diff options
author | Jon Bratseth <bratseth@yahoo-inc.com> | 2017-10-03 10:32:44 +0200 |
---|---|---|
committer | Jon Bratseth <bratseth@yahoo-inc.com> | 2017-10-03 10:32:44 +0200 |
commit | b79e01e3568b3369ff2e75900a54c85d53da8a38 (patch) | |
tree | 3ea9a8681717afefe53d0594dc3945a836cdffa2 /jdisc_http_service | |
parent | ff6567a79a08d80b48a3fa8d2fce19471bab2f9f (diff) |
Nonfunctional changes only
Diffstat (limited to 'jdisc_http_service')
-rw-r--r-- | jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java | 19 | ||||
-rw-r--r-- | jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def | 2 |
2 files changed, 11 insertions, 10 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java index 41a0bee91b9..17db201ad95 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactory.java @@ -174,28 +174,24 @@ public class ConnectorFactory { factory.setIncludeCipherSuites(ciphs); } - - Optional<String> password = Optional.of(sslConfig.keyDbKey()) - .filter(key -> !key.isEmpty()) - .map(secretStore::getSecret); - + Optional<String> keyDbPassword = secret(sslConfig.keyDbKey()); switch (sslConfig.keyStoreType()) { case PEM: factory.setKeyStore(getKeyStore(sslConfig.pemKeyStore(), keyStoreChannels)); - if (password.isPresent()) + if (keyDbPassword.isPresent()) log.warning("Encrypted PEM key stores are not supported."); break; case JKS: factory.setKeyStorePath(sslConfig.keyStorePath()); factory.setKeyStoreType(sslConfig.keyStoreType().toString()); - factory.setKeyStorePassword(password.orElseThrow(passwordRequiredForJKSKeyStore("key"))); + factory.setKeyStorePassword(keyDbPassword.orElseThrow(passwordRequiredForJKSKeyStore("key"))); break; } if (!sslConfig.trustStorePath().isEmpty()) { factory.setTrustStorePath(sslConfig.trustStorePath()); - factory.setTrustStoreType(sslConfig.trustStoreType().toString()); - factory.setTrustStorePassword(password.orElseThrow(passwordRequiredForJKSKeyStore("trust"))); + factory.setTrustStoreType(sslConfig.trustStoreType().toString()); + factory.setTrustStorePassword(keyDbPassword.orElseThrow(passwordRequiredForJKSKeyStore("trust"))); } factory.setKeyManagerFactoryAlgorithm(sslConfig.sslKeyManagerFactoryAlgorithm()); @@ -203,6 +199,11 @@ public class ConnectorFactory { return new SslConnectionFactory(factory, HttpVersion.HTTP_1_1.asString()); } + /** Returns the secret password with the given name, or empty if the password name is null or empty */ + private Optional<String> secret(String keyname) { + return Optional.of(keyname).filter(key -> !key.isEmpty()).map(secretStore::getSecret); + } + @SuppressWarnings("ThrowableInstanceNeverThrown") private Supplier<RuntimeException> passwordRequiredForJKSKeyStore(String type) { return () -> new RuntimeException(String.format("Password is required for JKS %s store", type)); diff --git a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def index 1c059fff2e7..36d0ec57f4e 100644 --- a/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def +++ b/jdisc_http_service/src/main/resources/configdefinitions/jdisc.http.connector.def @@ -67,7 +67,7 @@ ssl.keyStorePath string default="" ssl.pemKeyStore.keyPath string default="" ssl.pemKeyStore.certificatePath string default="" -ssl.trustStoreType enum { JKS } default="JKS" +ssl.trustStoreType enum { JKS } default=JKS # JKS only - the path to the truststore. ssl.trustStorePath string default="" |