diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-06-15 14:46:15 +0200 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-06-15 14:46:15 +0200 |
commit | 01e1c1bfc9180c62d88501d9c4c29585cdca46fc (patch) | |
tree | 52452571ec640751634a03482b0425c6e6c66c4a /controller-server/src | |
parent | 4a5f76d4840af80588159edfe574b25847ba1307 (diff) |
Simplify token API by using fixed context for fingerprints
Fingerprints are now always derived using the a fixed context
of `Vespa token fingerprint`. Enforcement has been added that a
`TokenDomain` cannot be initialized with a context equal to the
fingerprint context.
This changes the fingerprint outputs from their previous values,
but that's fine since they are not yet in use anywhere.
Diffstat (limited to 'controller-server/src')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java index 7941ae68a4f..731806bd53a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/dataplanetoken/DataplaneTokenService.java @@ -29,7 +29,6 @@ import java.util.stream.Stream; public class DataplaneTokenService { private static final String TOKEN_PREFIX = "vespa_cloud_"; - private static final byte[] FINGERPRINT_CONTEXT = new byte[0]; private static final int TOKEN_BYTES = 32; private static final int CHECK_HASH_BYTES = 32; @@ -57,7 +56,7 @@ public class DataplaneTokenService { * @return a DataplaneToken containing the secret generated token */ public DataplaneToken generateToken(TenantName tenantName, TokenId tokenId, Principal principal) { - TokenDomain tokenDomain = new TokenDomain(FINGERPRINT_CONTEXT, tenantName.value().getBytes(StandardCharsets.UTF_8)); + TokenDomain tokenDomain = TokenDomain.of(tenantName.value()); Token token = TokenGenerator.generateToken(tokenDomain, TOKEN_PREFIX, TOKEN_BYTES); TokenCheckHash checkHash = TokenCheckHash.of(token, CHECK_HASH_BYTES); DataplaneTokenVersions.Version newTokenVersion = new DataplaneTokenVersions.Version( |