diff options
author | Jon Marius Venstad <venstad@gmail.com> | 2019-10-03 14:57:38 +0200 |
---|---|---|
committer | Jon Marius Venstad <venstad@gmail.com> | 2019-10-03 14:57:38 +0200 |
commit | a0536ff31abbe4a2ea0a97c26927b94c0dfd44fb (patch) | |
tree | aad94b15067873eaf5fa07fe6963e516132fd78b /tenant-auth/src/main | |
parent | 3a1e2ea0956d1a5ee2f0e9e7463a553df801a5e3 (diff) |
Support aliases for key and cert independently, and WARN when nothing found
Diffstat (limited to 'tenant-auth/src/main')
-rw-r--r-- | tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java | 48 |
1 files changed, 34 insertions, 14 deletions
diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java index c1cca56f1b9..c9640763ac8 100644 --- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java +++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java @@ -15,6 +15,7 @@ import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.time.Instant; import java.util.Optional; +import java.util.logging.Logger; import static ai.vespa.hosted.api.Properties.getNonBlankProperty; @@ -25,6 +26,8 @@ import static ai.vespa.hosted.api.Properties.getNonBlankProperty; */ public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthenticator { + private static final Logger logger = Logger.getLogger(EndpointAuthenticator.class.getName()); + /** Don't touch. */ public EndpointAuthenticator(@SuppressWarnings("unused") SystemName __) { } @@ -35,22 +38,39 @@ public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthen @Override public SSLContext sslContext() { try { + Path certificateFile = null; + Path privateKeyFile = null; Optional<String> credentialsRootProperty = getNonBlankProperty("vespa.test.credentials.root"); - if (credentialsRootProperty.isEmpty()) - return SSLContext.getDefault(); - - Path credentialsRoot = Path.of(credentialsRootProperty.get()); - Path certificateFile = credentialsRoot.resolve("cert"); - Path privateKeyFile = credentialsRoot.resolve("key"); - - X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile))); - if ( Instant.now().isBefore(certificate.getNotBefore().toInstant()) - || Instant.now().isAfter(certificate.getNotAfter().toInstant())) - throw new IllegalStateException("Certificate at '" + certificateFile + "' is valid between " + - certificate.getNotBefore() + " and " + certificate.getNotAfter() + " — not now."); + if (credentialsRootProperty.isPresent()) { + Path credentialsRoot = Path.of(credentialsRootProperty.get()); + certificateFile = credentialsRoot.resolve("cert"); + privateKeyFile = credentialsRoot.resolve("key"); + } + else { + Optional<String> certificateFileProperty = getNonBlankProperty("dataPlaneCertificateFile"); + if (certificateFileProperty.isPresent()) + certificateFile = Path.of(certificateFileProperty.get()); + Optional<String> privateKeyFileProperty = getNonBlankProperty("dataPlaneKeyFile"); + if (privateKeyFileProperty.isPresent()) + privateKeyFile = Path.of(privateKeyFileProperty.get()); + } + if (certificateFile != null && privateKeyFile != null) { + X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile))); + if ( Instant.now().isBefore(certificate.getNotBefore().toInstant()) + || Instant.now().isAfter(certificate.getNotAfter().toInstant())) + throw new IllegalStateException("Certificate at '" + certificateFile + "' is valid between " + + certificate.getNotBefore() + " and " + certificate.getNotAfter() + " — not now."); - PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyFile))); - return new SslContextBuilder().withKeyStore(privateKey, certificate).build(); + PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyFile))); + return new SslContextBuilder().withKeyStore(privateKey, certificate).build(); + } + logger.warning( "##################################################################################\n" + + "# Data plane key and/or certificate missing; please specify #\n" + + "# '-DdataPlaneCertificateFile=/path/to/certificate' and #\n" + + "# '-DdataPlaneKeyFile=/path/to/private_key. #\n" + + "# Trying the default SSLContext, but this will most likely cause HTTP error 401. #\n" + + "##################################################################################"); + return SSLContext.getDefault(); } catch (IOException e) { throw new UncheckedIOException(e); } |