From 0a460947d054f187c8c5ff8d9426b4fc4a4cfadf Mon Sep 17 00:00:00 2001
From: Morten Tokle <mortent@oath.com>
Date: Fri, 16 Mar 2018 11:10:34 +0100
Subject: Replace AthenzSslContextProvider with SiaAthenzSslContextProvider

---
 .../java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java     | 4 ++++
 vespa-athenz/src/main/resources/configdefinitions/sia-provider.def    | 1 +
 2 files changed, 5 insertions(+)

(limited to 'vespa-athenz')

diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
index c050ddce2c6..67d8c20d6a1 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java
@@ -7,6 +7,7 @@ import com.yahoo.vespa.athenz.api.AthenzDomain;
 import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate;
 import com.yahoo.vespa.athenz.api.AthenzService;
 import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder;
+import com.yahoo.vespa.athenz.tls.KeyStoreType;
 
 import javax.net.ssl.SSLContext;
 import java.io.File;
@@ -22,11 +23,13 @@ public class SiaIdentityProvider implements AthenzIdentityProvider {
     private final AthenzDomain domain;
     private final AthenzService service;
     private final String path;
+    private final String trustStorePath;
 
     public SiaIdentityProvider(SiaProviderConfig siaProviderConfig) {
         this.domain = new AthenzDomain(siaProviderConfig.athenzDomain());
         this.service = new AthenzService(domain, siaProviderConfig.athenzService());
         this.path = siaProviderConfig.keyPathPrefix();
+        this.trustStorePath = siaProviderConfig.trustStorePath();
     }
 
     @Override
@@ -45,6 +48,7 @@ public class SiaIdentityProvider implements AthenzIdentityProvider {
         PrivateKey privateKey = Crypto.loadPrivateKey(Paths.get(path, "keys", String.format("%s.%s.key.pem", getDomain(),getService())).toFile());
 
         return new AthenzSslContextBuilder()
+                .withTrustStore(new File(trustStorePath), KeyStoreType.JKS)
                 .withIdentityCertificate(new AthenzIdentityCertificate(certificate, privateKey))
                 .build();
     }
diff --git a/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def b/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def
index f668ef544f7..14fe0741a60 100644
--- a/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def
+++ b/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def
@@ -4,3 +4,4 @@ namespace=vespa.athenz.identity
 athenzDomain string
 athenzService string
 keyPathPrefix string
+trustStorePath string
\ No newline at end of file
-- 
cgit v1.2.3