diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-19 15:54:32 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-22 13:01:06 +0100 |
commit | d6a4ae4d95f094aec229b2d22a4bb4fa3bf8036a (patch) | |
tree | e50866ac615eeb5c4e1d7d6ff5bf191fd5e2f471 /vespa-athenz | |
parent | 5c90846359928bb75478a03943e0b992f60f7263 (diff) |
Remove direct use of Crypto
Diffstat (limited to 'vespa-athenz')
3 files changed, 55 insertions, 8 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java index 892a4f266ae..62ac722759a 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java @@ -1,7 +1,6 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.identity; -import com.yahoo.athenz.auth.util.Crypto; import com.yahoo.component.AbstractComponent; import com.yahoo.container.jdisc.athenz.AthenzIdentityProvider; import com.yahoo.vespa.athenz.api.AthenzDomain; @@ -9,19 +8,25 @@ import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder; import com.yahoo.vespa.athenz.tls.KeyStoreType; +import com.yahoo.vespa.athenz.tls.KeyUtils; +import com.yahoo.vespa.athenz.tls.X509CertificateUtils; import javax.net.ssl.SSLContext; import java.io.File; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.file.Files; import java.nio.file.Paths; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.time.Duration; import java.util.concurrent.ScheduledExecutorService; -import java.util.concurrent.ScheduledFuture; import java.util.concurrent.ScheduledThreadPoolExecutor; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicReference; +import static java.util.stream.Collectors.joining; + /** * @author mortent */ @@ -63,13 +68,21 @@ public class SiaIdentityProvider extends AbstractComponent implements AthenzIden } private SSLContext createIdentitySslContext() { - X509Certificate certificate = Crypto.loadX509Certificate(Paths.get(path, "certs", String.format("%s.%s.cert.pem", getDomain(),getService())).toFile()); - PrivateKey privateKey = Crypto.loadPrivateKey(Paths.get(path, "keys", String.format("%s.%s.key.pem", getDomain(),getService())).toFile()); + try { + String certPem = Files.lines(Paths.get(path, "certs", String.format("%s.%s.cert.pem", getDomain(), getService()))) + .collect(joining()); + X509Certificate certificate = X509CertificateUtils.fromPem(certPem); + String keyPem = Files.lines(Paths.get(path, "keys", String.format("%s.%s.key.pem", getDomain(), getService()))) + .collect(joining()); + PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(keyPem); - return new AthenzSslContextBuilder() - .withTrustStore(new File(trustStorePath), KeyStoreType.JKS) - .withIdentityCertificate(new AthenzIdentityCertificate(certificate, privateKey)) - .build(); + return new AthenzSslContextBuilder() + .withTrustStore(new File(trustStorePath), KeyStoreType.JKS) + .withIdentityCertificate(new AthenzIdentityCertificate(certificate, privateKey)) + .build(); + } catch (IOException e) { + throw new UncheckedIOException(e); + } } private void reloadSslContext() { diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/KeyUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/KeyUtils.java index e6d48986be2..f49e1324ba5 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/KeyUtils.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/KeyUtils.java @@ -1,9 +1,13 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.tls; +import com.yahoo.athenz.auth.util.Crypto; + import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.PublicKey; /** * @author bjorncs @@ -26,4 +30,12 @@ public class KeyUtils { public static KeyPair generateKeypair(KeyAlgorithm algorithm) { return generateKeypair(algorithm, -1); } + + public static PublicKey extractPublicKey(PrivateKey privateKey) { + return Crypto.extractPublicKey(privateKey); + } + + public static PrivateKey fromPemEncodedPrivateKey(String pem) { + return Crypto.loadPrivateKey(pem); + } } diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java new file mode 100644 index 00000000000..a8730a31838 --- /dev/null +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java @@ -0,0 +1,22 @@ +package com.yahoo.vespa.athenz.tls; + +import org.junit.Test; + +import java.security.KeyPair; +import java.security.PublicKey; + +import static org.junit.Assert.assertNotNull; + +/** + * @author bjorncs + */ +public class KeyUtilsTest { + + @Test + public void can_extract_public_key_from_private() { + KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); + PublicKey publicKey = KeyUtils.extractPublicKey(keyPair.getPrivate()); + assertNotNull(publicKey); + } + +}
\ No newline at end of file |