Remove SslKeyStoreConfigurator/SslTrustStoreConfigurator concept

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-09-12 11:26:18 +0200
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-09-12 11:26:18 +0200
commit: c9a3e05f486f7dde2a4f7895a8adcfd54518c108 (patch)
tree: 7ec074835478efc6a34393c7f50aa158c1727c14 /jdisc_http_service
parent: 7f00722a620ed17116253d61d89728e63bed2299 (diff)
11 files changed, 102 insertions, 342 deletions
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslContextFactoryProvider.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslContextFactoryProvider.java
index 8799e781532..dd38bdd94f9 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslContextFactoryProvider.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslContextFactoryProvider.java
@@ -3,6 +3,7 @@ package com.yahoo.jdisc.http.ssl;
 
 import com.yahoo.config.InnerNode;
 import com.yahoo.jdisc.http.ConnectorConfig;
+import com.yahoo.jdisc.http.ssl.pem.PemSslKeyStore;
 import com.yahoo.security.KeyStoreBuilder;
 import com.yahoo.security.KeyStoreType;
 import com.yahoo.security.KeyUtils;
@@ -12,6 +13,7 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.nio.file.Files;
+import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.security.KeyStore;
 import java.security.PrivateKey;
@@ -20,6 +22,7 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.function.BiConsumer;
 import java.util.function.Function;
+import java.util.logging.Logger;
 
 /**
  * JDisc's default implementation of {@link SslContextFactoryProvider} that uses the {@link ConnectorConfig} to construct a {@link SslContextFactory}.
@@ -28,16 +31,17 @@ import java.util.function.Function;
  */
 public class DefaultSslContextFactoryProvider implements SslContextFactoryProvider {
 
+    private static final Logger log = Logger.getLogger(DefaultSslContextFactoryProvider.class.getName());
+
     private final ConnectorConfig connectorConfig;
-    private final SslKeyStoreConfigurator sslKeyStoreConfigurator;
-    private final SslTrustStoreConfigurator sslTrustStoreConfigurator;
+    @SuppressWarnings("deprecation")
+    private final com.yahoo.jdisc.http.SecretStore secretStore;
 
     public DefaultSslContextFactoryProvider(ConnectorConfig connectorConfig,
-                                            SslKeyStoreConfigurator sslKeyStoreConfigurator,
-                                            SslTrustStoreConfigurator sslTrustStoreConfigurator) {
+                                            @SuppressWarnings("deprecation") com.yahoo.jdisc.http.SecretStore secretStore) {
+        validateConfig(connectorConfig.ssl());
         this.connectorConfig = connectorConfig;
-        this.sslKeyStoreConfigurator = sslKeyStoreConfigurator;
-        this.sslTrustStoreConfigurator = sslTrustStoreConfigurator;
+        this.secretStore = secretStore;
     }
 
     @Override
@@ -69,29 +73,100 @@ public class DefaultSslContextFactoryProvider implements SslContextFactoryProvid
                 factory.setTrustStore(createTruststore(sslConfig));
             }
             factory.setProtocol("TLS");
-        } else {
-            // TODO Remove SslKeyStoreConfigurator / SslTrustStoreConfigurator
-            sslKeyStoreConfigurator.configure(new DefaultSslKeyStoreContext(factory));
-            sslTrustStoreConfigurator.configure(new DefaultSslTrustStoreContext(factory));
-
-            // TODO Remove support for deprecated ssl connector config
-            if (!sslConfig.prng().isEmpty()) {
-                factory.setSecureRandomAlgorithm(sslConfig.prng());
+        } else { // TODO Vespa 7: Remove support for deprecated ssl connector config
+            configureUsingDeprecatedConnectorConfig(sslConfig, factory);
+        }
+        return factory;
+    }
+
+    private void configureUsingDeprecatedConnectorConfig(ConnectorConfig.Ssl sslConfig, SslContextFactory factory) {
+        switch (sslConfig.keyStoreType()) {
+            case JKS:
+                factory.setKeyStorePath(sslConfig.keyStorePath());
+                factory.setKeyStoreType("JKS");
+                factory.setKeyStorePassword(secretStore.getSecret(sslConfig.keyDbKey()));
+                break;
+            case PEM:
+                factory.setKeyStorePath(sslConfig.keyStorePath());
+                factory.setKeyStore(createPemKeyStore(sslConfig.pemKeyStore()));
+                break;
+        }
+
+        if (!sslConfig.trustStorePath().isEmpty()) {
+            factory.setTrustStorePath(sslConfig.trustStorePath());
+            factory.setTrustStoreType(sslConfig.trustStoreType().toString());
+            if (sslConfig.useTrustStorePassword()) {
+                factory.setTrustStorePassword(secretStore.getSecret(sslConfig.keyDbKey()));
             }
+        }
+
+        if (!sslConfig.prng().isEmpty()) {
+            factory.setSecureRandomAlgorithm(sslConfig.prng());
+        }
 
-            setStringArrayParameter(
-                    factory, sslConfig.excludeProtocol(), ConnectorConfig.Ssl.ExcludeProtocol::name, SslContextFactory::setExcludeProtocols);
-            setStringArrayParameter(
-                    factory, sslConfig.includeProtocol(), ConnectorConfig.Ssl.IncludeProtocol::name, SslContextFactory::setIncludeProtocols);
-            setStringArrayParameter(
-                    factory, sslConfig.excludeCipherSuite(), ConnectorConfig.Ssl.ExcludeCipherSuite::name, SslContextFactory::setExcludeCipherSuites);
-            setStringArrayParameter(
-                    factory, sslConfig.includeCipherSuite(), ConnectorConfig.Ssl.IncludeCipherSuite::name, SslContextFactory::setIncludeCipherSuites);
+        setStringArrayParameter(
+                factory, sslConfig.excludeProtocol(), ConnectorConfig.Ssl.ExcludeProtocol::name, SslContextFactory::setExcludeProtocols);
+        setStringArrayParameter(
+                factory, sslConfig.includeProtocol(), ConnectorConfig.Ssl.IncludeProtocol::name, SslContextFactory::setIncludeProtocols);
+        setStringArrayParameter(
+                factory, sslConfig.excludeCipherSuite(), ConnectorConfig.Ssl.ExcludeCipherSuite::name, SslContextFactory::setExcludeCipherSuites);
+        setStringArrayParameter(
+                factory, sslConfig.includeCipherSuite(), ConnectorConfig.Ssl.IncludeCipherSuite::name, SslContextFactory::setIncludeCipherSuites);
+
+        factory.setKeyManagerFactoryAlgorithm(sslConfig.sslKeyManagerFactoryAlgorithm());
+        factory.setProtocol(sslConfig.protocol());
+    }
 
-            factory.setKeyManagerFactoryAlgorithm(sslConfig.sslKeyManagerFactoryAlgorithm());
-            factory.setProtocol(sslConfig.protocol());
+    private static void validateConfig(ConnectorConfig.Ssl config) {
+        if (!config.enabled()) return;
+        switch (config.keyStoreType()) {
+            case JKS:
+                validateJksConfig(config);
+                break;
+            case PEM:
+                validatePemConfig(config);
+                break;
+        }
+        if (!config.trustStorePath().isEmpty() && config.useTrustStorePassword() && config.keyDbKey().isEmpty()) {
+            throw new IllegalArgumentException("Missing password for JKS truststore");
+        }
+    }
+
+    private static void validateJksConfig(ConnectorConfig.Ssl ssl) {
+        if (!ssl.pemKeyStore().keyPath().isEmpty() || ! ssl.pemKeyStore().certificatePath().isEmpty()) {
+            throw new IllegalArgumentException("pemKeyStore attributes can not be set when keyStoreType is JKS.");
+        }
+        if (ssl.keyDbKey().isEmpty()) {
+            throw new IllegalArgumentException("Missing password for JKS keystore");
+        }
+    }
+
+    private static void validatePemConfig(ConnectorConfig.Ssl ssl) {
+        if (! ssl.keyStorePath().isEmpty()) {
+            throw new IllegalArgumentException("keyStorePath can not be set when keyStoreType is PEM");
+        }
+        if (!ssl.keyDbKey().isEmpty()) {
+            // TODO Make an error once there are separate passwords for truststore and keystore
+            log.warning("Encrypted PEM key stores are not supported. Password is only applied to truststore");
+        }
+        if (ssl.pemKeyStore().certificatePath().isEmpty()) {
+            throw new IllegalArgumentException("Missing certificate path.");
+        }
+        if (ssl.pemKeyStore().keyPath().isEmpty()) {
+            throw new IllegalArgumentException("Missing key path.");
+        }
+    }
+
+    private static KeyStore createPemKeyStore(ConnectorConfig.Ssl.PemKeyStore pemKeyStore) {
+        try {
+            Path certificatePath = Paths.get(pemKeyStore.certificatePath());
+            Path keyPath = Paths.get(pemKeyStore.keyPath());
+            return new PemSslKeyStore(certificatePath, keyPath).loadJavaKeyStore();
+        } catch (IOException e) {
+            throw new UncheckedIOException(e);
+        } catch (Exception e) {
+            throw new RuntimeException("Failed setting up key store for " + pemKeyStore.keyPath() + ", " + pemKeyStore.certificatePath(), e);
         }
-        return factory;
     }
 
     private static KeyStore createTruststore(ConnectorConfig.Ssl sslConfig) {
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslKeyStoreConfigurator.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslKeyStoreConfigurator.java
deleted file mode 100644
index 1cf8997b465..00000000000
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslKeyStoreConfigurator.java
+++ /dev/null
@@ -1,96 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.ssl;
-
-import com.google.inject.Inject;
-import com.yahoo.jdisc.http.ConnectorConfig;
-import com.yahoo.jdisc.http.ssl.pem.PemSslKeyStore;
-
-import java.io.IOException;
-import java.io.UncheckedIOException;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.security.KeyStore;
-import java.util.logging.Logger;
-
-/**
- * @author bjorncs
- */
-public class DefaultSslKeyStoreConfigurator implements SslKeyStoreConfigurator {
-
-    private static final Logger log = Logger.getLogger(DefaultSslKeyStoreConfigurator.class.getName());
-
-    @SuppressWarnings("deprecation")
-    private final com.yahoo.jdisc.http.SecretStore secretStore;
-    private final ConnectorConfig.Ssl config;
-
-    @Inject
-    @SuppressWarnings("deprecation")
-    public DefaultSslKeyStoreConfigurator(ConnectorConfig config, com.yahoo.jdisc.http.SecretStore secretStore) {
-        validateConfig(config.ssl());
-        this.secretStore = secretStore;
-        this.config = config.ssl();
-    }
-
-    private static void validateConfig(ConnectorConfig.Ssl config) {
-        if (!config.enabled()) return;
-        switch (config.keyStoreType()) {
-            case JKS:
-                validateJksConfig(config);
-                break;
-            case PEM:
-                validatePemConfig(config);
-                break;
-        }
-    }
-
-    @Override
-    public void configure(SslKeyStoreContext context) {
-        if (!config.enabled()) return;
-        switch (config.keyStoreType()) {
-            case JKS:
-                context.updateKeyStore(config.keyStorePath(), "JKS", secretStore.getSecret(config.keyDbKey()));
-                break;
-            case PEM:
-                context.updateKeyStore(createPemKeyStore(config.pemKeyStore()));
-                break;
-        }
-    }
-
-    private static void validateJksConfig(ConnectorConfig.Ssl ssl) {
-        if (!ssl.pemKeyStore().keyPath().isEmpty() || ! ssl.pemKeyStore().certificatePath().isEmpty()) {
-            throw new IllegalArgumentException("pemKeyStore attributes can not be set when keyStoreType is JKS.");
-        }
-        if (ssl.keyDbKey().isEmpty()) {
-            throw new IllegalArgumentException("Missing password for JKS keystore");
-        }
-    }
-
-    private static void validatePemConfig(ConnectorConfig.Ssl ssl) {
-        if (! ssl.keyStorePath().isEmpty()) {
-            throw new IllegalArgumentException("keyStorePath can not be set when keyStoreType is PEM");
-        }
-        if (!ssl.keyDbKey().isEmpty()) {
-            // TODO Make an error once there are separate passwords for truststore and keystore
-            log.warning("Encrypted PEM key stores are not supported. Password is only applied to truststore");
-        }
-        if (ssl.pemKeyStore().certificatePath().isEmpty()) {
-            throw new IllegalArgumentException("Missing certificate path.");
-        }
-        if (ssl.pemKeyStore().keyPath().isEmpty()) {
-            throw new IllegalArgumentException("Missing key path.");
-        }
-    }
-
-    private static KeyStore createPemKeyStore(ConnectorConfig.Ssl.PemKeyStore pemKeyStore) {
-        try {
-            Path certificatePath = Paths.get(pemKeyStore.certificatePath());
-            Path keyPath = Paths.get(pemKeyStore.keyPath());
-            return new PemSslKeyStore(certificatePath, keyPath).loadJavaKeyStore();
-        } catch (IOException e) {
-            throw new UncheckedIOException(e);
-        } catch (Exception e) {
-            throw new RuntimeException("Failed setting up key store for " + pemKeyStore.keyPath() + ", " + pemKeyStore.certificatePath(), e);
-        }
-    }
-
-}
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslKeyStoreContext.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslKeyStoreContext.java
deleted file mode 100644
index 44a9c606576..00000000000
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslKeyStoreContext.java
+++ /dev/null
@@ -1,51 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.ssl;
-
-import org.eclipse.jetty.util.ssl.SslContextFactory;
-
-import java.security.KeyStore;
-import java.util.function.Consumer;
-
-/**
- * @author bjorncs
- */
-public class DefaultSslKeyStoreContext implements SslKeyStoreContext {
-
-    private final SslContextFactory sslContextFactory;
-
-    public DefaultSslKeyStoreContext(SslContextFactory sslContextFactory) {
-        this.sslContextFactory = sslContextFactory;
-    }
-
-    @Override
-    public void updateKeyStore(KeyStore keyStore) {
-        updateKeyStore(keyStore, null);
-    }
-
-    @Override
-    public void updateKeyStore(KeyStore keyStore, String password) {
-        updateKeyStore(sslContextFactory -> {
-            sslContextFactory.setKeyStore(keyStore);
-            if (password != null) {
-                sslContextFactory.setKeyStorePassword(password);
-            }
-        });
-    }
-
-    @Override
-    public void updateKeyStore(String keyStorePath, String keyStoreType, String keyStorePassword) {
-        updateKeyStore(sslContextFactory -> {
-            sslContextFactory.setKeyStorePath(keyStorePath);
-            sslContextFactory.setKeyStoreType(keyStoreType);
-            sslContextFactory.setKeyStorePassword(keyStorePassword);
-        });
-    }
-
-    private void updateKeyStore(Consumer<SslContextFactory> reloader) {
-        try {
-            sslContextFactory.reload(reloader);
-        } catch (Exception e) {
-            throw new RuntimeException("Could not update keystore: " + e.getMessage(), e);
-        }
-    }
-}
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslTrustStoreConfigurator.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslTrustStoreConfigurator.java
deleted file mode 100644
index 5a8c399e6ba..00000000000
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslTrustStoreConfigurator.java
+++ /dev/null
@@ -1,41 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.ssl;
-
-import com.google.inject.Inject;
-import com.yahoo.jdisc.http.ConnectorConfig;
-
-/**
- * @author bjorncs
- */
-public class DefaultSslTrustStoreConfigurator implements SslTrustStoreConfigurator {
-
-    @SuppressWarnings("deprecation")
-    private final com.yahoo.jdisc.http.SecretStore secretStore;
-    private final ConnectorConfig.Ssl config;
-
-    @Inject
-    @SuppressWarnings("deprecation")
-    public DefaultSslTrustStoreConfigurator(ConnectorConfig config, com.yahoo.jdisc.http.SecretStore secretStore) {
-        validateConfig(config.ssl());
-        this.secretStore = secretStore;
-        this.config = config.ssl();
-    }
-
-    @Override
-    public void configure(SslTrustStoreContext context) {
-        if (!config.enabled()) return;
-        String keyDbPassword = config.keyDbKey();
-        if (!config.trustStorePath().isEmpty()) {
-            String password = config.useTrustStorePassword() ? secretStore.getSecret(keyDbPassword) : null;
-            context.updateTrustStore(config.trustStorePath(), config.trustStoreType().toString(), password);
-        }
-    }
-
-    private static void validateConfig(ConnectorConfig.Ssl config) {
-        if (!config.enabled()) return;
-        if (!config.trustStorePath().isEmpty() && config.useTrustStorePassword() && config.keyDbKey().isEmpty()) {
-            throw new IllegalArgumentException("Missing password for JKS truststore");
-        }
-    }
-
-}
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslTrustStoreContext.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslTrustStoreContext.java
deleted file mode 100644
index c2d91cca3ea..00000000000
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/DefaultSslTrustStoreContext.java
+++ /dev/null
@@ -1,54 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.ssl;
-
-import org.eclipse.jetty.util.ssl.SslContextFactory;
-
-import java.security.KeyStore;
-import java.util.function.Consumer;
-
-/**
- * @author bjorncs
- */
-public class DefaultSslTrustStoreContext implements SslTrustStoreContext {
-
-    private final SslContextFactory sslContextFactory;
-
-    public DefaultSslTrustStoreContext(SslContextFactory sslContextFactory) {
-        this.sslContextFactory = sslContextFactory;
-    }
-
-    @Override
-    public void updateTrustStore(KeyStore trustStore) {
-        updateTrustStore(trustStore, null);
-    }
-
-    @Override
-    public void updateTrustStore(KeyStore trustStore, String password) {
-        updateTrustStore(sslContextFactory -> {
-            sslContextFactory.setTrustStore(trustStore);
-            if (password != null) {
-                sslContextFactory.setTrustStorePassword(password);
-            }
-        });
-    }
-
-    @Override
-    public void updateTrustStore(String trustStorePath, String trustStoreType, String trustStorePassword) {
-        updateTrustStore(sslContextFactory -> {
-            sslContextFactory.setTrustStorePath(trustStorePath);
-            sslContextFactory.setTrustStoreType(trustStoreType);
-            if (trustStorePassword != null) {
-                sslContextFactory.setTrustStorePassword(trustStorePassword);
-            }
-        });
-    }
-
-    private void updateTrustStore(Consumer<SslContextFactory> reloader) {
-        try {
-            sslContextFactory.reload(reloader);
-        } catch (Exception e) {
-            throw new RuntimeException("Could not update truststore: " + e.getMessage(), e);
-        }
-    }
-
-}
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStoreConfigurator.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStoreConfigurator.java
deleted file mode 100644
index 619f4a636ed..00000000000
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStoreConfigurator.java
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.ssl;
-
-/**
- * An interface for an component that can configure an {@link SslKeyStoreContext}. The implementor can assume that
- * the {@link SslKeyStoreContext} instance is thread-safe and be updated at any time
- * during and after the call to{@link #configure(SslKeyStoreContext)}.
- * Modifying the {@link SslKeyStoreContext} instance will trigger a hot reload of the keystore in JDisc.
- *
- * @author bjorncs
- */
-public interface SslKeyStoreConfigurator {
-    void configure(SslKeyStoreContext context);
-}
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStoreContext.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStoreContext.java
deleted file mode 100644
index 2a25f6d78b5..00000000000
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStoreContext.java
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.ssl;
-
-import java.security.KeyStore;
-
-/**
- * An interface to update the keystore in JDisc. Any update will trigger a hot reload and new connections will
- * immediately see the new certificate chain.
- *
- * @author bjorncs
- */
-public interface SslKeyStoreContext {
-    void updateKeyStore(KeyStore keyStore);
-    void updateKeyStore(KeyStore keyStore, String password);
-    void updateKeyStore(String keyStorePath, String keyStoreType, String keyStorePassword);
-}
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslTrustStoreConfigurator.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslTrustStoreConfigurator.java
deleted file mode 100644
index de1119a5275..00000000000
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslTrustStoreConfigurator.java
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.ssl;
-
-/**
- * An interface for an component that can configure an {@link SslTrustStoreContext}. The implementor can assume that
- * the {@link SslTrustStoreContext} instance is thread-safe and be updated at any time
- * during and after the call to{@link #configure(SslTrustStoreContext)}.
- * Modifying the {@link SslKeyStoreContext} instance will trigger a hot reload of the truststore in JDisc.
- *
- * @author bjorncs
- */
-public interface SslTrustStoreConfigurator {
-    void configure(SslTrustStoreContext context);
-}
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslTrustStoreContext.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslTrustStoreContext.java
deleted file mode 100644
index fc8cf397b24..00000000000
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslTrustStoreContext.java
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.jdisc.http.ssl;
-
-import java.security.KeyStore;
-
-/**
- * An interface to update the truststore in JDisc. Any update will trigger a hot reload and new connections will
- * authenticated using the update truststore.
- *
- * @author bjorncs
- */
-public interface SslTrustStoreContext {
-    void updateTrustStore(KeyStore trustStore);
-    void updateTrustStore(KeyStore trustStore, String password);
-    void updateTrustStore(String trustStorePath, String trustStoreType, String trustStorePassword);
-}
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java
index 5e586f5e59e..cb7d30af952 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/guiceModules/ConnectorFactoryRegistryModule.java
@@ -12,8 +12,6 @@ import com.yahoo.jdisc.http.ConnectorConfig.Builder;
 import com.yahoo.jdisc.http.server.jetty.ConnectorFactory;
 import com.yahoo.jdisc.http.server.jetty.TestDrivers;
 import com.yahoo.jdisc.http.ssl.DefaultSslContextFactoryProvider;
-import com.yahoo.jdisc.http.ssl.DefaultSslKeyStoreConfigurator;
-import com.yahoo.jdisc.http.ssl.DefaultSslTrustStoreConfigurator;
 
 /**
  * Guice module for test ConnectorFactories
@@ -49,11 +47,7 @@ public class ConnectorFactoryRegistryModule implements Module {
     private static class StaticKeyDbConnectorFactory extends ConnectorFactory {
 
         public StaticKeyDbConnectorFactory(ConnectorConfig connectorConfig) {
-            super(connectorConfig,
-                  new DefaultSslContextFactoryProvider(
-                          connectorConfig,
-                          new DefaultSslKeyStoreConfigurator(connectorConfig, new MockSecretStore()),
-                          new DefaultSslTrustStoreConfigurator(connectorConfig, new MockSecretStore())));
+            super(connectorConfig, new DefaultSslContextFactoryProvider(connectorConfig, new MockSecretStore()));
         }
 
     }
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java
index d504e8be288..b328e151f51 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/ConnectorFactoryTest.java
@@ -4,8 +4,6 @@ package com.yahoo.jdisc.http.server.jetty;
 import com.yahoo.jdisc.Metric;
 import com.yahoo.jdisc.http.ConnectorConfig;
 import com.yahoo.jdisc.http.ssl.DefaultSslContextFactoryProvider;
-import com.yahoo.jdisc.http.ssl.DefaultSslKeyStoreConfigurator;
-import com.yahoo.jdisc.http.ssl.DefaultSslTrustStoreConfigurator;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.handler.AbstractHandler;
@@ -107,12 +105,7 @@ public class ConnectorFactoryTest {
     }
 
     private static ConnectorFactory createConnectorFactory(ConnectorConfig config) {
-        ThrowingSecretStore secretStore = new ThrowingSecretStore();
-        return new ConnectorFactory(config,
-                                    new DefaultSslContextFactoryProvider(
-                                            config,
-                                            new DefaultSslKeyStoreConfigurator(config, secretStore),
-                                            new DefaultSslTrustStoreConfigurator(config, secretStore)));
+        return new ConnectorFactory(config, new DefaultSslContextFactoryProvider(config, new ThrowingSecretStore()));
     }
 
     private static class HelloWorldHandler extends AbstractHandler {
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-09-12 11:26:18 +0200
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-09-12 11:26:18 +0200
commit	c9a3e05f486f7dde2a4f7895a8adcfd54518c108 (patch)
tree	7ec074835478efc6a34393c7f50aa158c1727c14 /jdisc_http_service
parent	7f00722a620ed17116253d61d89728e63bed2299 (diff)