Add builder method for PEM encoded cert and key

2 files changed, 18 insertions, 15 deletions

diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
index b79b5850f3c..f6619cdebce 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
@@ -4,7 +4,6 @@ package com.yahoo.vespa.athenz.identity;
 import com.google.inject.Inject;
 import com.yahoo.component.AbstractComponent;
 import com.yahoo.container.jdisc.athenz.AthenzIdentityProvider;
-import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate;
 import com.yahoo.vespa.athenz.api.AthenzService;
 import com.yahoo.vespa.athenz.tls.SslContextBuilder;
 import com.yahoo.vespa.athenz.tls.KeyStoreType;
@@ -79,18 +78,10 @@ public class SiaIdentityProvider extends AbstractComponent implements AthenzIden
     }
 
     private SSLContext createIdentitySslContext() {
-        try {
-            String certPem = new String(Files.readAllBytes(certificateFile.toPath()));
-            X509Certificate certificate = X509CertificateUtils.fromPem(certPem);
-            String keyPem = new String(Files.readAllBytes(privateKeyFile.toPath()));
-            PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(keyPem);
-            return new SslContextBuilder()
-                    .withTrustStore(trustStoreFile, KeyStoreType.JKS)
-                    .withIdentityCertificate(new AthenzIdentityCertificate(certificate, privateKey))
-                    .build();
-        } catch (IOException e) {
-            throw new UncheckedIOException(e);
-        }
+        return new SslContextBuilder()
+                .withTrustStore(trustStoreFile, KeyStoreType.JKS)
+                .withKeyStore(privateKeyFile, certificateFile)
+                .build();
     }
 
     private void reloadSslContext() {
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/SslContextBuilder.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/SslContextBuilder.java
index def45849fd8..cd261ad4134 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/SslContextBuilder.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/SslContextBuilder.java
@@ -1,8 +1,6 @@
 // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.athenz.tls;
 
-import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate;
-
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
@@ -11,6 +9,7 @@ import javax.net.ssl.TrustManagerFactory;
 import java.io.File;
 import java.io.IOException;
 import java.io.UncheckedIOException;
+import java.nio.file.Files;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.PrivateKey;
@@ -60,6 +59,19 @@ public class SslContextBuilder {
         return this;
     }
 
+    public SslContextBuilder withKeyStore(File privateKeyPemFile, File certificatePemFile) {
+        this.keyStoreSupplier =
+                () ->  {
+                    PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyPemFile.toPath())));
+                    X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificatePemFile.toPath())));
+                    return KeyStoreBuilder.withType(KeyStoreType.JKS)
+                            .withKeyEntry("default", privateKey, certificate)
+                            .build();
+                };
+        this.keyStorePassword = new char[0];
+        return this;
+    }
+
     public SSLContext build() {
         try {
             SSLContext sslContext = SSLContext.getInstance("TLSv1.2");