diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-09 17:16:32 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-09 17:17:34 +0100 |
commit | cdff4b4b1b05a7985a052de99210ca766eb2f8e7 (patch) | |
tree | b4a945b8645ec55b1e31b577ece381d4d8892a4e /jdisc_http_service | |
parent | e99e618a019bd99919f16436c2a3ed7931ab9b3c (diff) |
Simplify SslKeyStore interface
Diffstat (limited to 'jdisc_http_service')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStore.java | 23 | ||||
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/jks/JksKeyStore.java (renamed from jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/jks/JKSKeyStore.java) | 23 | ||||
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/pem/PemSslKeyStore.java | 6 | ||||
-rw-r--r-- | jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java | 26 | ||||
-rw-r--r-- | jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java | 8 |
5 files changed, 35 insertions, 51 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStore.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStore.java index 1201bb08afc..c282c94c1bd 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStore.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStore.java @@ -1,29 +1,12 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.jdisc.http.ssl; -import java.io.IOException; import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.util.Optional; /** * - * @author <a href="mailto:charlesk@yahoo-inc.com">Charles Kim</a> + * @author bjorncs */ -public abstract class SslKeyStore { - - private Optional<String> keyStorePassword = Optional.empty(); - - public Optional<String> getKeyStorePassword() { - return keyStorePassword; - } - - public void setKeyStorePassword(String keyStorePassword) { - this.keyStorePassword = Optional.of(keyStorePassword); - } - - public abstract KeyStore loadJavaKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException; - +public interface SslKeyStore { + KeyStore loadJavaKeyStore() throws Exception; } diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/jks/JKSKeyStore.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/jks/JksKeyStore.java index 2ca53b731c3..9cb040fb97d 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/jks/JKSKeyStore.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/jks/JksKeyStore.java @@ -13,22 +13,33 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; /** - * @author tonytv + * @author Tony Vaagenes + * @author bjorncs */ -public class JKSKeyStore extends SslKeyStore { +public class JksKeyStore implements SslKeyStore { - private static final String keyStoreType = "JKS"; + private static final String KEY_STORE_TYPE = "JKS"; private final Path keyStoreFile; + private final String keyStorePassword; - public JKSKeyStore(Path keyStoreFile) { + public JksKeyStore(Path keyStoreFile) { + this(keyStoreFile, null); + } + + public JksKeyStore(Path keyStoreFile, String keyStorePassword) { this.keyStoreFile = keyStoreFile; + this.keyStorePassword = keyStorePassword; + } + + public String getKeyStorePassword() { + return keyStorePassword; } @Override public KeyStore loadJavaKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { try(InputStream stream = Files.newInputStream(keyStoreFile)) { - KeyStore keystore = KeyStore.getInstance(keyStoreType); - keystore.load(stream, getKeyStorePassword().map(String::toCharArray).orElse(null)); + KeyStore keystore = KeyStore.getInstance(KEY_STORE_TYPE); + keystore.load(stream, keyStorePassword != null ? keyStorePassword.toCharArray() : null); return keystore; } } diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/pem/PemSslKeyStore.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/pem/PemSslKeyStore.java index 9cede37caaa..9f0a635f7c1 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/pem/PemSslKeyStore.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/pem/PemSslKeyStore.java @@ -21,7 +21,7 @@ import java.security.cert.CertificateException; * @author Tony Vaagenes * @author bjorncs */ -public class PemSslKeyStore extends SslKeyStore { +public class PemSslKeyStore implements SslKeyStore { static { Security.addProvider(new PemKeyStoreProvider()); @@ -42,10 +42,6 @@ public class PemSslKeyStore extends SslKeyStore { @Override public KeyStore loadJavaKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { - if (getKeyStorePassword().isPresent()) { - throw new UnsupportedOperationException("PEM key store with password is currently not supported. Please file a feature request."); - } - //cached since Reader(in loadParameter) can only be used one time. if (keyStore == null) { keyStore = KeyStore.getInstance(KEY_STORE_TYPE); diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java index e71bd190a37..5dd5dca1667 100644 --- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java +++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java @@ -1,16 +1,11 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.jdisc.http; -import com.yahoo.jdisc.http.ssl.SslKeyStore; +import com.yahoo.jdisc.http.ssl.jks.JksKeyStore; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; -import java.io.IOException; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; import java.util.logging.Level; import java.util.logging.Logger; @@ -32,16 +27,16 @@ public class SslContextFactory { return this.sslContext; } - public static SslContextFactory newInstanceFromTrustStore(SslKeyStore trustStore) { + public static SslContextFactory newInstanceFromTrustStore(JksKeyStore trustStore) { return newInstance(DEFAULT_ALGORITHM, DEFAULT_PROTOCOL, null, trustStore); } - public static SslContextFactory newInstance(SslKeyStore trustStore, SslKeyStore keyStore) { + public static SslContextFactory newInstance(JksKeyStore trustStore, JksKeyStore keyStore) { return newInstance(DEFAULT_ALGORITHM, DEFAULT_PROTOCOL, keyStore, trustStore); } public static SslContextFactory newInstance(String sslAlgorithm, String sslProtocol, - SslKeyStore keyStore, SslKeyStore trustStore) { + JksKeyStore keyStore, JksKeyStore trustStore) { log.fine("Configuring SSLContext..."); log.fine("Using " + sslAlgorithm + " algorithm."); try { @@ -60,15 +55,14 @@ public class SslContextFactory { /** * Used for the key store, which contains the SSL cert and private key. */ - public static javax.net.ssl.KeyManager[] getKeyManagers(SslKeyStore keyStore, - String sslAlgorithm) - throws NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, - KeyStoreException { + public static javax.net.ssl.KeyManager[] getKeyManagers(JksKeyStore keyStore, + String sslAlgorithm) throws Exception { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(sslAlgorithm); + String keyStorePassword = keyStore.getKeyStorePassword(); keyManagerFactory.init( keyStore.loadJavaKeyStore(), - keyStore.getKeyStorePassword().map(String::toCharArray).orElse(null)); + keyStorePassword != null ? keyStorePassword.toCharArray() : null); log.fine("KeyManagerFactory initialized with keystore"); return keyManagerFactory.getKeyManagers(); } @@ -77,9 +71,9 @@ public class SslContextFactory { * Used for the trust store, which contains certificates from other parties that you expect to communicate with, * or from Certificate Authorities that you trust to identify other parties. */ - public static javax.net.ssl.TrustManager[] getTrustManagers(SslKeyStore trustStore, + public static javax.net.ssl.TrustManager[] getTrustManagers(JksKeyStore trustStore, String sslAlgorithm) - throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException { + throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(sslAlgorithm); trustManagerFactory.init(trustStore.loadJavaKeyStore()); diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java index 8ddcd7f03ac..525cde9d8b3 100644 --- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java +++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java @@ -6,9 +6,8 @@ import com.google.inject.Module; import com.yahoo.jdisc.application.ContainerBuilder; import com.yahoo.jdisc.handler.RequestHandler; import com.yahoo.jdisc.http.ConnectorConfig; -import com.yahoo.jdisc.http.ssl.jks.JKSKeyStore; import com.yahoo.jdisc.http.SslContextFactory; -import com.yahoo.jdisc.http.ssl.SslKeyStore; +import com.yahoo.jdisc.http.ssl.jks.JksKeyStore; import javax.net.ssl.SSLContext; import java.io.IOException; @@ -76,8 +75,9 @@ public class TestDriver { ConnectorConfig.Ssl sslConfig = builder.getInstance(ConnectorConfig.class).ssl(); if (!sslConfig.enabled()) return null; - SslKeyStore keyStore = new JKSKeyStore(Paths.get(sslConfig.keyStorePath())); - keyStore.setKeyStorePassword(builder.getInstance(Key.get(String.class, named("keyStorePassword")))); + JksKeyStore keyStore = new JksKeyStore( + Paths.get(sslConfig.keyStorePath()), + builder.getInstance(Key.get(String.class, named("keyStorePassword")))); return SslContextFactory.newInstanceFromTrustStore(keyStore).getServerSSLContext(); } |