aboutsummaryrefslogtreecommitdiffstats
path: root/vespa-athenz
diff options
context:
space:
mode:
authorMorten Tokle <mortent@oath.com>2018-03-16 11:10:34 +0100
committerMorten Tokle <mortent@oath.com>2018-03-16 11:10:34 +0100
commit0a460947d054f187c8c5ff8d9426b4fc4a4cfadf (patch)
treecc04f71eaeabdec40521ff7258ab2779b048c9d7 /vespa-athenz
parente73ea62e515f6ff1f92928320553e7bfd3888b27 (diff)
Replace AthenzSslContextProvider with SiaAthenzSslContextProvider
Diffstat (limited to 'vespa-athenz')
-rw-r--r--vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java4
-rw-r--r--vespa-athenz/src/main/resources/configdefinitions/sia-provider.def1
2 files changed, 5 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
index c050ddce2c6..67d8c20d6a1 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
@@ -7,6 +7,7 @@ import com.yahoo.vespa.athenz.api.AthenzDomain;
import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate;
import com.yahoo.vespa.athenz.api.AthenzService;
import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder;
+import com.yahoo.vespa.athenz.tls.KeyStoreType;
import javax.net.ssl.SSLContext;
import java.io.File;
@@ -22,11 +23,13 @@ public class SiaIdentityProvider implements AthenzIdentityProvider {
private final AthenzDomain domain;
private final AthenzService service;
private final String path;
+ private final String trustStorePath;
public SiaIdentityProvider(SiaProviderConfig siaProviderConfig) {
this.domain = new AthenzDomain(siaProviderConfig.athenzDomain());
this.service = new AthenzService(domain, siaProviderConfig.athenzService());
this.path = siaProviderConfig.keyPathPrefix();
+ this.trustStorePath = siaProviderConfig.trustStorePath();
}
@Override
@@ -45,6 +48,7 @@ public class SiaIdentityProvider implements AthenzIdentityProvider {
PrivateKey privateKey = Crypto.loadPrivateKey(Paths.get(path, "keys", String.format("%s.%s.key.pem", getDomain(),getService())).toFile());
return new AthenzSslContextBuilder()
+ .withTrustStore(new File(trustStorePath), KeyStoreType.JKS)
.withIdentityCertificate(new AthenzIdentityCertificate(certificate, privateKey))
.build();
}
diff --git a/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def b/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def
index f668ef544f7..14fe0741a60 100644
--- a/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def
+++ b/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def
@@ -4,3 +4,4 @@ namespace=vespa.athenz.identity
athenzDomain string
athenzService string
keyPathPrefix string
+trustStorePath string \ No newline at end of file