Move (De)serializers out of servlet

author: Valerij Fredriksen <valerijf@oath.com> 2017-11-10 14:04:30 +0100
committer: Valerij Fredriksen <valerijf@oath.com> 2017-11-10 14:04:30 +0100
commit: d20d62b5622b373f29e00ce1e582ba5c15cccc55 (patch)
tree: 2af187ea7a152c7dd75b39306f5cc279b67e9e9e /athenz-identity-provider-service
parent: 551d3a57948bf0b3cac5b3c14c769d0b23f26370 (diff)
3 files changed, 53 insertions, 36 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java
index fa1fa69cada..d2ebae394a2 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerServlet.java
@@ -5,19 +5,13 @@ import com.yahoo.log.LogLevel;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CertificateSerializedPayload;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model.CsrSerializedPayload;
 import com.yahoo.vespa.hosted.athenz.instanceproviderservice.impl.Utils;
-import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
-import org.bouncycastle.util.io.pem.PemObject;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.io.Reader;
-import java.io.StringReader;
-import java.io.StringWriter;
 import java.security.cert.X509Certificate;
 import java.util.logging.Logger;
 
@@ -37,14 +31,13 @@ public class CertificateSignerServlet extends HttpServlet {
     @Override
     protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
         try {
-            String remoteHostname = getRemoteHostname(req);
-            CsrSerializedPayload csrSerializedPayload = Utils.getMapper().readValue(req.getReader(), CsrSerializedPayload.class);
+            String remoteHostname = req.getRemoteHost();
+            PKCS10CertificationRequest csr = Utils.getMapper().readValue(req.getReader(), CsrSerializedPayload.class).csr;
 
-            PKCS10CertificationRequest csr = getPKCS10CertRequest(new StringReader(csrSerializedPayload.csr));
             log.log(LogLevel.DEBUG, "Certification request from " + remoteHostname + ": " + csr);
 
             X509Certificate certificate = certificateSigner.generateX509Certificate(csr, remoteHostname);
-            CertificateSerializedPayload certificateSerializedPayload = new CertificateSerializedPayload(x509CertificateToString(certificate));
+            CertificateSerializedPayload certificateSerializedPayload = new CertificateSerializedPayload(certificate);
 
             resp.setStatus(HttpServletResponse.SC_OK);
             resp.setContentType("application/json");
@@ -54,26 +47,4 @@ public class CertificateSignerServlet extends HttpServlet {
             resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage());
         }
     }
-
-    private String getRemoteHostname(HttpServletRequest req) {
-        return req.getRemoteHost();
-    }
-
-    private static PKCS10CertificationRequest getPKCS10CertRequest(Reader csrReader) {
-        try (PEMParser pemParser = new PEMParser(csrReader)) {
-            return (PKCS10CertificationRequest) pemParser.readObject();
-        } catch (IOException e) {
-            throw new RuntimeException("Failed to parse CSR", e);
-        }
-    }
-
-    private static String x509CertificateToString(X509Certificate cert) {
-        try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) {
-            pemWriter.writeObject(new PemObject("CERTIFICATE", cert.getEncoded()));
-            pemWriter.flush();
-            return stringWriter.toString();
-        } catch (Exception e) {
-            throw new RuntimeException("Failed to convert X509Certificate to PEM format", e);
-        }
-    }
 }
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CertificateSerializedPayload.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CertificateSerializedPayload.java
index 5208643a7e9..2fd34741da7 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CertificateSerializedPayload.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CertificateSerializedPayload.java
@@ -3,6 +3,17 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.JsonSerializer;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
+import org.bouncycastle.util.io.pem.PemObject;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
 
 /**
  * Contains PEM formatted signed certificate
@@ -11,10 +22,11 @@ import com.fasterxml.jackson.annotation.JsonProperty;
  */
 public class CertificateSerializedPayload {
 
-    @JsonProperty("certificate") public final String certificate;
+    @JsonProperty("certificate") @JsonSerialize(using = CertificateSerializer.class)
+    public final X509Certificate certificate;
 
     @JsonCreator
-    public CertificateSerializedPayload(@JsonProperty("certificate") String certificate) {
+    public CertificateSerializedPayload(@JsonProperty("certificate") X509Certificate certificate) {
         this.certificate = certificate;
     }
 
@@ -39,4 +51,18 @@ public class CertificateSerializedPayload {
                 "certificate='" + certificate + '\'' +
                 '}';
     }
+
+    public static class CertificateSerializer extends JsonSerializer<X509Certificate> {
+        @Override
+        public void serialize(
+                X509Certificate certificate, JsonGenerator gen, SerializerProvider serializers) throws IOException {
+            try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) {
+                pemWriter.writeObject(new PemObject("CERTIFICATE", certificate.getEncoded()));
+                pemWriter.flush();
+                gen.writeString(stringWriter.toString());
+            } catch (CertificateEncodingException e) {
+                throw new RuntimeException("Failed to encode X509Certificate", e);
+            }
+        }
+    }
 }
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CsrSerializedPayload.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CsrSerializedPayload.java
index a1535a35c1b..d755fbd02a3 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CsrSerializedPayload.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/model/CsrSerializedPayload.java
@@ -3,6 +3,15 @@ package com.yahoo.vespa.hosted.athenz.instanceproviderservice.ca.model;
 
 import com.fasterxml.jackson.annotation.JsonCreator;
 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.JsonDeserializer;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+
+import java.io.IOException;
+import java.io.StringReader;
 
 /**
  * Contains PEM formatted Certificate Signing Request (CSR)
@@ -11,10 +20,11 @@ import com.fasterxml.jackson.annotation.JsonProperty;
  */
 public class CsrSerializedPayload {
 
-    @JsonProperty("csr") public final String csr;
+    @JsonProperty("csr") public final PKCS10CertificationRequest csr;
 
     @JsonCreator
-    public CsrSerializedPayload(@JsonProperty("csr") String csr) {
+    public CsrSerializedPayload(@JsonProperty("csr") @JsonDeserialize(using = CertificateRequestDeserializer.class)
+                                            PKCS10CertificationRequest csr) {
         this.csr = csr;
     }
 
@@ -39,4 +49,14 @@ public class CsrSerializedPayload {
                 "csr='" + csr + '\'' +
                 '}';
     }
+
+    public static class CertificateRequestDeserializer extends JsonDeserializer<PKCS10CertificationRequest> {
+        @Override
+        public PKCS10CertificationRequest deserialize(
+                JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
+            try (PEMParser pemParser = new PEMParser(new StringReader(jsonParser.getValueAsString()))) {
+                return (PKCS10CertificationRequest) pemParser.readObject();
+            }
+        }
+    }
 }
author	Valerij Fredriksen <valerijf@oath.com>	2017-11-10 14:04:30 +0100
committer	Valerij Fredriksen <valerijf@oath.com>	2017-11-10 14:04:30 +0100
commit	d20d62b5622b373f29e00ce1e582ba5c15cccc55 (patch)
tree	2af187ea7a152c7dd75b39306f5cc279b67e9e9e /athenz-identity-provider-service
parent	551d3a57948bf0b3cac5b3c14c769d0b23f26370 (diff)