diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-10 12:33:12 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-09-10 12:48:46 +0200 |
commit | be5a620b4030fc22d629d86d5c81186bf81e4f71 (patch) | |
tree | d7a112cfbd75251c6223341df0ca59caf46b4b97 /vespajlib | |
parent | 032de91dbed21ddd4d4561c8fcbf34a4ae252f3f (diff) |
Add type representing generic TLS config for Vespa
Diffstat (limited to 'vespajlib')
4 files changed, 129 insertions, 0 deletions
diff --git a/vespajlib/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java b/vespajlib/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java new file mode 100644 index 00000000000..f0d1edd6889 --- /dev/null +++ b/vespajlib/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java @@ -0,0 +1,90 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security.tls; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; + +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Objects; +import java.util.Optional; + +/** + * Generic TLS configuration for Vespa + * + * @author bjorncs + */ +public class TransportSecurityOptions { + + private static final ObjectMapper mapper = new ObjectMapper(); + + private final Path privateKeyFile; + private final Path certificatesFile; + private final Path caCertificatesFile; + + public TransportSecurityOptions(String privateKeyFile, String certificatesFile, String caCertificatesFile) { + this(Paths.get(privateKeyFile), Paths.get(certificatesFile), Paths.get(caCertificatesFile)); + } + + public TransportSecurityOptions(Path privateKeyFile, Path certificatesFile, Path caCertificatesFile) { + this.privateKeyFile = privateKeyFile; + this.certificatesFile = certificatesFile; + this.caCertificatesFile = caCertificatesFile; + } + + public Path getPrivateKeyFile() { + return privateKeyFile; + } + + public Path getCertificatesFile() { + return certificatesFile; + } + + public Path getCaCertificatesFile() { + return caCertificatesFile; + } + + public static TransportSecurityOptions fromJsonFile(Path file) { + try { + JsonNode root = mapper.readTree(file.toFile()); + JsonNode filesNode = getField(root, "files"); + String privateKeyFile = getField(filesNode, "private-key").asText(); + String certificatesFile = getField(filesNode, "certificates").asText(); + String caCertificatesFile = getField(filesNode, "ca-certificates").asText(); + return new TransportSecurityOptions(privateKeyFile, certificatesFile, caCertificatesFile); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + private static JsonNode getField(JsonNode root, String fieldName) { + return Optional.ofNullable(root.get(fieldName)) + .orElseThrow(() -> new IllegalArgumentException(String.format("'%s' field missing", fieldName))); + } + + @Override + public String toString() { + return "TransportSecurityOptions{" + + "privateKeyFile=" + privateKeyFile + + ", certificatesFile=" + certificatesFile + + ", caCertificatesFile=" + caCertificatesFile + + '}'; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + TransportSecurityOptions that = (TransportSecurityOptions) o; + return Objects.equals(privateKeyFile, that.privateKeyFile) && + Objects.equals(certificatesFile, that.certificatesFile) && + Objects.equals(caCertificatesFile, that.caCertificatesFile); + } + + @Override + public int hashCode() { + return Objects.hash(privateKeyFile, certificatesFile, caCertificatesFile); + } +}
\ No newline at end of file diff --git a/vespajlib/src/main/java/com/yahoo/security/tls/package-info.java b/vespajlib/src/main/java/com/yahoo/security/tls/package-info.java new file mode 100644 index 00000000000..b5668182f14 --- /dev/null +++ b/vespajlib/src/main/java/com/yahoo/security/tls/package-info.java @@ -0,0 +1,8 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +/** + * @author bjorncs + */ +@ExportPackage +package com.yahoo.security.tls; + +import com.yahoo.osgi.annotation.ExportPackage;
\ No newline at end of file diff --git a/vespajlib/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/vespajlib/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java new file mode 100644 index 00000000000..ad80c52ae2a --- /dev/null +++ b/vespajlib/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java @@ -0,0 +1,24 @@ +package com.yahoo.security.tls; + +import org.junit.Test; + +import java.nio.file.Path; +import java.nio.file.Paths; + +import static org.junit.Assert.*; + +/** + * @author bjorncs + */ +public class TransportSecurityOptionsTest { + + private static final Path TEST_CONFIG_FILE = Paths.get("src/test/resources/transport-security-options.json"); + + @Test + public void can_read_options_from_json_file() { + TransportSecurityOptions expectedOptions = new TransportSecurityOptions("myhost.key", "certs.pem", "my_cas.pem"); + TransportSecurityOptions actualOptions = TransportSecurityOptions.fromJsonFile(TEST_CONFIG_FILE); + assertEquals(expectedOptions, actualOptions); + } + +}
\ No newline at end of file diff --git a/vespajlib/src/test/resources/transport-security-options.json b/vespajlib/src/test/resources/transport-security-options.json new file mode 100644 index 00000000000..0506c130722 --- /dev/null +++ b/vespajlib/src/test/resources/transport-security-options.json @@ -0,0 +1,7 @@ +{ + "files": { + "private-key": "myhost.key", + "ca-certificates": "my_cas.pem", + "certificates": "certs.pem" + } +}
\ No newline at end of file |