Support configuration of PEM encoded credentials in vespa-http-client

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-12-02 15:44:38 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-12-02 15:44:38 +0100
commit: 6cc65eae9987dcdd6be23d92378a3e39922a3a84 (patch)
tree: 69a84d450063e45714bbc965ebc0ba6594f1c76e /vespa-http-client
parent: 313236a5df9390dbd54e37a31665ba6277dd2713 (diff)
1 files changed, 34 insertions, 1 deletions
diff --git a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java
index 8a2a1652b4a..06affe9fe1e 100644
--- a/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java
+++ b/vespa-http-client/src/main/java/com/yahoo/vespa/http/client/runner/CommandLineArguments.java
@@ -2,6 +2,7 @@
 package com.yahoo.vespa.http.client.runner;
 
 import com.google.common.base.Splitter;
+import com.yahoo.security.SslContextBuilder;
 import com.yahoo.vespa.http.client.config.Cluster;
 import com.yahoo.vespa.http.client.config.ConnectionParams;
 import com.yahoo.vespa.http.client.config.Endpoint;
@@ -18,8 +19,10 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.message.BasicLineParser;
 
 import javax.inject.Inject;
+import javax.net.ssl.SSLContext;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.nio.file.Paths;
 import java.time.Duration;
 import java.util.ArrayList;
 import java.util.List;
@@ -82,6 +85,12 @@ public class CommandLineArguments {
             }
         }
 
+        if (cmdArgs.privateKeyPath == null && cmdArgs.certificatePath != null ||
+                cmdArgs.privateKeyPath != null && cmdArgs.certificatePath == null) {
+            System.err.println("Both '--privateKey' and '--certificate' must be set");
+            return null;
+        }
+
         return cmdArgs;
     }
 
@@ -204,7 +213,7 @@ public class CommandLineArguments {
             description = "Use TLS when connecting to endpoint")
     private boolean useTls = false;
 
-    @Option(name = {"--insecure"},
+    @Option(name = {"--insecure", "--disable-hostname-verification"},
             description = "Skip hostname verification when using TLS")
     private boolean insecure = false;
 
@@ -220,6 +229,18 @@ public class CommandLineArguments {
             description = "Maximum time to live for persistent connections. Specified as integer, in seconds.")
     private long connectionTimeToLive = 15;
 
+    @Option(name = {"--certificate"},
+            description = "Path to a file containing a PEM encoded x509 certificate")
+    private String certificatePath;
+
+    @Option(name = {"--privateKey"},
+            description = "Path to a file containing a PEM encoded private key")
+    private String privateKeyPath;
+
+    @Option(name = "--caCertificates",
+            description = "Path to a file containing a PEM encoded CA certificates")
+    private String caCertificatesPath;
+
     private final List<Header> parsedHeaders = new ArrayList<>();
 
     int getWhenVerboseEnabledPrintMessageForEveryXDocuments() {
@@ -232,6 +253,17 @@ public class CommandLineArguments {
 
     public boolean getAddRootElementToXml() { return addRootElementToXml; }
 
+    private SSLContext createSslContext() {
+        SslContextBuilder builder = new SslContextBuilder();
+        if (privateKeyPath != null && certificatePath != null) {
+            builder.withKeyStore(Paths.get(privateKeyPath), Paths.get(certificatePath));
+        }
+        if (caCertificatesPath != null) {
+            builder.withTrustStore(Paths.get(caCertificatesPath));
+        }
+        return builder.build();
+    }
+
     SessionParams createSessionParams(boolean useJson) {
         final int minThrottleValue = useDynamicThrottlingArg ? 10 : 0;
         ConnectionParams.Builder connectionParamsBuilder = new ConnectionParams.Builder();
@@ -263,6 +295,7 @@ public class CommandLineArguments {
                                 .setTraceEveryXOperation(traceEveryXOperation)
                                 .setPrintTraceToStdErr(traceArg > 0)
                                 .setNumPersistentConnectionsPerEndpoint(numPersistentConnectionsPerEndpoint)
+                                .setSslContext(createSslContext())
                                 .setUseTlsConfigFromEnvironment(useTlsConfigFromEnvironment)
                                 .setConnectionTimeToLive(Duration.ofSeconds(connectionTimeToLive))
                                 .build()
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-12-02 15:44:38 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-12-02 15:44:38 +0100
commit	6cc65eae9987dcdd6be23d92378a3e39922a3a84 (patch)
tree	69a84d450063e45714bbc965ebc0ba6594f1c76e /vespa-http-client
parent	313236a5df9390dbd54e37a31665ba6277dd2713 (diff)