diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-08-21 14:11:51 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-08-21 14:19:11 +0200 |
commit | f5c995261886df570b15c8348bde54c7e36ebb37 (patch) | |
tree | 07182e9fa9d9e9a6164b0a6d1ee9dcb96a42affe /jdisc_http_service/src | |
parent | 77df4dd440fd657d55e9a595a703990fe60ac490 (diff) |
Allow CA certificates configured as PEM string
Diffstat (limited to 'jdisc_http_service/src')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java index 2a5ee7152b2..23a46cfd119 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java @@ -18,6 +18,7 @@ import java.nio.file.Paths; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.util.List; +import java.util.Optional; /** * An implementation of {@link SslContextFactoryProvider} that uses the {@link ConnectorConfig} to construct a {@link SslContextFactory}. @@ -40,9 +41,9 @@ public class ConfiguredSslContextFactoryProvider extends TlsContextBasedProvider PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(getPrivateKey(sslConfig)); X509Certificate certificate = X509CertificateUtils.fromPem(getCertificate(sslConfig)); - List<X509Certificate> caCertificates = !sslConfig.caCertificateFile().isEmpty() - ? X509CertificateUtils.certificateListFromPem(getCaCertificates(sslConfig)) - : List.of(); + List<X509Certificate> caCertificates = getCaCertificates(sslConfig) + .map(X509CertificateUtils::certificateListFromPem) + .orElse(List.of()); PeerAuthentication peerAuthentication = toPeerAuthentication(sslConfig.clientAuth()); return new DefaultTlsContext(List.of(certificate), privateKey, caCertificates, null, null, peerAuthentication); } @@ -79,8 +80,14 @@ public class ConfiguredSslContextFactoryProvider extends TlsContextBasedProvider private static boolean hasBoth(String a, String b) { return !a.isBlank() && !b.isBlank(); } private static boolean hasNeither(String a, String b) { return a.isBlank() && b.isBlank(); } - private static String getCaCertificates(ConnectorConfig.Ssl sslConfig) { - return readToString(sslConfig.caCertificateFile()); + private static Optional<String> getCaCertificates(ConnectorConfig.Ssl sslConfig) { + if (!sslConfig.caCertificate().isBlank()) { + return Optional.of(sslConfig.caCertificate()); + } else if (!sslConfig.caCertificateFile().isBlank()) { + return Optional.of(readToString(sslConfig.caCertificateFile())); + } else { + return Optional.empty(); + } } private static String getPrivateKey(ConnectorConfig.Ssl config) { |