diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2017-10-31 14:35:53 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-31 14:35:53 +0100 |
commit | 2eb4abb76f4c7169a48f317b94fcff560de81205 (patch) | |
tree | 2e2dec3f08c6d7cb1c233a6f947a0a1624dd3c75 | |
parent | d28ab5ee8f5611a99a8f673cf35983adff62c338 (diff) | |
parent | 19e135d381c55b2674eb911b6350114e424d8f41 (diff) |
Merge pull request #3951 from vespa-engine/bjorncs/athenz-identity-provider-cleanup
Bjorncs/athenz identity provider cleanup
-rw-r--r-- | athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java | 2 | ||||
-rw-r--r-- | container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java | 8 | ||||
-rw-r--r-- | container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java | 112 | ||||
-rw-r--r-- | container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzService.java | 82 | ||||
-rw-r--r-- | container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java | 97 | ||||
-rw-r--r-- | container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/InstanceRefreshInformation.java | 24 | ||||
-rw-r--r-- | container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/SignedIdentityDocument.java | 30 | ||||
-rw-r--r-- | container-disc/src/test/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImplTest.java (renamed from container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java) | 9 |
8 files changed, 250 insertions, 114 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java index 668444e2769..e66130332ac 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java @@ -66,6 +66,7 @@ public class AthenzInstanceProviderService extends AbstractComponent { config, keyProvider, sslContextFactory, nodeRepository, zone); AthenzCertificateUpdater reloader = new AthenzCertificateUpdater(certificateClient, sslContextFactory, keyProvider, config); + // TODO Configurable update frequency scheduler.scheduleAtFixedRate(reloader, 0, 1, TimeUnit.DAYS); try { jetty.start(); @@ -117,6 +118,7 @@ public class AthenzInstanceProviderService extends AbstractComponent { private static class AthenzCertificateUpdater implements Runnable { + // TODO Make expiry a configuration parameter private static final TemporalAmount EXPIRY_TIME = Duration.ofDays(30); private static final Logger log = Logger.getLogger(AthenzCertificateUpdater.class.getName()); diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java index e5b8bc9bb01..19e04e0ae01 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java @@ -6,8 +6,8 @@ package com.yahoo.container.jdisc.athenz; */ public interface AthenzIdentityProvider { - public String getNToken(); - public String getX509Cert(); - public String domain(); - public String service(); + String getNToken(); + String getX509Cert(); + String domain(); + String service(); } diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java index 483a4170dfb..d2c914fc209 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java @@ -1,37 +1,22 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.container.jdisc.athenz.impl; -import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.google.inject.Inject; import com.yahoo.component.AbstractComponent; import com.yahoo.container.core.identity.IdentityConfig; import com.yahoo.container.jdisc.athenz.AthenzIdentityProvider; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.ExtensionsGenerator; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.GeneralNames; -import org.bouncycastle.openssl.jcajce.JcaPEMWriter; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; -import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; -import org.bouncycastle.util.io.pem.PemObject; -import javax.security.auth.x500.X500Principal; import java.io.IOException; -import java.io.StringWriter; import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; /** * @author mortent */ public final class AthenzIdentityProviderImpl extends AbstractComponent implements AthenzIdentityProvider { + private final ObjectMapper objectMapper = new ObjectMapper(); + private InstanceIdentity instanceIdentity; private final String dnsSuffix; @@ -45,95 +30,26 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen } // Test only - public AthenzIdentityProviderImpl(IdentityConfig config, ServiceProviderApi serviceProviderApi, AthenzService athenzService) throws IOException { - KeyPair keyPair = createKeyPair(); + AthenzIdentityProviderImpl(IdentityConfig config, + ServiceProviderApi serviceProviderApi, + AthenzService athenzService) throws IOException { + KeyPair keyPair = CryptoUtils.createKeyPair(); this.domain = config.domain(); this.service = config.service(); - String signedIdentityDocument = serviceProviderApi.getSignedIdentityDocument(); - String ztsEndpoint = getZtsEndpoint(signedIdentityDocument); - this.dnsSuffix = getDnsSuffix(signedIdentityDocument); - this.providerUniqueId = getProviderUniqueId(signedIdentityDocument); - String providerServiceName = getProviderServiceName(signedIdentityDocument); + String rawDocument = serviceProviderApi.getSignedIdentityDocument(); + SignedIdentityDocument document = objectMapper.readValue(rawDocument, SignedIdentityDocument.class); + this.dnsSuffix = document.dnsSuffix; + this.providerUniqueId = document.providerUniqueId; InstanceRegisterInformation instanceRegisterInformation = new InstanceRegisterInformation( - providerServiceName, + document.providerService, this.domain, this.service, - signedIdentityDocument, - createCSR(keyPair), + rawDocument, + CryptoUtils.toPem(CryptoUtils.createCSR(domain, service, dnsSuffix, providerUniqueId, keyPair)), true ); - instanceIdentity = athenzService.sendInstanceRegisterRequest(instanceRegisterInformation, ztsEndpoint); - } - - private static String getProviderUniqueId(String signedIdentityDocument) throws IOException { - return getJsonNode(signedIdentityDocument, "provider-unique-id"); - } - - private static String getDnsSuffix(String signedIdentityDocument) throws IOException { - return getJsonNode(signedIdentityDocument, "dns-suffix"); - } - - private static String getProviderServiceName(String signedIdentityDocument) throws IOException { - return getJsonNode(signedIdentityDocument, "provider-service"); - } - - private static String getZtsEndpoint(String signedIdentityDocument) throws IOException { - return getJsonNode(signedIdentityDocument, "zts-endpoint"); - } - - private static String getJsonNode(String jsonString, String path) throws IOException { - ObjectMapper mapper = new ObjectMapper(); - JsonNode jsonNode = mapper.readTree(jsonString); - return jsonNode.get(path).asText(); - } - - private static KeyPair createKeyPair() { - try { - KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); - return kpg.generateKeyPair(); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - } - - private String createCSR(KeyPair keyPair) throws IOException { - - try { - // Add SAN dnsname <service>.<domain-with-dashes>.<provider-dnsname-suffix> - // and SAN dnsname <provider-unique-instance-id>.instanceid.athenz.<provider-dnsname-suffix> - GeneralNames subjectAltNames = new GeneralNames(new GeneralName[]{ - new GeneralName(GeneralName.dNSName, String.format("%s.%s.%s", - service(), - domain().replace(".", "-"), - dnsSuffix)), - new GeneralName(GeneralName.dNSName, String.format("%s.instanceid.athenz.%s", - providerUniqueId, - dnsSuffix)) - }); - - ExtensionsGenerator extGen = new ExtensionsGenerator(); - extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); - - X500Principal subject = new X500Principal( - String.format("CN=%s.%s", domain(), service())); - - PKCS10CertificationRequestBuilder requestBuilder = - new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic()); - requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); - PKCS10CertificationRequest csr = requestBuilder.build( - new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())); - - PemObject pemObject = new PemObject("CERTIFICATE REQUEST", csr.getEncoded()); - try (StringWriter stringWriter = new StringWriter()) { - try (JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { - pemWriter.writeObject(pemObject); - return stringWriter.toString(); - } - } - } catch (OperatorCreationException e) { - throw new RuntimeException(e); - } + instanceIdentity = athenzService.sendInstanceRegisterRequest( instanceRegisterInformation, document.ztsEndpoint); } @Override diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzService.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzService.java index c259b01876c..dc1f8956def 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzService.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzService.java @@ -1,10 +1,12 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.container.jdisc.athenz.impl; +import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.client.methods.RequestBuilder; +import org.apache.http.conn.ssl.SSLContextBuilder; import org.apache.http.entity.ContentType; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; @@ -12,24 +14,70 @@ import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.util.EntityUtils; import org.eclipse.jetty.http.HttpStatus; +import javax.net.ssl.SSLContext; import java.io.IOException; +import java.io.UncheckedIOException; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; /** * @author mortent + * @author bjorncs */ public class AthenzService { + private static final String INSTANCE_API_PATH = "zts/v1/instance"; + + private final ObjectMapper objectMapper = new ObjectMapper(); + /** * Send instance register request to ZTS, get InstanceIdentity */ - public InstanceIdentity sendInstanceRegisterRequest(InstanceRegisterInformation instanceRegisterInformation, String athenzUrl) { + public InstanceIdentity sendInstanceRegisterRequest(InstanceRegisterInformation instanceRegisterInformation, + String ztsEndpoint) { try(CloseableHttpClient client = HttpClientBuilder.create().build()) { - ObjectMapper objectMapper = new ObjectMapper(); HttpUriRequest postRequest = RequestBuilder.post() - .setUri(athenzUrl + "zts/v1/instance") - .setEntity(new StringEntity(objectMapper.writeValueAsString(instanceRegisterInformation), ContentType.APPLICATION_JSON)) + .setUri(ztsEndpoint + INSTANCE_API_PATH) + .setEntity(toJsonStringEntity(instanceRegisterInformation)) .build(); - CloseableHttpResponse response = client.execute(postRequest); + return getInstanceIdentity(client, postRequest); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + public InstanceIdentity sendInstanceRefreshRequest(String providerService, + String instanceDomain, + String instanceServiceName, + String instanceId, + InstanceRefreshInformation instanceRefreshInformation, + String ztsEndpoint, + X509Certificate certicate, + PrivateKey privateKey) { + try (CloseableHttpClient client = createHttpClientWithTlsAuth(certicate, privateKey)) { + String uri = String.format("%s/%s/%s/%s/%s", + ztsEndpoint + INSTANCE_API_PATH, + providerService, instanceDomain, instanceServiceName, instanceId); + HttpUriRequest postRequest = RequestBuilder.post() + .setUri(uri) + .setEntity(toJsonStringEntity(instanceRefreshInformation)) + .build(); + return getInstanceIdentity(client, postRequest); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + private InstanceIdentity getInstanceIdentity(CloseableHttpClient client, HttpUriRequest postRequest) + throws IOException { + try (CloseableHttpResponse response = client.execute(postRequest)) { if(HttpStatus.isSuccess(response.getStatusLine().getStatusCode())) { return objectMapper.readValue(response.getEntity().getContent(), InstanceIdentity.class); } else { @@ -37,8 +85,30 @@ public class AthenzService { throw new RuntimeException(String.format("Unable to get identity. http code/message: %d/%s", response.getStatusLine().getStatusCode(), message)); } - } catch (IOException e) { + } + } + + private StringEntity toJsonStringEntity(Object value) throws JsonProcessingException { + return new StringEntity(objectMapper.writeValueAsString(value), ContentType.APPLICATION_JSON); + } + + private static CloseableHttpClient createHttpClientWithTlsAuth(X509Certificate certificate, PrivateKey privateKey) { + try { + String dummyPassword = "athenz"; + KeyStore keyStore = KeyStore.getInstance("JKS"); + keyStore.load(null); + keyStore.setKeyEntry("athenz", privateKey, dummyPassword.toCharArray(), new Certificate[]{certificate}); + SSLContext sslContext = new SSLContextBuilder() + .loadKeyMaterial(keyStore, dummyPassword.toCharArray()) + .build(); + return HttpClientBuilder.create() + .setSslcontext(sslContext) + .build(); + } catch (KeyStoreException | UnrecoverableKeyException | NoSuchAlgorithmException | + KeyManagementException | CertificateException e) { throw new RuntimeException(e); + } catch (IOException e) { + throw new UncheckedIOException(e); } } } diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java new file mode 100644 index 00000000000..8b24cf94d8a --- /dev/null +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/CryptoUtils.java @@ -0,0 +1,97 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.container.jdisc.athenz.impl; + +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.ExtensionsGenerator; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.openssl.jcajce.JcaPEMWriter; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; +import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder; +import org.bouncycastle.util.io.pem.PemObject; + +import javax.security.auth.x500.X500Principal; +import java.io.IOException; +import java.io.StringReader; +import java.io.StringWriter; +import java.io.UncheckedIOException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.cert.X509Certificate; + +/** + * @author bjorncs + */ +class CryptoUtils { + + private CryptoUtils() {} + + static KeyPair createKeyPair() { + try { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + return kpg.generateKeyPair(); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + } + + static PKCS10CertificationRequest createCSR(String identityDomain, + String identityService, + String dnsSuffix, + String providerUniqueId, + KeyPair keyPair) throws IOException { + try { + // Add SAN dnsname <service>.<domain-with-dashes>.<provider-dnsname-suffix> + // and SAN dnsname <provider-unique-instance-id>.instanceid.athenz.<provider-dnsname-suffix> + GeneralNames subjectAltNames = new GeneralNames(new GeneralName[]{ + new GeneralName(GeneralName.dNSName, String.format("%s.%s.%s", + identityService, + identityDomain.replace(".", "-"), + dnsSuffix)), + new GeneralName(GeneralName.dNSName, String.format("%s.instanceid.athenz.%s", + providerUniqueId, + dnsSuffix)) + }); + + ExtensionsGenerator extGen = new ExtensionsGenerator(); + extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); + + X500Principal subject = new X500Principal( + String.format("CN=%s.%s", identityDomain, identityService)); + + PKCS10CertificationRequestBuilder requestBuilder = + new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic()); + requestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate()); + return requestBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())); + } catch (OperatorCreationException e) { + throw new RuntimeException(e); + } + } + + static String toPem(PKCS10CertificationRequest csr) { + try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { + pemWriter.writeObject(new PemObject("CERTIFICATE REQUEST", csr.getEncoded())); + return stringWriter.toString(); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + static X509Certificate parseCertificate(String pemEncodedCertificate) { + try (PEMParser parser = new PEMParser(new StringReader(pemEncodedCertificate))) { + Object pemObject = parser.readObject(); + if (!(pemObject instanceof X509Certificate)) { + throw new IllegalArgumentException("Expeceted X509Certificate instance, got " + pemObject); + } + return (X509Certificate) pemObject; + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } +} diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/InstanceRefreshInformation.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/InstanceRefreshInformation.java new file mode 100644 index 00000000000..621eafca3bb --- /dev/null +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/InstanceRefreshInformation.java @@ -0,0 +1,24 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.container.jdisc.athenz.impl; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; + +/** + * @author bjorncs + */ +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_NULL) +public class InstanceRefreshInformation { + + @JsonProperty("csr") + private final String csr; + @JsonProperty("token") + private final boolean requestServiceToken; + + public InstanceRefreshInformation(String csr, boolean requestServiceToken) { + this.csr = csr; + this.requestServiceToken = requestServiceToken; + } +} diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/SignedIdentityDocument.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/SignedIdentityDocument.java new file mode 100644 index 00000000000..d302b3d96ce --- /dev/null +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/SignedIdentityDocument.java @@ -0,0 +1,30 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.container.jdisc.athenz.impl; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; + +/** + * @author bjorncs + */ +@JsonIgnoreProperties(ignoreUnknown = true) +@JsonInclude(JsonInclude.Include.NON_NULL) +class SignedIdentityDocument { + public final String providerUniqueId; + public final String dnsSuffix; + public final String providerService; + public final String ztsEndpoint; + + public SignedIdentityDocument(@JsonProperty("provider-unique-id") String providerUniqueId, + @JsonProperty("dns-suffix") String dnsSuffix, + @JsonProperty("provider-service") String providerService, + @JsonProperty("zts-endpoint") String ztsEndpoint) { + this.providerUniqueId = providerUniqueId; + this.dnsSuffix = dnsSuffix; + this.providerService = providerService; + this.ztsEndpoint = ztsEndpoint; + } + +} + diff --git a/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java b/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImplTest.java index 2cf2f8a4031..1f64fb0d379 100644 --- a/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java +++ b/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImplTest.java @@ -1,11 +1,8 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.container.jdisc.athenz; +package com.yahoo.container.jdisc.athenz.impl; import com.yahoo.container.core.identity.IdentityConfig; -import com.yahoo.container.jdisc.athenz.impl.AthenzIdentityProviderImpl; -import com.yahoo.container.jdisc.athenz.impl.AthenzService; -import com.yahoo.container.jdisc.athenz.impl.InstanceIdentity; -import com.yahoo.container.jdisc.athenz.impl.ServiceProviderApi; +import com.yahoo.container.jdisc.athenz.AthenzIdentityProvider; import org.junit.Assert; import org.junit.Test; @@ -19,7 +16,7 @@ import static org.mockito.Mockito.when; /** * @author mortent */ -public class AthenzIdentityProviderTest { +public class AthenzIdentityProviderImplTest { @Test public void ntoken_fetched_on_init() throws IOException { |