aboutsummaryrefslogtreecommitdiffstats
path: root/hosted-api
diff options
context:
space:
mode:
authorJon Marius Venstad <jvenstad@yahoo-inc.com>2019-04-30 15:18:11 +0200
committerJon Marius Venstad <jvenstad@yahoo-inc.com>2019-05-02 15:09:09 +0200
commitc490daf8bc4ed21e3aadf7239ab847e5643041ad (patch)
tree391ea2f1a580e55a450bee253783ac95cc83e022 /hosted-api
parent6c25a7b4677f098b1f851d0351e5bcba8536e139 (diff)
Add filter which accepts only requests with verified signatures
Diffstat (limited to 'hosted-api')
-rw-r--r--hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java6
-rw-r--r--hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java6
2 files changed, 4 insertions, 8 deletions
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java
index fb8eb1421b4..48ff10695d3 100644
--- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java
+++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java
@@ -5,8 +5,6 @@ import com.yahoo.security.KeyUtils;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.net.http.HttpRequest;
-import java.security.Key;
-import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.time.Clock;
@@ -26,13 +24,13 @@ public class RequestSigner {
private final String keyId;
private final Clock clock;
- /** Creates a new request signer from the PEM encoded RSA key at the specified path, owned by the given application. */
+ /** Creates a new request signer from the given PEM encoded ECDSA key, with a public key with the given ID. */
public RequestSigner(String pemPrivateKey, String keyId) {
this(pemPrivateKey, keyId, Clock.systemUTC());
}
/** Creates a new request signer with a custom clock. */
- RequestSigner(String pemPrivateKey, String keyId, Clock clock) {
+ public RequestSigner(String pemPrivateKey, String keyId, Clock clock) {
this.signer = KeyUtils.createSigner(KeyUtils.fromPemEncodedPrivateKey(pemPrivateKey));
this.keyId = keyId;
this.clock = clock;
diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java
index a46a93f624e..1d672a56dcb 100644
--- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java
+++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java
@@ -3,14 +3,11 @@ package ai.vespa.hosted.api;
import com.yahoo.security.KeyUtils;
import java.net.URI;
-import java.security.Key;
-import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
-import java.util.Arrays;
import java.util.Base64;
/**
@@ -23,11 +20,12 @@ public class RequestVerifier {
private final Signature verifier;
private final Clock clock;
+ /** Creates a new request verifier from the given PEM encoded ECDSA public key. */
public RequestVerifier(String pemPublicKey) {
this(pemPublicKey, Clock.systemUTC());
}
- RequestVerifier(String pemPublicKey, Clock clock) {
+ public RequestVerifier(String pemPublicKey, Clock clock) {
this.verifier = KeyUtils.createVerifier(KeyUtils.fromPemEncodedPublicKey(pemPublicKey));
this.clock = clock;
}