diff options
author | Morten Tokle <mortent@yahooinc.com> | 2022-06-28 09:53:56 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2022-06-28 09:53:56 +0200 |
commit | 954e9f4467bc50f686ee3c0813c467ddea998d5a (patch) | |
tree | ab64a0ccc79dc8b5e415ac805fd8bed1d18c2a38 /vespa-athenz | |
parent | b659a529c013d6ff0ac21c0a54f49d6b38dc5c67 (diff) |
Expose role certificate
Diffstat (limited to 'vespa-athenz')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java index 418f7ec024b..1523537d84c 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java @@ -213,7 +213,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen try { AthenzRole athenzRole = new AthenzRole(new AthenzDomain(domain), role); // Make sure to request a certificate which triggers creating a new key manager for this role - X509Certificate x509Certificate = roleSslCertCache.get(athenzRole); + X509Certificate x509Certificate = getRoleCertificate(athenzRole); MutableX509KeyManager keyManager = roleKeyManagerCache.get(athenzRole); return new SslContextBuilder() .withKeyManager(keyManager) @@ -278,6 +278,19 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen return Collections.singletonList(credentials.getCertificate()); } + @Override + public X509Certificate getRoleCertificate(String domain, String role) { + return getRoleCertificate(new AthenzRole(new AthenzDomain(domain), role)); + } + + private X509Certificate getRoleCertificate(AthenzRole athenzRole) { + try { + return roleSslCertCache.get(athenzRole); + } catch (Exception e) { + throw new AthenzIdentityProviderException("Could not retrieve role certificate: " + e.getMessage(), e); + } + } + private void updateIdentityCredentials(AthenzCredentials credentials) { this.credentials = credentials; this.identityKeyManager.updateKeystore( |