Rewrite IdentityDocumentServlet as jax-rs resource

5 files changed, 67 insertions, 66 deletions

diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java
index 8ac26938633..b26b3e8ee18 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java
@@ -15,7 +15,6 @@ import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProvid
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.AthenzCertificateClient;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.CertificateClient;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.IdentityDocumentGenerator;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.IdentityDocumentServlet;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.InstanceConfirmationServlet;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.InstanceValidator;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.KeyProvider;
@@ -119,9 +118,6 @@ public class AthenzInstanceProviderService extends AbstractComponent {
         InstanceConfirmationServlet instanceConfirmationServlet = new InstanceConfirmationServlet(instanceValidator);
         handler.addServletWithMapping(new ServletHolder(instanceConfirmationServlet), config.apiPath() + "/instance");
 
-        IdentityDocumentServlet identityDocumentServlet = new IdentityDocumentServlet(identityDocumentGenerator);
-        handler.addServletWithMapping(new ServletHolder(identityDocumentServlet), config.apiPath() + "/identity-document");
-
         handler.addServletWithMapping(StatusServlet.class, "/status.html");
         server.setHandler(handler);
         return server;
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java
index 55acf0b796c..fb4c4f2d5bf 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGenerator.java
@@ -41,7 +41,7 @@ public class IdentityDocumentGenerator {
         this.signingSecretVersion = zoneConfig.secretVersion();
     }
 
-    public String generateSignedIdentityDocument(String hostname) {
+    public SignedIdentityDocument generateSignedIdentityDocument(String hostname) {
         Node node = nodeRepository.getNode(hostname).orElseThrow(() -> new RuntimeException("Unable to find node " + hostname));
         try {
             IdentityDocument identityDocument = generateIdDocument(node);
@@ -57,7 +57,7 @@ public class IdentityDocumentGenerator {
             sigGenerator.update(encodedIdentityDocument.getBytes());
             String signature = Base64.getEncoder().encodeToString(sigGenerator.sign());
 
-            SignedIdentityDocument signedIdentityDocument = new SignedIdentityDocument(
+            return new SignedIdentityDocument(
                     encodedIdentityDocument,
                     signature,
                     SignedIdentityDocument.DEFAULT_KEY_VERSION,
@@ -65,9 +65,7 @@ public class IdentityDocumentGenerator {
                     toZoneDnsSuffix(zone, dnsSuffix),
                     providerDomain + "." + providerService,
                     ztsUrl,
-                    SignedIdentityDocument.DEFAILT_DOCUMENT_VERSION
-            );
-            return Utils.getMapper().writeValueAsString(signedIdentityDocument);
+                    SignedIdentityDocument.DEFAILT_DOCUMENT_VERSION);
         } catch (Exception e) {
             throw new RuntimeException("Exception generating identity document: " + e.getMessage(), e);
         }
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java
new file mode 100644
index 00000000000..cbc38fe6d3c
--- /dev/null
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentResource.java
@@ -0,0 +1,62 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl;
+
+import com.google.inject.Inject;
+import com.yahoo.config.provision.Zone;
+import com.yahoo.container.jaxrs.annotation.Component;
+import com.yahoo.jdisc.http.SecretStore;
+import com.yahoo.log.LogLevel;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.model.SignedIdentityDocument;
+import com.yahoo.vespa.hosted.provision.NodeRepository;
+
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.GET;
+import javax.ws.rs.InternalServerErrorException;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import java.util.logging.Logger;
+
+import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig;
+
+/**
+ * @author bjorncs
+ */
+@Path("/identity-document")
+public class IdentityDocumentResource {
+
+    private static final Logger log = Logger.getLogger(IdentityDocumentResource.class.getName());
+
+    private final IdentityDocumentGenerator identityDocumentGenerator;
+
+    @Inject
+    public IdentityDocumentResource(@Component AthenzProviderServiceConfig config,
+                                    @Component Zone zone,
+                                    @Component NodeRepository nodeRepository,
+                                    @Component SecretStore secretStore) {
+        AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone);
+        SecretStoreKeyProvider keyProvider = new SecretStoreKeyProvider(secretStore, zoneConfig.secretName());
+        this.identityDocumentGenerator =
+                new IdentityDocumentGenerator(config, zoneConfig, nodeRepository, zone, keyProvider);
+    }
+
+    @GET
+    @Produces(MediaType.APPLICATION_JSON)
+    public SignedIdentityDocument getIdentityDocument(@QueryParam("hostname") String hostname) {
+        // TODO Use TLS client authentication instead of blindly trusting hostname
+        if (hostname == null) {
+            throw new BadRequestException("The 'hostname' query parameter is missing");
+        }
+        try {
+            log.log(LogLevel.INFO, "Generating identity document for " + hostname);
+            return identityDocumentGenerator.generateSignedIdentityDocument(hostname);
+        } catch (Exception e) {
+            String message = String.format("Unable to generate identity doument [%s]", e.getMessage());
+            log.log(LogLevel.ERROR, message, e);
+            throw new InternalServerErrorException(message, e);
+        }
+    }
+
+}
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentServlet.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentServlet.java
deleted file mode 100644
index a66fdf9d82f..00000000000
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentServlet.java
+++ /dev/null
@@ -1,51 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl;
-
-import com.yahoo.log.LogLevel;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.logging.Logger;
-
-/**
- * @author bjorncs
- */
-public class IdentityDocumentServlet extends HttpServlet {
-
-    private static final Logger log = Logger.getLogger(IdentityDocumentServlet.class.getName());
-
-    private final IdentityDocumentGenerator identityDocumentGenerator;
-
-    public IdentityDocumentServlet(IdentityDocumentGenerator identityDocumentGenerator) {
-        this.identityDocumentGenerator = identityDocumentGenerator;
-    }
-
-    @Override
-    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-        // TODO verify tls client cert
-        String hostname = req.getParameter("hostname");
-        if (hostname == null) {
-            String message = "The 'hostname' parameter is missing";
-            log.log(LogLevel.ERROR, message);
-            resp.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
-            return;
-        }
-        try {
-            log.log(LogLevel.INFO, "Generating identity document for " + hostname);
-            String signedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(hostname);
-            resp.setContentType("application/json");
-            PrintWriter writer = resp.getWriter();
-            writer.print(signedIdentityDocument);
-            writer.flush();
-        } catch (Exception e) {
-            String message = String.format("Unable to generate identity doument [%s]", e.getMessage());
-            log.log(LogLevel.ERROR, message);
-            resp.sendError(HttpServletResponse.SC_NOT_FOUND, message);
-        }
-    }
-
-}
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java
index d77757374ce..ae725e6ac06 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/impl/IdentityDocumentGeneratorTest.java
@@ -72,11 +72,7 @@ public class IdentityDocumentGeneratorTest {
                 nodeRepository,
                 ZONE,
                 keyProvider);
-        String rawSignedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(hostname);
-
-
-        SignedIdentityDocument signedIdentityDocument =
-                Utils.getMapper().readValue(rawSignedIdentityDocument, SignedIdentityDocument.class);
+        SignedIdentityDocument signedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(hostname);
 
         // Verify attributes
         assertEquals(hostname, signedIdentityDocument.identityDocument.instanceHostname);
@@ -95,4 +91,4 @@ public class IdentityDocumentGeneratorTest {
                 signedIdentityDocument.rawIdentityDocument,
                 signedIdentityDocument.signature));
     }
-}
\ No newline at end of file
+}