diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-13 13:52:42 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-13 13:52:42 +0200 |
commit | 099bf8198862c71efacca49c0e3f5b19adacf316 (patch) | |
tree | b197deedf6d0f0077fe5f5961fbb8d87947aa8a1 /vespa-athenz/src | |
parent | b74530f434f40ed6d5e7f10834f31cf169320c0c (diff) |
Remove support for ntokens
Diffstat (limited to 'vespa-athenz/src')
3 files changed, 9 insertions, 16 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentials.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentials.java index bb9f512efe6..a1d8a9ca258 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentials.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentials.java @@ -12,28 +12,21 @@ import java.security.cert.X509Certificate; */ class AthenzCredentials { - private final String nToken; private final X509Certificate certificate; private final KeyPair keyPair; private final SignedIdentityDocument identityDocument; private final SSLContext identitySslContext; - AthenzCredentials(String nToken, - X509Certificate certificate, + AthenzCredentials(X509Certificate certificate, KeyPair keyPair, SignedIdentityDocument identityDocument, SSLContext identitySslContext) { - this.nToken = nToken; this.certificate = certificate; this.keyPair = keyPair; this.identityDocument = identityDocument; this.identitySslContext = identitySslContext; } - String getNToken() { - return nToken; - } - X509Certificate getCertificate() { return certificate; } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java index bc161290993..4601ba927da 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java @@ -5,6 +5,7 @@ import com.yahoo.container.core.identity.IdentityConfig; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.client.zts.DefaultZtsClient; import com.yahoo.vespa.athenz.client.zts.InstanceIdentity; +import com.yahoo.vespa.athenz.client.zts.ZtsClient; import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocumentClient; @@ -59,7 +60,7 @@ class AthenzCredentialsService { document.ipAddresses(), keyPair); - try (com.yahoo.vespa.athenz.client.zts.ZtsClient ztsClient = + try (ZtsClient ztsClient = new DefaultZtsClient(URI.create(identityConfig.ztsUrl()), nodeIdentityProvider)) { InstanceIdentity instanceIdentity = ztsClient.registerInstance( @@ -67,7 +68,7 @@ class AthenzCredentialsService { tenantIdentity, null, EntityBindingsMapper.toAttestationData(document), - true, + false, csr); return toAthenzCredentials(instanceIdentity, keyPair, document); } @@ -82,14 +83,14 @@ class AthenzCredentialsService { document.ipAddresses(), newKeyPair); - try (com.yahoo.vespa.athenz.client.zts.ZtsClient ztsClient = + try (ZtsClient ztsClient = new DefaultZtsClient(URI.create(identityConfig.ztsUrl()), tenantIdentity, sslContext)) { InstanceIdentity instanceIdentity = ztsClient.refreshInstance( new AthenzService(identityConfig.configserverIdentityName()), tenantIdentity, document.providerUniqueId().asDottedString(), - true, + false, csr); return toAthenzCredentials(instanceIdentity, newKeyPair, document); } @@ -99,9 +100,8 @@ class AthenzCredentialsService { KeyPair keyPair, SignedIdentityDocument identityDocument) { X509Certificate certificate = instanceIdentity.certificate(); - String serviceToken = instanceIdentity.nToken().get().getRawToken(); SSLContext identitySslContext = createIdentitySslContext(keyPair.getPrivate(), certificate); - return new AthenzCredentials(serviceToken, certificate, keyPair, identityDocument, identitySslContext); + return new AthenzCredentials(certificate, keyPair, identityDocument, identitySslContext); } private SSLContext createIdentitySslContext(PrivateKey privateKey, X509Certificate certificate) { diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java index 48781aad651..01dab2dada3 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImplTest.java @@ -62,12 +62,12 @@ public class AthenzIdentityProviderImplTest { X509Certificate certificate = getCertificate(getExpirationSupplier(clock)); when(athenzCredentialsService.registerInstance()) - .thenReturn(new AthenzCredentials(null, certificate, null, null, null)); + .thenReturn(new AthenzCredentials(certificate, null, null, null)); when(athenzCredentialsService.updateCredentials(any(), any())) .thenThrow(new RuntimeException("#1")) .thenThrow(new RuntimeException("#2")) - .thenReturn(new AthenzCredentials(null, certificate, null, null, null)); + .thenReturn(new AthenzCredentials(certificate, null, null, null)); AthenzIdentityProviderImpl identityProvider = new AthenzIdentityProviderImpl(IDENTITY_CONFIG, metric, athenzCredentialsService, mock(ScheduledExecutorService.class), clock); |