diff options
Diffstat (limited to 'vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java | 43 |
1 files changed, 3 insertions, 40 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java index fdf58f9e64b..57fc7d1b581 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java @@ -2,7 +2,6 @@ package com.yahoo.vespa.athenz.tls; import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; @@ -10,14 +9,11 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import java.io.File; -import java.io.FileInputStream; import java.io.IOException; import java.io.UncheckedIOException; import java.security.GeneralSecurityException; import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.PrivateKey; -import java.security.cert.Certificate; import java.security.cert.X509Certificate; /** @@ -25,22 +21,6 @@ import java.security.cert.X509Certificate; */ public class AthenzSslContextBuilder { - public enum KeyStoreType { - JKS { - KeyStore createKeystore() throws KeyStoreException { - return KeyStore.getInstance("JKS"); - } - }, - PKCS12 { - private final BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider(); - - KeyStore createKeystore() throws KeyStoreException { - return KeyStore.getInstance("PKCS12", bouncyCastleProvider); - } - }; - abstract KeyStore createKeystore() throws GeneralSecurityException; - } - private KeyStoreSupplier trustStoreSupplier; private KeyStoreSupplier keyStoreSupplier; private char[] keyStorePassword; @@ -48,7 +28,7 @@ public class AthenzSslContextBuilder { public AthenzSslContextBuilder() {} public AthenzSslContextBuilder withTrustStore(File file, KeyStoreType trustStoreType) { - this.trustStoreSupplier = () -> loadKeyStoreFromFile(file, null, trustStoreType); + this.trustStoreSupplier = () -> KeyStoreBuilder.withType(trustStoreType).fromFile(file).build(); return this; } @@ -63,7 +43,7 @@ public class AthenzSslContextBuilder { public AthenzSslContextBuilder withKeyStore(PrivateKey privateKey, X509Certificate certificate) { char[] pwd = new char[0]; - this.keyStoreSupplier = () -> createJksKeyStore(privateKey, certificate, pwd); + this.keyStoreSupplier = () -> KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("athenz", privateKey, certificate).build(); this.keyStorePassword = pwd; return this; } @@ -75,7 +55,7 @@ public class AthenzSslContextBuilder { } public AthenzSslContextBuilder withKeyStore(File file, char[] password, KeyStoreType keyStoreType) { - this.keyStoreSupplier = () -> loadKeyStoreFromFile(file, password, keyStoreType); + this.keyStoreSupplier = () -> KeyStoreBuilder.withType(keyStoreType).fromFile(file, password).build(); this.keyStorePassword = password; return this; } @@ -112,23 +92,6 @@ public class AthenzSslContextBuilder { return keyManagerFactory.getKeyManagers(); } - private static KeyStore loadKeyStoreFromFile(File file, char[] password, KeyStoreType keyStoreType) - throws IOException, GeneralSecurityException{ - KeyStore keyStore = keyStoreType.createKeystore(); - try (FileInputStream in = new FileInputStream(file)) { - keyStore.load(in, password); - } - return keyStore; - } - - private KeyStore createJksKeyStore(PrivateKey privateKey, X509Certificate certificate, char[] password) - throws GeneralSecurityException, IOException{ - KeyStore keyStore = KeyStoreType.JKS.createKeystore(); - keyStore.load(null); - keyStore.setKeyEntry("athenz-identity", privateKey, password, new Certificate[]{certificate}); - return keyStore; - } - private interface KeyStoreSupplier { KeyStore get() throws IOException, GeneralSecurityException; } |