diff options
author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-16 14:25:07 +0200 |
---|---|---|
committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-06-06 13:03:28 +0200 |
commit | 960e67b125c2a8baa36653fec5f500aaaae98e29 (patch) | |
tree | f7be88d2f7f4ddbcd651ea33e7b129ec904c55aa /tenant-cd | |
parent | 89e795e76f6785f86dc1d285464d39e0ef337c84 (diff) |
Get SSLContext from key and certificate set in properties
Diffstat (limited to 'tenant-cd')
-rw-r--r-- | tenant-cd/src/main/java/com/yahoo/vespa/tenant/cd/http/Security.java | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/tenant-cd/src/main/java/com/yahoo/vespa/tenant/cd/http/Security.java b/tenant-cd/src/main/java/com/yahoo/vespa/tenant/cd/http/Security.java index 54f07a87766..ebce7842d6d 100644 --- a/tenant-cd/src/main/java/com/yahoo/vespa/tenant/cd/http/Security.java +++ b/tenant-cd/src/main/java/com/yahoo/vespa/tenant/cd/http/Security.java @@ -1,5 +1,43 @@ package com.yahoo.vespa.tenant.cd.http; +import com.yahoo.security.KeyUtils; +import com.yahoo.security.SslContextBuilder; +import com.yahoo.security.X509CertificateUtils; + +import javax.net.ssl.SSLContext; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; +import java.time.Instant; + +/** + * Miscellaneous related to HTTP security and authentication. + */ public class Security { + private Security() { } + + /** Returns an SSLContext from "key" and "cert" files found under {@code System.getProperty("vespa.test.credentials.root")}. */ + public static SSLContext sslContext() { + try { + Path credentialsRoot = Path.of(System.getProperty("vespa.test.credentials.root")); + Path certificateFile = credentialsRoot.resolve("cert"); + Path privateKeyFile = credentialsRoot.resolve("key"); + + X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile))); + if ( Instant.now().isBefore(certificate.getNotBefore().toInstant()) + || Instant.now().isAfter(certificate.getNotAfter().toInstant())) + throw new IllegalStateException("Certificate at '" + certificateFile + "' is valid between " + + certificate.getNotBefore() + " and " + certificate.getNotAfter() + " — not now."); + + PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyFile))); + return new SslContextBuilder().withKeyStore(privateKey, certificate).build(); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + } |