removed ClientTlsTrustOptions

Signed-off-by: Sally MacFarlane <[email protected]>

acceptance-tests/src/test/java/tech/pegasys/ethsigner/tests/dsl/signer/EthSignerProcessRunner.java

@@ -238,23 +238,14 @@ private Collection<String> createDownstreamTlsArgs() {
               params.add(pkcsStoreConfig.getPasswordFile().toString());
             });
 
-    clientTlsOptions
-        .getTrustOptions()
-        .ifPresent(
-            downstreamTrustOptions -> {
-              downstreamTrustOptions
-                  .getKnownServerFile()
-                  .ifPresent(
-                      knownServerFile -> {
-                        params.add("--downstream-http-tls-known-servers-file");
-                        params.add(knownServerFile.toAbsolutePath().toString());
-                      });
-
-              if (!downstreamTrustOptions.isCaAuthRequired()) {
-                params.add("--downstream-http-tls-ca-auth-enabled");
-                params.add("false");
-              }
-            });
+    if (clientTlsOptions.getKnownServersFile() != null) {
+      params.add("--downstream-http-tls-known-servers-file");
+      params.add(clientTlsOptions.getKnownServersFile().toAbsolutePath().toString());
+    }
+    if (!clientTlsOptions.isCaAuthEnabled()) {
+      params.add("--downstream-http-tls-ca-auth-enabled");
+      params.add("false");
+    }
 
     return Collections.unmodifiableCollection(params);
   }

acceptance-tests/src/test/java/tech/pegasys/ethsigner/tests/tls/ClientSideTlsAcceptanceTest.java

@@ -22,7 +22,6 @@
 
 import tech.pegasys.ethsigner.core.config.KeyStoreOptions;
 import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsOptions;
-import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsTrustOptions;
 import tech.pegasys.ethsigner.tests.dsl.node.NodeConfiguration;
 import tech.pegasys.ethsigner.tests.dsl.node.NodeConfigurationBuilder;
 import tech.pegasys.ethsigner.tests.dsl.node.NodePorts;
@@ -32,7 +31,6 @@
 import tech.pegasys.ethsigner.tests.tls.support.MockBalanceReporter;
 import tech.pegasys.ethsigner.tests.tls.support.TlsEnabledHttpServerFactory;
 import tech.pegasys.ethsigner.tests.tls.support.client.BasicClientTlsOptions;
-import tech.pegasys.ethsigner.tests.tls.support.client.BasicClientTlsTrustOptions;
 import tech.pegasys.ethsigner.tests.tls.support.client.BasicKeyStoreOptions;
 
 import java.io.IOException;
@@ -112,10 +110,8 @@ private Signer createSigner(
 
     final KeyStoreOptions keyStoreOptions =
         new BasicKeyStoreOptions(presentedCert.getPkcs12File().toPath(), clientPasswordFile);
-    final ClientTlsTrustOptions clientTlsTrustOptions =
-        new BasicClientTlsTrustOptions(fingerPrintFilePath, true);
     final ClientTlsOptions clientTlsOptions =
-        new BasicClientTlsOptions(keyStoreOptions, clientTlsTrustOptions);
+        new BasicClientTlsOptions(keyStoreOptions, fingerPrintFilePath, true);
     builder.withDownstreamTlsOptions(clientTlsOptions);
 
     builder.withHttpRpcPort(listenPort);

acceptance-tests/src/test/java/tech/pegasys/ethsigner/tests/tls/support/client/BasicClientTlsOptions.java

@@ -14,18 +14,22 @@
 
 import tech.pegasys.ethsigner.core.config.KeyStoreOptions;
 import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsOptions;
-import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsTrustOptions;
 
+import java.nio.file.Path;
 import java.util.Optional;
 
 public class BasicClientTlsOptions implements ClientTlsOptions {
   private final Optional<KeyStoreOptions> tlsCertificateOptions;
-  private final Optional<ClientTlsTrustOptions> tlsTrustOptions;
+  private final Path knownServersFile;
+  private final boolean caAuthEnabled;
 
   public BasicClientTlsOptions(
-      final KeyStoreOptions tlsCertificateOptions, final ClientTlsTrustOptions tlsTrustOptions) {
+      final KeyStoreOptions tlsCertificateOptions,
+      final Path knownServersFile,
+      final boolean caAuthEnabled) {
     this.tlsCertificateOptions = Optional.ofNullable(tlsCertificateOptions);
-    this.tlsTrustOptions = Optional.ofNullable(tlsTrustOptions);
+    this.knownServersFile = knownServersFile;
+    this.caAuthEnabled = caAuthEnabled;
   }
 
   @Override
@@ -34,7 +38,12 @@ public Optional<KeyStoreOptions> getKeyStoreOptions() {
   }
 
   @Override
-  public Optional<ClientTlsTrustOptions> getTrustOptions() {
-    return tlsTrustOptions;
+  public Path getKnownServersFile() {
+    return knownServersFile;
+  }
+
+  @Override
+  public boolean isCaAuthEnabled() {
+    return caAuthEnabled;
   }
 }

ethsigner/commandline/src/main/java/tech/pegasys/ethsigner/EthSignerBaseCommand.java

@@ -22,7 +22,6 @@
 import tech.pegasys.ethsigner.core.config.Config;
 import tech.pegasys.ethsigner.core.config.TlsOptions;
 import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsOptions;
-import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsTrustOptions;
 import tech.pegasys.ethsigner.core.signing.ChainIdProvider;
 import tech.pegasys.ethsigner.core.signing.ConfigurationChainId;
 
@@ -198,14 +197,11 @@ public String toString() {
 
   void validateOptions(final CommandLine commandLine, final Logger logger) {
 
-    if (getClientTlsOptions().isPresent()
-        && getClientTlsOptions().get().getTrustOptions().isPresent()) {
-      final ClientTlsTrustOptions clientTlsTrustOptions =
-          getClientTlsOptions().get().getTrustOptions().get();
-      final boolean caAuth = clientTlsTrustOptions.isCaAuthRequired();
-      final Optional<Path> optionsKnownServerFile = clientTlsTrustOptions.getKnownServerFile();
+    if (getClientTlsOptions().isPresent()) {
+      final boolean caAuth = getClientTlsOptions().get().isCaAuthEnabled();
+      final Path optionsKnownServerFile = getClientTlsOptions().get().getKnownServersFile();
       // validate that combination of options is sensible
-      if (optionsKnownServerFile.isEmpty() && !caAuth) {
+      if (optionsKnownServerFile == null && !caAuth) {
         throw new ParameterException(
             commandLine,
             "Missing required argument(s): --downstream-http-tls-known-servers-file must be specified if --downstream-http-tls-ca-auth-enabled=false");

ethsigner/commandline/src/main/java/tech/pegasys/ethsigner/config/tls/client/PicoCliClientTlsOptions.java

@@ -16,7 +16,6 @@
 
 import tech.pegasys.ethsigner.core.config.KeyStoreOptions;
 import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsOptions;
-import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsTrustOptions;
 
 import java.nio.file.Path;
 import java.util.Optional;
@@ -57,14 +56,12 @@ public Optional<KeyStoreOptions> getKeyStoreOptions() {
   }
 
   @Override
-  public Optional<ClientTlsTrustOptions> getTrustOptions() {
-    // don't validate here just send options through if present
-    if (caAuthEnabled && knownServersFile == null) {
-      return Optional.empty();
-    }
-    PicoCliClientTlsTrustOptions trustOptions = new PicoCliClientTlsTrustOptions();
-    trustOptions.setCaAuthEnabled(caAuthEnabled);
-    trustOptions.setKnownServersFile(knownServersFile);
-    return Optional.ofNullable(trustOptions);
+  public boolean isCaAuthEnabled() {
+    return caAuthEnabled;
+  }
+
+  @Override
+  public Path getKnownServersFile() {
+    return knownServersFile;
   }
 }

ethsigner/commandline/src/test/java/tech/pegasys/ethsigner/CommandlineParserClientTlsOptionsTest.java

@@ -20,7 +20,6 @@
 
 import tech.pegasys.ethsigner.core.config.KeyStoreOptions;
 import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsOptions;
-import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsTrustOptions;
 
 import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
@@ -72,7 +71,7 @@ void cmdLineIsValidIfOnlyDownstreamTlsIsEnabled() {
     assertThat(optionalDownstreamTlsOptions.isPresent()).as("Downstream TLS Options").isTrue();
 
     assertThat(optionalDownstreamTlsOptions.isPresent()).as("TLS Enabled").isTrue();
-    assertThat(optionalDownstreamTlsOptions.get().getTrustOptions().isEmpty()).isTrue();
+    assertThat(optionalDownstreamTlsOptions.get().getKnownServersFile()).isNull();
     assertThat(optionalDownstreamTlsOptions.get().getKeyStoreOptions().isEmpty()).isTrue();
   }
 
@@ -107,10 +106,8 @@ void cmdLineIsValidWithAllTlsOptions() {
     assertThat(optionalDownstreamTlsOptions.isPresent()).as("Downstream TLS Options").isTrue();
 
     final ClientTlsOptions clientTlsOptions = optionalDownstreamTlsOptions.get();
-    assertThat(clientTlsOptions.getTrustOptions().isPresent()).isTrue();
-    final ClientTlsTrustOptions clientTlsTrustOptions = clientTlsOptions.getTrustOptions().get();
-    assertThat(clientTlsTrustOptions.getKnownServerFile().get()).isEqualTo(Path.of("./test.txt"));
-    assertThat(clientTlsTrustOptions.isCaAuthRequired()).isFalse();
+    assertThat(clientTlsOptions.getKnownServersFile()).isEqualTo(Path.of("./test.txt"));
+    assertThat(clientTlsOptions.isCaAuthEnabled()).isFalse();
 
     final KeyStoreOptions keyStoreOptions = clientTlsOptions.getKeyStoreOptions().get();
     assertThat(keyStoreOptions.getKeyStoreFile()).isEqualTo(Path.of("./test.ks"));
@@ -161,9 +158,8 @@ void cmdLineIsValidWhenTlsClientCertificateOptionsAreMissing() {
 
     assertThat(result).isTrue();
     final ClientTlsOptions clientTlsOptions = config.getClientTlsOptions().get();
-    final ClientTlsTrustOptions clientTlsTrustOptions = clientTlsOptions.getTrustOptions().get();
-    assertThat(clientTlsTrustOptions.getKnownServerFile().get()).isEqualTo(Path.of("./test.txt"));
-    assertThat(clientTlsTrustOptions.isCaAuthRequired()).isFalse();
+    assertThat(clientTlsOptions.getKnownServersFile()).isEqualTo(Path.of("./test.txt"));
+    assertThat(clientTlsOptions.isCaAuthEnabled()).isFalse();
     assertThat(clientTlsOptions.getKeyStoreOptions().isEmpty()).isTrue();
   }
 
@@ -182,10 +178,8 @@ void cmdLineIsValidIfOnlyDownstreamKnownServerIsSpecified() {
     assertThat(result).isTrue();
 
     final ClientTlsOptions clientTlsOptions = config.getClientTlsOptions().get();
-    assertThat(clientTlsOptions.getTrustOptions().isPresent()).isTrue();
-    final ClientTlsTrustOptions clientTlsTrustOptions = clientTlsOptions.getTrustOptions().get();
-    assertThat(clientTlsTrustOptions.getKnownServerFile().get()).isEqualTo(Path.of("./test.txt"));
-    assertThat(clientTlsTrustOptions.isCaAuthRequired()).isTrue();
+    assertThat(clientTlsOptions.getKnownServersFile()).isEqualTo(Path.of("./test.txt"));
+    assertThat(clientTlsOptions.isCaAuthEnabled()).isTrue();
     assertThat(clientTlsOptions.getKeyStoreOptions().isEmpty()).isTrue();
   }
 

ethsigner/core/src/main/java/tech/pegasys/ethsigner/core/WebClientOptionsFactory.java

@@ -17,7 +17,6 @@
 import tech.pegasys.ethsigner.core.config.Config;
 import tech.pegasys.ethsigner.core.config.KeyStoreOptions;
 import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsOptions;
-import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsTrustOptions;
 import tech.pegasys.ethsigner.core.util.FileUtil;
 
 import java.io.IOException;
@@ -48,29 +47,25 @@ private void applyTlsOptions(final WebClientOptions webClientOptions, final Conf
 
     final ClientTlsOptions clientTlsOptions = optionalClientTlsOptions.get();
 
-    applyTrustOptions(webClientOptions, clientTlsOptions.getTrustOptions());
+    applyTrustOptions(
+        webClientOptions,
+        clientTlsOptions.getKnownServersFile(),
+        clientTlsOptions.isCaAuthEnabled());
     applyKeyStoreOptions(webClientOptions, clientTlsOptions.getKeyStoreOptions());
   }
 
   private void applyTrustOptions(
       final WebClientOptions webClientOptions,
-      final Optional<ClientTlsTrustOptions> optionalTrustOptions) {
+      final Path knownServerFile,
+      final boolean caAuthEnabled) {
 
-    if (optionalTrustOptions.isEmpty()) {
-      return; // CA trust is enabled by default.
-    }
-
-    final Optional<Path> optionalKnownServerFile = optionalTrustOptions.get().getKnownServerFile();
-    final boolean caAuthRequired = optionalTrustOptions.get().isCaAuthRequired();
-
-    if (optionalKnownServerFile.isEmpty() && !caAuthRequired) {
+    if (knownServerFile == null && !caAuthEnabled) {
       throw new InitializationException(
           "Must specify a known-server file if CA-signed option is disabled");
     }
 
     try {
-      webClientOptions.setTrustOptions(
-          whitelistServers(optionalKnownServerFile.get(), caAuthRequired));
+      webClientOptions.setTrustOptions(whitelistServers(knownServerFile, caAuthEnabled));
     } catch (RuntimeException e) {
       throw new InitializationException("Failed to load known server file.", e);
     }

ethsigner/core/src/main/java/tech/pegasys/ethsigner/core/config/tls/client/ClientTlsOptions.java

@@ -14,10 +14,13 @@
 
 import tech.pegasys.ethsigner.core.config.KeyStoreOptions;
 
+import java.nio.file.Path;
 import java.util.Optional;
 
 public interface ClientTlsOptions {
   Optional<KeyStoreOptions> getKeyStoreOptions();
 
-  Optional<ClientTlsTrustOptions> getTrustOptions();
+  Path getKnownServersFile();
+
+  boolean isCaAuthEnabled();
 }