diff options
6 files changed, 105 insertions, 4 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificate.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificate.java new file mode 100644 index 00000000000..e4d0c8246d9 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/ApplicationCertificate.java @@ -0,0 +1,29 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.certificates; + +import java.security.cert.X509Certificate; +import java.util.List; + +/** + * Represents a certificate chain and a reference to the private key used for generating the certificate + * + * @author mortent + * @author andreer + */ +public class ApplicationCertificate { + private final List<X509Certificate> certificateChain; + private final KeyId keyId; + + public ApplicationCertificate(List<X509Certificate> certificateChain, KeyId keyId) { + this.certificateChain = certificateChain; + this.keyId = keyId; + } + + public List<X509Certificate> certificateChain() { + return certificateChain; + } + + public KeyId keyId() { + return keyId; + } +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/CertificateProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/CertificateProvider.java index 2503325760d..d2462eb574f 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/CertificateProvider.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/CertificateProvider.java @@ -4,6 +4,11 @@ import java.security.KeyPair; import java.security.cert.X509Certificate; import java.util.List; +/** + * Generates a certificate. + * + * @author andreer + */ public interface CertificateProvider { List<X509Certificate> requestCaSignedCertificate(KeyPair keyPair, List<String> domains); } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyId.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyId.java new file mode 100644 index 00000000000..3ab22d4a5b7 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyId.java @@ -0,0 +1,18 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.certificates; + +/** + * Identifier for a key pair. Used for persisting/retrieving a key pair. + * + * @author mortent + * @author andreer + */ +public class KeyId { + private final String name; + private final int version; + + public KeyId(String name, int version) { + this.name = name; + this.version = version; + } +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyPairProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyPairProvider.java new file mode 100644 index 00000000000..a872bf63343 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/KeyPairProvider.java @@ -0,0 +1,14 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.certificates; + +import com.yahoo.config.provision.ApplicationId; + +/** + * Provides a key pair. Generates and persists the key pair if not found. + * + * @author mortent + * @author andreer + */ +public interface KeyPairProvider { + VersionedKeyPair getKeyPair(ApplicationId applicationId); +} diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/VersionedKeyPair.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/VersionedKeyPair.java new file mode 100644 index 00000000000..c95303b9497 --- /dev/null +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/VersionedKeyPair.java @@ -0,0 +1,28 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.controller.api.integration.certificates; + +import java.security.KeyPair; + +/** + * Represents a key pair and an unique persistence identifier + * + * @author mortent + * @author andreer + */ +public class VersionedKeyPair { + private final KeyId keyId; + private final KeyPair keyPair; + + public VersionedKeyPair(KeyId keyId, KeyPair keyPair) { + this.keyId = keyId; + this.keyPair = keyPair; + } + + public KeyId keyId() { + return keyId; + } + + public KeyPair keyPair() { + return keyPair; + } +} diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestDispatch.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestDispatch.java index 64e5ce3d33f..2d2632bcf0f 100644 --- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestDispatch.java +++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/server/jetty/HttpRequestDispatch.java @@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.nio.charset.StandardCharsets; +import java.util.Arrays; import java.util.concurrent.CompletableFuture; import java.util.concurrent.CompletionException; import java.util.concurrent.atomic.AtomicBoolean; @@ -131,10 +132,7 @@ class HttpRequestDispatch { error, () -> "Network connection was unexpectedly terminated: " + parent.jettyRequest.getRequestURI()); parent.metricReporter.prematurelyClosed(); - } else if (!(error instanceof CompletionException && error.getCause() instanceof OverloadException - || error instanceof OverloadException - || error instanceof BindingNotFoundException - || error instanceof RequestException)) { + } else if (!isErrorOfType(error, OverloadException.class, BindingNotFoundException.class, RequestException.class)) { log.log(Level.WARNING, "Request failed: " + parent.jettyRequest.getRequestURI(), error); } reportedError = true; @@ -153,6 +151,15 @@ class HttpRequestDispatch { }; } + @SafeVarargs + @SuppressWarnings("varargs") + private static boolean isErrorOfType(Throwable throwable, Class<? extends Throwable>... handledTypes) { + return Arrays.stream(handledTypes) + .anyMatch( + exceptionType -> exceptionType.isInstance(throwable) + || throwable instanceof CompletionException && exceptionType.isInstance(throwable.getCause())); + } + @SuppressWarnings("try") private ServletRequestReader handleRequest() throws IOException { HttpRequest jdiscRequest = HttpRequestFactory.newJDiscRequest(jDiscContext.container, jettyRequest); |