diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-04-20 12:38:00 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-04-20 13:18:40 +0200 |
commit | cf7ed5e3c459cd1b3811700c9e7c35900b34810b (patch) | |
tree | e8703bac8a86dc48ac0e34d3827ef87cc2a77594 /vespa-athenz | |
parent | a3061cc16535aaa1c1967fce61400b1926ff5e47 (diff) |
Add builder method for PEM encoded cert and key
Diffstat (limited to 'vespa-athenz')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java | 17 | ||||
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/SslContextBuilder.java | 16 |
2 files changed, 18 insertions, 15 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java index b79b5850f3c..f6619cdebce 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java @@ -4,7 +4,6 @@ package com.yahoo.vespa.athenz.identity; import com.google.inject.Inject; import com.yahoo.component.AbstractComponent; import com.yahoo.container.jdisc.athenz.AthenzIdentityProvider; -import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.tls.SslContextBuilder; import com.yahoo.vespa.athenz.tls.KeyStoreType; @@ -79,18 +78,10 @@ public class SiaIdentityProvider extends AbstractComponent implements AthenzIden } private SSLContext createIdentitySslContext() { - try { - String certPem = new String(Files.readAllBytes(certificateFile.toPath())); - X509Certificate certificate = X509CertificateUtils.fromPem(certPem); - String keyPem = new String(Files.readAllBytes(privateKeyFile.toPath())); - PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(keyPem); - return new SslContextBuilder() - .withTrustStore(trustStoreFile, KeyStoreType.JKS) - .withIdentityCertificate(new AthenzIdentityCertificate(certificate, privateKey)) - .build(); - } catch (IOException e) { - throw new UncheckedIOException(e); - } + return new SslContextBuilder() + .withTrustStore(trustStoreFile, KeyStoreType.JKS) + .withKeyStore(privateKeyFile, certificateFile) + .build(); } private void reloadSslContext() { diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/SslContextBuilder.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/SslContextBuilder.java index def45849fd8..cd261ad4134 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/SslContextBuilder.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/SslContextBuilder.java @@ -1,8 +1,6 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.tls; -import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate; - import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; @@ -11,6 +9,7 @@ import javax.net.ssl.TrustManagerFactory; import java.io.File; import java.io.IOException; import java.io.UncheckedIOException; +import java.nio.file.Files; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.PrivateKey; @@ -60,6 +59,19 @@ public class SslContextBuilder { return this; } + public SslContextBuilder withKeyStore(File privateKeyPemFile, File certificatePemFile) { + this.keyStoreSupplier = + () -> { + PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyPemFile.toPath()))); + X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificatePemFile.toPath()))); + return KeyStoreBuilder.withType(KeyStoreType.JKS) + .withKeyEntry("default", privateKey, certificate) + .build(); + }; + this.keyStorePassword = new char[0]; + return this; + } + public SSLContext build() { try { SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); |