Add bindings to make CSR

2 files changed, 135 insertions, 0 deletions

diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/certificate/CertificateSerializedPayload.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/certificate/CertificateSerializedPayload.java
new file mode 100644
index 00000000000..e7148754fde
--- /dev/null
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/certificate/CertificateSerializedPayload.java
@@ -0,0 +1,69 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.node.admin.configserver.certificate;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.JsonDeserializer;
+import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.openssl.PEMParser;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * Contains PEM formatted signed certificate
+ * TODO: Combine with its counterpart in athenz-identity-provider-service?
+ *
+ * @author freva
+ */
+public class CertificateSerializedPayload {
+
+    @JsonProperty("certificate") public final X509Certificate certificate;
+
+    @JsonCreator
+    public CertificateSerializedPayload(@JsonProperty("certificate") @JsonDeserialize(using = CertificateDeserializer.class)
+                                        X509Certificate certificate) {
+        this.certificate = certificate;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+
+        CertificateSerializedPayload that = (CertificateSerializedPayload) o;
+
+        return certificate.equals(that.certificate);
+    }
+
+    @Override
+    public int hashCode() {
+        return certificate.hashCode();
+    }
+
+    @Override
+    public String toString() {
+        return "CertificateSerializedPayload{" +
+                "certificate='" + certificate + '\'' +
+                '}';
+    }
+
+    public static class CertificateDeserializer extends JsonDeserializer<X509Certificate> {
+        @Override
+        public X509Certificate deserialize(
+                JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException {
+            try (PEMParser pemParser = new PEMParser(new StringReader(jsonParser.getValueAsString()))) {
+                X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) pemParser.readObject();
+                return new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
+            } catch (CertificateException e) {
+                throw new RuntimeException("Failed to deserialize X509Certificate", e);
+            }
+        }
+    }
+}
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/certificate/CsrSerializedPayload.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/certificate/CsrSerializedPayload.java
new file mode 100644
index 00000000000..aa83fdc9e22
--- /dev/null
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/configserver/certificate/CsrSerializedPayload.java
@@ -0,0 +1,66 @@
+// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.node.admin.configserver.certificate;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.databind.JsonSerializer;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.bouncycastle.util.io.pem.PemObject;
+
+import java.io.IOException;
+import java.io.StringWriter;
+
+/**
+ * Contains PEM formatted Certificate Signing Request (CSR)
+ * TODO: Combine with its counterpart in athenz-identity-provider-service?
+ *
+ * @author freva
+ */
+public class CsrSerializedPayload {
+
+    @JsonProperty("csr") @JsonSerialize(using = CertificateRequestSerializer.class)
+    public final PKCS10CertificationRequest csr;
+
+    @JsonCreator
+    public CsrSerializedPayload(@JsonProperty("csr") PKCS10CertificationRequest csr) {
+        this.csr = csr;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+
+        CsrSerializedPayload that = (CsrSerializedPayload) o;
+
+        return csr.equals(that.csr);
+    }
+
+    @Override
+    public int hashCode() {
+        return csr.hashCode();
+    }
+
+    @Override
+    public String toString() {
+        return "CsrSerializedPayload{" +
+                "csr='" + csr + '\'' +
+                '}';
+    }
+
+    public static class CertificateRequestSerializer extends JsonSerializer<PKCS10CertificationRequest> {
+        @Override
+        public void serialize(
+                PKCS10CertificationRequest csr, JsonGenerator gen, SerializerProvider serializers) throws IOException {
+            try (StringWriter stringWriter = new StringWriter(); JcaPEMWriter pemWriter = new JcaPEMWriter(stringWriter)) {
+                pemWriter.writeObject(new PemObject("CERTIFICATE REQUEST", csr.getEncoded()));
+                pemWriter.flush();
+                gen.writeString(stringWriter.toString());
+            }
+        }
+    }
+}