diff options
| author | Morten Tokle <mortent@verizonmedia.com> | 2019-10-03 14:04:24 +0200 |
|---|---|---|
| committer | Morten Tokle <mortent@verizonmedia.com> | 2019-10-03 14:04:24 +0200 |
| commit | 149dac45cedc22a5a7e0dfdcc402cd1780c141ae (patch) | |
| tree | 02c9cb95b11aec099ee5b02c27e76a52becaa81d /vespa-athenz | |
| parent | adf22d3886ccd6de163278434a1a6d502584d0f9 (diff) | |
Support internal zts
Diffstat (limited to 'vespa-athenz')
3 files changed, 15 insertions, 10 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/common/ClientBase.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/common/ClientBase.java index bda7e41c19b..4cc92828b0e 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/common/ClientBase.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/common/ClientBase.java @@ -36,9 +36,10 @@ public abstract class ClientBase implements AutoCloseable { protected ClientBase(String userAgent, Supplier<SSLContext> sslContextSupplier, - ClientExceptionFactory exceptionFactory) { + ClientExceptionFactory exceptionFactory, + HostnameVerifier hostnameVerifier) { this.exceptionFactory = exceptionFactory; - this.client = createHttpClient(userAgent, sslContextSupplier); + this.client = createHttpClient(userAgent, sslContextSupplier, hostnameVerifier); } protected <T> T execute(HttpUriRequest request, ResponseHandler<T> responseHandler) { @@ -74,11 +75,11 @@ public abstract class ClientBase implements AutoCloseable { return statusCode>=200 && statusCode<300; } - private static CloseableHttpClient createHttpClient(String userAgent, Supplier<SSLContext> sslContextSupplier) { + private static CloseableHttpClient createHttpClient(String userAgent, Supplier<SSLContext> sslContextSupplier, HostnameVerifier hostnameVerifier) { return HttpClientBuilder.create() .setRetryHandler(new DefaultHttpRequestRetryHandler(3, /*requestSentRetryEnabled*/true)) .setUserAgent(userAgent) - .setSSLSocketFactory(new SSLConnectionSocketFactory(new ServiceIdentitySslSocketFactory(sslContextSupplier), (HostnameVerifier)null)) + .setSSLSocketFactory(new SSLConnectionSocketFactory(new ServiceIdentitySslSocketFactory(sslContextSupplier), hostnameVerifier)) .setDefaultRequestConfig(RequestConfig.custom() .setConnectTimeout((int) Duration.ofSeconds(10).toMillis()) .setConnectionRequestTimeout((int)Duration.ofSeconds(10).toMillis()) diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index da3bd18440b..7b5427216a1 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -5,7 +5,6 @@ import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzResourceName; import com.yahoo.vespa.athenz.api.AthenzRole; -import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.OktaAccessToken; import com.yahoo.vespa.athenz.client.common.ClientBase; import com.yahoo.vespa.athenz.client.zms.bindings.AccessResponseEntity; @@ -45,7 +44,7 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { } private DefaultZmsClient(URI zmsUrl, AthenzIdentity identity, Supplier<SSLContext> sslContextSupplier) { - super("vespa-zms-client", sslContextSupplier, ZmsClientException::new); + super("vespa-zms-client", sslContextSupplier, ZmsClientException::new, null); this.zmsUrl = addTrailingSlash(zmsUrl); this.identity = identity; } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java index 8bd0d0b50d4..6c0348d7aa9 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java @@ -26,6 +26,7 @@ import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.client.methods.RequestBuilder; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import java.io.IOException; import java.net.URI; @@ -49,15 +50,19 @@ public class DefaultZtsClient extends ClientBase implements ZtsClient { private final URI ztsUrl; public DefaultZtsClient(URI ztsUrl, SSLContext sslContext) { - this(ztsUrl, () -> sslContext); + this(ztsUrl, () -> sslContext, null); } public DefaultZtsClient(URI ztsUrl, ServiceIdentityProvider identityProvider) { - this(ztsUrl, identityProvider::getIdentitySslContext); + this(ztsUrl, identityProvider::getIdentitySslContext, null); } - private DefaultZtsClient(URI ztsUrl, Supplier<SSLContext> sslContextSupplier) { - super("vespa-zts-client", sslContextSupplier, ZtsClientException::new); + public DefaultZtsClient(URI ztsUrl, ServiceIdentityProvider identityProvider, HostnameVerifier hostnameVerifier) { + this(ztsUrl, identityProvider::getIdentitySslContext, null); + } + + private DefaultZtsClient(URI ztsUrl, Supplier<SSLContext> sslContextSupplier, HostnameVerifier hostnameVerifier) { + super("vespa-zts-client", sslContextSupplier, ZtsClientException::new, hostnameVerifier); this.ztsUrl = addTrailingSlash(ztsUrl); } |