Move old ssl logic for connectors into LegacySslProvider

- Inject LegacySslContextFactoryProvider if not using ssl/ssl-provider syntax - Update JDisc unit tests to use new connector config
author: Bjørn Christian Seime <bjorncs@oath.com> 2018-09-13 11:24:08 +0200
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-09-13 11:24:08 +0200
commit: a743f2ea83790a59097c12d51765eac902a5b349 (patch)
tree: 01322982885e2449d70c962ced737ce7906832c8 /jdisc_http_service/src/test
parent: 88a8ed4e3223d761a7943ad646dba25b3b70ed4c (diff)
7 files changed, 14 insertions, 173 deletions
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/JksKeyStore.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/JksKeyStore.java
deleted file mode 100644
index 1c7a917c688..00000000000
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/JksKeyStore.java
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http;
-
-import java.io.InputStream;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.security.KeyStore;
-
-/**
- * @author Tony Vaagenes
- * @author bjorncs
- */
-public class JksKeyStore {
-
-    private static final String KEY_STORE_TYPE = "JKS";
-
-    private final Path keyStoreFile;
-    private final String keyStorePassword;
-
-    public JksKeyStore(Path keyStoreFile) {
-        this(keyStoreFile, null);
-    }
-
-    public JksKeyStore(Path keyStoreFile, String keyStorePassword) {
-        this.keyStoreFile = keyStoreFile;
-        this.keyStorePassword = keyStorePassword;
-    }
-
-    public String getKeyStorePassword() {
-        return keyStorePassword;
-    }
-
-    public KeyStore loadJavaKeyStore() throws Exception {
-        try(InputStream stream = Files.newInputStream(keyStoreFile)) {
-            KeyStore keystore = KeyStore.getInstance(KEY_STORE_TYPE);
-            keystore.load(stream, keyStorePassword != null ? keyStorePassword.toCharArray() : null);
-            return keystore;
-        }
-    }
-
-}
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java
deleted file mode 100644
index d86516df453..00000000000
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java
+++ /dev/null
@@ -1,82 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http;
-
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManagerFactory;
-import java.util.logging.Level;
-import java.util.logging.Logger;
-
-/**
- * @author Charles Kim
- */
-public class SslContextFactory {
-
-    private static final Logger log = Logger.getLogger(SslContextFactory.class.getName());
-    private static final String DEFAULT_ALGORITHM = "SunX509";
-    private static final String DEFAULT_PROTOCOL = "TLS";
-    private final SSLContext sslContext;
-
-    private SslContextFactory(SSLContext sslContext) {
-        this.sslContext = sslContext;
-    }
-
-    public SSLContext getServerSSLContext() {
-        return this.sslContext;
-    }
-
-    public static SslContextFactory newInstanceFromTrustStore(JksKeyStore trustStore) {
-        return newInstance(DEFAULT_ALGORITHM, DEFAULT_PROTOCOL, null, trustStore);
-    }
-
-    public static SslContextFactory newInstance(JksKeyStore trustStore, JksKeyStore keyStore) {
-        return newInstance(DEFAULT_ALGORITHM, DEFAULT_PROTOCOL, keyStore, trustStore);
-    }
-
-    public static SslContextFactory newInstance(String sslAlgorithm, String sslProtocol,
-                                                JksKeyStore keyStore, JksKeyStore trustStore) {
-        log.fine("Configuring SSLContext...");
-        log.fine("Using " + sslAlgorithm + " algorithm.");
-        try {
-            SSLContext sslContext = SSLContext.getInstance(sslProtocol);
-            sslContext.init(
-                    keyStore == null ? null : getKeyManagers(keyStore, sslAlgorithm),
-                    trustStore == null ? null : getTrustManagers(trustStore, sslAlgorithm),
-                    null);
-            return new SslContextFactory(sslContext);
-        } catch (Exception e) {
-            log.log(Level.SEVERE, "Got exception creating SSLContext.", e);
-            throw new RuntimeException(e);
-        }
-    }
-
-    /**
-     * Used for the key store, which contains the SSL cert and private key.
-     */
-    public static javax.net.ssl.KeyManager[] getKeyManagers(JksKeyStore keyStore,
-                                                            String sslAlgorithm) throws Exception {
-
-        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(sslAlgorithm);
-        String keyStorePassword = keyStore.getKeyStorePassword();
-        keyManagerFactory.init(
-                keyStore.loadJavaKeyStore(),
-                keyStorePassword != null ? keyStorePassword.toCharArray() : null);
-        log.fine("KeyManagerFactory initialized with keystore");
-        return keyManagerFactory.getKeyManagers();
-    }
-
-    /**
-     * Used for the trust store, which contains certificates from other parties that you expect to communicate with,
-     * or from Certificate Authorities that you trust to identify other parties.
-     */
-    public static javax.net.ssl.TrustManager[] getTrustManagers(JksKeyStore trustStore,
-                                                                String sslAlgorithm)
-            throws Exception {
-
-        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(sslAlgorithm);
-        trustManagerFactory.init(trustStore.loadJavaKeyStore());
-        log.fine("TrustManagerFactory initialized with truststore.");
-        return trustManagerFactory.getTrustManagers();
-    }
-
-}
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java
index cb7d30af952..d204d633304 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java
@@ -47,17 +47,7 @@ public class ConnectorFactoryRegistryModule implements Module {
     private static class StaticKeyDbConnectorFactory extends ConnectorFactory {
 
         public StaticKeyDbConnectorFactory(ConnectorConfig connectorConfig) {
-            super(connectorConfig, new DefaultSslContextFactoryProvider(connectorConfig, new MockSecretStore()));
-        }
-
-    }
-
-    @SuppressWarnings("deprecation")
-    private static final class MockSecretStore implements com.yahoo.jdisc.http.SecretStore {
-
-        @Override
-        public String getSecret(String key) {
-            return TestDrivers.KEY_STORE_PASSWORD;
+            super(connectorConfig, new DefaultSslContextFactoryProvider(connectorConfig));
         }
 
     }
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java
index b328e151f51..08a38d5e13b 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java
@@ -105,7 +105,7 @@ public class ConnectorFactoryTest {
     }
 
     private static ConnectorFactory createConnectorFactory(ConnectorConfig config) {
-        return new ConnectorFactory(config, new DefaultSslContextFactoryProvider(config, new ThrowingSecretStore()));
+        return new ConnectorFactory(config, new DefaultSslContextFactoryProvider(config));
     }
 
     private static class HelloWorldHandler extends AbstractHandler {
@@ -134,14 +134,4 @@ public class ConnectorFactoryTest {
     private static class DummyContext implements Metric.Context {
     }
 
-    @SuppressWarnings("deprecation")
-    private static final class ThrowingSecretStore implements com.yahoo.jdisc.http.SecretStore {
-
-        @Override
-        public String getSecret(String key) {
-            throw new UnsupportedOperationException("A secret store is not available");
-        }
-
-    }
-
 }
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java
index 39b68fcf1f6..227b0b20f10 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java
@@ -1,20 +1,16 @@
 // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.jdisc.http.server.jetty;
 
-import com.google.inject.Key;
 import com.google.inject.Module;
 import com.yahoo.jdisc.application.ContainerBuilder;
 import com.yahoo.jdisc.handler.RequestHandler;
 import com.yahoo.jdisc.http.ConnectorConfig;
-import com.yahoo.jdisc.http.SslContextFactory;
-import com.yahoo.jdisc.http.JksKeyStore;
+import com.yahoo.security.SslContextBuilder;
 
 import javax.net.ssl.SSLContext;
 import java.io.IOException;
 import java.nio.file.Paths;
 
-import static com.google.inject.name.Names.named;
-
 /**
  * This class is based on the class by the same name in the jdisc_http_service module.
  * It provides functionality for setting up a jdisc container with an HTTP server and handlers.
@@ -61,9 +57,7 @@ public class TestDriver {
 
     public SimpleHttpClient client() { return client; }
 
-    public SimpleHttpClient newClient() throws IOException { return newClient(false); }
-
-    public SimpleHttpClient newClient(final boolean useCompression) throws IOException {
+    public SimpleHttpClient newClient(final boolean useCompression) {
         return new SimpleHttpClient(newSslContext(), server.getListenPort(), useCompression);
     }
 
@@ -75,10 +69,10 @@ public class TestDriver {
         ConnectorConfig.Ssl sslConfig = builder.getInstance(ConnectorConfig.class).ssl();
         if (!sslConfig.enabled()) return null;
 
-        JksKeyStore keyStore = new JksKeyStore(
-                Paths.get(sslConfig.keyStorePath()),
-                builder.getInstance(Key.get(String.class, named("keyStorePassword"))));
-        return SslContextFactory.newInstanceFromTrustStore(keyStore).getServerSSLContext();
+        return new SslContextBuilder()
+                .withKeyStore(Paths.get(sslConfig.privateKeyFile()), Paths.get(sslConfig.certificateFile()))
+                .withTrustStore(Paths.get(sslConfig.caCertificateFile()))
+                .build();
     }
 
 }
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDrivers.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDrivers.java
index f4344545637..b7805328124 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDrivers.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDrivers.java
@@ -17,15 +17,13 @@ import com.yahoo.jdisc.http.server.FilterBindings;
 
 import java.io.IOException;
 
-import static com.google.inject.name.Names.named;
-
 /**
  * @author Simon Thoresen Hult
  */
 public class TestDrivers {
 
-    private static final String KEY_STORE = "src/test/resources/ssl_keystore_test.jks";
-    public static final String KEY_STORE_PASSWORD = "secret";
+    private static final String PRIVATE_KEY_FILE = "src/test/resources/pem/test.key";
+    private static final String CERTIFICATE_FILE = "src/test/resources/pem/test.crt";
 
     public static TestDriver newConfiguredInstance(final RequestHandler requestHandler,
                                                    final ServerConfig.Builder serverConfig,
@@ -59,18 +57,10 @@ public class TestDrivers {
                         new ConnectorConfig.Builder()
                                 .ssl(new ConnectorConfig.Ssl.Builder()
                                              .enabled(true)
-                                             .keyDbKey("dummy-key-for-StaticKeyDbConnectorFactory.getPasswordFromKeydb")
-                                             .keyStorePath(KEY_STORE)
-                                             .trustStorePath(KEY_STORE)),
-                        Modules.combine(new AbstractModule() {
-
-                            @Override
-                            protected void configure() {
-                                bind(String.class).annotatedWith(named("keyStorePassword"))
-                                        .toInstance(KEY_STORE_PASSWORD);
-                            }
-                        }, Modules.combine(guiceModules))
-                ));
+                                             .privateKeyFile(PRIVATE_KEY_FILE)
+                                             .certificateFile(CERTIFICATE_FILE)
+                                             .caCertificateFile(CERTIFICATE_FILE)),
+                        Modules.combine(guiceModules)));
     }
 
     private static Module newConfigModule(
diff --git a/jdisc_http_service/src/test/resources/ssl_keystore_test.jks b/jdisc_http_service/src/test/resources/ssl_keystore_test.jks
deleted file mode 100644
index 6dbb19b9692..00000000000
--- a/jdisc_http_service/src/test/resources/ssl_keystore_test.jks
+++ /dev/null
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-09-13 11:24:08 +0200
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-09-13 11:24:08 +0200
commit	a743f2ea83790a59097c12d51765eac902a5b349 (patch)
tree	01322982885e2449d70c962ced737ce7906832c8 /jdisc_http_service/src/test
parent	88a8ed4e3223d761a7943ad646dba25b3b70ed4c (diff)