conjure-java-runtime icon indicating copy to clipboard operation
conjure-java-runtime copied to clipboard

Published 20 hours ago verified publisher icon palantir

Support creating an SslConfiguration from a PEM encoded String

Open mglazer opened this issue 4 years ago • 1 comments

What happened?

At present, the only acceptable signatures for constructing an SslConfiguration are by supplying a truststore/keystore path on disk, in either PKCS12 or JKS format:

https://github.com/palantir/conjure-java-runtime-api/blob/develop/ssl-config/src/main/java/com/palantir/conjure/java/api/config/ssl/SslConfiguration.java#L97

What did you want to happen?

Internally, we have some services which have no capability of constructing a keystore through normal means, instead, the only mechanism provided for accessing private keys is by passing an encrypted string through to the configuration that is being constructed.

Concretely, we construct our services current like:

conf:
  runtime:
     security:
        key-store-path: /path/to/keystore.jks
        trust-store-path: /path/to/truststore.jks

And we would now like to construct this configuration like:

conf:
  runtime:
    security:
       keys:
          alias: 
              key: PEM_ENCODED_KEY_GOES_HERE
              password: PASSWORD_TO_READ
          alias-2: 
              key: PEM_ENCODED_KEY_GOES_HERE
              password: PASSWORD_TO_READ
        certificates:
          alias: PEM_ENCODED_CERT_GOES_HERE

The above implementation is up for discussion, but it hopefully describes the requirement.

mglazer avatar Oct 08 '21 13:10 mglazer

You can construct it from PEM encoded file. We support multiple store types https://github.com/palantir/conjure-java-runtime-api/blob/develop/ssl-config/src/main/java/com/palantir/conjure/java/api/config/ssl/SslConfiguration.java#L34-L39

robert3005 avatar Oct 08 '21 14:10 robert3005