diff options
5 files changed, 81 insertions, 10 deletions
diff --git a/config-model-api/abi-spec.json b/config-model-api/abi-spec.json index 8ebe0069a29..d0173de4f9e 100644 --- a/config-model-api/abi-spec.json +++ b/config-model-api/abi-spec.json @@ -1135,6 +1135,24 @@ ], "fields" : [ ] }, + "com.yahoo.config.model.api.EndpointCertificateMetadata$Provider" : { + "superClass" : "java.lang.Enum", + "interfaces" : [ ], + "attributes" : [ + "public", + "final", + "enum" + ], + "methods" : [ + "public static com.yahoo.config.model.api.EndpointCertificateMetadata$Provider[] values()", + "public static com.yahoo.config.model.api.EndpointCertificateMetadata$Provider valueOf(java.lang.String)" + ], + "fields" : [ + "public static final enum com.yahoo.config.model.api.EndpointCertificateMetadata$Provider digicert", + "public static final enum com.yahoo.config.model.api.EndpointCertificateMetadata$Provider globalsign", + "public static final enum com.yahoo.config.model.api.EndpointCertificateMetadata$Provider zerossl" + ] + }, "com.yahoo.config.model.api.EndpointCertificateMetadata" : { "superClass" : "java.lang.Object", "interfaces" : [ ], @@ -1142,16 +1160,33 @@ "public" ], "methods" : [ - "public void <init>(java.lang.String, java.lang.String, int)", + "public void <init>(java.lang.String, java.lang.String, int, com.yahoo.config.model.api.EndpointCertificateMetadata$Provider)", "public java.lang.String keyName()", "public java.lang.String certName()", "public int version()", + "public com.yahoo.config.model.api.EndpointCertificateMetadata$Provider issuer()", "public java.lang.String toString()", "public boolean equals(java.lang.Object)", "public int hashCode()" ], "fields" : [ ] }, + "com.yahoo.config.model.api.EndpointCertificateSecretStore" : { + "superClass" : "java.lang.Object", + "interfaces" : [ ], + "attributes" : [ + "public", + "abstract" + ], + "methods" : [ + "public void <init>()", + "public final com.yahoo.config.model.api.EndpointCertificateSecrets getSecret(com.yahoo.config.model.api.EndpointCertificateMetadata)", + "public abstract java.util.Optional getPrivateKey(com.yahoo.config.model.api.EndpointCertificateMetadata)", + "public abstract java.util.Optional getCertificate(com.yahoo.config.model.api.EndpointCertificateMetadata)", + "public abstract boolean supports(com.yahoo.config.model.api.EndpointCertificateMetadata$Provider)" + ], + "fields" : [ ] + }, "com.yahoo.config.model.api.EndpointCertificateSecrets" : { "superClass" : "java.lang.Object", "interfaces" : [ ], diff --git a/config-model-api/src/main/java/com/yahoo/config/model/api/EndpointCertificateMetadata.java b/config-model-api/src/main/java/com/yahoo/config/model/api/EndpointCertificateMetadata.java index a4b0159ed4a..591677f6677 100644 --- a/config-model-api/src/main/java/com/yahoo/config/model/api/EndpointCertificateMetadata.java +++ b/config-model-api/src/main/java/com/yahoo/config/model/api/EndpointCertificateMetadata.java @@ -5,14 +5,17 @@ import java.util.Objects; public class EndpointCertificateMetadata { + public enum Provider { digicert, globalsign, zerossl } private final String keyName; private final String certName; private final int version; + private final Provider issuer; - public EndpointCertificateMetadata(String keyName, String certName, int version) { + public EndpointCertificateMetadata(String keyName, String certName, int version, Provider issuer) { this.keyName = keyName; this.certName = certName; this.version = version; + this.issuer = issuer; } public String keyName() { @@ -27,25 +30,31 @@ public class EndpointCertificateMetadata { return version; } + public Provider issuer() { + return issuer; + } + @Override public String toString() { return "EndpointCertificateMetadata{" + "keyName='" + keyName + '\'' + ", certName='" + certName + '\'' + ", version=" + version + + ", issuer='" + issuer + '\'' + '}'; } + @Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; EndpointCertificateMetadata that = (EndpointCertificateMetadata) o; - return version == that.version && Objects.equals(keyName, that.keyName) && Objects.equals(certName, that.certName); + return version == that.version && Objects.equals(keyName, that.keyName) && Objects.equals(certName, that.certName) && Objects.equals(issuer, that.issuer); } @Override public int hashCode() { - return Objects.hash(keyName, certName, version); + return Objects.hash(keyName, certName, version, issuer); } } diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java index 7b8987a22b2..d3c026dbc0d 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataSerializer.java @@ -4,8 +4,13 @@ package com.yahoo.vespa.config.server.tenant; import com.yahoo.config.model.api.EndpointCertificateMetadata; import com.yahoo.slime.Cursor; import com.yahoo.slime.Inspector; +import com.yahoo.slime.SlimeUtils; import com.yahoo.slime.Type; +import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.digicert; +import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.globalsign; +import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.zerossl; + /** * (de)serializes endpoint certificate metadata * @@ -23,11 +28,13 @@ public class EndpointCertificateMetadataSerializer { private final static String keyNameField = "keyName"; private final static String certNameField = "certName"; private final static String versionField = "version"; + private final static String issuerField = "issuer"; public static void toSlime(EndpointCertificateMetadata metadata, Cursor object) { object.setString(keyNameField, metadata.keyName()); object.setString(certNameField, metadata.certName()); object.setLong(versionField, metadata.version()); + object.setString(issuerField, serializedValue(metadata.issuer())); } public static EndpointCertificateMetadata fromSlime(Inspector inspector) { @@ -35,9 +42,26 @@ public class EndpointCertificateMetadataSerializer { return new EndpointCertificateMetadata( inspector.field(keyNameField).asString(), inspector.field(certNameField).asString(), - Math.toIntExact(inspector.field(versionField).asLong()) - ); + Math.toIntExact(inspector.field(versionField).asLong()), + providerOf(SlimeUtils.optionalString(inspector.field(issuerField)).orElse(""))); } throw new IllegalArgumentException("Unknown format encountered for endpoint certificate metadata!"); } + + private static EndpointCertificateMetadata.Provider providerOf(String name) { + return switch (name) { + case "digicert" -> digicert; + case "globalsign" -> globalsign; + case "zerossl" -> zerossl; + default -> digicert; + }; + } + + private static String serializedValue(EndpointCertificateMetadata.Provider provider) { + return switch (provider) { + case digicert -> "digicert"; + case globalsign -> "globalsign"; + case zerossl -> "zerossl"; + }; + } } diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java index 9f2ddafd028..1e694be0480 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java @@ -28,6 +28,7 @@ import java.time.Duration; import java.util.List; import java.util.OptionalInt; +import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.digicert; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; @@ -119,7 +120,7 @@ public class PrepareParamsTest { @Test public void testEndpointCertificateParsing() throws IOException { - var certMeta = new EndpointCertificateMetadata("key", "cert", 3); + var certMeta = new EndpointCertificateMetadata("key", "cert", 3, digicert); var slime = new Slime(); EndpointCertificateMetadataSerializer.toSlime(certMeta, slime.setObject()); String encoded = URLEncoder.encode(new String(SlimeUtils.toJsonBytes(slime), StandardCharsets.UTF_8), StandardCharsets.UTF_8); diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java index 69b9d458962..99dccf6d418 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/EndpointCertificateMetadataStoreTest.java @@ -23,7 +23,9 @@ import java.security.KeyPair; import java.security.cert.X509Certificate; import java.time.Instant; import java.time.temporal.ChronoUnit; +import java.util.List; +import static com.yahoo.config.model.api.EndpointCertificateMetadata.Provider.digicert; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; @@ -46,7 +48,7 @@ public class EndpointCertificateMetadataStoreTest { public void setUp() { curator = new MockCurator(); endpointCertificateMetadataStore = new EndpointCertificateMetadataStore(curator, tenantPath); - endpointCertificateRetriever = new EndpointCertificateRetriever(secretStore); + endpointCertificateRetriever = new EndpointCertificateRetriever(List.of(new DefaultEndpointCertificateSecretStore(secretStore))); secretStore.put("vespa.tlskeys.tenant1--app1-cert", X509CertificateUtils.toPem(certificate)); secretStore.put("vespa.tlskeys.tenant1--app1-key", KeyUtils.toPem(keyPair.getPrivate())); @@ -68,11 +70,11 @@ public class EndpointCertificateMetadataStoreTest { @Test public void can_write_object_format() { - var endpointCertificateMetadata = new EndpointCertificateMetadata("key-name", "cert-name", 1); + var endpointCertificateMetadata = new EndpointCertificateMetadata("key-name", "cert-name", 1, digicert); endpointCertificateMetadataStore.writeEndpointCertificateMetadata(applicationId, endpointCertificateMetadata); - assertEquals("{\"keyName\":\"key-name\",\"certName\":\"cert-name\",\"version\":1}", + assertEquals("{\"keyName\":\"key-name\",\"certName\":\"cert-name\",\"version\":1,\"issuer\":\"digicert\"}", new String(curator.getData(endpointCertificateMetadataPath).orElseThrow())); } } |