summaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorn.christian@seime.no>2017-12-11 14:45:58 +0100
committerGitHub <noreply@github.com>2017-12-11 14:45:58 +0100
commit7d36fbe2d8aa7d8b531763e62fcd0cb43c54239c (patch)
tree086a5628316eb7364ad4a86e9868515cfa519354 /controller-api
parent891d69cc5eb652885d2b77b639b9b1b1fd71a6d2 (diff)
parentdb87c8a1259d71f3bb16785fb8c34fd7bd764577 (diff)
Merge pull request #4385 from vespa-engine/bjorncs/retrieve-athenz-tls-cert
Add getIdentityCertificate and getRoleCertificate to ZtsClient
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityCertificate.java27
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzRoleCertificate.java27
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzSslContextProvider.java14
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java4
4 files changed, 72 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityCertificate.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityCertificate.java
new file mode 100644
index 00000000000..d53817c09e4
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityCertificate.java
@@ -0,0 +1,27 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.athenz;
+
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author bjorncs
+ */
+public class AthenzIdentityCertificate {
+
+ private final X509Certificate certificate;
+ private final PrivateKey privateKey;
+
+ public AthenzIdentityCertificate(X509Certificate certificate, PrivateKey privateKey) {
+ this.certificate = certificate;
+ this.privateKey = privateKey;
+ }
+
+ public X509Certificate getCertificate() {
+ return certificate;
+ }
+
+ public PrivateKey getPrivateKey() {
+ return privateKey;
+ }
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzRoleCertificate.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzRoleCertificate.java
new file mode 100644
index 00000000000..80548cccd89
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzRoleCertificate.java
@@ -0,0 +1,27 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.athenz;
+
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author bjorncs
+ */
+public class AthenzRoleCertificate {
+
+ private final X509Certificate certificate;
+ private final PrivateKey privateKey;
+
+ public AthenzRoleCertificate(X509Certificate certificate, PrivateKey privateKey) {
+ this.certificate = certificate;
+ this.privateKey = privateKey;
+ }
+
+ public X509Certificate getCertificate() {
+ return certificate;
+ }
+
+ public PrivateKey getPrivateKey() {
+ return privateKey;
+ }
+}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzSslContextProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzSslContextProvider.java
new file mode 100644
index 00000000000..480105a2d86
--- /dev/null
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzSslContextProvider.java
@@ -0,0 +1,14 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.controller.api.integration.athenz;
+
+import com.google.inject.Provider;
+
+import javax.net.ssl.SSLContext;
+
+/**
+ * Provides a {@link SSLContext} for use in controller clients communicating with Athenz TLS secured services.
+ * It is configured with a keystore containing the Athenz service certificate and a trust store with the Athenz CA certificates.
+ *
+ * @author bjorncs
+ */
+public interface AthenzSslContextProvider extends Provider<SSLContext> {}
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java
index c7a2adfb17e..f37c1679d1e 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java
@@ -12,4 +12,8 @@ public interface ZtsClient {
List<AthenzDomain> getTenantDomainsForUser(AthenzIdentity principal);
+ AthenzIdentityCertificate getIdentityCertificate();
+
+ AthenzRoleCertificate getRoleCertificate(AthenzDomain roleDomain, String roleName);
+
}