diff options
author | Valerij Fredriksen <valerijf@oath.com> | 2018-03-07 17:03:18 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerijf@oath.com> | 2018-03-07 17:06:28 +0100 |
commit | ee8b173abe1db680dafb7ac5300f5bb437e46e9a (patch) | |
tree | b95e30d2ffc189032615835e71d2fd6076fac9a7 | |
parent | 7c1236b77b7e2264bc6199ac9d3ff974d81462d2 (diff) |
Respond with HTTP-400 when source IP does not match common name
-rw-r--r-- | athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java index ff38b955729..0c6199efdcb 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java @@ -9,6 +9,7 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.BadRequestException; import javax.ws.rs.Consumes; +import javax.ws.rs.ForbiddenException; import javax.ws.rs.InternalServerErrorException; import javax.ws.rs.POST; import javax.ws.rs.Path; @@ -48,6 +49,9 @@ public class CertificateSignerResource { log.log(LogLevel.DEBUG, "Certification request from " + remoteHostname + ": " + csr); X509Certificate certificate = certificateSigner.generateX509Certificate(csr, remoteHostname); return new CertificateSerializedPayload(certificate); + } catch (IllegalArgumentException e) { + log.log(LogLevel.WARNING, e.getMessage()); + throw new ForbiddenException(e.getMessage(), e); } catch (RuntimeException e) { log.log(LogLevel.ERROR, e.getMessage(), e); throw new InternalServerErrorException(e.getMessage(), e); |