diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-12-02 15:44:38 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-12-02 15:44:38 +0100 |
commit | 6cc65eae9987dcdd6be23d92378a3e39922a3a84 (patch) | |
tree | 69a84d450063e45714bbc965ebc0ba6594f1c76e /vespa-http-client/src | |
parent | 313236a5df9390dbd54e37a31665ba6277dd2713 (diff) |
Support configuration of PEM encoded credentials in vespa-http-client
Diffstat (limited to 'vespa-http-client/src')
-rw-r--r-- | vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java | 35 |
1 files changed, 34 insertions, 1 deletions
diff --git a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java index 8a2a1652b4a..06affe9fe1e 100644 --- a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java +++ b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java @@ -2,6 +2,7 @@ package com.yahoo.vespa.http.client.runner; import com.google.common.base.Splitter; +import com.yahoo.security.SslContextBuilder; import com.yahoo.vespa.http.client.config.Cluster; import com.yahoo.vespa.http.client.config.ConnectionParams; import com.yahoo.vespa.http.client.config.Endpoint; @@ -18,8 +19,10 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.message.BasicLineParser; import javax.inject.Inject; +import javax.net.ssl.SSLContext; import java.net.MalformedURLException; import java.net.URL; +import java.nio.file.Paths; import java.time.Duration; import java.util.ArrayList; import java.util.List; @@ -82,6 +85,12 @@ public class CommandLineArguments { } } + if (cmdArgs.privateKeyPath == null && cmdArgs.certificatePath != null || + cmdArgs.privateKeyPath != null && cmdArgs.certificatePath == null) { + System.err.println("Both '--privateKey' and '--certificate' must be set"); + return null; + } + return cmdArgs; } @@ -204,7 +213,7 @@ public class CommandLineArguments { description = "Use TLS when connecting to endpoint") private boolean useTls = false; - @Option(name = {"--insecure"}, + @Option(name = {"--insecure", "--disable-hostname-verification"}, description = "Skip hostname verification when using TLS") private boolean insecure = false; @@ -220,6 +229,18 @@ public class CommandLineArguments { description = "Maximum time to live for persistent connections. Specified as integer, in seconds.") private long connectionTimeToLive = 15; + @Option(name = {"--certificate"}, + description = "Path to a file containing a PEM encoded x509 certificate") + private String certificatePath; + + @Option(name = {"--privateKey"}, + description = "Path to a file containing a PEM encoded private key") + private String privateKeyPath; + + @Option(name = "--caCertificates", + description = "Path to a file containing a PEM encoded CA certificates") + private String caCertificatesPath; + private final List<Header> parsedHeaders = new ArrayList<>(); int getWhenVerboseEnabledPrintMessageForEveryXDocuments() { @@ -232,6 +253,17 @@ public class CommandLineArguments { public boolean getAddRootElementToXml() { return addRootElementToXml; } + private SSLContext createSslContext() { + SslContextBuilder builder = new SslContextBuilder(); + if (privateKeyPath != null && certificatePath != null) { + builder.withKeyStore(Paths.get(privateKeyPath), Paths.get(certificatePath)); + } + if (caCertificatesPath != null) { + builder.withTrustStore(Paths.get(caCertificatesPath)); + } + return builder.build(); + } + SessionParams createSessionParams(boolean useJson) { final int minThrottleValue = useDynamicThrottlingArg ? 10 : 0; ConnectionParams.Builder connectionParamsBuilder = new ConnectionParams.Builder(); @@ -263,6 +295,7 @@ public class CommandLineArguments { .setTraceEveryXOperation(traceEveryXOperation) .setPrintTraceToStdErr(traceArg > 0) .setNumPersistentConnectionsPerEndpoint(numPersistentConnectionsPerEndpoint) + .setSslContext(createSslContext()) .setUseTlsConfigFromEnvironment(useTlsConfigFromEnvironment) .setConnectionTimeToLive(Duration.ofSeconds(connectionTimeToLive)) .build() |