From 4607700cc4eb4682800e6d9ba54e84973ddc93e3 Mon Sep 17 00:00:00 2001 From: Jon Marius Venstad Date: Thu, 6 Jun 2019 13:32:46 +0200 Subject: Support creating controller client from key/cert strings --- .../ai/vespa/hosted/api/ControllerHttpClient.java | 33 ++++++++++++++++++++-- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java b/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java index 5a38154b7c0..421d946c5db 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/ControllerHttpClient.java @@ -6,7 +6,9 @@ import com.yahoo.config.provision.ApplicationName; import com.yahoo.config.provision.Environment; import com.yahoo.config.provision.TenantName; import com.yahoo.config.provision.zone.ZoneId; +import com.yahoo.security.KeyUtils; import com.yahoo.security.SslContextBuilder; +import com.yahoo.security.X509CertificateUtils; import com.yahoo.slime.ArrayTraverser; import com.yahoo.slime.Cursor; import com.yahoo.slime.Inspector; @@ -62,11 +64,21 @@ public abstract class ControllerHttpClient { .build(); } + /** Creates an HTTP client against the given endpoint, which uses the given key to authenticate as the given application. */ + public static ControllerHttpClient withSignatureKey(URI endpoint, String privateKey, ApplicationId id) { + return new SigningControllerHttpClient(endpoint, privateKey, id); + } + /** Creates an HTTP client against the given endpoint, which uses the given key to authenticate as the given application. */ public static ControllerHttpClient withSignatureKey(URI endpoint, Path privateKeyFile, ApplicationId id) { return new SigningControllerHttpClient(endpoint, privateKeyFile, id); } + /** Creates an HTTP client against the given endpoint, which uses the given private key and certificate identity. */ + public static ControllerHttpClient withKeyAndCertificate(URI endpoint, String privateKey, String certificate) { + return new MutualTlsControllerHttpClient(endpoint, privateKey, certificate); + } + /** Creates an HTTP client against the given endpoint, which uses the given private key and certificate identity. */ public static ControllerHttpClient withKeyAndCertificate(URI endpoint, Path privateKeyFile, Path certificateFile) { return new MutualTlsControllerHttpClient(endpoint, privateKeyFile, certificateFile); @@ -299,9 +311,13 @@ public abstract class ControllerHttpClient { private final RequestSigner signer; - private SigningControllerHttpClient(URI endpoint, Path privateKeyFile, ApplicationId id) { + private SigningControllerHttpClient(URI endpoint, String privateKey, ApplicationId id) { super(endpoint, HttpClient.newBuilder()); - this.signer = new RequestSigner(unchecked(() -> Files.readString(privateKeyFile, UTF_8)), id.serializedForm()); + this.signer = new RequestSigner(privateKey, id.serializedForm()); + } + + private SigningControllerHttpClient(URI endpoint, Path privateKeyFile, ApplicationId id) { + this(endpoint, unchecked(() -> Files.readString(privateKeyFile, UTF_8)), id); } @Override @@ -317,7 +333,18 @@ public abstract class ControllerHttpClient { private MutualTlsControllerHttpClient(URI endpoint, Path privateKeyFile, Path certificateFile) { super(endpoint, - HttpClient.newBuilder().sslContext(new SslContextBuilder().withKeyStore(privateKeyFile, certificateFile).build())); + HttpClient.newBuilder() + .sslContext(new SslContextBuilder().withKeyStore(privateKeyFile, + certificateFile) + .build())); + } + + private MutualTlsControllerHttpClient(URI endpoint, String privateKey, String certificate) { + super(endpoint, + HttpClient.newBuilder() + .sslContext(new SslContextBuilder().withKeyStore(KeyUtils.fromPemEncodedPrivateKey(privateKey), + X509CertificateUtils.certificateListFromPem(certificate)) + .build())); } } -- cgit v1.2.3