Expose path to CA certificates in SiaUtils

author: Håkon Hallingstad <hakon@verizonmedia.com> 2019-09-27 15:47:20 +0200
committer: Håkon Hallingstad <hakon@verizonmedia.com> 2019-09-27 15:47:20 +0200
commit: 746774ebd25f099d6730b7a3aa60742b14a38af4 (patch)
tree: 99510dddf549f52f4b8d91583915847c1da8c9c7 /vespa-athenz
parent: fd7c424656251fe7af1a68df53b5800255b14bf5 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java
index 40f12b9c6db..4d7f4b1c397 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java
@@ -52,6 +52,13 @@ public class SiaUtils {
                 .resolve(String.format("%s.%s.cert.pem", service.getDomainName(), service.getName()));
     }
 
+    public static Path getCaCertificatesFile() {
+        // The contents of this is the same as /opt/yahoo/share/ssl/certs/athenz_certificate_bundle.pem installed
+        // by the yahoo_certificates_bundle RPM package, except the latter also contains a textual description
+        // (decoded) of the certificates.
+        return DEFAULT_SIA_DIRECTORY.resolve("certs").resolve("ca.cert.pem");
+    }
+
     public static Optional<PrivateKey> readPrivateKeyFile(AthenzIdentity service) {
         return readPrivateKeyFile(DEFAULT_SIA_DIRECTORY, service);
     }
author	Håkon Hallingstad <hakon@verizonmedia.com>	2019-09-27 15:47:20 +0200
committer	Håkon Hallingstad <hakon@verizonmedia.com>	2019-09-27 15:47:20 +0200
commit	746774ebd25f099d6730b7a3aa60742b14a38af4 (patch)
tree	99510dddf549f52f4b8d91583915847c1da8c9c7 /vespa-athenz
parent	fd7c424656251fe7af1a68df53b5800255b14bf5 (diff)