Rewrite CertificateSignerResource as jax-rs resource

author: Bjørn Christian Seime <bjorncs@oath.com> 2017-11-16 13:47:43 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2017-11-17 13:04:36 +0100
commit: 5dfe2d92972397ceef53432b581579b9fe32108b (patch)
tree: c7033c3b494eb87fbd9c1209e042e7a0c26938ff /athenz-identity-provider-service
parent: 332a1c17e472a9816ed638db94dfc34fce1f8392 (diff)
3 files changed, 65 insertions, 55 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java
index c4b54d73ec3..e6280abfacb 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/AthenzInstanceProviderService.java
@@ -10,7 +10,6 @@ import com.yahoo.jdisc.http.SecretStore;
 import com.yahoo.log.LogLevel;
 import com.yahoo.net.HostName;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.CertificateSigner;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.CertificateSignerServlet;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.AthenzCertificateClient;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.CertificateClient;
@@ -23,7 +22,6 @@ import com.yahoo.vespa.hosted.provision.NodeRepository;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.servlet.ServletHandler;
-import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 
 import java.security.KeyStore;
@@ -111,9 +109,6 @@ public class AthenzInstanceProviderService extends AbstractComponent {
 
         ServletHandler handler = new ServletHandler();
 
-        CertificateSignerServlet certificateSignerServlet = new CertificateSignerServlet(certificateSigner);
-        handler.addServletWithMapping(new ServletHolder(certificateSignerServlet), config.apiPath() + "/sign");
-
         handler.addServletWithMapping(StatusServlet.class, "/status.html");
         server.setHandler(handler);
         return server;
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java
new file mode 100644
index 00000000000..8f134a796b1
--- /dev/null
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerResource.java
@@ -0,0 +1,65 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca;
+
+import com.google.inject.Inject;
+import com.yahoo.config.provision.Zone;
+import com.yahoo.container.jaxrs.annotation.Component;
+import com.yahoo.jdisc.http.SecretStore;
+import com.yahoo.log.LogLevel;
+import com.yahoo.net.HostName;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CertificateSerializedPayload;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CsrSerializedPayload;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig;
+import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.SecretStoreKeyProvider;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.InternalServerErrorException;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import java.security.cert.X509Certificate;
+import java.util.logging.Logger;
+
+import static com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils.getZoneConfig;
+
+/**
+ * @author bjorncs
+ * @author freva
+ */
+@Path("/sign")
+public class CertificateSignerResource {
+
+    private static final Logger log = Logger.getLogger(CertificateSignerResource.class.getName());
+
+    private final CertificateSigner certificateSigner;
+
+    @Inject
+    public CertificateSignerResource(@Component AthenzProviderServiceConfig config,
+                                     @Component Zone zone,
+                                     @Component SecretStore secretStore) {
+        AthenzProviderServiceConfig.Zones zoneConfig = getZoneConfig(config, zone);
+        SecretStoreKeyProvider keyProvider = new SecretStoreKeyProvider(secretStore, zoneConfig.secretName());
+        this.certificateSigner = new CertificateSigner(keyProvider, zoneConfig, HostName.getLocalhost());
+    }
+
+    @POST
+    @Produces(MediaType.APPLICATION_JSON)
+    @Consumes(MediaType.APPLICATION_JSON)
+    public CertificateSerializedPayload generateCertificate(CsrSerializedPayload csrPayload,
+                                                            @Context HttpServletRequest req) {
+        try {
+            String remoteHostname = req.getRemoteHost();
+            PKCS10CertificationRequest csr = csrPayload.csr;
+            log.log(LogLevel.DEBUG, "Certification request from " + remoteHostname + ": " + csr);
+            X509Certificate certificate = certificateSigner.generateX509Certificate(csr, remoteHostname);
+            return new CertificateSerializedPayload(certificate);
+        } catch (RuntimeException e) {
+            log.log(LogLevel.ERROR, e.getMessage(), e);
+            throw new InternalServerErrorException(e.getMessage(), e);
+        }
+    }
+}
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java
deleted file mode 100644
index d2ebae394a2..00000000000
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java
+++ /dev/null
@@ -1,50 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca;
-
-import com.yahoo.log.LogLevel;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CertificateSerializedPayload;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CsrSerializedPayload;
-import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.logging.Logger;
-
-/**
- * @author freva
- */
-public class CertificateSignerServlet extends HttpServlet {
-
-    private static final Logger log = Logger.getLogger(CertificateSignerServlet.class.getName());
-
-    private final CertificateSigner certificateSigner;
-
-    public CertificateSignerServlet(CertificateSigner certificateSigner) {
-        this.certificateSigner = certificateSigner;
-    }
-
-    @Override
-    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
-        try {
-            String remoteHostname = req.getRemoteHost();
-            PKCS10CertificationRequest csr = Utils.getMapper().readValue(req.getReader(), CsrSerializedPayload.class).csr;
-
-            log.log(LogLevel.DEBUG, "Certification request from " + remoteHostname + ": " + csr);
-
-            X509Certificate certificate = certificateSigner.generateX509Certificate(csr, remoteHostname);
-            CertificateSerializedPayload certificateSerializedPayload = new CertificateSerializedPayload(certificate);
-
-            resp.setStatus(HttpServletResponse.SC_OK);
-            resp.setContentType("application/json");
-            resp.getWriter().write(Utils.getMapper().writeValueAsString(certificateSerializedPayload));
-        } catch (RuntimeException e) {
-            log.log(LogLevel.ERROR, e.getMessage(), e);
-            resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
-        }
-    }
-}
author	Bjørn Christian Seime <bjorncs@oath.com>	2017-11-16 13:47:43 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2017-11-17 13:04:36 +0100
commit	5dfe2d92972397ceef53432b581579b9fe32108b (patch)
tree	c7033c3b494eb87fbd9c1209e042e7a0c26938ff /athenz-identity-provider-service
parent	332a1c17e472a9816ed638db94dfc34fce1f8392 (diff)