diff options
author | Valerij Fredriksen <valerijf@yahooinc.com> | 2022-05-18 09:52:22 +0200 |
---|---|---|
committer | Valerij Fredriksen <valerijf@yahooinc.com> | 2022-05-18 10:00:05 +0200 |
commit | e1146608d64d0ec5798f35670d85147d4f3cb9a4 (patch) | |
tree | 52045275ed6930abb658bcd3f59cae44977d37c8 /vespa-athenz | |
parent | fa46c60b0203b0d8b869a338f497662b8f03444f (diff) |
ZmsClient: Add method to update service public key
Diffstat (limited to 'vespa-athenz')
5 files changed, 55 insertions, 6 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java index 8ffb9331ddb..a4045016b78 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/DefaultZmsClient.java @@ -1,6 +1,8 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.client.zms; +import com.yahoo.athenz.auth.util.Crypto; +import com.yahoo.security.KeyUtils; import com.yahoo.vespa.athenz.api.AthenzAssertion; import com.yahoo.vespa.athenz.api.AthenzDomain; import com.yahoo.vespa.athenz.api.AthenzGroup; @@ -23,6 +25,7 @@ import com.yahoo.vespa.athenz.client.zms.bindings.ResponseListEntity; import com.yahoo.vespa.athenz.client.zms.bindings.RoleEntity; import com.yahoo.vespa.athenz.client.zms.bindings.ServiceEntity; import com.yahoo.vespa.athenz.client.zms.bindings.ServiceListResponseEntity; +import com.yahoo.vespa.athenz.client.zms.bindings.ServicePublicKeyEntity; import com.yahoo.vespa.athenz.client.zms.bindings.StatisticsEntity; import com.yahoo.vespa.athenz.client.zms.bindings.TenancyRequestEntity; import com.yahoo.vespa.athenz.identity.ServiceIdentityProvider; @@ -35,6 +38,7 @@ import org.apache.http.message.BasicHeader; import javax.net.ssl.SSLContext; import java.net.URI; +import java.security.PublicKey; import java.time.Instant; import java.util.Collections; import java.util.HashMap; @@ -356,6 +360,18 @@ public class DefaultZmsClient extends ClientBase implements ZmsClient { } @Override + public void updateServicePublicKey(AthenzService athenzService, String publicKeyId, PublicKey publicKey) { + URI uri = zmsUrl.resolve(String.format("domain/%s/service/%s/publickey/%s", + athenzService.getDomainName(), athenzService.getName(), publicKeyId)); + + ServicePublicKeyEntity entity = new ServicePublicKeyEntity(publicKeyId, Crypto.ybase64EncodeString(KeyUtils.toPem(publicKey))); + HttpUriRequest request = RequestBuilder.put(uri) + .setEntity(toJsonStringEntity(entity)) + .build(); + execute(request, response -> readEntity(response, Void.class)); + } + + @Override public void deleteService(AthenzService athenzService) { URI uri = zmsUrl.resolve(String.format("domain/%s/service/%s", athenzService.getDomainName(), athenzService.getName())); execute(RequestBuilder.delete(uri).build(), response -> readEntity(response, Void.class)); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java index 80a0ddff204..e15af58cb76 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/ZmsClient.java @@ -12,6 +12,7 @@ import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.api.OAuthCredentials; import java.io.Closeable; +import java.security.PublicKey; import java.time.Instant; import java.util.List; import java.util.Map; @@ -70,6 +71,8 @@ public interface ZmsClient extends Closeable { void createOrUpdateService(AthenzService athenzService); + void updateServicePublicKey(AthenzService athenzService, String publicKeyId, PublicKey publicKey); + void deleteService(AthenzService athenzService); void createRole(AthenzRole role, Map<String, Object> properties); diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServicePublicKeyEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServicePublicKeyEntity.java new file mode 100644 index 00000000000..4767b584661 --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zms/bindings/ServicePublicKeyEntity.java @@ -0,0 +1,32 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.client.zms.bindings; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonGetter; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; + +/** + * @author freva + */ +@JsonIgnoreProperties(ignoreUnknown = true) +public class ServicePublicKeyEntity { + public final String id; + public final String key; + + @JsonCreator + public ServicePublicKeyEntity(@JsonProperty("id") String id, @JsonProperty("key") String key) { + this.id = id; + this.key = key; + } + + @JsonGetter("id") + public String name() { + return id; + } + + @JsonGetter("key") + public String key() { + return key; + } +} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java index 0c73891bdae..13a61d65d78 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/client/zts/DefaultZtsClient.java @@ -38,7 +38,6 @@ import java.security.KeyPair; import java.security.cert.X509Certificate; import java.time.Duration; import java.util.List; -import java.util.Objects; import java.util.Optional; import java.util.function.Supplier; import java.util.stream.Collectors; @@ -230,7 +229,7 @@ public class DefaultZtsClient extends ClientBase implements ZtsClient { return URI.create(ztsUrl.toString() + '/'); } public static class Builder { - private URI ztsUrl; + private final URI ztsUrl; private ErrorHandler errorHandler = ErrorHandler.empty(); private HostnameVerifier hostnameVerifier = null; private Supplier<SSLContext> sslContextSupplier = null; @@ -260,9 +259,8 @@ public class DefaultZtsClient extends ClientBase implements ZtsClient { } public DefaultZtsClient build() { - if (Objects.isNull(sslContextSupplier)) { - throw new IllegalArgumentException("No ssl context or identity provider available to set up zts client"); - } + if (sslContextSupplier == null) + throw new IllegalArgumentException("No SSL context or identity provider available to set up ZTS client"); return new DefaultZtsClient(ztsUrl, sslContextSupplier, hostnameVerifier, errorHandler); } } diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzIdentityVerifier.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzIdentityVerifier.java index e440d79a159..bc50bcb2bb6 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzIdentityVerifier.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzIdentityVerifier.java @@ -24,7 +24,7 @@ public class AthenzIdentityVerifier implements HostnameVerifier { private final Set<AthenzIdentity> allowedIdentities; public AthenzIdentityVerifier(Set<AthenzIdentity> allowedIdentities) { - this.allowedIdentities = allowedIdentities; + this.allowedIdentities = Set.copyOf(allowedIdentities); } @Override |