diff options
author | Jon Marius Venstad <venstad@gmail.com> | 2019-10-07 09:05:10 +0200 |
---|---|---|
committer | Jon Marius Venstad <venstad@gmail.com> | 2019-10-07 09:05:10 +0200 |
commit | fb16b8f37bae65a8120a300600a7f430a8af1445 (patch) | |
tree | 98fb04d38f45bc0d85ed980ac67a349fded3095f /tenant-auth/src/main | |
parent | 969ef6519225f5a875e70628d0b5c4ba1a9477cf (diff) |
Move definition of data plane key/cert to Properties, and rename api things
Diffstat (limited to 'tenant-auth/src/main')
-rw-r--r-- | tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java | 10 | ||||
-rw-r--r-- | tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java | 13 |
2 files changed, 11 insertions, 12 deletions
diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java index 9de06e7f4da..f6a88ec83c2 100644 --- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java +++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/ApiAuthenticator.java @@ -8,13 +8,13 @@ public class ApiAuthenticator implements ai.vespa.hosted.api.ApiAuthenticator { /** Returns a controller client using mTLS if a key and certificate pair is provided, or signed requests otherwise. */ @Override public ControllerHttpClient controller() { - return Properties.certificateFile() - .map(certificateFile -> ControllerHttpClient.withKeyAndCertificate(Properties.endpoint(), - Properties.privateKeyFile(), + return Properties.apiCertificateFile() + .map(certificateFile -> ControllerHttpClient.withKeyAndCertificate(Properties.apiEndpoint(), + Properties.apiPrivateKeyFile(), certificateFile)) .orElseGet(() -> - ControllerHttpClient.withSignatureKey(Properties.endpoint(), - Properties.privateKeyFile(), + ControllerHttpClient.withSignatureKey(Properties.apiEndpoint(), + Properties.apiPrivateKeyFile(), Properties.application())); } diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java index c9640763ac8..e51476907e2 100644 --- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java +++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java @@ -1,5 +1,6 @@ package ai.vespa.hosted.auth; +import ai.vespa.hosted.api.Properties; import com.yahoo.config.provision.SystemName; import com.yahoo.security.KeyUtils; import com.yahoo.security.SslContextBuilder; @@ -47,12 +48,10 @@ public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthen privateKeyFile = credentialsRoot.resolve("key"); } else { - Optional<String> certificateFileProperty = getNonBlankProperty("dataPlaneCertificateFile"); - if (certificateFileProperty.isPresent()) - certificateFile = Path.of(certificateFileProperty.get()); - Optional<String> privateKeyFileProperty = getNonBlankProperty("dataPlaneKeyFile"); - if (privateKeyFileProperty.isPresent()) - privateKeyFile = Path.of(privateKeyFileProperty.get()); + if (Properties.dataPlaneCertificateFile().isPresent()) + certificateFile = Properties.dataPlaneCertificateFile().get(); + if (Properties.dataPlanePrivateKeyFile().isPresent()) + privateKeyFile = Properties.dataPlanePrivateKeyFile().get(); } if (certificateFile != null && privateKeyFile != null) { X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile))); @@ -67,7 +66,7 @@ public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthen logger.warning( "##################################################################################\n" + "# Data plane key and/or certificate missing; please specify #\n" + "# '-DdataPlaneCertificateFile=/path/to/certificate' and #\n" - + "# '-DdataPlaneKeyFile=/path/to/private_key. #\n" + + "# '-DdataPlaneKeyFile=/path/to/private_key'. #\n" + "# Trying the default SSLContext, but this will most likely cause HTTP error 401. #\n" + "##################################################################################"); return SSLContext.getDefault(); |