Merge pull request #23262 from vespa-engine/hakonhall/remove-trust-store-paths-from-siaidentityprovider

Remove trust store paths from SiaIdentityProvider
author: Håkon Hallingstad <hakon.hallingstad@gmail.com> 2022-06-28 16:48:38 +0200
committer: GitHub <noreply@github.com> 2022-06-28 16:48:38 +0200
commit: 28863e5e37882c33f4127cd1ef83204584149766 (patch)
tree: e9fa71e28a649bf2fb71a864fc367aae7c29df01 /vespa-athenz
parent: ae13ee2db454ce38857b55a704d5973b3cf4b0a3 (diff)
parent: 6dd468f47fd67250724aa20de12a9b26de4caadc (diff)
4 files changed, 1 insertions, 30 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentityProvider.java
index 9d6c9f5e8d5..21650d72d6f 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentityProvider.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentityProvider.java
@@ -41,17 +41,4 @@ public interface ServiceIdentityProvider {
      */
     Path privateKeyPath();
 
-    /**
-     * @return Path to Athenz truststore in PEM format
-     */
-    Path athenzTruststorePath();
-
-    /**
-     * The client truststore contains the Athenz certificates from {@link #athenzTruststorePath()}
-     * and additional certificate authorities that issues trusted server certificates.
-     *
-     * @return Path to client truststore in PEM format
-     */
-    Path clientTruststorePath();
-
 }
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
index 3c1a59dab51..e76384d4d8b 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
@@ -27,41 +27,33 @@ public class SiaIdentityProvider extends AbstractComponent implements ServiceIde
     private final AthenzIdentity service;
     private final Path certificateFile;
     private final Path privateKeyFile;
-    private final Path clientTruststoreFile;
-    private final Path athenzTruststoreFile;
 
     @Inject
     public SiaIdentityProvider(SiaProviderConfig config) {
         this(new AthenzService(config.athenzDomain(), config.athenzService()),
              SiaUtils.getPrivateKeyFile(Paths.get(config.keyPathPrefix()), new AthenzService(config.athenzDomain(), config.athenzService())),
              SiaUtils.getCertificateFile(Paths.get(config.keyPathPrefix()), new AthenzService(config.athenzDomain(), config.athenzService())),
-             Paths.get(config.athenzTruststorePath()),
              Paths.get(config.trustStorePath()));
     }
 
     public SiaIdentityProvider(AthenzIdentity service,
                                Path siaPath,
-                               Path athenzTruststoreFile,
                                Path clientTruststoreFile) {
         this(service,
                 SiaUtils.getPrivateKeyFile(siaPath, service),
                 SiaUtils.getCertificateFile(siaPath, service),
-                athenzTruststoreFile,
                 clientTruststoreFile);
     }
 
     public SiaIdentityProvider(AthenzIdentity service,
                                Path privateKeyFile,
                                Path certificateFile,
-                               Path athenzTruststoreFile,
                                Path clientTruststoreFile) {
         this.service = service;
         this.keyManager = AutoReloadingX509KeyManager.fromPemFiles(privateKeyFile, certificateFile);
         this.sslContext = createIdentitySslContext(keyManager, clientTruststoreFile);
         this.certificateFile = certificateFile;
         this.privateKeyFile = privateKeyFile;
-        this.athenzTruststoreFile = athenzTruststoreFile;
-        this.clientTruststoreFile = clientTruststoreFile;
     }
 
     @Override
@@ -77,8 +69,6 @@ public class SiaIdentityProvider extends AbstractComponent implements ServiceIde
     @Override public X509CertificateWithKey getIdentityCertificateWithKey() { return keyManager.getCurrentCertificateWithKey(); }
     @Override public Path certificatePath() { return certificateFile; }
     @Override public Path privateKeyPath() { return privateKeyFile; }
-    @Override public Path athenzTruststorePath() { return athenzTruststoreFile; }
-    @Override public Path clientTruststorePath() { return clientTruststoreFile; }
 
     private static SSLContext createIdentitySslContext(AutoReloadingX509KeyManager keyManager, Path trustStoreFile) {
         return new SslContextBuilder()
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
index ac211779fad..c92f7259e77 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
@@ -205,10 +205,6 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen
 
     @Override public Path privateKeyPath() { return athenzCredentialsService.privateKeyPath(); }
 
-    @Override public Path athenzTruststorePath() { return ATHENZ_TRUST_STORE; }
-
-    @Override public Path clientTruststorePath() { return CLIENT_TRUST_STORE; }
-
     @Override
     public SSLContext getRoleSslContext(String domain, String role) {
         try {
@@ -360,7 +356,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen
 
     private static SiaIdentityProvider createNodeIdentityProvider(IdentityConfig config) {
         return new SiaIdentityProvider(
-                new AthenzService(config.nodeIdentityName()), SiaUtils.DEFAULT_SIA_DIRECTORY, ATHENZ_TRUST_STORE, CLIENT_TRUST_STORE);
+                new AthenzService(config.nodeIdentityName()), SiaUtils.DEFAULT_SIA_DIRECTORY, CLIENT_TRUST_STORE);
     }
 
     private boolean isExpired(AthenzCredentials credentials) {
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java
index 4e3c81c0f39..f502951572c 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java
@@ -50,7 +50,6 @@ public class SiaIdentityProviderTest {
                         new AthenzService("domain", "service-name"),
                         keyFile.toPath(),
                         certificateFile.toPath(),
-                        trustStoreFile.toPath(),
                         trustStoreFile.toPath());
 
         assertNotNull(provider.getIdentitySslContext());
@@ -74,7 +73,6 @@ public class SiaIdentityProviderTest {
                         new AthenzService("domain", "service-name"),
                         keyFile.toPath(),
                         certificateFile.toPath(),
-                        trustStoreFile.toPath(),
                         trustStoreFile.toPath());
 
         assertNotNull(provider.getIdentitySslContext());
author	Håkon Hallingstad <hakon.hallingstad@gmail.com>	2022-06-28 16:48:38 +0200
committer	GitHub <noreply@github.com>	2022-06-28 16:48:38 +0200
commit	28863e5e37882c33f4127cd1ef83204584149766 (patch)
tree	e9fa71e28a649bf2fb71a864fc367aae7c29df01 /vespa-athenz
parent	ae13ee2db454ce38857b55a704d5973b3cf4b0a3 (diff)
parent	6dd468f47fd67250724aa20de12a9b26de4caadc (diff)