diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-13 15:12:02 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-13 15:12:02 +0200 |
commit | 83e24b04018937135b2275c476e871f622960bfe (patch) | |
tree | 3c472d1cea0d06e5a00aa57063cec2c28186afb5 /vespa-athenz | |
parent | 099bf8198862c71efacca49c0e3f5b19adacf316 (diff) |
Add utility methods for reading/writing SIA credentials
Diffstat (limited to 'vespa-athenz')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java index adaafab4617..55e9103b040 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/utils/SiaUtils.java @@ -2,9 +2,18 @@ package com.yahoo.vespa.athenz.utils; import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.vespa.athenz.tls.KeyUtils; +import com.yahoo.vespa.athenz.tls.X509CertificateUtils; +import java.io.IOException; +import java.io.UncheckedIOException; +import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.nio.file.StandardCopyOption; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; +import java.util.Optional; /** * Misc utility methods for SIA provided credentials @@ -36,4 +45,68 @@ public class SiaUtils { .resolve(String.format("%s.%s.cert.pem", service.getDomainName(), service.getName())); } + public static Optional<PrivateKey> readPrivateKeyFile(AthenzService service) { + return readPrivateKeyFile(DEFAULT_SIA_DIRECTORY, service); + } + + public static Optional<PrivateKey> readPrivateKeyFile(Path root, AthenzService service) { + try { + Path privateKeyFile = getPrivateKeyFile(root, service); + if (Files.notExists(privateKeyFile)) return Optional.empty(); + return Optional.of(KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyFile)))); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + public static Optional<X509Certificate> readCertificateFile(AthenzService service) { + return readCertificateFile(DEFAULT_SIA_DIRECTORY, service); + } + + public static Optional<X509Certificate> readCertificateFile(Path root, AthenzService service) { + try { + Path certificateFile = getCertificateFile(root, service); + if (Files.notExists(certificateFile)) return Optional.empty(); + return Optional.of(X509CertificateUtils.fromPem(new String(Files.readAllBytes(certificateFile)))); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + public static void writePrivateKeyFile(AthenzService service, PrivateKey privateKey) { + writePrivateKeyFile(DEFAULT_SIA_DIRECTORY, service, privateKey); + } + + public static void writePrivateKeyFile(Path root, AthenzService service, PrivateKey privateKey) { + try { + Path privateKeyFile = getPrivateKeyFile(root, service); + Files.createDirectories(privateKeyFile.getParent()); + Path tempFile = toTempFile(privateKeyFile); + Files.write(tempFile, KeyUtils.toPem(privateKey).getBytes()); + Files.move(tempFile, privateKeyFile, StandardCopyOption.ATOMIC_MOVE); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + public static void writeCertificateFile(AthenzService service, X509Certificate certificate) { + writeCertificateFile(DEFAULT_SIA_DIRECTORY, service, certificate); + } + + public static void writeCertificateFile(Path root, AthenzService service, X509Certificate certificate) { + try { + Path certificateFile = getCertificateFile(root, service); + Files.createDirectories(certificateFile.getParent()); + Path tempFile = toTempFile(certificateFile); + Files.write(tempFile, X509CertificateUtils.toPem(certificate).getBytes()); + Files.move(tempFile, certificateFile, StandardCopyOption.ATOMIC_MOVE); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + private static Path toTempFile(Path file) { + return Paths.get(file.toAbsolutePath().toString() + ".tmp"); + } + } |