diff options
author | jonmv <venstad@gmail.com> | 2023-11-23 15:27:27 +0100 |
---|---|---|
committer | jonmv <venstad@gmail.com> | 2023-11-23 15:27:27 +0100 |
commit | 5858fdc96779de4b8adf8fae3abd99851a8a95ce (patch) | |
tree | 0dde13b2af027e238da9bc14e1a73a0ed5b33327 /zookeeper-server | |
parent | 2790a62449b132a963ad3b391646c022d1a57e41 (diff) |
Expore key and trust manager to ZK
Diffstat (limited to 'zookeeper-server')
4 files changed, 46 insertions, 12 deletions
diff --git a/zookeeper-server/zookeeper-server-3.8.1/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java b/zookeeper-server/zookeeper-server-3.8.1/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java index 3c8a373f121..8bb88a83b10 100644 --- a/zookeeper-server/zookeeper-server-3.8.1/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java +++ b/zookeeper-server/zookeeper-server-3.8.1/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java @@ -2,12 +2,13 @@ package com.yahoo.vespa.zookeeper; import org.apache.zookeeper.KeeperException; -import org.apache.zookeeper.common.X509Exception; import org.apache.zookeeper.data.Id; import org.apache.zookeeper.server.ServerCnxn; import org.apache.zookeeper.server.auth.AuthenticationProvider; import org.apache.zookeeper.server.auth.X509AuthenticationProvider; +import javax.net.ssl.X509KeyManager; +import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; import java.util.logging.Logger; @@ -20,7 +21,17 @@ public class VespaMtlsAuthenticationProvider extends X509AuthenticationProvider private static final Logger log = Logger.getLogger(VespaMtlsAuthenticationProvider.class.getName()); - public VespaMtlsAuthenticationProvider() throws X509Exception { super(null, null);} + public VespaMtlsAuthenticationProvider() { + super(trustManager(), keyManager()); + } + + private static X509KeyManager keyManager() { + return new VespaSslContextProvider().tlsContext().keyManager(); + } + + private static X509TrustManager trustManager() { + return new VespaSslContextProvider().tlsContext().trustManager(); + } @Override public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) { @@ -36,6 +47,4 @@ public class VespaMtlsAuthenticationProvider extends X509AuthenticationProvider return KeeperException.Code.OK; } - @Override public String getScheme() { return "x509"; } - } diff --git a/zookeeper-server/zookeeper-server-3.9.1/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java b/zookeeper-server/zookeeper-server-3.9.1/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java index 3c8a373f121..f51b076a262 100644 --- a/zookeeper-server/zookeeper-server-3.9.1/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java +++ b/zookeeper-server/zookeeper-server-3.9.1/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java @@ -8,6 +8,9 @@ import org.apache.zookeeper.server.ServerCnxn; import org.apache.zookeeper.server.auth.AuthenticationProvider; import org.apache.zookeeper.server.auth.X509AuthenticationProvider; +import javax.net.ssl.KeyManager; +import javax.net.ssl.X509KeyManager; +import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; import java.util.logging.Logger; @@ -20,7 +23,17 @@ public class VespaMtlsAuthenticationProvider extends X509AuthenticationProvider private static final Logger log = Logger.getLogger(VespaMtlsAuthenticationProvider.class.getName()); - public VespaMtlsAuthenticationProvider() throws X509Exception { super(null, null);} + public VespaMtlsAuthenticationProvider() { + super(trustManager(), keyManager()); + } + + private static X509KeyManager keyManager() { + return new VespaSslContextProvider().tlsContext().keyManager(); + } + + private static X509TrustManager trustManager() { + return new VespaSslContextProvider().tlsContext().trustManager(); + } @Override public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) { @@ -36,6 +49,4 @@ public class VespaMtlsAuthenticationProvider extends X509AuthenticationProvider return KeeperException.Code.OK; } - @Override public String getScheme() { return "x509"; } - } diff --git a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java index a1b88635204..b50cbdbdbdf 100644 --- a/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java +++ b/zookeeper-server/zookeeper-server-common/src/main/java/com/yahoo/vespa/zookeeper/VespaSslContextProvider.java @@ -1,6 +1,7 @@ // Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.zookeeper; +import com.yahoo.security.X509SslContext; import com.yahoo.security.tls.TlsContext; import javax.net.ssl.SSLContext; @@ -17,9 +18,13 @@ public class VespaSslContextProvider implements Supplier<SSLContext> { @Override public SSLContext get() { + return tlsContext().context(); + } + + public X509SslContext tlsContext() { synchronized (VespaSslContextProvider.class) { if (tlsContext == null) throw new IllegalStateException("Vespa TLS is not enabled"); - return tlsContext.sslContext().context(); + return tlsContext.sslContext(); } } diff --git a/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java b/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java index 3c8a373f121..8bb88a83b10 100644 --- a/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java +++ b/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java @@ -2,12 +2,13 @@ package com.yahoo.vespa.zookeeper; import org.apache.zookeeper.KeeperException; -import org.apache.zookeeper.common.X509Exception; import org.apache.zookeeper.data.Id; import org.apache.zookeeper.server.ServerCnxn; import org.apache.zookeeper.server.auth.AuthenticationProvider; import org.apache.zookeeper.server.auth.X509AuthenticationProvider; +import javax.net.ssl.X509KeyManager; +import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; import java.util.logging.Logger; @@ -20,7 +21,17 @@ public class VespaMtlsAuthenticationProvider extends X509AuthenticationProvider private static final Logger log = Logger.getLogger(VespaMtlsAuthenticationProvider.class.getName()); - public VespaMtlsAuthenticationProvider() throws X509Exception { super(null, null);} + public VespaMtlsAuthenticationProvider() { + super(trustManager(), keyManager()); + } + + private static X509KeyManager keyManager() { + return new VespaSslContextProvider().tlsContext().keyManager(); + } + + private static X509TrustManager trustManager() { + return new VespaSslContextProvider().tlsContext().trustManager(); + } @Override public KeeperException.Code handleAuthentication(ServerCnxn cnxn, byte[] authData) { @@ -36,6 +47,4 @@ public class VespaMtlsAuthenticationProvider extends X509AuthenticationProvider return KeeperException.Code.OK; } - @Override public String getScheme() { return "x509"; } - } |