diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-10 12:46:19 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-10 12:48:46 +0200 |
commit | 535c6287196378cd51b6ccb2106a7f5bf182708d (patch) | |
tree | 783209d69991b8b19a337d71b6f48c95750d4d67 /jrt | |
parent | be5a620b4030fc22d629d86d5c81186bf81e4f71 (diff) |
Use TlsCryptoEngine if VESPA_TLS_CONFIG_FILE is set
Diffstat (limited to 'jrt')
-rw-r--r-- | jrt/src/com/yahoo/jrt/CryptoEngine.java | 12 | ||||
-rw-r--r-- | jrt/src/com/yahoo/jrt/TlsCryptoEngine.java | 20 |
2 files changed, 31 insertions, 1 deletions
diff --git a/jrt/src/com/yahoo/jrt/CryptoEngine.java b/jrt/src/com/yahoo/jrt/CryptoEngine.java index 9852d5a88a6..2ef936ec7ed 100644 --- a/jrt/src/com/yahoo/jrt/CryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/CryptoEngine.java @@ -2,7 +2,10 @@ package com.yahoo.jrt; +import com.yahoo.security.tls.TransportSecurityOptions; + import java.nio.channels.SocketChannel; +import java.nio.file.Paths; /** @@ -13,5 +16,12 @@ import java.nio.channels.SocketChannel; **/ public interface CryptoEngine { public CryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer); - static public CryptoEngine createDefault() { return new NullCryptoEngine(); } + static public CryptoEngine createDefault() { // TODO Move this logic to a dedicated factory class + String tlsConfigParameter = System.getenv("VESPA_TLS_CONFIG_FILE"); + if (tlsConfigParameter != null && !tlsConfigParameter.isEmpty()) { + return new TlsCryptoEngine(TransportSecurityOptions.fromJsonFile(Paths.get(tlsConfigParameter))); + } else { + return new NullCryptoEngine(); + } + } } diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java index 279bf1d0137..b3daf5c296d 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java @@ -1,9 +1,18 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.jrt; +import com.yahoo.security.SslContextBuilder; +import com.yahoo.security.X509CertificateUtils; +import com.yahoo.security.tls.TransportSecurityOptions; + import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; +import java.io.IOException; +import java.io.UncheckedIOException; import java.nio.channels.SocketChannel; +import java.nio.file.Files; +import java.security.cert.X509Certificate; +import java.util.List; /** * A {@link CryptoSocket} that creates {@link TlsCryptoSocket} instances. @@ -18,6 +27,10 @@ public class TlsCryptoEngine implements CryptoEngine { this.sslContext = sslContext; } + public TlsCryptoEngine(TransportSecurityOptions options) { + this(createSslContext(options)); + } + @Override public TlsCryptoSocket createCryptoSocket(SocketChannel channel, boolean isServer) { SSLEngine sslEngine = sslContext.createSSLEngine(); @@ -25,4 +38,11 @@ public class TlsCryptoEngine implements CryptoEngine { sslEngine.setUseClientMode(!isServer); return new TlsCryptoSocket(channel, sslEngine); } + + private static SSLContext createSslContext(TransportSecurityOptions options) { + return new SslContextBuilder() + .withTrustStore(options.getCaCertificatesFile()) + .withKeyStore(options.getPrivateKeyFile(), options.getCertificatesFile()) + .build(); + } } |