Rename EndpointAuthenticator -> Authenticator, and doc fixes

5 files changed, 11 insertions, 103 deletions

diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java b/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java
deleted file mode 100644
index 62b1d2b4c92..00000000000
--- a/hosted-api/src/main/java/ai/vespa/hosted/api/EndpointAuthenticator.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package ai.vespa.hosted.api;
-
-import javax.net.ssl.SSLContext;
-import java.net.http.HttpRequest;
-import java.util.Optional;
-
-/**
- * Adds environment dependent authentication to HTTP request against Vespa deployments.
- *
- * @author jonmv
- */
-public interface EndpointAuthenticator {
-
-    /** Returns an SSLContext which provides authentication against a Vespa endpoint. */
-    SSLContext sslContext();
-
-    /** Adds necessary authentication to the given HTTP request builder, to pass the data plane of a Vespa endpoint. */
-    HttpRequest.Builder authenticated(HttpRequest.Builder request);
-
-}
diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java
deleted file mode 100644
index abb4197bda1..00000000000
--- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/EndpointAuthenticator.java
+++ /dev/null
@@ -1,68 +0,0 @@
-package ai.vespa.hosted.auth;
-
-import com.yahoo.config.provision.SystemName;
-import com.yahoo.security.KeyUtils;
-import com.yahoo.security.SslContextBuilder;
-import com.yahoo.security.X509CertificateUtils;
-
-import javax.net.ssl.SSLContext;
-import java.io.IOException;
-import java.io.UncheckedIOException;
-import java.net.http.HttpRequest;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.time.Instant;
-import java.util.Optional;
-
-import static ai.vespa.hosted.api.Properties.getNonBlankProperty;
-
-/**
- * Authenticates against the hosted Vespa API using private key signatures, and against Vespa applications using mutual TLS.
- *
- * @author jonmv
- */
-public class EndpointAuthenticator implements ai.vespa.hosted.api.EndpointAuthenticator {
-
-    /** Don't touch. */
-    public EndpointAuthenticator(@SuppressWarnings("unused") SystemName __) { }
-
-    /**
-     * If {@code System.getProperty("vespa.test.credentials.root")} is set, key and certificate files
-     * "key" and "cert" in that directory are used; otherwise, the system default SSLContext is returned.
-     */
-    @Override
-    public SSLContext sslContext() {
-        try {
-            Optional<String> credentialsRootProperty = getNonBlankProperty("vespa.test.credentials.root");
-            if (credentialsRootProperty.isEmpty())
-                return SSLContext.getDefault();
-
-            Path credentialsRoot = Path.of(credentialsRootProperty.get());
-            Path certificateFile = credentialsRoot.resolve("cert");
-            Path privateKeyFile = credentialsRoot.resolve("key");
-
-            X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile)));
-            if (   Instant.now().isBefore(certificate.getNotBefore().toInstant())
-                || Instant.now().isAfter(certificate.getNotAfter().toInstant()))
-                throw new IllegalStateException("Certificate at '" + certificateFile + "' is valid between " +
-                                                certificate.getNotBefore() + " and " + certificate.getNotAfter() + " — not now.");
-
-            PrivateKey privateKey = KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyFile)));
-            return new SslContextBuilder().withKeyStore(privateKey, certificate).build();
-        } catch (IOException e) {
-            throw new UncheckedIOException(e);
-        }
-        catch (NoSuchAlgorithmException e) {
-            throw new IllegalStateException(e);
-        }
-    }
-
-    @Override
-    public HttpRequest.Builder authenticated(HttpRequest.Builder request) {
-        return request;
-    }
-
-}
diff --git a/tenant-cd/src/main/java/ai/vespa/hosted/cd/TestRuntime.java b/tenant-cd/src/main/java/ai/vespa/hosted/cd/TestRuntime.java
index 4ae1c0b7a5e..e10d627808f 100644
--- a/tenant-cd/src/main/java/ai/vespa/hosted/cd/TestRuntime.java
+++ b/tenant-cd/src/main/java/ai/vespa/hosted/cd/TestRuntime.java
@@ -1,10 +1,10 @@
 package ai.vespa.hosted.cd;
 
-import ai.vespa.hosted.api.ApiAuthenticator;
-import ai.vespa.hosted.api.EndpointAuthenticator;
+import ai.vespa.hosted.api.Authenticator;
 import ai.vespa.hosted.api.ControllerHttpClient;
 import ai.vespa.hosted.api.Properties;
 import ai.vespa.hosted.api.TestConfig;
+import ai.vespa.hosted.auth.CertificateAndKeyAuthenticator;
 import ai.vespa.hosted.cd.http.HttpDeployment;
 import com.yahoo.config.provision.ApplicationId;
 import com.yahoo.config.provision.Environment;
@@ -29,7 +29,7 @@ public class TestRuntime {
     private final Map<String, Deployment> productionDeployments;
     private final Deployment deploymentToTest;
 
-    private TestRuntime(TestConfig config, EndpointAuthenticator authenticator) {
+    private TestRuntime(TestConfig config, Authenticator authenticator) {
         this.config = config;
         this.productionDeployments = config.deployments().entrySet().stream()
                                            .filter(zoneDeployment -> zoneDeployment.getKey().environment() == Environment.prod)
@@ -41,7 +41,7 @@ public class TestRuntime {
     }
 
     /**
-     * Returns the config for this test, or null if it has not been provided.
+     * Returns the config and authenticator to use when running integration tests.
      *
      * If the system property {@code "vespa.test.config"} is set (to a file path), a file at that location
      * is attempted read, and config parsed from it.
@@ -55,13 +55,13 @@ public class TestRuntime {
             String configPath = System.getProperty("vespa.test.config");
             TestConfig config = configPath != null ? fromFile(configPath) : fromController();
             theRuntime = new TestRuntime(config,
-                                         new ai.vespa.hosted.auth.EndpointAuthenticator(config.system()));
+                                         new CertificateAndKeyAuthenticator(config.system()));
         }
         return theRuntime;
     }
 
     /** Returns a copy of this runtime, with the given endpoint authenticator. */
-    public TestRuntime with(EndpointAuthenticator authenticator) {
+    public TestRuntime with(Authenticator authenticator) {
         return new TestRuntime(config, authenticator);
     }
 
diff --git a/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpDeployment.java b/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpDeployment.java
index 22c622effae..04cebcf50b2 100644
--- a/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpDeployment.java
+++ b/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpDeployment.java
@@ -1,6 +1,6 @@
 package ai.vespa.hosted.cd.http;
 
-import ai.vespa.hosted.api.EndpointAuthenticator;
+import ai.vespa.hosted.api.Authenticator;
 import ai.vespa.hosted.cd.TestDeployment;
 import ai.vespa.hosted.cd.TestEndpoint;
 import com.yahoo.config.provision.Environment;
@@ -22,7 +22,7 @@ public class HttpDeployment implements TestDeployment {
     private final Map<String, HttpEndpoint> endpoints;
 
     /** Creates a representation of the given deployment endpoints, using the authenticator for data plane access. */
-    public HttpDeployment(Map<String, URI> endpoints, ZoneId zone, EndpointAuthenticator authenticator) {
+    public HttpDeployment(Map<String, URI> endpoints, ZoneId zone, Authenticator authenticator) {
         this.zone = zone;
         this.endpoints = endpoints.entrySet().stream()
                 .collect(Collectors.toUnmodifiableMap(entry -> entry.getKey(),
diff --git a/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java b/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java
index 17703d8fbab..a9d8f2e7cc5 100644
--- a/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java
+++ b/tenant-cd/src/main/java/ai/vespa/hosted/cd/http/HttpEndpoint.java
@@ -1,9 +1,6 @@
 package ai.vespa.hosted.cd.http;
 
-import ai.vespa.hosted.api.EndpointAuthenticator;
-import com.yahoo.slime.Inspector;
-import com.yahoo.slime.JsonDecoder;
-import com.yahoo.slime.Slime;
+import ai.vespa.hosted.api.Authenticator;
 import ai.vespa.hosted.cd.Digest;
 import ai.vespa.hosted.cd.Feed;
 import ai.vespa.hosted.cd.Query;
@@ -14,7 +11,6 @@ import ai.vespa.hosted.cd.Visit;
 import ai.vespa.hosted.cd.metric.Metrics;
 
 import java.io.IOException;
-import java.io.UncheckedIOException;
 import java.net.URI;
 import java.net.http.HttpClient;
 import java.net.http.HttpRequest;
@@ -37,9 +33,9 @@ public class HttpEndpoint implements TestEndpoint {
 
     private final URI endpoint;
     private final HttpClient client;
-    private final EndpointAuthenticator authenticator;
+    private final Authenticator authenticator;
 
-    public HttpEndpoint(URI endpoint, EndpointAuthenticator authenticator) {
+    public HttpEndpoint(URI endpoint, Authenticator authenticator) {
         this.endpoint = requireNonNull(endpoint);
         this.authenticator = requireNonNull(authenticator);
         this.client = HttpClient.newBuilder()