1 files changed, 37 insertions, 0 deletions

diff --git a/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/CloudTokenSslContextProvider.java b/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/CloudTokenSslContextProvider.java
new file mode 100644
index 00000000000..fe71d1b24c6
--- /dev/null
+++ b/container-core/src/main/java/com/yahoo/jdisc/http/ssl/impl/CloudTokenSslContextProvider.java
@@ -0,0 +1,37 @@
+// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.jdisc.http.ssl.impl;
+
+import com.yahoo.component.annotation.Inject;
+import com.yahoo.jdisc.http.ConnectorConfig;
+import com.yahoo.jdisc.http.server.jetty.DataplaneProxyCredentials;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.util.Optional;
+
+/**
+ * Used to enable token based endpoints in Cloud. Amends trust store to allow proxy.
+ *
+ * @author mortent
+ */
+public class CloudTokenSslContextProvider extends ConfiguredSslContextFactoryProvider {
+
+    private final DataplaneProxyCredentials dataplaneProxyCredentials;
+
+    @Inject
+    public CloudTokenSslContextProvider(ConnectorConfig connectorConfig,
+                                        DataplaneProxyCredentials dataplaneProxyCredentials) {
+        super(connectorConfig);
+        this.dataplaneProxyCredentials = dataplaneProxyCredentials;
+    }
+
+    @Override
+    Optional<String> getCaCertificates(ConnectorConfig.Ssl sslConfig) {
+        try {
+            return Optional.of(Files.readString(dataplaneProxyCredentials.certificateFile(), StandardCharsets.UTF_8));
+        } catch (IOException e) {
+            throw new IllegalArgumentException("Dataplane proxy certificate not available", e);
+        }
+    }
+}