diff options
| author | Morten Tokle <mortent@oath.com> | 2018-02-20 10:50:56 +0100 |
|---|---|---|
| committer | Morten Tokle <mortent@oath.com> | 2018-02-20 10:50:56 +0100 |
| commit | d2bb598fc5c89052e25cfee49960bb177bc9ff03 (patch) | |
| tree | 6641824badbc2e3b54d36a87c2ed5e7c9b4f880f /vespa-athenz | |
| parent | a7eeec951733f0bae567e7443e4c74e89b01aaac (diff) | |
Revert "Merge pull request #5072 from vespa-engine/revert-4984-mortent/ckms"
This reverts commit 6d7b65adfcd1e918da8173dab25bf701074f3cdc, reversing
changes made to 2ecdfefd5616743f62691f64a517ab787d6f0c10.
Diffstat (limited to 'vespa-athenz')
3 files changed, 65 insertions, 0 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java new file mode 100644 index 00000000000..c050ddce2c6 --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java @@ -0,0 +1,51 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.identity; + +import com.yahoo.athenz.auth.util.Crypto; +import com.yahoo.container.jdisc.athenz.AthenzIdentityProvider; +import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate; +import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder; + +import javax.net.ssl.SSLContext; +import java.io.File; +import java.nio.file.Paths; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +/** + * @author mortent + */ +public class SiaIdentityProvider implements AthenzIdentityProvider { + + private final AthenzDomain domain; + private final AthenzService service; + private final String path; + + public SiaIdentityProvider(SiaProviderConfig siaProviderConfig) { + this.domain = new AthenzDomain(siaProviderConfig.athenzDomain()); + this.service = new AthenzService(domain, siaProviderConfig.athenzService()); + this.path = siaProviderConfig.keyPathPrefix(); + } + + @Override + public String getDomain() { + return domain.getName(); + } + + @Override + public String getService() { + return service.getName(); + } + + @Override + public SSLContext getIdentitySslContext() { + X509Certificate certificate = Crypto.loadX509Certificate(Paths.get(path, "certs", String.format("%s.%s.cert.pem", getDomain(),getService())).toFile()); + PrivateKey privateKey = Crypto.loadPrivateKey(Paths.get(path, "keys", String.format("%s.%s.key.pem", getDomain(),getService())).toFile()); + + return new AthenzSslContextBuilder() + .withIdentityCertificate(new AthenzIdentityCertificate(certificate, privateKey)) + .build(); + } +} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/package-info.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/package-info.java new file mode 100644 index 00000000000..da31e72a1fa --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/package-info.java @@ -0,0 +1,8 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +/** + * @author mortent + */ +@ExportPackage +package com.yahoo.vespa.athenz.identity; + +import com.yahoo.osgi.annotation.ExportPackage;
\ No newline at end of file diff --git a/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def b/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def new file mode 100644 index 00000000000..f668ef544f7 --- /dev/null +++ b/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def @@ -0,0 +1,6 @@ +# Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +namespace=vespa.athenz.identity + +athenzDomain string +athenzService string +keyPathPrefix string |