ public class EndpointCertificateMetadataStoreTest {
 
     @Test
     public void can_write_object_format() {
-        var endpointCertificateMetadata = new EndpointCertificateMetadata("key-name", "cert-name", 1);
+        var endpointCertificateMetadata = new EndpointCertificateMetadata("key-name", "cert-name", 1, digicert);
 
         endpointCertificateMetadataStore.writeEndpointCertificateMetadata(applicationId, endpointCertificateMetadata);
 
-        assertEquals("{\"keyName\":\"key-name\",\"certName\":\"cert-name\",\"version\":1}",
+        assertEquals("{\"keyName\":\"key-name\",\"certName\":\"cert-name\",\"version\":1,\"issuer\":\"digicert\"}",
                 new String(curator.getData(endpointCertificateMetadataPath).orElseThrow()));
     }
 }
author	Morten Tokle <mortent@yahooinc.com>	2024-02-13 13:56:15 +0100
committer	Morten Tokle <mortent@yahooinc.com>	2024-02-13 14:06:27 +0100
commit	283af757b42ccb5ac6bfa8339a0a0674ae51c733 (patch)
tree	4cc341356c98687e8e475b42e2cd4248c0f9fd35 /configserver
parent	9169389c9806bec8353107660932d508a0b56f02 (diff)