diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-21 18:00:15 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-11-21 18:00:15 +0100 |
commit | 3e3ed3de439fe4014fecc2614e2da7c171384dcc (patch) | |
tree | 46c6729ca84ba6a509cdc551671f0cbde61ee2cc /athenz-identity-provider-service | |
parent | 68baa91316a8ad002b64fba44294f1e97bbb04e0 (diff) |
Don't inject config instances into jax-rs resources
Injection of config instances is not suppored for jax-rs resources.
All dependencies of resources must be components.
Diffstat (limited to 'athenz-identity-provider-service')
7 files changed, 31 insertions, 43 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java index 742788ab0c2..2dc3f24664c 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java @@ -1,9 +1,12 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca; import com.google.common.collect.ImmutableList; +import com.google.inject.Inject; +import com.yahoo.config.provision.Zone; import com.yahoo.log.LogLevel; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; +import com.yahoo.net.HostName; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; +import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.DERUTF8String; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; @@ -38,6 +41,8 @@ import java.util.logging.Logger; import java.util.stream.Collectors; import java.util.stream.Stream; +import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig; + /** * Signs Certificate Signing Reqest from tenant nodes. This certificate will be used @@ -62,10 +67,9 @@ public class CertificateSigner { private final X500Name issuer; private final Clock clock; - public CertificateSigner(KeyProvider keyProvider, - AthenzProviderServiceConfig.Zones zoneConfig, - String configServerHostname) { - this(keyProvider.getPrivateKey(zoneConfig.secretVersion()), configServerHostname, Clock.systemUTC()); + @Inject + public CertificateSigner(KeyProvider keyProvider, AthenzProviderServiceConfig config, Zone zone) { + this(getPrivateKey(keyProvider, config, zone), HostName.getLocalhost(), Clock.systemUTC()); } CertificateSigner(PrivateKey caPrivateKey, String configServerHostname, Clock clock) { @@ -138,4 +142,9 @@ public class CertificateSigner { throw new IllegalArgumentException("CSR contains illegal extensions: " + String.join(", ", illegalExt)); } } + + private static PrivateKey getPrivateKey(KeyProvider keyProvider, AthenzProviderServiceConfig config, Zone zone) { + AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); + return keyProvider.getPrivateKey(zoneConfig.secretVersion()); + } } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java index 1b10b79df27..27a91252d8a 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java @@ -2,14 +2,10 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca; import com.google.inject.Inject; -import com.yahoo.config.provision.Zone; import com.yahoo.container.jaxrs.annotation.Component; import com.yahoo.log.LogLevel; -import com.yahoo.net.HostName; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CertificateSerializedPayload; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CsrSerializedPayload; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import javax.servlet.http.HttpServletRequest; @@ -23,8 +19,6 @@ import javax.ws.rs.core.MediaType; import java.security.cert.X509Certificate; import java.util.logging.Logger; -import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig; - /** * @author bjorncs * @author freva @@ -37,11 +31,8 @@ public class CertificateSignerResource { private final CertificateSigner certificateSigner; @Inject - public CertificateSignerResource(@Component AthenzProviderServiceConfig config, - @Component Zone zone, - @Component KeyProvider keyProvider) { - AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); - this.certificateSigner = new CertificateSigner(keyProvider, zoneConfig, HostName.getLocalhost()); + public CertificateSignerResource(@Component CertificateSigner certificateSigner) { + this.certificateSigner = certificateSigner; } @POST diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java index 65ae25cd91e..4dd6881c07e 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGenerator.java @@ -1,6 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument; +import com.google.inject.Inject; import com.yahoo.config.provision.Zone; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; @@ -28,8 +29,12 @@ public class IdentityDocumentGenerator { private final String providerDomain; private final int signingSecretVersion; - public IdentityDocumentGenerator(AthenzProviderServiceConfig config, AthenzProviderServiceConfig.Zones zoneConfig, - NodeRepository nodeRepository, Zone zone, KeyProvider keyProvider) { + @Inject + public IdentityDocumentGenerator(AthenzProviderServiceConfig config, + NodeRepository nodeRepository, + Zone zone, + KeyProvider keyProvider) { + AthenzProviderServiceConfig.Zones zoneConfig = Utils.getZoneConfig(config, zone); this.nodeRepository = nodeRepository; this.zone = zone; this.keyProvider = keyProvider; diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java index b36e81bec2e..b3e5aee97b3 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentResource.java @@ -2,12 +2,8 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument; import com.google.inject.Inject; -import com.yahoo.config.provision.Zone; import com.yahoo.container.jaxrs.annotation.Component; import com.yahoo.log.LogLevel; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig; -import com.yahoo.vespa.hosted.provision.NodeRepository; import javax.ws.rs.BadRequestException; import javax.ws.rs.GET; @@ -18,8 +14,6 @@ import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import java.util.logging.Logger; -import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig; - /** * @author bjorncs */ @@ -31,13 +25,8 @@ public class IdentityDocumentResource { private final IdentityDocumentGenerator identityDocumentGenerator; @Inject - public IdentityDocumentResource(@Component AthenzProviderServiceConfig config, - @Component Zone zone, - @Component NodeRepository nodeRepository, - @Component KeyProvider keyProvider) { - AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone); - this.identityDocumentGenerator = - new IdentityDocumentGenerator(config, zoneConfig, nodeRepository, zone, keyProvider); + public IdentityDocumentResource(@Component IdentityDocumentGenerator identityDocumentGenerator) { + this.identityDocumentGenerator = identityDocumentGenerator; } @GET diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmationResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmationResource.java index b132c45120e..5c93bf423d3 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmationResource.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceConfirmationResource.java @@ -2,10 +2,8 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.instanceconfirmation; import com.google.inject.Inject; -import com.yahoo.config.model.api.SuperModelProvider; import com.yahoo.container.jaxrs.annotation.Component; import com.yahoo.log.LogLevel; -import com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider; import javax.ws.rs.Consumes; import javax.ws.rs.ForbiddenException; @@ -26,9 +24,8 @@ public class InstanceConfirmationResource { private final InstanceValidator instanceValidator; @Inject - public InstanceConfirmationResource(@Component KeyProvider keyProvider, - @Component SuperModelProvider superModelProvider) { - this.instanceValidator = new InstanceValidator(keyProvider, superModelProvider); + public InstanceConfirmationResource(@Component InstanceValidator instanceValidator) { + this.instanceValidator = instanceValidator; } @POST diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java index 122142608ab..69c5d961b7e 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/instanceconfirmation/InstanceValidator.java @@ -1,6 +1,7 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.athenz.instanceproviderservice.instanceconfirmation; +import com.google.inject.Inject; import com.yahoo.config.model.api.ApplicationInfo; import com.yahoo.config.model.api.ServiceInfo; import com.yahoo.config.model.api.SuperModelProvider; @@ -33,6 +34,7 @@ public class InstanceValidator { private final KeyProvider keyProvider; private final SuperModelProvider superModelProvider; + @Inject public InstanceValidator(KeyProvider keyProvider, SuperModelProvider superModelProvider) { this.keyProvider = keyProvider; this.superModelProvider = superModelProvider; diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java index 268f6c3d108..0c12e137e27 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/identitydocument/IdentityDocumentGeneratorTest.java @@ -27,7 +27,6 @@ import java.util.HashSet; import java.util.Optional; import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.TestUtils.getAthenzProviderConfig; -import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.mockito.Matchers.eq; @@ -65,12 +64,8 @@ public class IdentityDocumentGeneratorTest { String dnsSuffix = "vespa.dns.suffix"; AthenzProviderServiceConfig config = getAthenzProviderConfig("domain", "service", dnsSuffix, ZONE); - IdentityDocumentGenerator identityDocumentGenerator = new IdentityDocumentGenerator( - config, - getZoneConfig(config, ZONE), - nodeRepository, - ZONE, - keyProvider); + IdentityDocumentGenerator identityDocumentGenerator = + new IdentityDocumentGenerator(config, nodeRepository, ZONE, keyProvider); SignedIdentityDocument signedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(hostname); // Verify attributes |