diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-16 13:47:43 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-17 13:04:36 +0100 |
commit | 5dfe2d92972397ceef53432b581579b9fe32108b (patch) | |
tree | c7033c3b494eb87fbd9c1209e042e7a0c26938ff /athenz-identity-provider-service/src | |
parent | 332a1c17e472a9816ed638db94dfc34fce1f8392 (diff) |
Rewrite CertificateSignerResource as jax-rs resource
Diffstat (limited to 'athenz-identity-provider-service/src')
3 files changed, 65 insertions, 55 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java index c4b54d73ec3..e6280abfacb 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java @@ -10,7 +10,6 @@ import com.yahoo.jdisc.http.SecretStore; import com.yahoo.log.LogLevel; import com.yahoo.net.HostName; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.CertificateSigner; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.CertificateSignerServlet; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.AthenzCertificateClient; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.CertificateClient; @@ -23,7 +22,6 @@ import com.yahoo.vespa.hosted.provision.NodeRepository; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.servlet.ServletHandler; -import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.ssl.SslContextFactory; import java.security.KeyStore; @@ -111,9 +109,6 @@ public class AthenzInstanceProviderService extends AbstractComponent { ServletHandler handler = new ServletHandler(); - CertificateSignerServlet certificateSignerServlet = new CertificateSignerServlet(certificateSigner); - handler.addServletWithMapping(new ServletHolder(certificateSignerServlet), config.apiPath() + "/sign"); - handler.addServletWithMapping(StatusServlet.class, "/status.html"); server.setHandler(handler); return server; diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java new file mode 100644 index 00000000000..8f134a796b1 --- /dev/null +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java @@ -0,0 +1,65 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca; + +import com.google.inject.Inject; +import com.yahoo.config.provision.Zone; +import com.yahoo.container.jaxrs.annotation.Component; +import com.yahoo.jdisc.http.SecretStore; +import com.yahoo.log.LogLevel; +import com.yahoo.net.HostName; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CertificateSerializedPayload; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CsrSerializedPayload; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.SecretStoreKeyProvider; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.Consumes; +import javax.ws.rs.InternalServerErrorException; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import java.security.cert.X509Certificate; +import java.util.logging.Logger; + +import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig; + +/** + * @author bjorncs + * @author freva + */ +@Path("/sign") +public class CertificateSignerResource { + + private static final Logger log = Logger.getLogger(CertificateSignerResource.class.getName()); + + private final CertificateSigner certificateSigner; + + @Inject + public CertificateSignerResource(@Component AthenzProviderServiceConfig config, + @Component Zone zone, + @Component SecretStore secretStore) { + AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); + SecretStoreKeyProvider keyProvider = new SecretStoreKeyProvider(secretStore, zoneConfig.secretName()); + this.certificateSigner = new CertificateSigner(keyProvider, zoneConfig, HostName.getLocalhost()); + } + + @POST + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_JSON) + public CertificateSerializedPayload generateCertificate(CsrSerializedPayload csrPayload, + @Context HttpServletRequest req) { + try { + String remoteHostname = req.getRemoteHost(); + PKCS10CertificationRequest csr = csrPayload.csr; + log.log(LogLevel.DEBUG, "Certification request from " + remoteHostname + ": " + csr); + X509Certificate certificate = certificateSigner.generateX509Certificate(csr, remoteHostname); + return new CertificateSerializedPayload(certificate); + } catch (RuntimeException e) { + log.log(LogLevel.ERROR, e.getMessage(), e); + throw new InternalServerErrorException(e.getMessage(), e); + } + } +} diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java deleted file mode 100644 index d2ebae394a2..00000000000 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java +++ /dev/null @@ -1,50 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca; - -import com.yahoo.log.LogLevel; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CertificateSerializedPayload; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CsrSerializedPayload; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils; -import org.bouncycastle.pkcs.PKCS10CertificationRequest; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.security.cert.X509Certificate; -import java.util.logging.Logger; - -/** - * @author freva - */ -public class CertificateSignerServlet extends HttpServlet { - - private static final Logger log = Logger.getLogger(CertificateSignerServlet.class.getName()); - - private final CertificateSigner certificateSigner; - - public CertificateSignerServlet(CertificateSigner certificateSigner) { - this.certificateSigner = certificateSigner; - } - - @Override - protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - try { - String remoteHostname = req.getRemoteHost(); - PKCS10CertificationRequest csr = Utils.getMapper().readValue(req.getReader(), CsrSerializedPayload.class).csr; - - log.log(LogLevel.DEBUG, "Certification request from " + remoteHostname + ": " + csr); - - X509Certificate certificate = certificateSigner.generateX509Certificate(csr, remoteHostname); - CertificateSerializedPayload certificateSerializedPayload = new CertificateSerializedPayload(certificate); - - resp.setStatus(HttpServletResponse.SC_OK); - resp.setContentType("application/json"); - resp.getWriter().write(Utils.getMapper().writeValueAsString(certificateSerializedPayload)); - } catch (RuntimeException e) { - log.log(LogLevel.ERROR, e.getMessage(), e); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); - } - } -} |