summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzSslContextProviderImpl.java4
-rw-r--r--node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConfigServerApiImpl.java7
-rw-r--r--vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/AthenzIdentityProviderImpl.java4
3 files changed, 10 insertions, 5 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzSslContextProviderImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzSslContextProviderImpl.java
index afa630d8d9b..261c2c0f2ad 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzSslContextProviderImpl.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/AthenzSslContextProviderImpl.java
@@ -13,6 +13,8 @@ import java.time.Duration;
import java.time.Instant;
import java.util.concurrent.atomic.AtomicReference;
+import static com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder.KeyStoreType.JKS;
+
/**
* @author bjorncs
*/
@@ -33,7 +35,7 @@ public class AthenzSslContextProviderImpl implements AthenzSslContextProvider {
CachedSslContext currentCachedSslContext = this.cachedSslContext.get();
if (currentCachedSslContext == null || currentCachedSslContext.isExpired()) {
SSLContext sslContext = new AthenzSslContextBuilder()
- .withTrustStore(new File(config.athenzCaTrustStore()), "JKS")
+ .withTrustStore(new File(config.athenzCaTrustStore()), JKS)
.withIdentityCertificate(clientFactory.createZtsClientWithServicePrincipal().getIdentityCertificate())
.build();
this.cachedSslContext.set(new CachedSslContext(sslContext));
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConfigServerApiImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConfigServerApiImpl.java
index 8c2b87f4068..7abe9bce718 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConfigServerApiImpl.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/SslConfigServerApiImpl.java
@@ -3,6 +3,7 @@ package com.yahoo.vespa.hosted.node.admin.configserver;
import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier;
import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder;
+import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder.KeyStoreType;
import com.yahoo.vespa.hosted.node.admin.component.Environment;
import com.yahoo.vespa.hosted.node.admin.configserver.certificate.ConfigServerKeyStoreRefresher;
import com.yahoo.vespa.hosted.node.admin.util.KeyStoreOptions;
@@ -98,12 +99,12 @@ public class SslConfigServerApiImpl implements ConfigServerApi {
private SSLContext makeSslContext(Optional<KeyStoreOptions> keyStoreOptions) {
AthenzSslContextBuilder sslContextBuilder = new AthenzSslContextBuilder();
- environment.getTrustStoreOptions().ifPresent(options ->
- sslContextBuilder.withTrustStore(options.path.toFile(), options.type));
+ environment.getTrustStoreOptions().ifPresent(
+ options -> sslContextBuilder.withTrustStore(options.path.toFile(), KeyStoreType.valueOf(options.type)));
keyStoreOptions.ifPresent(options -> {
try {
- sslContextBuilder.withKeyStore(options.loadKeyStore(), options.password);
+ sslContextBuilder.withKeyStore(options.path.toFile(), options.password, KeyStoreType.valueOf(options.type));
} catch (Exception e) {
throw new RuntimeException("Failed to read key store", e);
}
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/AthenzIdentityProviderImpl.java
index 78ad95f84f3..2bfcaae79e6 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/AthenzIdentityProviderImpl.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/AthenzIdentityProviderImpl.java
@@ -24,6 +24,8 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Logger;
+import static com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder.KeyStoreType.JKS;
+
/**
* @author mortent
* @author bjorncs
@@ -100,7 +102,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen
.withIdentityCertificate(new AthenzIdentityCertificate(
credentials.getCertificate(),
credentials.getKeyPair().getPrivate()))
- .withTrustStore(new File(Defaults.getDefaults().underVespaHome("share/ssl/certs/yahoo_certificate_bundle.jks")), "JKS")
+ .withTrustStore(new File(Defaults.getDefaults().underVespaHome("share/ssl/certs/yahoo_certificate_bundle.jks")), JKS)
.build();
}