diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-16 13:23:36 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-17 13:04:36 +0100 |
commit | 332a1c17e472a9816ed638db94dfc34fce1f8392 (patch) | |
tree | c4640fa1fae79e1340ec27a2e97ff511b12ef66f /athenz-identity-provider-service/src/main | |
parent | 29f7dbc63afe64683288d6552aaede77b92cb434 (diff) |
Rewrite InstanceConfirmationServlet as jax-rs resource
Diffstat (limited to 'athenz-identity-provider-service/src/main')
3 files changed, 53 insertions, 69 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java index b26b3e8ee18..c4b54d73ec3 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java @@ -15,7 +15,6 @@ import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProvid import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.AthenzCertificateClient; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.CertificateClient; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.IdentityDocumentGenerator; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.InstanceConfirmationServlet; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.InstanceValidator; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.KeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.SecretStoreKeyProvider; @@ -115,9 +114,6 @@ public class AthenzInstanceProviderService extends AbstractComponent { CertificateSignerServlet certificateSignerServlet = new CertificateSignerServlet(certificateSigner); handler.addServletWithMapping(new ServletHolder(certificateSignerServlet), config.apiPath() + "/sign"); - InstanceConfirmationServlet instanceConfirmationServlet = new InstanceConfirmationServlet(instanceValidator); - handler.addServletWithMapping(new ServletHolder(instanceConfirmationServlet), config.apiPath() + "/instance"); - handler.addServletWithMapping(StatusServlet.class, "/status.html"); server.setHandler(handler); return server; diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceConfirmationResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceConfirmationResource.java new file mode 100644 index 00000000000..a8b837a3486 --- /dev/null +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceConfirmationResource.java @@ -0,0 +1,53 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; + +import com.google.inject.Inject; +import com.yahoo.config.model.api.SuperModelProvider; +import com.yahoo.config.provision.Zone; +import com.yahoo.container.jaxrs.annotation.Component; +import com.yahoo.jdisc.http.SecretStore; +import com.yahoo.log.LogLevel; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.InstanceConfirmation; + +import javax.ws.rs.Consumes; +import javax.ws.rs.ForbiddenException; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import java.util.logging.Logger; + +import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig; + +/** + * @author bjorncs + */ +@Path("/instance") +public class InstanceConfirmationResource { + + private static final Logger log = Logger.getLogger(InstanceConfirmationResource.class.getName()); + + private final InstanceValidator instanceValidator; + + @Inject + public InstanceConfirmationResource(@Component AthenzProviderServiceConfig config, + @Component SecretStore secretStore, + @Component SuperModelProvider superModelProvider, + @Component Zone zone) { + AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); + SecretStoreKeyProvider keyProvider = new SecretStoreKeyProvider(secretStore, zoneConfig.secretName()); + this.instanceValidator = new InstanceValidator(keyProvider, superModelProvider); + } + + @POST + @Consumes(MediaType.APPLICATION_JSON) + @Produces(MediaType.APPLICATION_JSON) + public InstanceConfirmation confirmInstance(InstanceConfirmation instanceConfirmation) { + if (!instanceValidator.isValidInstance(instanceConfirmation)) { + log.log(LogLevel.ERROR, "Invalid instance: " + instanceConfirmation); + throw new ForbiddenException("Instance is invalid"); + } + return instanceConfirmation; + } +} diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceConfirmationServlet.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceConfirmationServlet.java deleted file mode 100644 index 766b95b443b..00000000000 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceConfirmationServlet.java +++ /dev/null @@ -1,65 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; - -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.yahoo.log.LogLevel; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.InstanceConfirmation; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.Reader; -import java.util.logging.Logger; -import java.util.stream.Collectors; - -/** - * A Servlet implementing the Athenz Service Provider InstanceConfirmation API - * - * @author bjorncs - */ -public class InstanceConfirmationServlet extends HttpServlet { - - private static final Logger log = Logger.getLogger(InstanceConfirmationServlet.class.getName()); - - private final InstanceValidator instanceValidator; - - public InstanceConfirmationServlet(InstanceValidator instanceValidator) { - this.instanceValidator = instanceValidator; - } - - @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - // TODO Validate that request originates from ZTS - try { - String confirmationContent = toString(req.getReader()); - log.log(LogLevel.DEBUG, () -> "Confirmation content: " + confirmationContent); - InstanceConfirmation instanceConfirmation = - Utils.getMapper().readValue(confirmationContent, InstanceConfirmation.class); - log.log(LogLevel.DEBUG, () -> "Parsed confirmation content: " + instanceConfirmation.toString()); - if (!instanceValidator.isValidInstance(instanceConfirmation)) { - String message = "Invalid instance: " + instanceConfirmation; - log.log(LogLevel.ERROR, message); - resp.sendError(HttpServletResponse.SC_FORBIDDEN, message); - } else { - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/json"); - resp.getWriter().write(Utils.getMapper().writeValueAsString(instanceConfirmation)); - } - } catch (JsonParseException | JsonMappingException e) { - String message = "InstanceConfirmation is not valid JSON"; - log.log(LogLevel.ERROR, message, e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, message); - } - } - - private static String toString(Reader reader) throws IOException { - try (BufferedReader bufferedReader = new BufferedReader(reader)) { - return bufferedReader.lines().collect(Collectors.joining("\n")); - } - } - -} |