diff options
| author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-06-15 14:46:15 +0200 |
|---|---|---|
| committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-06-15 14:46:15 +0200 |
| commit | 01e1c1bfc9180c62d88501d9c4c29585cdca46fc (patch) | |
| tree | 52452571ec640751634a03482b0425c6e6c66c4a /jdisc-security-filters | |
| parent | 4a5f76d4840af80588159edfe574b25847ba1307 (diff) | |
Simplify token API by using fixed context for fingerprints
Fingerprints are now always derived using the a fixed context
of `Vespa token fingerprint`. Enforcement has been added that a
`TokenDomain` cannot be initialized with a context equal to the
fingerprint context.
This changes the fingerprint outputs from their previous values,
but that's fine since they are not yet in use anywhere.
Diffstat (limited to 'jdisc-security-filters')
2 files changed, 3 insertions, 3 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java index b2a71d2e1b9..07f586b2123 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilter.java @@ -63,7 +63,7 @@ public class CloudDataPlaneFilter extends JsonSecurityRequestFilterBase { CloudDataPlaneFilter(CloudDataPlaneFilterConfig cfg, X509Certificate reverseProxyCert) { this.legacyMode = cfg.legacyMode(); - this.tokenDomain = new TokenDomain(new byte[0], cfg.tokenContext().getBytes(StandardCharsets.UTF_8)); + this.tokenDomain = TokenDomain.of(cfg.tokenContext()); if (legacyMode) { allowedClients = List.of(); log.fine(() -> "Legacy mode enabled"); diff --git a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilterTest.java b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilterTest.java index e81ef45d3af..d05baccc069 100644 --- a/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilterTest.java +++ b/jdisc-security-filters/src/test/java/com/yahoo/jdisc/http/filter/security/cloud/CloudDataPlaneFilterTest.java @@ -53,9 +53,9 @@ class CloudDataPlaneFilterTest { private static final String TOKEN_CONTEXT = "my-token-context"; private static final String TOKEN_ID = "my-token-id"; private static final Token VALID_TOKEN = - TokenGenerator.generateToken(TokenDomain.of("fp-ctx", TOKEN_CONTEXT), "vespa_token_", CHECK_HASH_BYTES); + TokenGenerator.generateToken(TokenDomain.of(TOKEN_CONTEXT), "vespa_token_", CHECK_HASH_BYTES); private static final Token UNKNOWN_TOKEN = - TokenGenerator.generateToken(TokenDomain.of("fp-ctx", TOKEN_CONTEXT), "vespa_token_", CHECK_HASH_BYTES); + TokenGenerator.generateToken(TokenDomain.of(TOKEN_CONTEXT), "vespa_token_", CHECK_HASH_BYTES); @Test void accepts_any_trusted_client_certificate_in_legacy_mode() { |