diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-16 14:16:22 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-17 13:05:30 +0100 |
commit | 465099b2275eeb0c66bd5ac68038ed4f70f98cf6 (patch) | |
tree | 6ba407ce27837712405afc9c058913704196e42f /athenz-identity-provider-service/src/main | |
parent | c64cebf128c0b5cb79270d516d0b567ee7938a3e (diff) |
Make KeyProvider an injectable component
Diffstat (limited to 'athenz-identity-provider-service/src/main')
9 files changed, 27 insertions, 28 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java index 67f07875243..7910650ed5e 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzSslKeyStoreConfigurator.java @@ -5,13 +5,11 @@ import com.google.inject.Inject; import com.yahoo.component.AbstractComponent; import com.yahoo.config.provision.SystemName; import com.yahoo.config.provision.Zone; -import com.yahoo.jdisc.http.SecretStore; import com.yahoo.jdisc.http.ssl.SslKeyStoreConfigurator; import com.yahoo.jdisc.http.ssl.SslKeyStoreContext; import com.yahoo.log.LogLevel; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.AthenzCertificateClient; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.SecretStoreKeyProvider; import java.security.KeyStore; import java.security.PrivateKey; @@ -31,6 +29,7 @@ import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.g * @author bjorncs */ // TODO Cache certificate on disk +@SuppressWarnings("unused") // Component injected into Jetty connector factory public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements SslKeyStoreConfigurator { private static final Logger log = Logger.getLogger(AthenzSslKeyStoreConfigurator.class.getName()); // TODO Make expiry and update frequency configurable parameters @@ -39,18 +38,18 @@ public class AthenzSslKeyStoreConfigurator extends AbstractComponent implements private final ScheduledExecutorService scheduler = Executors.newSingleThreadScheduledExecutor(); private final AthenzCertificateClient certificateClient; - private final SecretStoreKeyProvider keyProvider; + private final KeyProvider keyProvider; private final AthenzProviderServiceConfig.Zones zoneConfig; private final AtomicBoolean alreadyConfigured = new AtomicBoolean(); private final Zone zone; @Inject - public AthenzSslKeyStoreConfigurator(SecretStore secretStore, + public AthenzSslKeyStoreConfigurator(KeyProvider keyProvider, AthenzProviderServiceConfig config, Zone zone) { AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); this.certificateClient = new AthenzCertificateClient(config, zoneConfig); - this.keyProvider = new SecretStoreKeyProvider(secretStore, zoneConfig.secretName()); + this.keyProvider = keyProvider; this.zoneConfig = zoneConfig; this.zone = zone; } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/KeyProvider.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/KeyProvider.java index 5a1d7e3c1ff..a72a2fcbc6c 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/KeyProvider.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/KeyProvider.java @@ -1,5 +1,5 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; +package com.yahoo.vespa.hosted.athenz.instanceproviderservice; import java.security.PrivateKey; import java.security.PublicKey; diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java index 2e00695f2f0..742788ab0c2 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java @@ -3,7 +3,7 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca; import com.google.common.collect.ImmutableList; import com.yahoo.log.LogLevel; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.KeyProvider; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERUTF8String; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java index 8f134a796b1..1b10b79df27 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java @@ -4,13 +4,12 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca; import com.google.inject.Inject; import com.yahoo.config.provision.Zone; import com.yahoo.container.jaxrs.annotation.Component; -import com.yahoo.jdisc.http.SecretStore; import com.yahoo.log.LogLevel; import com.yahoo.net.HostName; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CertificateSerializedPayload; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CsrSerializedPayload; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.SecretStoreKeyProvider; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import javax.servlet.http.HttpServletRequest; @@ -40,9 +39,8 @@ public class CertificateSignerResource { @Inject public CertificateSignerResource(@Component AthenzProviderServiceConfig config, @Component Zone zone, - @Component SecretStore secretStore) { + @Component KeyProvider keyProvider) { AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); - SecretStoreKeyProvider keyProvider = new SecretStoreKeyProvider(secretStore, zoneConfig.secretName()); this.certificateSigner = new CertificateSigner(keyProvider, zoneConfig, HostName.getLocalhost()); } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java index fb4c4f2d5bf..9cef7ed9fb6 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java @@ -2,6 +2,7 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; import com.yahoo.config.provision.Zone; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.IdentityDocument; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.ProviderUniqueId; diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java index cbc38fe6d3c..a0b674db700 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java @@ -4,8 +4,8 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; import com.google.inject.Inject; import com.yahoo.config.provision.Zone; import com.yahoo.container.jaxrs.annotation.Component; -import com.yahoo.jdisc.http.SecretStore; import com.yahoo.log.LogLevel; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.SignedIdentityDocument; import com.yahoo.vespa.hosted.provision.NodeRepository; @@ -35,9 +35,8 @@ public class IdentityDocumentResource { public IdentityDocumentResource(@Component AthenzProviderServiceConfig config, @Component Zone zone, @Component NodeRepository nodeRepository, - @Component SecretStore secretStore) { + @Component KeyProvider keyProvider) { AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); - SecretStoreKeyProvider keyProvider = new SecretStoreKeyProvider(secretStore, zoneConfig.secretName()); this.identityDocumentGenerator = new IdentityDocumentGenerator(config, zoneConfig, nodeRepository, zone, keyProvider); } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceConfirmationResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceConfirmationResource.java index a8b837a3486..57e3d569461 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceConfirmationResource.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceConfirmationResource.java @@ -3,11 +3,9 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; import com.google.inject.Inject; import com.yahoo.config.model.api.SuperModelProvider; -import com.yahoo.config.provision.Zone; import com.yahoo.container.jaxrs.annotation.Component; -import com.yahoo.jdisc.http.SecretStore; import com.yahoo.log.LogLevel; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.InstanceConfirmation; import javax.ws.rs.Consumes; @@ -18,8 +16,6 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import java.util.logging.Logger; -import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig; - /** * @author bjorncs */ @@ -31,12 +27,8 @@ public class InstanceConfirmationResource { private final InstanceValidator instanceValidator; @Inject - public InstanceConfirmationResource(@Component AthenzProviderServiceConfig config, - @Component SecretStore secretStore, - @Component SuperModelProvider superModelProvider, - @Component Zone zone) { - AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); - SecretStoreKeyProvider keyProvider = new SecretStoreKeyProvider(secretStore, zoneConfig.secretName()); + public InstanceConfirmationResource(@Component KeyProvider keyProvider, + @Component SuperModelProvider superModelProvider) { this.instanceValidator = new InstanceValidator(keyProvider, superModelProvider); } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceValidator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceValidator.java index 427f35c41d8..2b2e1f300fc 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceValidator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/InstanceValidator.java @@ -6,6 +6,7 @@ import com.yahoo.config.model.api.ServiceInfo; import com.yahoo.config.model.api.SuperModelProvider; import com.yahoo.config.provision.ApplicationId; import com.yahoo.log.LogLevel; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.InstanceConfirmation; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.ProviderUniqueId; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.SignedIdentityDocument; diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/SecretStoreKeyProvider.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/SecretStoreKeyProvider.java index 93abda1f9ea..e66131b6cf7 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/SecretStoreKeyProvider.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/SecretStoreKeyProvider.java @@ -1,8 +1,12 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; +import com.google.inject.Inject; import com.yahoo.athenz.auth.util.Crypto; +import com.yahoo.config.provision.Zone; import com.yahoo.jdisc.http.SecretStore; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import java.security.KeyPair; import java.security.PrivateKey; @@ -10,19 +14,24 @@ import java.security.PublicKey; import java.util.HashMap; import java.util.Map; +import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig; + /** * @author mortent */ +@SuppressWarnings("unused") // Injected component public class SecretStoreKeyProvider implements KeyProvider { private final SecretStore secretStore; private final String secretName; private final Map<Integer, KeyPair> secrets; - - public SecretStoreKeyProvider(SecretStore secretStore, String secretName) { + @Inject + public SecretStoreKeyProvider(SecretStore secretStore, + Zone zone, + AthenzProviderServiceConfig config) { this.secretStore = secretStore; - this.secretName = secretName; + this.secretName = getZoneConfig(config, zone).secretName(); this.secrets = new HashMap<>(); } |