diff options
author | Valerij Fredriksen <valerijf@oath.com> | 2017-11-10 14:04:30 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerijf@oath.com> | 2017-11-10 14:04:30 +0100 |
commit | d20d62b5622b373f29e00ce1e582ba5c15cccc55 (patch) | |
tree | 2af187ea7a152c7dd75b39306f5cc279b67e9e9e /athenz-identity-provider-service | |
parent | 551d3a57948bf0b3cac5b3c14c769d0b23f26370 (diff) |
Move (De)serializers out of servlet
Diffstat (limited to 'athenz-identity-provider-service')
3 files changed, 53 insertions, 36 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java index fa1fa69cada..d2ebae394a2 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java @@ -5,19 +5,13 @@ import com.yahoo.log.LogLevel; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CertificateSerializedPayload; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CsrSerializedPayload; import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils; -import org.bouncycastle.openssl.PEMParser; -import org.bouncycastle.openssl.jcajce.JcaPEMWriter; import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.bouncycastle.util.io.pem.PemObject; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.io.Reader; -import java.io.StringReader; -import java.io.StringWriter; import java.security.cert.X509Certificate; import java.util.logging.Logger; @@ -37,14 +31,13 @@ public class CertificateSignerServlet extends HttpServlet { @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { try { - String remoteHostname = getRemoteHostname(req); - CsrSerializedPayload csrSerializedPayload = Utils.getMapper().readValue(req.getReader(), CsrSerializedPayload.class); + String remoteHostname = req.getRemoteHost(); + PKCS10CertificationRequest csr = Utils.getMapper().readValue(req.getReader(), CsrSerializedPayload.class).csr; - PKCS10CertificationRequest csr = getPKCS10CertRequest(new StringReader(csrSerializedPayload.csr)); log.log(LogLevel.DEBUG, "Certification request from " + remoteHostname + ": " + csr); X509Certificate certificate = certificateSigner.generateX509Certificate(csr, remoteHostname); - CertificateSerializedPayload certificateSerializedPayload = new CertificateSerializedPayload(x509CertificateToString(certificate)); + CertificateSerializedPayload certificateSerializedPayload = new CertificateSerializedPayload(certificate); resp.setStatus(HttpServletResponse.SC_OK); resp.setContentType("application/json"); @@ -54,26 +47,4 @@ public class CertificateSignerServlet extends HttpServlet { resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); } } - - private String getRemoteHostname(HttpServletRequest req) { - return req.getRemoteHost(); - } - - private static PKCS10CertificationRequest getPKCS10CertRequest(Reader csrReader) { - try (PEMParser pemParser = new PEMParser(csrReader)) { - return (PKCS10CertificationRequest) pemParser.readObject(); - } catch (IOException e) { - throw new RuntimeException("Failed to parse CSR", e); - } - } - - private static String x509CertificateToString(X509Certificate cert) { - try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { - pemWriter.writeObject(new PemObject("CERTIFICATE", cert.getEncoded())); - pemWriter.flush(); - return stringWriter.toString(); - } catch (Exception e) { - throw new RuntimeException("Failed to convert X509Certificate to PEM format", e); - } - } } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CertificateSerializedPayload.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CertificateSerializedPayload.java index 5208643a7e9..2fd34741da7 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CertificateSerializedPayload.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CertificateSerializedPayload.java @@ -3,6 +3,17 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model; import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.JsonSerializer; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import org.bouncycastle.openssl.jcajce.JcaPEMWriter; +import org.bouncycastle.util.io.pem.PemObject; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; /** * Contains PEM formatted signed certificate @@ -11,10 +22,11 @@ import com.fasterxml.jackson.annotation.JsonProperty; */ public class CertificateSerializedPayload { - @JsonProperty("certificate") public final String certificate; + @JsonProperty("certificate") @JsonSerialize(using = CertificateSerializer.class) + public final X509Certificate certificate; @JsonCreator - public CertificateSerializedPayload(@JsonProperty("certificate") String certificate) { + public CertificateSerializedPayload(@JsonProperty("certificate") X509Certificate certificate) { this.certificate = certificate; } @@ -39,4 +51,18 @@ public class CertificateSerializedPayload { "certificate='" + certificate + '\'' + '}'; } + + public static class CertificateSerializer extends JsonSerializer<X509Certificate> { + @Override + public void serialize( + X509Certificate certificate, JsonGenerator gen, SerializerProvider serializers) throws IOException { + try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) { + pemWriter.writeObject(new PemObject("CERTIFICATE", certificate.getEncoded())); + pemWriter.flush(); + gen.writeString(stringWriter.toString()); + } catch (CertificateEncodingException e) { + throw new RuntimeException("Failed to encode X509Certificate", e); + } + } + } } diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CsrSerializedPayload.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CsrSerializedPayload.java index a1535a35c1b..d755fbd02a3 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CsrSerializedPayload.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CsrSerializedPayload.java @@ -3,6 +3,15 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model; import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; + +import java.io.IOException; +import java.io.StringReader; /** * Contains PEM formatted Certificate Signing Request (CSR) @@ -11,10 +20,11 @@ import com.fasterxml.jackson.annotation.JsonProperty; */ public class CsrSerializedPayload { - @JsonProperty("csr") public final String csr; + @JsonProperty("csr") public final PKCS10CertificationRequest csr; @JsonCreator - public CsrSerializedPayload(@JsonProperty("csr") String csr) { + public CsrSerializedPayload(@JsonProperty("csr") @JsonDeserialize(using = CertificateRequestDeserializer.class) + PKCS10CertificationRequest csr) { this.csr = csr; } @@ -39,4 +49,14 @@ public class CsrSerializedPayload { "csr='" + csr + '\'' + '}'; } + + public static class CertificateRequestDeserializer extends JsonDeserializer<PKCS10CertificationRequest> { + @Override + public PKCS10CertificationRequest deserialize( + JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + try (PEMParser pemParser = new PEMParser(new StringReader(jsonParser.getValueAsString()))) { + return (PKCS10CertificationRequest) pemParser.readObject(); + } + } + } } |