diff options
author | Håkon Hallingstad <hakon@yahooinc.com> | 2022-03-16 17:56:59 +0100 |
---|---|---|
committer | Håkon Hallingstad <hakon@yahooinc.com> | 2022-03-16 17:56:59 +0100 |
commit | 0f1ecf940aa79c7fee1dc1f1733bba594e18cebd (patch) | |
tree | 64eafcc9ed3b8a4fd6014bdc902bfa867812342a /vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts | |
parent | b6277402605a1bf57b77ef0753eaa9a9db02cbe6 (diff) |
Add NTokenGenerator
Diffstat (limited to 'vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java index 2eea5d3151a..0c73891bdae 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java @@ -94,12 +94,17 @@ public class DefaultZtsClient extends ClientBase implements ZtsClient { @Override public Identity getServiceIdentity(AthenzIdentity identity, String keyId, Pkcs10Csr csr) { + return getServiceIdentity(identity, keyId, csr, Optional.empty()); + } + + public Identity getServiceIdentity(AthenzIdentity identity, String keyId, Pkcs10Csr csr, Optional<NToken> nToken) { URI uri = ztsUrl.resolve(String.format("instance/%s/%s/refresh", identity.getDomainName(), identity.getName())); - HttpUriRequest request = RequestBuilder.post() - .setUri(uri) - .setEntity(toJsonStringEntity(new IdentityRefreshRequestEntity(csr, keyId))) - .build(); - return execute(request, response -> { + RequestBuilder builder = RequestBuilder.post() + .setUri(uri) + .setEntity(toJsonStringEntity(new IdentityRefreshRequestEntity(csr, keyId))); + nToken.ifPresent(n -> builder.setHeader("Athenz-Principal-Auth", n.getRawToken())); + + return execute(builder.build(), response -> { IdentityResponseEntity entity = readEntity(response, IdentityResponseEntity.class); return new Identity(entity.certificate(), entity.caCertificateBundle()); }); |