diff options
Diffstat (limited to 'zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java')
-rw-r--r-- | zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java b/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java index 90554910293..100de4894ae 100644 --- a/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java +++ b/zookeeper-server/zookeeper-server/src/main/java/com/yahoo/vespa/zookeeper/VespaMtlsAuthenticationProvider.java @@ -2,10 +2,7 @@ package com.yahoo.vespa.zookeeper; import com.yahoo.security.X509SslContext; -import com.yahoo.security.tls.TlsContext; -import com.yahoo.security.tls.TransportSecurityUtils; import org.apache.zookeeper.KeeperException; -import org.apache.zookeeper.common.ClientX509Util; import org.apache.zookeeper.common.X509Exception; import org.apache.zookeeper.data.Id; import org.apache.zookeeper.server.ServerCnxn; @@ -19,7 +16,7 @@ import java.security.cert.X509Certificate; import java.util.logging.Logger; /** - * A {@link AuthenticationProvider} to be used in combination with Vespa mTLS. + * A {@link AuthenticationProvider} to be used in combination with Vespa mTLS * * @author bjorncs */ @@ -28,7 +25,15 @@ public class VespaMtlsAuthenticationProvider extends X509AuthenticationProvider private static final Logger log = Logger.getLogger(VespaMtlsAuthenticationProvider.class.getName()); public VespaMtlsAuthenticationProvider() { - super(null, null); + super(trustManager(), keyManager()); + } + + private static X509KeyManager keyManager() { + return new VespaSslContextProvider().tlsContext().map(X509SslContext::keyManager).orElse(null); + } + + private static X509TrustManager trustManager() { + return new VespaSslContextProvider().tlsContext().map(X509SslContext::trustManager).orElse(null); } @Override |