diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-16 13:10:05 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-17 13:04:36 +0100 |
commit | 29f7dbc63afe64683288d6552aaede77b92cb434 (patch) | |
tree | 794bb16af3bbdda2abc206023dee369b85e04e4f /athenz-identity-provider-service | |
parent | 7b2b3839f91b1cea95d6cf43a87d9df5b30217c2 (diff) |
Rewrite IdentityDocumentServlet as jax-rs resource
Diffstat (limited to 'athenz-identity-provider-service')
5 files changed, 67 insertions, 66 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java index 8ac26938633..b26b3e8ee18 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java @@ -15,7 +15,6 @@ import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProvid import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.AthenzCertificateClient; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.CertificateClient; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.IdentityDocumentGenerator; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.IdentityDocumentServlet; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.InstanceConfirmationServlet; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.InstanceValidator; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.KeyProvider; @@ -119,9 +118,6 @@ public class AthenzInstanceProviderService extends AbstractComponent { InstanceConfirmationServlet instanceConfirmationServlet = new InstanceConfirmationServlet(instanceValidator); handler.addServletWithMapping(new ServletHolder(instanceConfirmationServlet), config.apiPath() + "/instance"); - IdentityDocumentServlet identityDocumentServlet = new IdentityDocumentServlet(identityDocumentGenerator); - handler.addServletWithMapping(new ServletHolder(identityDocumentServlet), config.apiPath() + "/identity-document"); - handler.addServletWithMapping(StatusServlet.class, "/status.html"); server.setHandler(handler); return server; diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java index 55acf0b796c..fb4c4f2d5bf 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java @@ -41,7 +41,7 @@ public class IdentityDocumentGenerator { this.signingSecretVersion = zoneConfig.secretVersion(); } - public String generateSignedIdentityDocument(String hostname) { + public SignedIdentityDocument generateSignedIdentityDocument(String hostname) { Node node = nodeRepository.getNode(hostname).orElseThrow(() -> new RuntimeException("Unable to find node " + hostname)); try { IdentityDocument identityDocument = generateIdDocument(node); @@ -57,7 +57,7 @@ public class IdentityDocumentGenerator { sigGenerator.update(encodedIdentityDocument.getBytes()); String signature = Base64.getEncoder().encodeToString(sigGenerator.sign()); - SignedIdentityDocument signedIdentityDocument = new SignedIdentityDocument( + return new SignedIdentityDocument( encodedIdentityDocument, signature, SignedIdentityDocument.DEFAULT_KEY_VERSION, @@ -65,9 +65,7 @@ public class IdentityDocumentGenerator { toZoneDnsSuffix(zone, dnsSuffix), providerDomain + "." + providerService, ztsUrl, - SignedIdentityDocument.DEFAILT_DOCUMENT_VERSION - ); - return Utils.getMapper().writeValueAsString(signedIdentityDocument); + SignedIdentityDocument.DEFAILT_DOCUMENT_VERSION); } catch (Exception e) { throw new RuntimeException("Exception generating identity document: " + e.getMessage(), e); } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java new file mode 100644 index 00000000000..cbc38fe6d3c --- /dev/null +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java @@ -0,0 +1,62 @@ +// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; + +import com.google.inject.Inject; +import com.yahoo.config.provision.Zone; +import com.yahoo.container.jaxrs.annotation.Component; +import com.yahoo.jdisc.http.SecretStore; +import com.yahoo.log.LogLevel; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.SignedIdentityDocument; +import com.yahoo.vespa.hosted.provision.NodeRepository; + +import javax.ws.rs.BadRequestException; +import javax.ws.rs.GET; +import javax.ws.rs.InternalServerErrorException; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.MediaType; +import java.util.logging.Logger; + +import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig; + +/** + * @author bjorncs + */ +@Path("/identity-document") +public class IdentityDocumentResource { + + private static final Logger log = Logger.getLogger(IdentityDocumentResource.class.getName()); + + private final IdentityDocumentGenerator identityDocumentGenerator; + + @Inject + public IdentityDocumentResource(@Component AthenzProviderServiceConfig config, + @Component Zone zone, + @Component NodeRepository nodeRepository, + @Component SecretStore secretStore) { + AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); + SecretStoreKeyProvider keyProvider = new SecretStoreKeyProvider(secretStore, zoneConfig.secretName()); + this.identityDocumentGenerator = + new IdentityDocumentGenerator(config, zoneConfig, nodeRepository, zone, keyProvider); + } + + @GET + @Produces(MediaType.APPLICATION_JSON) + public SignedIdentityDocument getIdentityDocument(@QueryParam("hostname") String hostname) { + // TODO Use TLS client authentication instead of blindly trusting hostname + if (hostname == null) { + throw new BadRequestException("The 'hostname' query parameter is missing"); + } + try { + log.log(LogLevel.INFO, "Generating identity document for " + hostname); + return identityDocumentGenerator.generateSignedIdentityDocument(hostname); + } catch (Exception e) { + String message = String.format("Unable to generate identity doument [%s]", e.getMessage()); + log.log(LogLevel.ERROR, message, e); + throw new InternalServerErrorException(message, e); + } + } + +} diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentServlet.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentServlet.java deleted file mode 100644 index a66fdf9d82f..00000000000 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentServlet.java +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl; - -import com.yahoo.log.LogLevel; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.PrintWriter; -import java.util.logging.Logger; - -/** - * @author bjorncs - */ -public class IdentityDocumentServlet extends HttpServlet { - - private static final Logger log = Logger.getLogger(IdentityDocumentServlet.class.getName()); - - private final IdentityDocumentGenerator identityDocumentGenerator; - - public IdentityDocumentServlet(IdentityDocumentGenerator identityDocumentGenerator) { - this.identityDocumentGenerator = identityDocumentGenerator; - } - - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - // TODO verify tls client cert - String hostname = req.getParameter("hostname"); - if (hostname == null) { - String message = "The 'hostname' parameter is missing"; - log.log(LogLevel.ERROR, message); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, message); - return; - } - try { - log.log(LogLevel.INFO, "Generating identity document for " + hostname); - String signedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(hostname); - resp.setContentType("application/json"); - PrintWriter writer = resp.getWriter(); - writer.print(signedIdentityDocument); - writer.flush(); - } catch (Exception e) { - String message = String.format("Unable to generate identity doument [%s]", e.getMessage()); - log.log(LogLevel.ERROR, message); - resp.sendError(HttpServletResponse.SC_NOT_FOUND, message); - } - } - -} diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java index d77757374ce..ae725e6ac06 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java @@ -72,11 +72,7 @@ public class IdentityDocumentGeneratorTest { nodeRepository, ZONE, keyProvider); - String rawSignedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(hostname); - - - SignedIdentityDocument signedIdentityDocument = - Utils.getMapper().readValue(rawSignedIdentityDocument, SignedIdentityDocument.class); + SignedIdentityDocument signedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(hostname); // Verify attributes assertEquals(hostname, signedIdentityDocument.identityDocument.instanceHostname); @@ -95,4 +91,4 @@ public class IdentityDocumentGeneratorTest { signedIdentityDocument.rawIdentityDocument, signedIdentityDocument.signature)); } -}
\ No newline at end of file +} |