diff options
author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-04-30 15:18:11 +0200 |
---|---|---|
committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-05-02 15:09:09 +0200 |
commit | c490daf8bc4ed21e3aadf7239ab847e5643041ad (patch) | |
tree | 391ea2f1a580e55a450bee253783ac95cc83e022 /hosted-api | |
parent | 6c25a7b4677f098b1f851d0351e5bcba8536e139 (diff) |
Add filter which accepts only requests with verified signatures
Diffstat (limited to 'hosted-api')
-rw-r--r-- | hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java | 6 | ||||
-rw-r--r-- | hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java | 6 |
2 files changed, 4 insertions, 8 deletions
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java index fb8eb1421b4..48ff10695d3 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java @@ -5,8 +5,6 @@ import com.yahoo.security.KeyUtils; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.net.http.HttpRequest; -import java.security.Key; -import java.security.PrivateKey; import java.security.Signature; import java.security.SignatureException; import java.time.Clock; @@ -26,13 +24,13 @@ public class RequestSigner { private final String keyId; private final Clock clock; - /** Creates a new request signer from the PEM encoded RSA key at the specified path, owned by the given application. */ + /** Creates a new request signer from the given PEM encoded ECDSA key, with a public key with the given ID. */ public RequestSigner(String pemPrivateKey, String keyId) { this(pemPrivateKey, keyId, Clock.systemUTC()); } /** Creates a new request signer with a custom clock. */ - RequestSigner(String pemPrivateKey, String keyId, Clock clock) { + public RequestSigner(String pemPrivateKey, String keyId, Clock clock) { this.signer = KeyUtils.createSigner(KeyUtils.fromPemEncodedPrivateKey(pemPrivateKey)); this.keyId = keyId; this.clock = clock; diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java index a46a93f624e..1d672a56dcb 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java @@ -3,14 +3,11 @@ package ai.vespa.hosted.api; import com.yahoo.security.KeyUtils; import java.net.URI; -import java.security.Key; -import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; import java.time.Clock; import java.time.Duration; import java.time.Instant; -import java.util.Arrays; import java.util.Base64; /** @@ -23,11 +20,12 @@ public class RequestVerifier { private final Signature verifier; private final Clock clock; + /** Creates a new request verifier from the given PEM encoded ECDSA public key. */ public RequestVerifier(String pemPublicKey) { this(pemPublicKey, Clock.systemUTC()); } - RequestVerifier(String pemPublicKey, Clock clock) { + public RequestVerifier(String pemPublicKey, Clock clock) { this.verifier = KeyUtils.createVerifier(KeyUtils.fromPemEncodedPublicKey(pemPublicKey)); this.clock = clock; } |