diff options
3 files changed, 10 insertions, 5 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzSslContextProviderImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzSslContextProviderImpl.java index afa630d8d9b..261c2c0f2ad 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzSslContextProviderImpl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzSslContextProviderImpl.java @@ -13,6 +13,8 @@ import java.time.Duration; import java.time.Instant; import java.util.concurrent.atomic.AtomicReference; +import static com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder.KeyStoreType.JKS; + /** * @author bjorncs */ @@ -33,7 +35,7 @@ public class AthenzSslContextProviderImpl implements AthenzSslContextProvider { CachedSslContext currentCachedSslContext = this.cachedSslContext.get(); if (currentCachedSslContext == null || currentCachedSslContext.isExpired()) { SSLContext sslContext = new AthenzSslContextBuilder() - .withTrustStore(new File(config.athenzCaTrustStore()), "JKS") + .withTrustStore(new File(config.athenzCaTrustStore()), JKS) .withIdentityCertificate(clientFactory.createZtsClientWithServicePrincipal().getIdentityCertificate()) .build(); this.cachedSslContext.set(new CachedSslContext(sslContext)); diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConfigServerApiImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConfigServerApiImpl.java index 8c2b87f4068..7abe9bce718 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConfigServerApiImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConfigServerApiImpl.java @@ -3,6 +3,7 @@ package com.yahoo.vespa.hosted.node.admin.configserver; import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier; import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder; +import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder.KeyStoreType; import com.yahoo.vespa.hosted.node.admin.component.Environment; import com.yahoo.vespa.hosted.node.admin.configserver.certificate.ConfigServerKeyStoreRefresher; import com.yahoo.vespa.hosted.node.admin.util.KeyStoreOptions; @@ -98,12 +99,12 @@ public class SslConfigServerApiImpl implements ConfigServerApi { private SSLContext makeSslContext(Optional<KeyStoreOptions> keyStoreOptions) { AthenzSslContextBuilder sslContextBuilder = new AthenzSslContextBuilder(); - environment.getTrustStoreOptions().ifPresent(options -> - sslContextBuilder.withTrustStore(options.path.toFile(), options.type)); + environment.getTrustStoreOptions().ifPresent( + options -> sslContextBuilder.withTrustStore(options.path.toFile(), KeyStoreType.valueOf(options.type))); keyStoreOptions.ifPresent(options -> { try { - sslContextBuilder.withKeyStore(options.loadKeyStore(), options.password); + sslContextBuilder.withKeyStore(options.path.toFile(), options.password, KeyStoreType.valueOf(options.type)); } catch (Exception e) { throw new RuntimeException("Failed to read key store", e); } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/AthenzIdentityProviderImpl.java index 78ad95f84f3..2bfcaae79e6 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/AthenzIdentityProviderImpl.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/AthenzIdentityProviderImpl.java @@ -24,6 +24,8 @@ import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicReference; import java.util.logging.Logger; +import static com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder.KeyStoreType.JKS; + /** * @author mortent * @author bjorncs @@ -100,7 +102,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen .withIdentityCertificate(new AthenzIdentityCertificate( credentials.getCertificate(), credentials.getKeyPair().getPrivate())) - .withTrustStore(new File(Defaults.getDefaults().underVespaHome("share/ssl/certs/yahoo_certificate_bundle.jks")), "JKS") + .withTrustStore(new File(Defaults.getDefaults().underVespaHome("share/ssl/certs/yahoo_certificate_bundle.jks")), JKS) .build(); } |