summaryrefslogtreecommitdiffstats
path: root/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java
diff options
context:
space:
mode:
Diffstat (limited to 'vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java')
-rw-r--r--vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java43
1 files changed, 3 insertions, 40 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java
index fdf58f9e64b..57fc7d1b581 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzSslContextBuilder.java
@@ -2,7 +2,6 @@
package com.yahoo.vespa.athenz.tls;
import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
@@ -10,14 +9,11 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import java.io.File;
-import java.io.FileInputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
-import java.security.KeyStoreException;
import java.security.PrivateKey;
-import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
/**
@@ -25,22 +21,6 @@ import java.security.cert.X509Certificate;
*/
public class AthenzSslContextBuilder {
- public enum KeyStoreType {
- JKS {
- KeyStore createKeystore() throws KeyStoreException {
- return KeyStore.getInstance("JKS");
- }
- },
- PKCS12 {
- private final BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
-
- KeyStore createKeystore() throws KeyStoreException {
- return KeyStore.getInstance("PKCS12", bouncyCastleProvider);
- }
- };
- abstract KeyStore createKeystore() throws GeneralSecurityException;
- }
-
private KeyStoreSupplier trustStoreSupplier;
private KeyStoreSupplier keyStoreSupplier;
private char[] keyStorePassword;
@@ -48,7 +28,7 @@ public class AthenzSslContextBuilder {
public AthenzSslContextBuilder() {}
public AthenzSslContextBuilder withTrustStore(File file, KeyStoreType trustStoreType) {
- this.trustStoreSupplier = () -> loadKeyStoreFromFile(file, null, trustStoreType);
+ this.trustStoreSupplier = () -> KeyStoreBuilder.withType(trustStoreType).fromFile(file).build();
return this;
}
@@ -63,7 +43,7 @@ public class AthenzSslContextBuilder {
public AthenzSslContextBuilder withKeyStore(PrivateKey privateKey, X509Certificate certificate) {
char[] pwd = new char[0];
- this.keyStoreSupplier = () -> createJksKeyStore(privateKey, certificate, pwd);
+ this.keyStoreSupplier = () -> KeyStoreBuilder.withType(KeyStoreType.JKS).withKeyEntry("athenz", privateKey, certificate).build();
this.keyStorePassword = pwd;
return this;
}
@@ -75,7 +55,7 @@ public class AthenzSslContextBuilder {
}
public AthenzSslContextBuilder withKeyStore(File file, char[] password, KeyStoreType keyStoreType) {
- this.keyStoreSupplier = () -> loadKeyStoreFromFile(file, password, keyStoreType);
+ this.keyStoreSupplier = () -> KeyStoreBuilder.withType(keyStoreType).fromFile(file, password).build();
this.keyStorePassword = password;
return this;
}
@@ -112,23 +92,6 @@ public class AthenzSslContextBuilder {
return keyManagerFactory.getKeyManagers();
}
- private static KeyStore loadKeyStoreFromFile(File file, char[] password, KeyStoreType keyStoreType)
- throws IOException, GeneralSecurityException{
- KeyStore keyStore = keyStoreType.createKeystore();
- try (FileInputStream in = new FileInputStream(file)) {
- keyStore.load(in, password);
- }
- return keyStore;
- }
-
- private KeyStore createJksKeyStore(PrivateKey privateKey, X509Certificate certificate, char[] password)
- throws GeneralSecurityException, IOException{
- KeyStore keyStore = KeyStoreType.JKS.createKeystore();
- keyStore.load(null);
- keyStore.setKeyEntry("athenz-identity", privateKey, password, new Certificate[]{certificate});
- return keyStore;
- }
-
private interface KeyStoreSupplier {
KeyStore get() throws IOException, GeneralSecurityException;
}