Add type representing generic TLS config for Vespa

4 files changed, 129 insertions, 0 deletions

diff --git a/vespajlib/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java b/vespajlib/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java
new file mode 100644
index 00000000000..f0d1edd6889
--- /dev/null
+++ b/vespajlib/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java
@@ -0,0 +1,90 @@
+// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.security.tls;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Objects;
+import java.util.Optional;
+
+/**
+ * Generic TLS configuration for Vespa
+ *
+ * @author bjorncs
+ */
+public class TransportSecurityOptions {
+
+    private static final ObjectMapper mapper = new ObjectMapper();
+
+    private final Path privateKeyFile;
+    private final Path certificatesFile;
+    private final Path caCertificatesFile;
+
+    public TransportSecurityOptions(String privateKeyFile, String certificatesFile, String caCertificatesFile) {
+        this(Paths.get(privateKeyFile), Paths.get(certificatesFile), Paths.get(caCertificatesFile));
+    }
+
+    public TransportSecurityOptions(Path privateKeyFile, Path certificatesFile, Path caCertificatesFile) {
+        this.privateKeyFile = privateKeyFile;
+        this.certificatesFile = certificatesFile;
+        this.caCertificatesFile = caCertificatesFile;
+    }
+
+    public Path getPrivateKeyFile() {
+        return privateKeyFile;
+    }
+
+    public Path getCertificatesFile() {
+        return certificatesFile;
+    }
+
+    public Path getCaCertificatesFile() {
+        return caCertificatesFile;
+    }
+
+    public static TransportSecurityOptions fromJsonFile(Path file) {
+        try {
+            JsonNode root = mapper.readTree(file.toFile());
+            JsonNode filesNode = getField(root, "files");
+            String privateKeyFile = getField(filesNode, "private-key").asText();
+            String certificatesFile = getField(filesNode, "certificates").asText();
+            String caCertificatesFile = getField(filesNode, "ca-certificates").asText();
+            return new TransportSecurityOptions(privateKeyFile, certificatesFile, caCertificatesFile);
+        } catch (IOException e) {
+            throw new UncheckedIOException(e);
+        }
+    }
+
+    private static JsonNode getField(JsonNode root, String fieldName) {
+        return Optional.ofNullable(root.get(fieldName))
+                .orElseThrow(() -> new IllegalArgumentException(String.format("'%s' field missing", fieldName)));
+    }
+
+    @Override
+    public String toString() {
+        return "TransportSecurityOptions{" +
+                "privateKeyFile=" + privateKeyFile +
+                ", certificatesFile=" + certificatesFile +
+                ", caCertificatesFile=" + caCertificatesFile +
+                '}';
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        TransportSecurityOptions that = (TransportSecurityOptions) o;
+        return Objects.equals(privateKeyFile, that.privateKeyFile) &&
+                Objects.equals(certificatesFile, that.certificatesFile) &&
+                Objects.equals(caCertificatesFile, that.caCertificatesFile);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(privateKeyFile, certificatesFile, caCertificatesFile);
+    }
+}
\ No newline at end of file
diff --git a/vespajlib/src/main/java/com/yahoo/security/tls/package-info.java b/vespajlib/src/main/java/com/yahoo/security/tls/package-info.java
new file mode 100644
index 00000000000..b5668182f14
--- /dev/null
+++ b/vespajlib/src/main/java/com/yahoo/security/tls/package-info.java
@@ -0,0 +1,8 @@
+// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+/**
+ * @author bjorncs
+ */
+@ExportPackage
+package com.yahoo.security.tls;
+
+import com.yahoo.osgi.annotation.ExportPackage;
\ No newline at end of file
diff --git a/vespajlib/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/vespajlib/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
new file mode 100644
index 00000000000..ad80c52ae2a
--- /dev/null
+++ b/vespajlib/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
@@ -0,0 +1,24 @@
+package com.yahoo.security.tls;
+
+import org.junit.Test;
+
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
+import static org.junit.Assert.*;
+
+/**
+ * @author bjorncs
+ */
+public class TransportSecurityOptionsTest {
+
+    private static final Path TEST_CONFIG_FILE = Paths.get("src/test/resources/transport-security-options.json");
+
+    @Test
+    public void can_read_options_from_json_file() {
+        TransportSecurityOptions expectedOptions = new TransportSecurityOptions("myhost.key", "certs.pem", "my_cas.pem");
+        TransportSecurityOptions actualOptions =  TransportSecurityOptions.fromJsonFile(TEST_CONFIG_FILE);
+        assertEquals(expectedOptions, actualOptions);
+    }
+
+}
\ No newline at end of file
diff --git a/vespajlib/src/test/resources/transport-security-options.json b/vespajlib/src/test/resources/transport-security-options.json
new file mode 100644
index 00000000000..0506c130722
--- /dev/null
+++ b/vespajlib/src/test/resources/transport-security-options.json
@@ -0,0 +1,7 @@
+{
+  "files": {
+    "private-key": "myhost.key",
+    "ca-certificates": "my_cas.pem",
+    "certificates": "certs.pem"
+  }
+}
\ No newline at end of file