diff options
author | Morten Tokle <morten.tokle@gmail.com> | 2019-11-12 09:00:57 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-11-12 09:00:57 +0100 |
commit | e0abfbad493274bda6dac079bc78fc47d400100b (patch) | |
tree | 6f0a9b555a59108cb3839ca59eba3eca6dfe6cd8 /athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/mock/PrincipalFromHeaderFilter.java | |
parent | 64573f6db1b0a643aff9b530fa1920b1b2c4fc82 (diff) |
Revert "Revert "Reapply #11146 Validate register and refresh""
Diffstat (limited to 'athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/mock/PrincipalFromHeaderFilter.java')
-rw-r--r-- | athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/mock/PrincipalFromHeaderFilter.java | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/mock/PrincipalFromHeaderFilter.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/mock/PrincipalFromHeaderFilter.java new file mode 100644 index 00000000000..d9ee4c8bb9b --- /dev/null +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/mock/PrincipalFromHeaderFilter.java @@ -0,0 +1,34 @@ +// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.ca.restapi.mock; + +import com.yahoo.jdisc.handler.ResponseHandler; +import com.yahoo.jdisc.http.filter.DiscFilterRequest; +import com.yahoo.jdisc.http.filter.SecurityRequestFilter; +import com.yahoo.jdisc.http.servlet.ServletRequest; +import com.yahoo.security.X509CertificateUtils; +import com.yahoo.text.StringUtilities; +import com.yahoo.vespa.athenz.api.AthenzPrincipal; +import com.yahoo.vespa.athenz.api.AthenzService; + +import java.security.cert.X509Certificate; +import java.util.Optional; + +/** + * Read principal from http header + * + * @author mortent + */ +public class PrincipalFromHeaderFilter implements SecurityRequestFilter { + + @Override + public void filter(DiscFilterRequest request, ResponseHandler handler) { + String principal = request.getHeader("PRINCIPAL"); + request.setUserPrincipal(new AthenzPrincipal(new AthenzService(principal))); + + Optional<String> certificate = Optional.ofNullable(request.getHeader("CERTIFICATE")); + certificate.ifPresent(cert -> { + var x509cert = X509CertificateUtils.fromPem(StringUtilities.unescape(cert)); + request.setAttribute(ServletRequest.JDISC_REQUEST_X509CERT, new X509Certificate[]{x509cert}); + }); + } +} |