summaryrefslogtreecommitdiffstats
path: root/jdisc_http_service
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@verizonmedia.com>2019-02-07 13:28:08 +0100
committerBjørn Christian Seime <bjorncs@verizonmedia.com>2019-02-21 11:09:26 +0100
commitfc9740b88f095864f4955e5caf0fbef67f5e2479 (patch)
tree00d6895b7d75e233545bbc7f07343f162df24f20 /jdisc_http_service
parent4380cd5a3cdf50c6dd5d39e0a0b8b245b8ae70e5 (diff)
Rename {Default => Configured}SslContextFactoryProvider, {Throwing => Default}SslContextFactoryProvider
Move SslContextFactoryProvider implementations to 'impl' package.
Diffstat (limited to 'jdisc_http_service')
-rw-r--r--jdisc_http_service/abi-spec.json14
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/ThrowingSslContextFactoryProvider.java16
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java94
-rw-r--r--jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java84
-rw-r--r--jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java4
-rw-r--r--jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java4
6 files changed, 101 insertions, 115 deletions
diff --git a/jdisc_http_service/abi-spec.json b/jdisc_http_service/abi-spec.json
index 099b009fba5..62093a8cf3c 100644
--- a/jdisc_http_service/abi-spec.json
+++ b/jdisc_http_service/abi-spec.json
@@ -1128,19 +1128,5 @@
"public abstract org.eclipse.jetty.util.ssl.SslContextFactory getInstance(java.lang.String, int)"
],
"fields": []
- },
- "com.yahoo.jdisc.http.ssl.ThrowingSslContextFactoryProvider": {
- "superClass": "java.lang.Object",
- "interfaces": [
- "com.yahoo.jdisc.http.ssl.SslContextFactoryProvider"
- ],
- "attributes": [
- "public"
- ],
- "methods": [
- "public void <init>()",
- "public org.eclipse.jetty.util.ssl.SslContextFactory getInstance(java.lang.String, int)"
- ],
- "fields": []
}
} \ No newline at end of file
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/ThrowingSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/ThrowingSslContextFactoryProvider.java
deleted file mode 100644
index b28ef54e822..00000000000
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/ThrowingSslContextFactoryProvider.java
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.ssl;
-
-import org.eclipse.jetty.util.ssl.SslContextFactory;
-
-/**
- * A dummy implementation of {@link SslContextFactoryProvider} to be injected into non-ssl connectors
- *
- * @author bjorncs
- */
-public class ThrowingSslContextFactoryProvider implements SslContextFactoryProvider {
- @Override
- public SslContextFactory getInstance(String containerId, int port) {
- throw new UnsupportedOperationException();
- }
-} \ No newline at end of file
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
new file mode 100644
index 00000000000..7188cc60d75
--- /dev/null
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/ConfiguredSslContextFactoryProvider.java
@@ -0,0 +1,94 @@
+// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.jdisc.http.ssl.impl;
+
+import com.yahoo.jdisc.http.ConnectorConfig;
+import com.yahoo.jdisc.http.ssl.SslContextFactoryProvider;
+import com.yahoo.security.KeyStoreBuilder;
+import com.yahoo.security.KeyStoreType;
+import com.yahoo.security.KeyUtils;
+import com.yahoo.security.X509CertificateUtils;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+/**
+ * An implementation of {@link SslContextFactoryProvider} that uses the {@link ConnectorConfig} to construct a {@link SslContextFactory}.
+ *
+ * @author bjorncs
+ */
+public class ConfiguredSslContextFactoryProvider implements SslContextFactoryProvider {
+
+ private final ConnectorConfig connectorConfig;
+
+ public ConfiguredSslContextFactoryProvider(ConnectorConfig connectorConfig) {
+ validateConfig(connectorConfig.ssl());
+ this.connectorConfig = connectorConfig;
+ }
+
+ @Override
+ public SslContextFactory getInstance(String containerId, int port) {
+ ConnectorConfig.Ssl sslConfig = connectorConfig.ssl();
+ if (!sslConfig.enabled()) throw new IllegalStateException();
+ SslContextFactory factory = new JDiscSslContextFactory();
+
+ switch (sslConfig.clientAuth()) {
+ case NEED_AUTH:
+ factory.setNeedClientAuth(true);
+ break;
+ case WANT_AUTH:
+ factory.setWantClientAuth(true);
+ break;
+ }
+
+ // Check if using new ssl syntax from services.xml
+ factory.setKeyStore(createKeystore(sslConfig));
+ factory.setKeyStorePassword("");
+ if (!sslConfig.caCertificateFile().isEmpty()) {
+ factory.setTrustStore(createTruststore(sslConfig));
+ }
+ factory.setProtocol("TLS");
+ return factory;
+ }
+
+ private static void validateConfig(ConnectorConfig.Ssl config) {
+ if (!config.enabled()) return;
+ if (config.certificateFile().isEmpty()) {
+ throw new IllegalArgumentException("Missing certificate file.");
+ }
+ if (config.privateKeyFile().isEmpty()) {
+ throw new IllegalArgumentException("Missing private key file.");
+ }
+
+ }
+
+ private static KeyStore createTruststore(ConnectorConfig.Ssl sslConfig) {
+ List<X509Certificate> caCertificates = X509CertificateUtils.certificateListFromPem(readToString(sslConfig.caCertificateFile()));
+ KeyStoreBuilder truststoreBuilder = KeyStoreBuilder.withType(KeyStoreType.JKS);
+ for (int i = 0; i < caCertificates.size(); i++) {
+ truststoreBuilder.withCertificateEntry("entry-" + i, caCertificates.get(i));
+ }
+ return truststoreBuilder.build();
+ }
+
+ private static KeyStore createKeystore(ConnectorConfig.Ssl sslConfig) {
+ PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(readToString(sslConfig.privateKeyFile()));
+ List<X509Certificate> certificates = X509CertificateUtils.certificateListFromPem(readToString(sslConfig.certificateFile()));
+ return KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("default", privateKey, certificates).build();
+ }
+
+ private static String readToString(String filename) {
+ try {
+ return new String(Files.readAllBytes(Paths.get(filename)));
+ } catch (IOException e) {
+ throw new UncheckedIOException(e);
+ }
+ }
+
+}
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java
index f9cdefeb5e8..92c4f2333b5 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/impl/DefaultSslContextFactoryProvider.java
@@ -1,95 +1,17 @@
// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.jdisc.http.ssl.impl;
-import com.yahoo.jdisc.http.ConnectorConfig;
import com.yahoo.jdisc.http.ssl.SslContextFactoryProvider;
-import com.yahoo.security.KeyStoreBuilder;
-import com.yahoo.security.KeyStoreType;
-import com.yahoo.security.KeyUtils;
-import com.yahoo.security.X509CertificateUtils;
import org.eclipse.jetty.util.ssl.SslContextFactory;
-import java.io.IOException;
-import java.io.UncheckedIOException;
-import java.nio.file.Files;
-import java.nio.file.Paths;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.util.List;
-
/**
- * JDisc's default implementation of {@link SslContextFactoryProvider} that uses the {@link ConnectorConfig} to construct a {@link SslContextFactory}.
+ * The default implementation of {@link SslContextFactoryProvider} to be injected into connectors without explicit ssl configuration
*
* @author bjorncs
*/
public class DefaultSslContextFactoryProvider implements SslContextFactoryProvider {
-
- private final ConnectorConfig connectorConfig;
-
- public DefaultSslContextFactoryProvider(ConnectorConfig connectorConfig) {
- validateConfig(connectorConfig.ssl());
- this.connectorConfig = connectorConfig;
- }
-
@Override
public SslContextFactory getInstance(String containerId, int port) {
- ConnectorConfig.Ssl sslConfig = connectorConfig.ssl();
- if (!sslConfig.enabled()) throw new IllegalStateException();
- SslContextFactory factory = new JDiscSslContextFactory();
-
- switch (sslConfig.clientAuth()) {
- case NEED_AUTH:
- factory.setNeedClientAuth(true);
- break;
- case WANT_AUTH:
- factory.setWantClientAuth(true);
- break;
- }
-
- // Check if using new ssl syntax from services.xml
- factory.setKeyStore(createKeystore(sslConfig));
- factory.setKeyStorePassword("");
- if (!sslConfig.caCertificateFile().isEmpty()) {
- factory.setTrustStore(createTruststore(sslConfig));
- }
- factory.setProtocol("TLS");
- factory.setEndpointIdentificationAlgorithm(null); // disable hostname verification of client certs
- return factory;
+ throw new UnsupportedOperationException();
}
-
- private static void validateConfig(ConnectorConfig.Ssl config) {
- if (!config.enabled()) return;
- if (config.certificateFile().isEmpty()) {
- throw new IllegalArgumentException("Missing certificate file.");
- }
- if (config.privateKeyFile().isEmpty()) {
- throw new IllegalArgumentException("Missing private key file.");
- }
-
- }
-
- private static KeyStore createTruststore(ConnectorConfig.Ssl sslConfig) {
- List<X509Certificate> caCertificates = X509CertificateUtils.certificateListFromPem(readToString(sslConfig.caCertificateFile()));
- KeyStoreBuilder truststoreBuilder = KeyStoreBuilder.withType(KeyStoreType.JKS);
- for (int i = 0; i < caCertificates.size(); i++) {
- truststoreBuilder.withCertificateEntry("entry-" + i, caCertificates.get(i));
- }
- return truststoreBuilder.build();
- }
-
- private static KeyStore createKeystore(ConnectorConfig.Ssl sslConfig) {
- PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(readToString(sslConfig.privateKeyFile()));
- List<X509Certificate> certificates = X509CertificateUtils.certificateListFromPem(readToString(sslConfig.certificateFile()));
- return KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("default", privateKey, certificates).build();
- }
-
- private static String readToString(String filename) {
- try {
- return new String(Files.readAllBytes(Paths.get(filename)));
- } catch (IOException e) {
- throw new UncheckedIOException(e);
- }
- }
-
-}
+} \ No newline at end of file
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java
index a4baccb86c9..cc2a00c08c6 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java
@@ -10,7 +10,7 @@ import com.yahoo.jdisc.http.ConnectorConfig;
import com.yahoo.jdisc.http.ConnectorConfig.Builder;
import com.yahoo.jdisc.http.server.jetty.ConnectorFactory;
-import com.yahoo.jdisc.http.ssl.impl.DefaultSslContextFactoryProvider;
+import com.yahoo.jdisc.http.ssl.impl.ConfiguredSslContextFactoryProvider;
/**
* Guice module for test ConnectorFactories
@@ -46,7 +46,7 @@ public class ConnectorFactoryRegistryModule implements Module {
private static class StaticKeyDbConnectorFactory extends ConnectorFactory {
public StaticKeyDbConnectorFactory(ConnectorConfig connectorConfig) {
- super(connectorConfig, new DefaultSslContextFactoryProvider(connectorConfig));
+ super(connectorConfig, new ConfiguredSslContextFactoryProvider(connectorConfig));
}
}
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java
index cf32801ce88..3a932ba6113 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java
@@ -3,7 +3,7 @@ package com.yahoo.jdisc.http.server.jetty;
import com.yahoo.jdisc.Metric;
import com.yahoo.jdisc.http.ConnectorConfig;
-import com.yahoo.jdisc.http.ssl.impl.DefaultSslContextFactoryProvider;
+import com.yahoo.jdisc.http.ssl.impl.ConfiguredSslContextFactoryProvider;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.AbstractHandler;
@@ -78,7 +78,7 @@ public class ConnectorFactoryTest {
}
private static ConnectorFactory createConnectorFactory(ConnectorConfig config) {
- return new ConnectorFactory(config, new DefaultSslContextFactoryProvider(config));
+ return new ConnectorFactory(config, new ConfiguredSslContextFactoryProvider(config));
}
private static class HelloWorldHandler extends AbstractHandler {