Allow CA certificates configured as PEM string

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-08-21 14:11:51 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-08-21 14:19:11 +0200
commit: f5c995261886df570b15c8348bde54c7e36ebb37 (patch)
tree: 07182e9fa9d9e9a6164b0a6d1ee9dcb96a42affe /jdisc_http_service
parent: 77df4dd440fd657d55e9a595a703990fe60ac490 (diff)
1 files changed, 12 insertions, 5 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
index 2a5ee7152b2..23a46cfd119 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
@@ -18,6 +18,7 @@ import java.nio.file.Paths;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.List;
+import java.util.Optional;
 
 /**
  * An implementation of {@link SslContextFactoryProvider} that uses the {@link ConnectorConfig} to construct a {@link SslContextFactory}.
@@ -40,9 +41,9 @@ public class ConfiguredSslContextFactoryProvider extends TlsContextBasedProvider
 
         PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(getPrivateKey(sslConfig));
         X509Certificate certificate = X509CertificateUtils.fromPem(getCertificate(sslConfig));
-        List<X509Certificate> caCertificates = !sslConfig.caCertificateFile().isEmpty()
-                ? X509CertificateUtils.certificateListFromPem(getCaCertificates(sslConfig))
-                : List.of();
+        List<X509Certificate> caCertificates = getCaCertificates(sslConfig)
+                .map(X509CertificateUtils::certificateListFromPem)
+                .orElse(List.of());
         PeerAuthentication peerAuthentication = toPeerAuthentication(sslConfig.clientAuth());
         return new DefaultTlsContext(List.of(certificate), privateKey, caCertificates, null, null, peerAuthentication);
     }
@@ -79,8 +80,14 @@ public class ConfiguredSslContextFactoryProvider extends TlsContextBasedProvider
     private static boolean hasBoth(String a, String b) { return !a.isBlank() && !b.isBlank(); }
     private static boolean hasNeither(String a, String b) { return a.isBlank() && b.isBlank(); }
 
-    private static String getCaCertificates(ConnectorConfig.Ssl sslConfig) {
-        return readToString(sslConfig.caCertificateFile());
+    private static Optional<String> getCaCertificates(ConnectorConfig.Ssl sslConfig) {
+        if (!sslConfig.caCertificate().isBlank()) {
+            return Optional.of(sslConfig.caCertificate());
+        } else if (!sslConfig.caCertificateFile().isBlank()) {
+            return Optional.of(readToString(sslConfig.caCertificateFile()));
+        } else {
+            return Optional.empty();
+        }
     }
 
     private static String getPrivateKey(ConnectorConfig.Ssl config) {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-08-21 14:11:51 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-08-21 14:19:11 +0200
commit	f5c995261886df570b15c8348bde54c7e36ebb37 (patch)
tree	07182e9fa9d9e9a6164b0a6d1ee9dcb96a42affe /jdisc_http_service
parent	77df4dd440fd657d55e9a595a703990fe60ac490 (diff)