diff options
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java b/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java index 18764f51dc5..d4e74e22e40 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java @@ -5,19 +5,20 @@ import com.yahoo.security.KeyStoreBuilder; import com.yahoo.security.KeyStoreType; import com.yahoo.security.KeyUtils; import com.yahoo.security.X509CertificateUtils; +import com.yahoo.security.X509CertificateWithKey; import javax.net.ssl.SSLEngine; import javax.net.ssl.X509ExtendedKeyManager; import java.io.IOException; import java.io.UncheckedIOException; import java.net.Socket; -import java.nio.file.Files; import java.nio.file.Path; import java.security.KeyStore; import java.security.Principal; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.time.Duration; +import java.util.Arrays; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.TimeUnit; @@ -59,6 +60,13 @@ public class AutoReloadingX509KeyManager extends X509ExtendedKeyManager implemen return new AutoReloadingX509KeyManager(privateKeyFile, certificatesFile); } + public X509CertificateWithKey getCurrentCertificateWithKey() { + X509ExtendedKeyManager manager = mutableX509KeyManager.currentManager(); + X509Certificate[] certificateChain = manager.getCertificateChain(CERTIFICATE_ALIAS); + PrivateKey privateKey = manager.getPrivateKey(CERTIFICATE_ALIAS); + return new X509CertificateWithKey(Arrays.asList(certificateChain), privateKey); + } + private static KeyStore createKeystore(Path privateKey, Path certificateChain) { try { return KeyStoreBuilder.withType(KeyStoreType.PKCS12) |