blob: b47aa501ecec950e640f20b9e99161337763ce9f (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.model.container.http.ssl;
import com.yahoo.component.ComponentId;
import com.yahoo.container.bundle.BundleInstantiationSpecification;
import com.yahoo.jdisc.http.ConnectorConfig;
import com.yahoo.jdisc.http.ssl.impl.ConfiguredSslContextFactoryProvider;
import com.yahoo.osgi.provider.model.ComponentModel;
import com.yahoo.vespa.model.container.component.SimpleComponent;
import java.util.Optional;
import static com.yahoo.component.ComponentSpecification.fromString;
/**
* Configure SSL with PEM encoded certificate/key strings
*
* @author mortent
* @author andreer
*/
public class ConfiguredDirectSslProvider extends SimpleComponent implements ConnectorConfig.Producer {
public static final String COMPONENT_ID_PREFIX = "configured-ssl-provider@";
public static final String COMPONENT_CLASS = ConfiguredSslContextFactoryProvider.class.getName();
public static final String COMPONENT_BUNDLE = "jdisc_http_service";
private final String privateKey;
private final String certificate;
private final String caCertificatePath;
private final String caCertificate;
private final ConnectorConfig.Ssl.ClientAuth.Enum clientAuthentication;
public ConfiguredDirectSslProvider(String servername, String privateKey, String certificate, String caCertificatePath, String caCertificate, String clientAuthentication) {
super(new ComponentModel(
new BundleInstantiationSpecification(new ComponentId(COMPONENT_ID_PREFIX+servername),
fromString(COMPONENT_CLASS),
fromString(COMPONENT_BUNDLE))));
this.privateKey = privateKey;
this.certificate = certificate;
this.caCertificatePath = caCertificatePath;
this.caCertificate = caCertificate;
this.clientAuthentication = mapToConfigEnum(clientAuthentication);
}
@Override
public void getConfig(ConnectorConfig.Builder builder) {
builder.ssl.enabled(true);
builder.ssl.privateKey(privateKey);
builder.ssl.certificate(certificate);
builder.ssl.caCertificateFile(Optional.ofNullable(caCertificatePath).orElse(""));
builder.ssl.caCertificate(Optional.ofNullable(caCertificate).orElse(""));
builder.ssl.clientAuth(clientAuthentication);
}
public SimpleComponent getComponent() {
return new SimpleComponent(new ComponentModel(getComponentId().stringValue(), COMPONENT_CLASS, COMPONENT_BUNDLE));
}
private static ConnectorConfig.Ssl.ClientAuth.Enum mapToConfigEnum(String clientAuthValue) {
if ("disabled".equals(clientAuthValue)) {
return ConnectorConfig.Ssl.ClientAuth.Enum.DISABLED;
} else if ("want".equals(clientAuthValue)) {
return ConnectorConfig.Ssl.ClientAuth.Enum.WANT_AUTH;
} else if ("need".equals(clientAuthValue)) {
return ConnectorConfig.Ssl.ClientAuth.Enum.NEED_AUTH;
} else {
return ConnectorConfig.Ssl.ClientAuth.Enum.DISABLED;
}
}
}
|