diff options
| author | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-06-11 13:18:23 +0200 |
|---|---|---|
| committer | Jon Marius Venstad <jvenstad@yahoo-inc.com> | 2019-06-11 13:18:23 +0200 |
| commit | df6fedee139ddc7d9a7127d9a3d51cb6e43b7778 (patch) | |
| tree | 415b5bd477e3c5dc9aa2697ee691485186d7cc42 /tenant-auth | |
| parent | 89e40d3684d48b94e82a7199d17b0e32dd07faab (diff) | |
Assume private key authentication against controller
Diffstat (limited to 'tenant-auth')
| -rw-r--r-- | tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java b/tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java index 6ecf1100630..9ded35a5726 100644 --- a/tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java +++ b/tenant-auth/src/main/java/ai/vespa/hosted/auth/Authenticator.java @@ -34,7 +34,7 @@ public class Authenticator { Path privateKeyFile = credentialsRoot.resolve("key"); X509Certificate certificate = X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile))); - if (Instant.now().isBefore(certificate.getNotBefore().toInstant()) + if ( Instant.now().isBefore(certificate.getNotBefore().toInstant()) || Instant.now().isAfter(certificate.getNotAfter().toInstant())) throw new IllegalStateException("Certificate at '" + certificateFile + "' is valid between " + certificate.getNotBefore() + " and " + certificate.getNotAfter() + " — not now."); @@ -50,17 +50,15 @@ public class Authenticator { return request; } - ApplicationId id = ApplicationId.from(requireNonBlankProperty("tenant"), - requireNonBlankProperty("application"), - getNonBlankProperty("instance").orElse("default")); + public ControllerHttpClient controller() { + ApplicationId id = ApplicationId.from(requireNonBlankProperty("tenant"), + requireNonBlankProperty("application"), + getNonBlankProperty("instance").orElse("default")); + URI endpoint = URI.create(requireNonBlankProperty("endpoint")); + Path privateKeyFile = Paths.get(requireNonBlankProperty("privateKeyFile")); - URI endpoint = URI.create(requireNonBlankProperty("endpoint")); - Path privateKeyFile = Paths.get(requireNonBlankProperty("privateKeyFile")); - Optional<Path> certificateFile = getNonBlankProperty("certificateFile").map(Paths::get); - - ControllerHttpClient controller = certificateFile.isPresent() - ? ControllerHttpClient.withKeyAndCertificate(endpoint, privateKeyFile, certificateFile.get()) - : ControllerHttpClient.withSignatureKey(endpoint, privateKeyFile, id); + return ControllerHttpClient.withSignatureKey(endpoint, privateKeyFile, id); + } static Optional<String> getNonBlankProperty(String name) { return Optional.ofNullable(System.getProperty(name)).filter(value -> ! value.isBlank()); |