Add deserializer for X509 certificate

author: Bjørn Christian Seime <bjorncs@oath.com> 2017-11-03 17:20:58 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2017-11-06 17:49:17 +0100
commit: 7be9f1d94f6b98ea56fbf8afb520835f83bd024d (patch)
tree: dcc1de02090be9f1eecf67791a24c20f38105139 /container-disc
parent: 579a0a1d651bf2961e578063a02dad55fb2010a9 (diff)
3 files changed, 24 insertions, 5 deletions
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java
index 19e04e0ae01..418b3511ebb 100644
--- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java
@@ -1,13 +1,15 @@
 // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.container.jdisc.athenz;
 
+import java.security.cert.X509Certificate;
+
 /**
  * @author mortent
  */
 public interface AthenzIdentityProvider {
 
     String getNToken();
-    String getX509Cert();
+    X509Certificate getX509Cert();
     String domain();
     String service();
 }
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java
index 478f7ee8759..83c001eaab7 100644
--- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java
@@ -10,6 +10,7 @@ import com.yahoo.container.jdisc.athenz.AthenzIdentityProvider;
 import java.io.IOException;
 import java.net.URI;
 import java.security.KeyPair;
+import java.security.cert.X509Certificate;
 
 /**
  * @author mortent
@@ -60,7 +61,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen
     }
 
     @Override
-    public String getX509Cert() {
+    public X509Certificate getX509Cert() {
         return instanceIdentity.getX509Certificate();
     }
 
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/InstanceIdentity.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/InstanceIdentity.java
index f64b2c765a5..20bbb2aa67e 100644
--- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/InstanceIdentity.java
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/InstanceIdentity.java
@@ -4,6 +4,13 @@ package com.yahoo.container.jdisc.athenz.impl;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.JsonDeserializer;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+
+import java.io.IOException;
+import java.security.cert.X509Certificate;
 
 /**
  * Used for deserializing response from ZTS
@@ -13,20 +20,29 @@ import com.fasterxml.jackson.annotation.JsonProperty;
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public class InstanceIdentity {
-    @JsonProperty("x509Certificate") private final String x509Certificate;
+    @JsonProperty("x509Certificate") private final X509Certificate x509Certificate;
     @JsonProperty("serviceToken") private final String serviceToken;
 
-    public InstanceIdentity(@JsonProperty("x509Certificate") String x509Certificate,
+    public InstanceIdentity(@JsonProperty("x509Certificate") @JsonDeserialize(using = X509CertificateDeserializer.class)
+                                    X509Certificate x509Certificate,
                             @JsonProperty("serviceToken") String serviceToken) {
         this.x509Certificate = x509Certificate;
         this.serviceToken = serviceToken;
     }
 
-    public String getX509Certificate() {
+    public X509Certificate getX509Certificate() {
         return x509Certificate;
     }
 
     public String getServiceToken() {
         return serviceToken;
     }
+
+    public static class X509CertificateDeserializer extends JsonDeserializer<X509Certificate> {
+        @Override
+        public X509Certificate deserialize(JsonParser parser, DeserializationContext context) throws IOException {
+            return CryptoUtils.parseCertificate(parser.getValueAsString());
+        }
+    }
+
 }
author	Bjørn Christian Seime <bjorncs@oath.com>	2017-11-03 17:20:58 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2017-11-06 17:49:17 +0100
commit	7be9f1d94f6b98ea56fbf8afb520835f83bd024d (patch)
tree	dcc1de02090be9f1eecf67791a24c20f38105139 /container-disc
parent	579a0a1d651bf2961e578063a02dad55fb2010a9 (diff)