From a804e2b7efa27e473bf9ab03ecb7fa506ab3879d Mon Sep 17 00:00:00 2001 From: Bjørn Christian Seime Date: Thu, 10 Jun 2021 16:32:43 +0200 Subject: Move logic for constructing SSLContext to builder --- .../main/java/ai/vespa/feed/client/ApacheCluster.java | 19 +------------------ .../java/ai/vespa/feed/client/FeedClientBuilder.java | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 18 deletions(-) (limited to 'vespa-feed-client') diff --git a/vespa-feed-client/src/main/java/ai/vespa/feed/client/ApacheCluster.java b/vespa-feed-client/src/main/java/ai/vespa/feed/client/ApacheCluster.java index ae764bc9a3d..163da14cead 100644 --- a/vespa-feed-client/src/main/java/ai/vespa/feed/client/ApacheCluster.java +++ b/vespa-feed-client/src/main/java/ai/vespa/feed/client/ApacheCluster.java @@ -127,7 +127,7 @@ class ApacheCluster implements Cluster { .setInitialWindowSize(Integer.MAX_VALUE) .build()); - SSLContext sslContext = constructSslContext(builder); + SSLContext sslContext = builder.constructSslContext(); String[] allowedCiphers = excludeH2Blacklisted(excludeWeak(sslContext.getSupportedSSLParameters().getCipherSuites())); if (allowedCiphers.length == 0) throw new IllegalStateException("No adequate SSL cipher suites supported by the JVM"); @@ -142,23 +142,6 @@ class ApacheCluster implements Cluster { .build(); } - private static SSLContext constructSslContext(FeedClientBuilder builder) throws IOException { - if (builder.sslContext != null) return builder.sslContext; - SslContextBuilder sslContextBuilder = new SslContextBuilder(); - if (builder.certificateFile != null && builder.privateKeyFile != null) { - sslContextBuilder.withCertificateAndKey(builder.certificateFile, builder.privateKeyFile); - } else if (builder.certificate != null && builder.privateKey != null) { - sslContextBuilder.withCertificateAndKey(builder.certificate, builder.privateKey); - } - if (builder.caCertificatesFile != null) { - sslContextBuilder.withCaCertificates(builder.caCertificatesFile); - } else if (builder.caCertificates != null) { - sslContextBuilder.withCaCertificates(builder.caCertificates); - } - return sslContextBuilder.build(); - } - - private static class ApacheHttpResponse implements HttpResponse { private final SimpleHttpResponse wrapped; diff --git a/vespa-feed-client/src/main/java/ai/vespa/feed/client/FeedClientBuilder.java b/vespa-feed-client/src/main/java/ai/vespa/feed/client/FeedClientBuilder.java index 2c8e62d81c6..df1f3bcd54c 100644 --- a/vespa-feed-client/src/main/java/ai/vespa/feed/client/FeedClientBuilder.java +++ b/vespa-feed-client/src/main/java/ai/vespa/feed/client/FeedClientBuilder.java @@ -150,6 +150,22 @@ public class FeedClientBuilder { } } + SSLContext constructSslContext() throws IOException { + if (sslContext != null) return sslContext; + SslContextBuilder sslContextBuilder = new SslContextBuilder(); + if (certificateFile != null && privateKeyFile != null) { + sslContextBuilder.withCertificateAndKey(certificateFile, privateKeyFile); + } else if (certificate != null && privateKey != null) { + sslContextBuilder.withCertificateAndKey(certificate, privateKey); + } + if (caCertificatesFile != null) { + sslContextBuilder.withCaCertificates(caCertificatesFile); + } else if (caCertificates != null) { + sslContextBuilder.withCaCertificates(caCertificates); + } + return sslContextBuilder.build(); + } + private void validateConfiguration() { if (sslContext != null && ( certificateFile != null || caCertificatesFile != null || privateKeyFile != null || -- cgit v1.2.3