summaryrefslogtreecommitdiffstats
path: root/jdisc_http_service
diff options
context:
space:
mode:
authorJon Bratseth <bratseth@yahoo-inc.com>2017-10-03 10:32:44 +0200
committerJon Bratseth <bratseth@yahoo-inc.com>2017-10-03 10:32:44 +0200
commitb79e01e3568b3369ff2e75900a54c85d53da8a38 (patch)
tree3ea9a8681717afefe53d0594dc3945a836cdffa2 /jdisc_http_service
parentff6567a79a08d80b48a3fa8d2fce19471bab2f9f (diff)
Nonfunctional changes only
Diffstat (limited to 'jdisc_http_service')
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java19
-rw-r--r--jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def2
2 files changed, 11 insertions, 10 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
index 41a0bee91b9..17db201ad95 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java
@@ -174,28 +174,24 @@ public class ConnectorFactory {
factory.setIncludeCipherSuites(ciphs);
}
-
- Optional<String> password = Optional.of(sslConfig.keyDbKey())
- .filter(key -> !key.isEmpty())
- .map(secretStore::getSecret);
-
+ Optional<String> keyDbPassword = secret(sslConfig.keyDbKey());
switch (sslConfig.keyStoreType()) {
case PEM:
factory.setKeyStore(getKeyStore(sslConfig.pemKeyStore(), keyStoreChannels));
- if (password.isPresent())
+ if (keyDbPassword.isPresent())
log.warning("Encrypted PEM key stores are not supported.");
break;
case JKS:
factory.setKeyStorePath(sslConfig.keyStorePath());
factory.setKeyStoreType(sslConfig.keyStoreType().toString());
- factory.setKeyStorePassword(password.orElseThrow(passwordRequiredForJKSKeyStore("key")));
+ factory.setKeyStorePassword(keyDbPassword.orElseThrow(passwordRequiredForJKSKeyStore("key")));
break;
}
if (!sslConfig.trustStorePath().isEmpty()) {
factory.setTrustStorePath(sslConfig.trustStorePath());
- factory.setTrustStoreType(sslConfig.trustStoreType().toString());
- factory.setTrustStorePassword(password.orElseThrow(passwordRequiredForJKSKeyStore("trust")));
+ factory.setTrustStoreType(sslConfig.trustStoreType().toString());
+ factory.setTrustStorePassword(keyDbPassword.orElseThrow(passwordRequiredForJKSKeyStore("trust")));
}
factory.setKeyManagerFactoryAlgorithm(sslConfig.sslKeyManagerFactoryAlgorithm());
@@ -203,6 +199,11 @@ public class ConnectorFactory {
return new SslConnectionFactory(factory, HttpVersion.HTTP_1_1.asString());
}
+ /** Returns the secret password with the given name, or empty if the password name is null or empty */
+ private Optional<String> secret(String keyname) {
+ return Optional.of(keyname).filter(key -> !key.isEmpty()).map(secretStore::getSecret);
+ }
+
@SuppressWarnings("ThrowableInstanceNeverThrown")
private Supplier<RuntimeException> passwordRequiredForJKSKeyStore(String type) {
return () -> new RuntimeException(String.format("Password is required for JKS %s store", type));
diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
index 1c059fff2e7..36d0ec57f4e 100644
--- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
+++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def
@@ -67,7 +67,7 @@ ssl.keyStorePath string default=""
ssl.pemKeyStore.keyPath string default=""
ssl.pemKeyStore.certificatePath string default=""
-ssl.trustStoreType enum { JKS } default="JKS"
+ssl.trustStoreType enum { JKS } default=JKS
# JKS only - the path to the truststore.
ssl.trustStorePath string default=""