diff options
| author | Harald Musum <musum@verizonmedia.com> | 2021-05-25 22:22:05 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-25 22:22:05 +0200 |
| commit | c2a52f62a6f7e65630281cf9de823e73fadb7baa (patch) | |
| tree | 967a42e6ea2a7e07a748cb88c916013c1c9c84e5 /configserver | |
| parent | db127e1aab764a062a55ed6c3f313ca0a4da43d1 (diff) | |
| parent | 231737f901e5800c8952602ae634fde2f5571ece (diff) | |
Merge pull request #17975 from vespa-engine/revert-mortent/cfg-operator-cert
Revert mortent/cfg operator cert
Diffstat (limited to 'configserver')
11 files changed, 8 insertions, 178 deletions
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java b/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java index 0f5f0ad1dfc..f44694f5066 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/deploy/ModelContextImpl.java @@ -37,7 +37,6 @@ import com.yahoo.vespa.flags.UnboundFlag; import java.io.File; import java.net.URI; -import java.security.cert.X509Certificate; import java.util.List; import java.util.Optional; import java.util.Set; @@ -285,7 +284,6 @@ public class ModelContextImpl implements ModelContext { private final SecretStore secretStore; private final StringFlag jvmGCOptionsFlag; private final boolean allowDisableMtls; - private final List<X509Certificate> operatorCertificates; public Properties(ApplicationId applicationId, ConfigserverConfig configserverConfig, @@ -299,8 +297,7 @@ public class ModelContextImpl implements ModelContext { Optional<ApplicationRoles> applicationRoles, Optional<Quota> maybeQuota, List<TenantSecretStore> tenantSecretStores, - SecretStore secretStore, - List<X509Certificate> operatorCertificates) { + SecretStore secretStore) { this.featureFlags = new FeatureFlags(flagSource, applicationId); this.applicationId = applicationId; this.multitenant = configserverConfig.multitenant() || configserverConfig.hostedVespa() || Boolean.getBoolean("multitenant"); @@ -323,7 +320,6 @@ public class ModelContextImpl implements ModelContext { .with(FetchVector.Dimension.APPLICATION_ID, applicationId.serializedForm()); this.allowDisableMtls = PermanentFlags.ALLOW_DISABLE_MTLS.bindTo(flagSource) .with(FetchVector.Dimension.APPLICATION_ID, applicationId.serializedForm()).value(); - this.operatorCertificates = operatorCertificates; } @Override public ModelContext.FeatureFlags featureFlags() { return featureFlags; } @@ -392,11 +388,6 @@ public class ModelContextImpl implements ModelContext { return allowDisableMtls; } - @Override - public List<X509Certificate> operatorCertificates() { - return operatorCertificates; - } - public String flagValueForClusterType(StringFlag flag, Optional<ClusterSpec.Type> clusterType) { return clusterType.map(type -> flag.with(CLUSTER_TYPE, type.name())) .orElse(flag) diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/modelfactory/ActivatedModelsBuilder.java b/configserver/src/main/java/com/yahoo/vespa/config/server/modelfactory/ActivatedModelsBuilder.java index ada278709fd..5c0207878f1 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/modelfactory/ActivatedModelsBuilder.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/modelfactory/ActivatedModelsBuilder.java @@ -37,9 +37,7 @@ import com.yahoo.vespa.config.server.tenant.TenantRepository; import com.yahoo.vespa.curator.Curator; import com.yahoo.vespa.flags.FlagSource; -import java.security.cert.X509Certificate; import java.util.Comparator; -import java.util.List; import java.util.Map; import java.util.Optional; import java.util.logging.Level; @@ -165,8 +163,7 @@ public class ActivatedModelsBuilder extends ModelsBuilder<Application> { .readApplicationRoles(applicationId), zkClient.readQuota(), zkClient.readTenantSecretStores(), - secretStore, - zkClient.readOperatorCertificates()); + secretStore); } } diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/session/PrepareParams.java b/configserver/src/main/java/com/yahoo/vespa/config/server/session/PrepareParams.java index 1b43e57c01a..ea2a525b440 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/session/PrepareParams.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/session/PrepareParams.java @@ -1,7 +1,6 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.config.server.session; -import com.google.common.collect.ImmutableList; import com.yahoo.component.Version; import com.yahoo.config.model.api.ApplicationRoles; import com.yahoo.config.model.api.ContainerEndpoint; @@ -12,8 +11,6 @@ import com.yahoo.config.provision.AthenzDomain; import com.yahoo.config.provision.DockerImage; import com.yahoo.config.provision.TenantName; import com.yahoo.container.jdisc.HttpRequest; -import com.yahoo.security.X509CertificateUtils; -import com.yahoo.slime.ArrayTraverser; import com.yahoo.slime.Inspector; import com.yahoo.slime.Slime; import com.yahoo.slime.SlimeUtils; @@ -23,18 +20,14 @@ import com.yahoo.vespa.config.server.http.SessionHandler; import com.yahoo.vespa.config.server.tenant.ContainerEndpointSerializer; import com.yahoo.vespa.config.server.tenant.EndpointCertificateMetadataSerializer; import com.yahoo.vespa.config.server.tenant.TenantSecretStoreSerializer; -import org.eclipse.jetty.util.ssl.X509; -import java.security.cert.X509Certificate; import java.time.Clock; import java.time.Duration; -import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Objects; import java.util.Optional; import java.util.function.Function; -import java.util.stream.Collectors; /** * Parameters for preparing an application. Immutable. @@ -59,7 +52,6 @@ public final class PrepareParams { static final String TENANT_SECRET_STORES_PARAM_NAME = "tenantSecretStores"; static final String FORCE_PARAM_NAME = "force"; static final String WAIT_FOR_RESOURCES_IN_PREPARE = "waitForResourcesInPrepare"; - static final String OPERATOR_CERTIFICATES = "operatorCertificates"; private final ApplicationId applicationId; private final TimeoutBudget timeoutBudget; @@ -77,7 +69,6 @@ public final class PrepareParams { private final Optional<ApplicationRoles> applicationRoles; private final Optional<Quota> quota; private final List<TenantSecretStore> tenantSecretStores; - private final List<X509Certificate> operatorCertificates; private PrepareParams(ApplicationId applicationId, TimeoutBudget timeoutBudget, boolean ignoreValidationErrors, boolean dryRun, boolean verbose, boolean isBootstrap, Optional<Version> vespaVersion, @@ -85,7 +76,7 @@ public final class PrepareParams { Optional<EndpointCertificateMetadata> endpointCertificateMetadata, Optional<DockerImage> dockerImageRepository, Optional<AthenzDomain> athenzDomain, Optional<ApplicationRoles> applicationRoles, Optional<Quota> quota, List<TenantSecretStore> tenantSecretStores, - boolean force, boolean waitForResourcesInPrepare, List<X509Certificate> operatorCertificates) { + boolean force, boolean waitForResourcesInPrepare) { this.timeoutBudget = timeoutBudget; this.applicationId = Objects.requireNonNull(applicationId); this.ignoreValidationErrors = ignoreValidationErrors; @@ -102,7 +93,6 @@ public final class PrepareParams { this.tenantSecretStores = tenantSecretStores; this.force = force; this.waitForResourcesInPrepare = waitForResourcesInPrepare; - this.operatorCertificates = operatorCertificates; } public static class Builder { @@ -123,7 +113,6 @@ public final class PrepareParams { private Optional<ApplicationRoles> applicationRoles = Optional.empty(); private Optional<Quota> quota = Optional.empty(); private List<TenantSecretStore> tenantSecretStores = List.of(); - private List<X509Certificate> operatorCertificates = List.of(); public Builder() { } @@ -256,17 +245,11 @@ public final class PrepareParams { return this; } - public Builder withOperatorCertificates(List<X509Certificate> operatorCertificates) { - this.operatorCertificates = List.copyOf(operatorCertificates); - return this; - } - public PrepareParams build() { return new PrepareParams(applicationId, timeoutBudget, ignoreValidationErrors, dryRun, verbose, isBootstrap, vespaVersion, containerEndpoints, endpointCertificateMetadata, dockerImageRepository, athenzDomain, - applicationRoles, quota, tenantSecretStores, force, waitForResourcesInPrepare, - operatorCertificates); + applicationRoles, quota, tenantSecretStores, force, waitForResourcesInPrepare); } } @@ -309,7 +292,6 @@ public final class PrepareParams { .tenantSecretStores(SlimeUtils.optionalString(params.field(TENANT_SECRET_STORES_PARAM_NAME)).orElse(null)) .force(booleanValue(params, FORCE_PARAM_NAME)) .waitForResourcesInPrepare(booleanValue(params, WAIT_FOR_RESOURCES_IN_PREPARE)) - .withOperatorCertificates(deserialize(params.field(OPERATOR_CERTIFICATES), PrepareParams::readOperatorCertificates, Collections.emptyList())) .build(); } @@ -361,13 +343,6 @@ public final class PrepareParams { return Optional.ofNullable(request.getProperty(propertyName)); } - private static List<X509Certificate> readOperatorCertificates(Inspector array) { - return SlimeUtils.entriesStream(array) - .map(Inspector::asString) - .map(X509CertificateUtils::fromPem) - .collect(Collectors.toList()); - } - public String getApplicationName() { return applicationId.application().value(); } @@ -425,8 +400,4 @@ public final class PrepareParams { public List<TenantSecretStore> tenantSecretStores() { return tenantSecretStores; } - - public List<X509Certificate> operatorCertificates() { - return operatorCertificates; - } } diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/session/Session.java b/configserver/src/main/java/com/yahoo/vespa/config/server/session/Session.java index 542b54d877e..f1044b28049 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/session/Session.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/session/Session.java @@ -17,7 +17,6 @@ import com.yahoo.transaction.Transaction; import com.yahoo.vespa.config.server.application.ApplicationSet; import com.yahoo.vespa.config.server.tenant.TenantRepository; -import java.security.cert.X509Certificate; import java.time.Instant; import java.util.List; import java.util.Optional; @@ -138,10 +137,6 @@ public abstract class Session implements Comparable<Session> { sessionZooKeeperClient.writeTenantSecretStores(tenantSecretStores); } - public void setOperatorCertificates(List<X509Certificate> operatorCertificates) { - sessionZooKeeperClient.writeOperatorCertificates(operatorCertificates); - } - /** Returns application id read from ZooKeeper. Will throw RuntimeException if not found */ public ApplicationId getApplicationId() { return sessionZooKeeperClient.readApplicationId() @@ -177,10 +172,6 @@ public abstract class Session implements Comparable<Session> { return sessionZooKeeperClient.readTenantSecretStores(); } - public List<X509Certificate> getOperatorCertificates() { - return sessionZooKeeperClient.readOperatorCertificates(); - } - private Transaction createSetStatusTransaction(Status status) { return sessionZooKeeperClient.createWriteStatusTransaction(status); } diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionPreparer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionPreparer.java index 9360a2b1a2a..30cdc0f6e8a 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionPreparer.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionPreparer.java @@ -51,7 +51,6 @@ import com.yahoo.vespa.flags.FlagSource; import java.io.File; import java.io.IOException; -import java.security.cert.X509Certificate; import java.time.Instant; import java.util.Collection; import java.util.List; @@ -205,8 +204,7 @@ public class SessionPreparer { applicationRoles, params.quota(), params.tenantSecretStores(), - secretStore, - params.operatorCertificates()); + secretStore); this.fileDistributionProvider = fileDistributionFactory.createProvider(serverDbSessionDir); this.preparedModelsBuilder = new PreparedModelsBuilder(modelFactoryRegistry, permanentApplicationPackage, @@ -279,8 +277,7 @@ public class SessionPreparer { prepareResult.allocatedHosts(), athenzDomain, params.quota(), - params.tenantSecretStores(), - params.operatorCertificates()); + params.tenantSecretStores()); checkTimeout("write state to zookeeper"); } @@ -330,8 +327,7 @@ public class SessionPreparer { AllocatedHosts allocatedHosts, Optional<AthenzDomain> athenzDomain, Optional<Quota> quota, - List<TenantSecretStore> tenantSecretStores, - List<X509Certificate> operatorCertificates) { + List<TenantSecretStore> tenantSecretStores) { ZooKeeperDeployer zkDeployer = zooKeeperClient.createDeployer(deployLogger); try { zkDeployer.deploy(applicationPackage, fileRegistryMap, allocatedHosts); @@ -343,7 +339,6 @@ public class SessionPreparer { zooKeeperClient.writeAthenzDomain(athenzDomain); zooKeeperClient.writeQuota(quota); zooKeeperClient.writeTenantSecretStores(tenantSecretStores); - zooKeeperClient.writeOperatorCertificates(operatorCertificates); } catch (RuntimeException | IOException e) { zkDeployer.cleanup(); throw new RuntimeException("Error preparing session", e); diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionRepository.java b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionRepository.java index 0386b1ca4ef..cb46d65c4c5 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionRepository.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionRepository.java @@ -259,7 +259,6 @@ public class SessionRepository { session.setDockerImageRepository(existingSession.getDockerImageRepository()); session.setAthenzDomain(existingSession.getAthenzDomain()); session.setTenantSecretStores(existingSession.getTenantSecretStores()); - session.setOperatorCertificates(existingSession.getOperatorCertificates()); return session; } diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClient.java b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClient.java index c3d6bba0ac2..c7c4f1926d7 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClient.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/session/SessionZooKeeperClient.java @@ -21,7 +21,6 @@ import com.yahoo.transaction.Transaction; import com.yahoo.vespa.config.server.UserConfigDefinitionRepo; import com.yahoo.vespa.config.server.deploy.ZooKeeperClient; import com.yahoo.vespa.config.server.deploy.ZooKeeperDeployer; -import com.yahoo.vespa.config.server.tenant.OperatorCertificateSerializer; import com.yahoo.vespa.config.server.tenant.TenantRepository; import com.yahoo.vespa.config.server.tenant.TenantSecretStoreSerializer; import com.yahoo.vespa.config.server.zookeeper.ConfigCurator; @@ -30,7 +29,6 @@ import com.yahoo.vespa.curator.Curator; import com.yahoo.vespa.curator.transaction.CuratorOperations; import com.yahoo.vespa.curator.transaction.CuratorTransaction; -import java.security.cert.X509Certificate; import java.time.Instant; import java.util.List; import java.util.Optional; @@ -59,7 +57,6 @@ public class SessionZooKeeperClient { private static final String ATHENZ_DOMAIN = "athenzDomain"; private static final String QUOTA_PATH = "quota"; private static final String TENANT_SECRET_STORES_PATH = "tenantSecretStores"; - private static final String OPERATOR_CERTIFICATES_PATH = "operatorCertificates"; private final Curator curator; private final ConfigCurator configCurator; @@ -194,10 +191,6 @@ public class SessionZooKeeperClient { return sessionPath.append(TENANT_SECRET_STORES_PATH).getAbsolute(); } - private String operatorCertificatesPath() { - return sessionPath.append(OPERATOR_CERTIFICATES_PATH).getAbsolute(); - } - public void writeVespaVersion(Version version) { configCurator.putData(versionPath(), version.toString()); } @@ -289,21 +282,6 @@ public class SessionZooKeeperClient { .orElse(List.of()); } - public void writeOperatorCertificates(List<X509Certificate> certificates) { - if( ! certificates.isEmpty()) { - var bytes = uncheck(() -> SlimeUtils.toJsonBytes(OperatorCertificateSerializer.toSlime(certificates))); - configCurator.putData(operatorCertificatesPath(), bytes); - } - } - - public List<X509Certificate> readOperatorCertificates() { - if ( ! configCurator.exists(operatorCertificatesPath())) return List.of(); - return Optional.ofNullable(configCurator.getData(operatorCertificatesPath())) - .map(SlimeUtils::jsonToSlime) - .map(slime -> OperatorCertificateSerializer.fromSlime(slime.get())) - .orElse(List.of()); - } - /** * Create necessary paths atomically for a new session. * diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java deleted file mode 100644 index 3dbdf1380f1..00000000000 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. - -package com.yahoo.vespa.config.server.tenant; - -import com.yahoo.config.model.api.ApplicationRoles; -import com.yahoo.security.X509CertificateUtils; -import com.yahoo.slime.Cursor; -import com.yahoo.slime.Inspector; -import com.yahoo.slime.Slime; -import com.yahoo.slime.SlimeUtils; - -import java.security.cert.X509Certificate; -import java.util.List; -import java.util.stream.Collectors; - -public class OperatorCertificateSerializer { - - private final static String certificateField = "certificates"; - - - public static Slime toSlime(List<X509Certificate> certificateList) { - Slime slime = new Slime(); - var root = slime.setObject(); - Cursor array = root.setArray(certificateField); - certificateList.stream() - .map(X509CertificateUtils::toPem) - .forEach(array::addString); - return slime; - } - - public static List<X509Certificate> fromSlime(Inspector object) { - return SlimeUtils.entriesStream(object.field(certificateField)) - .map(Inspector::asString) - .map(X509CertificateUtils::fromPem) - .collect(Collectors.toList()); - } -} diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java index 0acf4404326..7b9420b6b9e 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/ModelContextImplTest.java @@ -74,8 +74,7 @@ public class ModelContextImplTest { Optional.empty(), Optional.empty(), List.of(), - new SecretStoreProvider().get(), - List.of()), + new SecretStoreProvider().get()), Optional.empty(), Optional.empty(), new Version(7), diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java index 08794cf0b78..f50238f2b85 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java @@ -7,12 +7,6 @@ import com.yahoo.config.model.api.EndpointCertificateMetadata; import com.yahoo.config.provision.ApplicationId; import com.yahoo.config.provision.TenantName; import com.yahoo.container.jdisc.HttpRequest; -import com.yahoo.security.KeyAlgorithm; -import com.yahoo.security.KeyUtils; -import com.yahoo.security.SignatureAlgorithm; -import com.yahoo.security.X509CertificateBuilder; -import com.yahoo.security.X509CertificateUtils; -import com.yahoo.security.X509CertificateWithKey; import com.yahoo.slime.ArrayInserter; import com.yahoo.slime.Cursor; import com.yahoo.slime.Injector; @@ -26,16 +20,10 @@ import com.yahoo.vespa.config.server.tenant.ContainerEndpointSerializer; import com.yahoo.vespa.config.server.tenant.EndpointCertificateMetadataSerializer; import org.junit.Test; -import javax.security.auth.x500.X500Principal; import java.io.IOException; -import java.math.BigInteger; import java.net.URLEncoder; import java.nio.charset.StandardCharsets; -import java.security.KeyPair; -import java.security.cert.X509Certificate; import java.time.Duration; -import java.time.Instant; -import java.time.temporal.ChronoUnit; import java.util.List; import java.util.Map; import java.util.Objects; @@ -191,18 +179,6 @@ public class PrepareParamsTest { assertPrepareParamsEqual(urlPrepareParams, jsonPrepareParams); } - @Test - public void testOperatorCertificates() throws IOException { - Slime slime = SlimeUtils.jsonToSlime(json); - Cursor cursor = slime.get(); - Cursor array = cursor.setArray(PrepareParams.OPERATOR_CERTIFICATES); - X509Certificate certificate = X509CertificateUtils.createSelfSigned("cn=myservice", Duration.ofDays(1)).certificate(); - array.addString(X509CertificateUtils.toPem(certificate)); - PrepareParams prepareParams = PrepareParams.fromJson(SlimeUtils.toJsonBytes(slime), TenantName.from("foo"), Duration.ofSeconds(60)); - assertEquals(1, prepareParams.operatorCertificates().size()); - assertEquals(certificate, prepareParams.operatorCertificates().get(0)); - } - private void assertPrepareParamsEqual(PrepareParams urlParams, PrepareParams jsonParams) { assertEquals(urlParams.ignoreValidationErrors(), jsonParams.ignoreValidationErrors()); assertEquals(urlParams.isDryRun(), jsonParams.isDryRun()); diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializerTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializerTest.java deleted file mode 100644 index b77248f0840..00000000000 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializerTest.java +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. - -package com.yahoo.vespa.config.server.tenant; - -import com.yahoo.security.X509CertificateUtils; -import com.yahoo.security.X509CertificateWithKey; -import com.yahoo.slime.Slime; -import com.yahoo.slime.SlimeUtils; -import org.junit.Assert; -import org.junit.Test; - -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import java.security.cert.X509Certificate; -import java.time.Duration; -import java.util.List; - -import static org.junit.Assert.assertEquals; - -public class OperatorCertificateSerializerTest { - - @Test - public void testSerialization() { - X509Certificate certificate = X509CertificateUtils.createSelfSigned("cn=mycn", Duration.ofDays(1)).certificate(); - Slime slime = OperatorCertificateSerializer.toSlime(List.of(certificate)); - List<X509Certificate> deserialized = OperatorCertificateSerializer.fromSlime(slime.get()); - assertEquals(1, deserialized.size()); - assertEquals(certificate, deserialized.get(0)); - } -} |