Simplify SslKeyStore interface

5 files changed, 35 insertions, 51 deletions

diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStore.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStore.java
index 1201bb08afc..c282c94c1bd 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStore.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/SslKeyStore.java
@@ -1,29 +1,12 @@
 // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.jdisc.http.ssl;
 
-import java.io.IOException;
 import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.util.Optional;
 
 /**
  *
- * @author <a href="mailto:charlesk@yahoo-inc.com">Charles Kim</a>
+ * @author bjorncs
  */
-public abstract class SslKeyStore {
-
-	private Optional<String> keyStorePassword = Optional.empty();
-
-    public Optional<String> getKeyStorePassword() {
-		return keyStorePassword;
-	}
-
-	public void setKeyStorePassword(String keyStorePassword) {
-		this.keyStorePassword = Optional.of(keyStorePassword);
-	}
-
-    public abstract KeyStore loadJavaKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException;
-
+public interface SslKeyStore {
+    KeyStore loadJavaKeyStore() throws Exception;
 }
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/jks/JKSKeyStore.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/jks/JksKeyStore.java
index 2ca53b731c3..9cb040fb97d 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/jks/JKSKeyStore.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/jks/JksKeyStore.java
@@ -13,22 +13,33 @@ import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 
 /**
- * @author tonytv
+ * @author Tony Vaagenes
+ * @author bjorncs
  */
-public class JKSKeyStore extends SslKeyStore {
+public class JksKeyStore implements SslKeyStore {
 
-    private static final String keyStoreType = "JKS";
+    private static final String KEY_STORE_TYPE = "JKS";
     private final Path keyStoreFile;
+    private final String keyStorePassword;
 
-    public JKSKeyStore(Path keyStoreFile) {
+    public JksKeyStore(Path keyStoreFile) {
+        this(keyStoreFile, null);
+    }
+
+    public JksKeyStore(Path keyStoreFile, String keyStorePassword) {
         this.keyStoreFile = keyStoreFile;
+        this.keyStorePassword = keyStorePassword;
+    }
+
+    public String getKeyStorePassword() {
+        return keyStorePassword;
     }
 
     @Override
     public KeyStore loadJavaKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
         try(InputStream stream = Files.newInputStream(keyStoreFile)) {
-            KeyStore keystore = KeyStore.getInstance(keyStoreType);
-            keystore.load(stream, getKeyStorePassword().map(String::toCharArray).orElse(null));
+            KeyStore keystore = KeyStore.getInstance(KEY_STORE_TYPE);
+            keystore.load(stream, keyStorePassword != null ? keyStorePassword.toCharArray() : null);
             return keystore;
         }
     }
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/pem/PemSslKeyStore.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/pem/PemSslKeyStore.java
index 9cede37caaa..9f0a635f7c1 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/pem/PemSslKeyStore.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/ssl/pem/PemSslKeyStore.java
@@ -21,7 +21,7 @@ import java.security.cert.CertificateException;
  * @author Tony Vaagenes
  * @author bjorncs
  */
-public class PemSslKeyStore extends SslKeyStore {
+public class PemSslKeyStore implements SslKeyStore {
 
     static {
         Security.addProvider(new PemKeyStoreProvider());
@@ -42,10 +42,6 @@ public class PemSslKeyStore extends SslKeyStore {
 
     @Override
     public KeyStore loadJavaKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
-        if (getKeyStorePassword().isPresent()) {
-            throw new UnsupportedOperationException("PEM key store with password is currently not supported. Please file a feature request.");
-        }
-
         //cached since Reader(in loadParameter) can only be used one time.
         if (keyStore == null) {
             keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java
index e71bd190a37..5dd5dca1667 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/SslContextFactory.java
@@ -1,16 +1,11 @@
 // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.jdisc.http;
 
-import com.yahoo.jdisc.http.ssl.SslKeyStore;
+import com.yahoo.jdisc.http.ssl.jks.JksKeyStore;
 
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
-import java.io.IOException;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -32,16 +27,16 @@ public class SslContextFactory {
         return this.sslContext;
     }
 
-    public static SslContextFactory newInstanceFromTrustStore(SslKeyStore trustStore) {
+    public static SslContextFactory newInstanceFromTrustStore(JksKeyStore trustStore) {
         return newInstance(DEFAULT_ALGORITHM, DEFAULT_PROTOCOL, null, trustStore);
     }
 
-    public static SslContextFactory newInstance(SslKeyStore trustStore, SslKeyStore keyStore) {
+    public static SslContextFactory newInstance(JksKeyStore trustStore, JksKeyStore keyStore) {
         return newInstance(DEFAULT_ALGORITHM, DEFAULT_PROTOCOL, keyStore, trustStore);
     }
 
     public static SslContextFactory newInstance(String sslAlgorithm, String sslProtocol,
-                                                SslKeyStore keyStore, SslKeyStore trustStore) {
+                                                JksKeyStore keyStore, JksKeyStore trustStore) {
         log.fine("Configuring SSLContext...");
         log.fine("Using " + sslAlgorithm + " algorithm.");
         try {
@@ -60,15 +55,14 @@ public class SslContextFactory {
     /**
      * Used for the key store, which contains the SSL cert and private key.
      */
-    public static javax.net.ssl.KeyManager[] getKeyManagers(SslKeyStore keyStore,
-                                                            String sslAlgorithm)
-            throws NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException,
-                   KeyStoreException {
+    public static javax.net.ssl.KeyManager[] getKeyManagers(JksKeyStore keyStore,
+                                                            String sslAlgorithm) throws Exception {
 
         KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(sslAlgorithm);
+        String keyStorePassword = keyStore.getKeyStorePassword();
         keyManagerFactory.init(
                 keyStore.loadJavaKeyStore(),
-                keyStore.getKeyStorePassword().map(String::toCharArray).orElse(null));
+                keyStorePassword != null ? keyStorePassword.toCharArray() : null);
         log.fine("KeyManagerFactory initialized with keystore");
         return keyManagerFactory.getKeyManagers();
     }
@@ -77,9 +71,9 @@ public class SslContextFactory {
      * Used for the trust store, which contains certificates from other parties that you expect to communicate with,
      * or from Certificate Authorities that you trust to identify other parties.
      */
-    public static javax.net.ssl.TrustManager[] getTrustManagers(SslKeyStore trustStore,
+    public static javax.net.ssl.TrustManager[] getTrustManagers(JksKeyStore trustStore,
                                                                 String sslAlgorithm)
-            throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
+            throws Exception {
 
         TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(sslAlgorithm);
         trustManagerFactory.init(trustStore.loadJavaKeyStore());
diff --git a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java
index 8ddcd7f03ac..525cde9d8b3 100644
--- a/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java
+++ b/jdisc_http_service/src/test/java/com/yahoo/jdisc/http/server/jetty/TestDriver.java
@@ -6,9 +6,8 @@ import com.google.inject.Module;
 import com.yahoo.jdisc.application.ContainerBuilder;
 import com.yahoo.jdisc.handler.RequestHandler;
 import com.yahoo.jdisc.http.ConnectorConfig;
-import com.yahoo.jdisc.http.ssl.jks.JKSKeyStore;
 import com.yahoo.jdisc.http.SslContextFactory;
-import com.yahoo.jdisc.http.ssl.SslKeyStore;
+import com.yahoo.jdisc.http.ssl.jks.JksKeyStore;
 
 import javax.net.ssl.SSLContext;
 import java.io.IOException;
@@ -76,8 +75,9 @@ public class TestDriver {
         ConnectorConfig.Ssl sslConfig = builder.getInstance(ConnectorConfig.class).ssl();
         if (!sslConfig.enabled()) return null;
 
-        SslKeyStore keyStore = new JKSKeyStore(Paths.get(sslConfig.keyStorePath()));
-        keyStore.setKeyStorePassword(builder.getInstance(Key.get(String.class, named("keyStorePassword"))));
+        JksKeyStore keyStore = new JksKeyStore(
+                Paths.get(sslConfig.keyStorePath()),
+                builder.getInstance(Key.get(String.class, named("keyStorePassword"))));
         return SslContextFactory.newInstanceFromTrustStore(keyStore).getServerSSLContext();
     }