diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2018-03-07 17:15:37 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-03-07 17:15:37 +0100 |
commit | 25ff6f44faab887decc871e42b744fc5c06c1178 (patch) | |
tree | 5eae200937434ab89c8df29c3c7713c475f30a2c | |
parent | f509303b9d51b33382d3c2635cb6e0b1fef4b00a (diff) | |
parent | ee8b173abe1db680dafb7ac5300f5bb437e46e9a (diff) |
Merge pull request #5243 from vespa-engine/freva/respond-with-400-when-source-ip-does-not-match-common-name
Respond with HTTP-400 when source IP does not match common name
-rw-r--r-- | athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java index ff38b955729..0c6199efdcb 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java @@ -9,6 +9,7 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.BadRequestException; import javax.ws.rs.Consumes; +import javax.ws.rs.ForbiddenException; import javax.ws.rs.InternalServerErrorException; import javax.ws.rs.POST; import javax.ws.rs.Path; @@ -48,6 +49,9 @@ public class CertificateSignerResource { log.log(LogLevel.DEBUG, "Certification request from " + remoteHostname + ": " + csr); X509Certificate certificate = certificateSigner.generateX509Certificate(csr, remoteHostname); return new CertificateSerializedPayload(certificate); + } catch (IllegalArgumentException e) { + log.log(LogLevel.WARNING, e.getMessage()); + throw new ForbiddenException(e.getMessage(), e); } catch (RuntimeException e) { log.log(LogLevel.ERROR, e.getMessage(), e); throw new InternalServerErrorException(e.getMessage(), e); |