Revert "mortent/tls config from deploy params"

author: Morten Tokle <morten.tokle@gmail.com> 2019-06-21 14:39:17 +0200
committer: GitHub <noreply@github.com> 2019-06-21 14:39:17 +0200
commit: d41f4bf4765936db480ed7246834382bac0d48f3 (patch)
tree: 1d0a03b8544dc89cb67f930bb7d2b05ce0e10f0d /jdisc_http_service
parent: 79efda4ec2def085aa8f9768b0d7c7e98053a73a (diff)
3 files changed, 10 insertions, 38 deletions
diff --git a/jdisc_http_service/abi-spec.json b/jdisc_http_service/abi-spec.json
index a326b5792be..04e6d22a445 100644
--- a/jdisc_http_service/abi-spec.json
+++ b/jdisc_http_service/abi-spec.json
@@ -78,9 +78,7 @@
       "public void <init>(com.yahoo.jdisc.http.ConnectorConfig$Ssl)",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder enabled(boolean)",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder privateKeyFile(java.lang.String)",
-      "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder privateKey(java.lang.String)",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder certificateFile(java.lang.String)",
-      "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder certificate(java.lang.String)",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder caCertificateFile(java.lang.String)",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder clientAuth(com.yahoo.jdisc.http.ConnectorConfig$Ssl$ClientAuth$Enum)",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl build()"
@@ -133,9 +131,7 @@
       "public void <init>(com.yahoo.jdisc.http.ConnectorConfig$Ssl$Builder)",
       "public boolean enabled()",
       "public java.lang.String privateKeyFile()",
-      "public java.lang.String privateKey()",
       "public java.lang.String certificateFile()",
-      "public java.lang.String certificate()",
       "public java.lang.String caCertificateFile()",
       "public com.yahoo.jdisc.http.ConnectorConfig$Ssl$ClientAuth$Enum clientAuth()"
     ],
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
index 2021105fc52..facb54bc37a 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
@@ -60,23 +60,15 @@ public class ConfiguredSslContextFactoryProvider implements SslContextFactoryPro
 
     private static void validateConfig(ConnectorConfig.Ssl config) {
         if (!config.enabled()) return;
+        if (config.certificateFile().isEmpty()) {
+            throw new IllegalArgumentException("Missing certificate file.");
+        }
+        if (config.privateKeyFile().isEmpty()) {
+            throw new IllegalArgumentException("Missing private key file.");
+        }
 
-        if(hasBoth(config.certificate(), config.certificateFile()))
-            throw new IllegalArgumentException("Specified both certificate and certificate file.");
-
-        if(hasBoth(config.privateKey(), config.privateKeyFile()))
-            throw new IllegalArgumentException("Specified both private key and private key file.");
-
-        if(hasNeither(config.certificate(), config.certificateFile()))
-            throw new IllegalArgumentException("Specified neither certificate or certificate file.");
-
-        if(hasNeither(config.privateKey(), config.privateKeyFile()))
-            throw new IllegalArgumentException("Specified neither private key or private key file.");
     }
 
-    private static boolean hasBoth(String a, String b) { return !a.isBlank() && !b.isBlank(); }
-    private static boolean hasNeither(String a, String b) { return a.isBlank() && b.isBlank(); }
-
     private static KeyStore createTruststore(ConnectorConfig.Ssl sslConfig) {
         List<X509Certificate> caCertificates = X509CertificateUtils.certificateListFromPem(readToString(sslConfig.caCertificateFile()));
         return KeyStoreBuilder.withType(KeyStoreType.JKS)
@@ -85,21 +77,11 @@ public class ConfiguredSslContextFactoryProvider implements SslContextFactoryPro
     }
 
     private static KeyStore createKeystore(ConnectorConfig.Ssl sslConfig) {
-        PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(getPrivateKey(sslConfig));
-        List<X509Certificate> certificates = X509CertificateUtils.certificateListFromPem(getCertificate(sslConfig));
+        PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(readToString(sslConfig.privateKeyFile()));
+        List<X509Certificate> certificates = X509CertificateUtils.certificateListFromPem(readToString(sslConfig.certificateFile()));
         return KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("default", privateKey, certificates).build();
     }
 
-    private static String getPrivateKey(ConnectorConfig.Ssl config) {
-        if(!config.privateKey().isBlank()) return config.privateKey();
-        return readToString(config.privateKeyFile());
-    }
-
-    private static String getCertificate(ConnectorConfig.Ssl config) {
-        if(!config.certificate().isBlank()) return config.certificate();
-        return readToString(config.certificateFile());
-    }
-
     private static String readToString(String filename) {
         try {
             return Files.readString(Paths.get(filename), StandardCharsets.UTF_8);
diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
index c6c6fad345b..7735420d803 100644
--- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
+++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
@@ -56,18 +56,12 @@ throttling.idleTimeout              double   default=-1.0
 # Whether to enable SSL for this connector.
 ssl.enabled                         bool     default=false
 
-# File with private key in PEM format. Specify either this or privateKey, but not both
+# File with private key in PEM format
 ssl.privateKeyFile                  string   default=""
 
-# Private key in PEM format. Specify either this or privateKeyFile, but not both
-ssl.privateKey                      string   default=""
-
-# File with certificate in PEM format. Specify either this or certificate, but not both
+# File with certificate in PEM format
 ssl.certificateFile                 string   default=""
 
-# Certificate in PEM format. Specify either this or certificateFile, but not both
-ssl.certificate                     string   default=""
-
 # with trusted CA certificates in PEM format. Used to verify clients
 ssl.caCertificateFile               string default=""
author	Morten Tokle <morten.tokle@gmail.com>	2019-06-21 14:39:17 +0200
committer	GitHub <noreply@github.com>	2019-06-21 14:39:17 +0200
commit	d41f4bf4765936db480ed7246834382bac0d48f3 (patch)
tree	1d0a03b8544dc89cb67f930bb7d2b05ce0e10f0d /jdisc_http_service
parent	79efda4ec2def085aa8f9768b0d7c7e98053a73a (diff)