diff options
author | Håkon Hallingstad <hakon@yahooinc.com> | 2022-06-28 14:16:14 +0200 |
---|---|---|
committer | Håkon Hallingstad <hakon@yahooinc.com> | 2022-06-28 14:16:14 +0200 |
commit | 6dd468f47fd67250724aa20de12a9b26de4caadc (patch) | |
tree | 157ba99d6b8d7cfe3b23aaa43f69307324ce2839 /vespa-athenz | |
parent | c2142b2fe5129b50f75a235eb1a4a92e31ddb8c5 (diff) |
Remove trust store paths from SiaIdentityProvider
Diffstat (limited to 'vespa-athenz')
4 files changed, 1 insertions, 30 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentityProvider.java index 9d6c9f5e8d5..21650d72d6f 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentityProvider.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/ServiceIdentityProvider.java @@ -41,17 +41,4 @@ public interface ServiceIdentityProvider { */ Path privateKeyPath(); - /** - * @return Path to Athenz truststore in PEM format - */ - Path athenzTruststorePath(); - - /** - * The client truststore contains the Athenz certificates from {@link #athenzTruststorePath()} - * and additional certificate authorities that issues trusted server certificates. - * - * @return Path to client truststore in PEM format - */ - Path clientTruststorePath(); - } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java index 3c1a59dab51..e76384d4d8b 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java @@ -27,41 +27,33 @@ public class SiaIdentityProvider extends AbstractComponent implements ServiceIde private final AthenzIdentity service; private final Path certificateFile; private final Path privateKeyFile; - private final Path clientTruststoreFile; - private final Path athenzTruststoreFile; @Inject public SiaIdentityProvider(SiaProviderConfig config) { this(new AthenzService(config.athenzDomain(), config.athenzService()), SiaUtils.getPrivateKeyFile(Paths.get(config.keyPathPrefix()), new AthenzService(config.athenzDomain(), config.athenzService())), SiaUtils.getCertificateFile(Paths.get(config.keyPathPrefix()), new AthenzService(config.athenzDomain(), config.athenzService())), - Paths.get(config.athenzTruststorePath()), Paths.get(config.trustStorePath())); } public SiaIdentityProvider(AthenzIdentity service, Path siaPath, - Path athenzTruststoreFile, Path clientTruststoreFile) { this(service, SiaUtils.getPrivateKeyFile(siaPath, service), SiaUtils.getCertificateFile(siaPath, service), - athenzTruststoreFile, clientTruststoreFile); } public SiaIdentityProvider(AthenzIdentity service, Path privateKeyFile, Path certificateFile, - Path athenzTruststoreFile, Path clientTruststoreFile) { this.service = service; this.keyManager = AutoReloadingX509KeyManager.fromPemFiles(privateKeyFile, certificateFile); this.sslContext = createIdentitySslContext(keyManager, clientTruststoreFile); this.certificateFile = certificateFile; this.privateKeyFile = privateKeyFile; - this.athenzTruststoreFile = athenzTruststoreFile; - this.clientTruststoreFile = clientTruststoreFile; } @Override @@ -77,8 +69,6 @@ public class SiaIdentityProvider extends AbstractComponent implements ServiceIde @Override public X509CertificateWithKey getIdentityCertificateWithKey() { return keyManager.getCurrentCertificateWithKey(); } @Override public Path certificatePath() { return certificateFile; } @Override public Path privateKeyPath() { return privateKeyFile; } - @Override public Path athenzTruststorePath() { return athenzTruststoreFile; } - @Override public Path clientTruststorePath() { return clientTruststoreFile; } private static SSLContext createIdentitySslContext(AutoReloadingX509KeyManager keyManager, Path trustStoreFile) { return new SslContextBuilder() diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java index 418f7ec024b..11be0daf2d4 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java @@ -204,10 +204,6 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen @Override public Path privateKeyPath() { return athenzCredentialsService.privateKeyPath(); } - @Override public Path athenzTruststorePath() { return ATHENZ_TRUST_STORE; } - - @Override public Path clientTruststorePath() { return CLIENT_TRUST_STORE; } - @Override public SSLContext getRoleSslContext(String domain, String role) { try { @@ -346,7 +342,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen private static SiaIdentityProvider createNodeIdentityProvider(IdentityConfig config) { return new SiaIdentityProvider( - new AthenzService(config.nodeIdentityName()), SiaUtils.DEFAULT_SIA_DIRECTORY, ATHENZ_TRUST_STORE, CLIENT_TRUST_STORE); + new AthenzService(config.nodeIdentityName()), SiaUtils.DEFAULT_SIA_DIRECTORY, CLIENT_TRUST_STORE); } private boolean isExpired(AthenzCredentials credentials) { diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java index 4e3c81c0f39..f502951572c 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java @@ -50,7 +50,6 @@ public class SiaIdentityProviderTest { new AthenzService("domain", "service-name"), keyFile.toPath(), certificateFile.toPath(), - trustStoreFile.toPath(), trustStoreFile.toPath()); assertNotNull(provider.getIdentitySslContext()); @@ -74,7 +73,6 @@ public class SiaIdentityProviderTest { new AthenzService("domain", "service-name"), keyFile.toPath(), certificateFile.toPath(), - trustStoreFile.toPath(), trustStoreFile.toPath()); assertNotNull(provider.getIdentitySslContext()); |