diff options
author | Morten Tokle <morten.tokle@gmail.com> | 2019-06-21 14:39:17 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-21 14:39:17 +0200 |
commit | d41f4bf4765936db480ed7246834382bac0d48f3 (patch) | |
tree | 1d0a03b8544dc89cb67f930bb7d2b05ce0e10f0d /jdisc_http_service | |
parent | 79efda4ec2def085aa8f9768b0d7c7e98053a73a (diff) |
Revert "mortent/tls config from deploy params"
Diffstat (limited to 'jdisc_http_service')
3 files changed, 10 insertions, 38 deletions
diff --git a/jdisc_http_service/abi-spec.json b/jdisc_http_service/abi-spec.json index a326b5792be..04e6d22a445 100644 --- a/jdisc_http_service/abi-spec.json +++ b/jdisc_http_service/abi-spec.json @@ -78,9 +78,7 @@ "public void <init>(com.yahoo.jdisc.http.ConnectorConfig$Ssl)", "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder enabled(boolean)", "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder privateKeyFile(java.lang.String)", - "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder privateKey(java.lang.String)", "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder certificateFile(java.lang.String)", - "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder certificate(java.lang.String)", "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder caCertificateFile(java.lang.String)", "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder clientAuth(com.yahoo.jdisc.http.ConnectorConfig$Ssl$ClientAuth$Enum)", "public com.yahoo.jdisc.http.ConnectorConfig$Ssl build()" @@ -133,9 +131,7 @@ "public void <init>(com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder)", "public boolean enabled()", "public java.lang.String privateKeyFile()", - "public java.lang.String privateKey()", "public java.lang.String certificateFile()", - "public java.lang.String certificate()", "public java.lang.String caCertificateFile()", "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$ClientAuth$Enum clientAuth()" ], diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java index 2021105fc52..facb54bc37a 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java @@ -60,23 +60,15 @@ public class ConfiguredSslContextFactoryProvider implements SslContextFactoryPro private static void validateConfig(ConnectorConfig.Ssl config) { if (!config.enabled()) return; + if (config.certificateFile().isEmpty()) { + throw new IllegalArgumentException("Missing certificate file."); + } + if (config.privateKeyFile().isEmpty()) { + throw new IllegalArgumentException("Missing private key file."); + } - if(hasBoth(config.certificate(), config.certificateFile())) - throw new IllegalArgumentException("Specified both certificate and certificate file."); - - if(hasBoth(config.privateKey(), config.privateKeyFile())) - throw new IllegalArgumentException("Specified both private key and private key file."); - - if(hasNeither(config.certificate(), config.certificateFile())) - throw new IllegalArgumentException("Specified neither certificate or certificate file."); - - if(hasNeither(config.privateKey(), config.privateKeyFile())) - throw new IllegalArgumentException("Specified neither private key or private key file."); } - private static boolean hasBoth(String a, String b) { return !a.isBlank() && !b.isBlank(); } - private static boolean hasNeither(String a, String b) { return a.isBlank() && b.isBlank(); } - private static KeyStore createTruststore(ConnectorConfig.Ssl sslConfig) { List<X509Certificate> caCertificates = X509CertificateUtils.certificateListFromPem(readToString(sslConfig.caCertificateFile())); return KeyStoreBuilder.withType(KeyStoreType.JKS) @@ -85,21 +77,11 @@ public class ConfiguredSslContextFactoryProvider implements SslContextFactoryPro } private static KeyStore createKeystore(ConnectorConfig.Ssl sslConfig) { - PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(getPrivateKey(sslConfig)); - List<X509Certificate> certificates = X509CertificateUtils.certificateListFromPem(getCertificate(sslConfig)); + PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(readToString(sslConfig.privateKeyFile())); + List<X509Certificate> certificates = X509CertificateUtils.certificateListFromPem(readToString(sslConfig.certificateFile())); return KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("default", privateKey, certificates).build(); } - private static String getPrivateKey(ConnectorConfig.Ssl config) { - if(!config.privateKey().isBlank()) return config.privateKey(); - return readToString(config.privateKeyFile()); - } - - private static String getCertificate(ConnectorConfig.Ssl config) { - if(!config.certificate().isBlank()) return config.certificate(); - return readToString(config.certificateFile()); - } - private static String readToString(String filename) { try { return Files.readString(Paths.get(filename), StandardCharsets.UTF_8); diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def index c6c6fad345b..7735420d803 100644 --- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def +++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def @@ -56,18 +56,12 @@ throttling.idleTimeout double default=-1.0 # Whether to enable SSL for this connector. ssl.enabled bool default=false -# File with private key in PEM format. Specify either this or privateKey, but not both +# File with private key in PEM format ssl.privateKeyFile string default="" -# Private key in PEM format. Specify either this or privateKeyFile, but not both -ssl.privateKey string default="" - -# File with certificate in PEM format. Specify either this or certificate, but not both +# File with certificate in PEM format ssl.certificateFile string default="" -# Certificate in PEM format. Specify either this or certificateFile, but not both -ssl.certificate string default="" - # with trusted CA certificates in PEM format. Used to verify clients ssl.caCertificateFile string default="" |