search

palantir / conjure-java-runtime

Opinionated libraries for HTTP&JSON-based RPC using Dialogue, Feign, OkHttp as clients and Jetty/Jersey as servers
Apache License 2.0
80 stars 97 forks source link

Support creating an SslConfiguration from a PEM encoded String #2131

Open mglazer opened 2 years ago

mglazer commented 2 years ago

What happened?

At present, the only acceptable signatures for constructing an SslConfiguration are by supplying a truststore/keystore path on disk, in either PKCS12 or JKS format:

https://github.com/palantir/conjure-java-runtime-api/blob/develop/ssl-config/src/main/java/com/palantir/conjure/java/api/config/ssl/SslConfiguration.java#L97

What did you want to happen?

Internally, we have some services which have no capability of constructing a keystore through normal means, instead, the only mechanism provided for accessing private keys is by passing an encrypted string through to the configuration that is being constructed.

Concretely, we construct our services current like:

conf:
  runtime:
     security:
        key-store-path: /path/to/keystore.jks
        trust-store-path: /path/to/truststore.jks

And we would now like to construct this configuration like:

conf:
  runtime:
    security:
       keys:
          alias: 
              key: PEM_ENCODED_KEY_GOES_HERE
              password: PASSWORD_TO_READ
          alias-2: 
              key: PEM_ENCODED_KEY_GOES_HERE
              password: PASSWORD_TO_READ
        certificates:
          alias: PEM_ENCODED_CERT_GOES_HERE

The above implementation is up for discussion, but it hopefully describes the requirement.

robert3005 commented 2 years ago

You can construct it from PEM encoded file. We support multiple store types https://github.com/palantir/conjure-java-runtime-api/blob/develop/ssl-config/src/main/java/com/palantir/conjure/java/api/config/ssl/SslConfiguration.java#L34-L39