diff options
author | Morten Tokle <mortent@oath.com> | 2017-10-24 13:26:45 +0200 |
---|---|---|
committer | Morten Tokle <mortent@oath.com> | 2017-10-24 13:36:10 +0200 |
commit | 2dbee1b12184e0919fd88e4eb457c426ef99e23e (patch) | |
tree | 13dc5f29ab415cd167f150ea30e14e88c6ba116d /container-disc | |
parent | 6dfb3a24e1c03cebc82717f19edcf49086868f21 (diff) |
Expose domain and service from AthenzIDP
Diffstat (limited to 'container-disc')
3 files changed, 28 insertions, 13 deletions
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java index f5930ab9e4e..e5b8bc9bb01 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java @@ -6,7 +6,8 @@ package com.yahoo.container.jdisc.athenz; */ public interface AthenzIdentityProvider { - String getNToken(); - - String getX509Cert(); + public String getNToken(); + public String getX509Cert(); + public String domain(); + public String service(); } diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java index a7844a95308..12b83ec938a 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java @@ -37,6 +37,8 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen private final String dnsSuffix; private final String providerUniqueId; + private final String domain; + private final String service; @Inject public AthenzIdentityProviderImpl(IdentityConfig config, ConfigserverConfig configserverConfig) throws IOException { @@ -46,18 +48,20 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen // Test only public AthenzIdentityProviderImpl(IdentityConfig config, ServiceProviderApi serviceProviderApi, AthenzService athenzService) throws IOException { KeyPair keyPair = createKeyPair(); + this.domain = config.domain(); + this.service = config.service(); String signedIdentityDocument = serviceProviderApi.getSignedIdentityDocument(); String athenzUrl = getZtsEndpoint(signedIdentityDocument); - dnsSuffix = getDnsSuffix(signedIdentityDocument); - providerUniqueId = getProviderUniqueId(signedIdentityDocument); + this.dnsSuffix = getDnsSuffix(signedIdentityDocument); + this.providerUniqueId = getProviderUniqueId(signedIdentityDocument); String providerServiceName = getProviderServiceName(signedIdentityDocument); InstanceRegisterInformation instanceRegisterInformation = new InstanceRegisterInformation( providerServiceName, - config.domain(), - config.serviceName(), + this.domain, + this.service, signedIdentityDocument, - createCSR(keyPair, config), + createCSR(keyPair), true ); instanceIdentity = athenzService.sendInstanceRegisterRequest(instanceRegisterInformation, athenzUrl); @@ -94,15 +98,15 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen } } - private String createCSR(KeyPair keyPair, IdentityConfig identityConfig) throws IOException { + private String createCSR(KeyPair keyPair) throws IOException { try { // Add SAN dnsname <service>.<domain-with-dashes>.<provider-dnsname-suffix> // and SAN dnsname <provider-unique-instance-id>.instanceid.athenz.<provider-dnsname-suffix> GeneralNames subjectAltNames = new GeneralNames(new GeneralName[]{ new GeneralName(GeneralName.dNSName, String.format("%s.%s.%s", - identityConfig.serviceName(), - identityConfig.domain().replace(".", "-"), + service(), + domain().replace(".", "-"), dnsSuffix)), new GeneralName(GeneralName.dNSName, String.format("%s.instanceid.athenz.%s", providerUniqueId, @@ -113,7 +117,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); X500Principal subject = new X500Principal( - String.format("CN=%s.%s", identityConfig.domain(), identityConfig.serviceName())); + String.format("CN=%s.%s", domain(), service())); PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic()); @@ -142,5 +146,15 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen public String getX509Cert() { return instanceIdentity.getX509Certificate(); } + + @Override + public String domain() { + return domain; + } + + @Override + public String service() { + return service; + } } diff --git a/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java b/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java index 4577402b8c1..f9a5d323bcd 100644 --- a/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java +++ b/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java @@ -22,7 +22,7 @@ public class AthenzIdentityProviderTest { @Test public void ntoken_fetched_on_init() throws IOException { - IdentityConfig config = new IdentityConfig(new IdentityConfig.Builder().serviceName("tenantService").domain("tenantDomain")); + IdentityConfig config = new IdentityConfig(new IdentityConfig.Builder().service("tenantService").domain("tenantDomain")); ServiceProviderApi serviceProviderApi = mock(ServiceProviderApi.class); AthenzService athenzService = mock(AthenzService.class); |