diff options
author | Harald Musum <musum@verizonmedia.com> | 2020-05-28 18:31:38 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-28 18:31:38 +0200 |
commit | ab6c2c71d7d98120b09345b8e2cc59ec8374bb89 (patch) | |
tree | 78f5fcf60e8ce01af7c04b2b9b334ca0da4dbffb /security-utils/src | |
parent | fd776f01675f8e86a03e07e98fd84cf5ba5f4372 (diff) |
Revert "Expose underlying certificate and private key from SiaIdentityProvider "
Diffstat (limited to 'security-utils/src')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java | 33 | ||||
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java | 10 |
2 files changed, 1 insertions, 42 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java deleted file mode 100644 index 4772de5c1fb..00000000000 --- a/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import java.security.PrivateKey; -import java.security.cert.X509Certificate; -import java.util.Collections; -import java.util.List; - -/** - * Wraps a {@link java.security.cert.X509Certificate} with its {@link java.security.PrivateKey}. - * Primary motivation is APIs where the callee must correctly observe an atomic update of both certificate and key. - * - * @author bjorncs - */ -public class X509CertificateWithKey { - - private final List<X509Certificate> certificate; - private final PrivateKey privateKey; - - public X509CertificateWithKey(X509Certificate certificate, PrivateKey privateKey) { - this(Collections.singletonList(certificate), privateKey); - } - - public X509CertificateWithKey(List<X509Certificate> certificate, PrivateKey privateKey) { - if (certificate.isEmpty()) throw new IllegalArgumentException(); - this.certificate = certificate; - this.privateKey = privateKey; - } - - public X509Certificate certificate() { return certificate.get(0); } - public List<X509Certificate> certificateWithIntermediates() { return certificate; } - public PrivateKey privateKey() { return privateKey; } -} diff --git a/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java b/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java index d4e74e22e40..18764f51dc5 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java @@ -5,20 +5,19 @@ import com.yahoo.security.KeyStoreBuilder; import com.yahoo.security.KeyStoreType; import com.yahoo.security.KeyUtils; import com.yahoo.security.X509CertificateUtils; -import com.yahoo.security.X509CertificateWithKey; import javax.net.ssl.SSLEngine; import javax.net.ssl.X509ExtendedKeyManager; import java.io.IOException; import java.io.UncheckedIOException; import java.net.Socket; +import java.nio.file.Files; import java.nio.file.Path; import java.security.KeyStore; import java.security.Principal; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.time.Duration; -import java.util.Arrays; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.TimeUnit; @@ -60,13 +59,6 @@ public class AutoReloadingX509KeyManager extends X509ExtendedKeyManager implemen return new AutoReloadingX509KeyManager(privateKeyFile, certificatesFile); } - public X509CertificateWithKey getCurrentCertificateWithKey() { - X509ExtendedKeyManager manager = mutableX509KeyManager.currentManager(); - X509Certificate[] certificateChain = manager.getCertificateChain(CERTIFICATE_ALIAS); - PrivateKey privateKey = manager.getPrivateKey(CERTIFICATE_ALIAS); - return new X509CertificateWithKey(Arrays.asList(certificateChain), privateKey); - } - private static KeyStore createKeystore(Path privateKey, Path certificateChain) { try { return KeyStoreBuilder.withType(KeyStoreType.PKCS12) |