diff options
9 files changed, 331 insertions, 0 deletions
diff --git a/athenz-identity-provider-service/pom.xml b/athenz-identity-provider-service/pom.xml index 86d4defa861..372763fede2 100644 --- a/athenz-identity-provider-service/pom.xml +++ b/athenz-identity-provider-service/pom.xml @@ -131,6 +131,12 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <compilerArgs> + <arg>-Xlint:-deprecation</arg> + <arg>-Werror</arg> + </compilerArgs> + </configuration> </plugin> </plugins> </build> diff --git a/vespa-athenz/pom.xml b/vespa-athenz/pom.xml index 731553bc749..7721d1829e5 100644 --- a/vespa-athenz/pom.xml +++ b/vespa-athenz/pom.xml @@ -135,6 +135,12 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <compilerArgs> + <arg>-Xlint:-deprecation</arg> + <arg>-Werror</arg> + </compilerArgs> + </configuration> </plugin> </plugins> </build> diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java new file mode 100644 index 00000000000..e591105eed1 --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapper.java @@ -0,0 +1,68 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.identityprovider.api; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.IdentityDocumentEntity; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.VespaUniqueInstanceIdEntity; +import com.yahoo.vespa.athenz.identityprovider.api.bindings.SignedIdentityDocumentEntity; + +/** + * Utility class for mapping objects model types and their Jackson binding versions. + * + * @author bjorncs + */ +public class EntityBindingsMapper { + + private static final ObjectMapper mapper = new ObjectMapper().registerModule(new JavaTimeModule()); + + private EntityBindingsMapper() {} + + public static String toAttestationData(SignedIdentityDocument model) { + try { + return mapper.writeValueAsString(toSignedIdentityDocumentEntity(model)); + } catch (JsonProcessingException e) { + throw new RuntimeException(e); + } + } + + public static VespaUniqueInstanceId toVespaUniqueInstanceId(VespaUniqueInstanceIdEntity entity) { + return new VespaUniqueInstanceId( + entity.clusterIndex, entity.clusterId, entity.instance, entity.application, entity.tenant, entity.region, entity.environment); + } + + public static VespaUniqueInstanceIdEntity toVespaUniqueInstanceIdEntity(VespaUniqueInstanceId model) { + return new VespaUniqueInstanceIdEntity( + model.tenant(), model.application(), model.environment(), model.region(), + model.instance(), model.clusterId(), model.clusterIndex()); + } + + public static IdentityDocumentEntity toIdentityDocumentEntity(IdentityDocument model) { + return new IdentityDocumentEntity( + toVespaUniqueInstanceIdEntity(model.providerUniqueId()), + model.configServerHostname(), + model.instanceHostname(), + model.createdAt(), + model.ipAddresses()); + } + + public static SignedIdentityDocumentEntity toSignedIdentityDocumentEntity(SignedIdentityDocument model) { + try { + IdentityDocumentEntity identityDocumentEntity = toIdentityDocumentEntity(model.identityDocument()); + String rawDocument = mapper.writeValueAsString(identityDocumentEntity); + return new SignedIdentityDocumentEntity( + rawDocument, + model.signature(), + model.signingKeyVersion(), + model.providerUniqueId().asDottedString(), + model.dnsSuffix(), + model.providerService().getFullName(), + model.ztsEndpoint(), + model.documentVersion()); + } catch (JsonProcessingException e) { + throw new RuntimeException(e); + } + } + +} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocument.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocument.java index 127a9de16ca..b2be9567258 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocument.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocument.java @@ -10,7 +10,9 @@ import java.util.Set; /** * @author bjorncs + * @deprecated Use {@link IdentityDocumentEntity} instead. */ +@Deprecated @JsonIgnoreProperties(ignoreUnknown = true) public class IdentityDocument { diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java new file mode 100644 index 00000000000..58a4f1e24bf --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/IdentityDocumentEntity.java @@ -0,0 +1,71 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.identityprovider.api.bindings; + +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; + +import java.time.Instant; +import java.util.Objects; +import java.util.Set; + +/** + * @author bjorncs + */ +@JsonIgnoreProperties(ignoreUnknown = true) +public class IdentityDocumentEntity { + + @JsonProperty("provider-unique-id") + public final VespaUniqueInstanceIdEntity providerUniqueId; + @JsonProperty("configserver-hostname") + public final String configServerHostname; + @JsonProperty("instance-hostname") + public final String instanceHostname; + @JsonProperty("created-at") + public final Instant createdAt; + @JsonProperty("ip-addresses") + public final Set<String> ipAddresses; + + public IdentityDocumentEntity( + @JsonProperty("provider-unique-id") VespaUniqueInstanceIdEntity providerUniqueId, + @JsonProperty("configserver-hostname") String configServerHostname, + @JsonProperty("instance-hostname") String instanceHostname, + @JsonProperty("created-at") Instant createdAt, + @JsonProperty("ip-addresses") Set<String> ipAddresses) { + this.providerUniqueId = providerUniqueId; + this.configServerHostname = configServerHostname; + this.instanceHostname = instanceHostname; + this.createdAt = createdAt; + this.ipAddresses = ipAddresses; + } + + + @Override + public String toString() { + return "IdentityDocumentEntity{" + + "providerUniqueId=" + providerUniqueId + + ", configServerHostname='" + configServerHostname + '\'' + + ", instanceHostname='" + instanceHostname + '\'' + + ", createdAt=" + createdAt + + ", ipAddresses=" + ipAddresses + + '}'; + } + + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + IdentityDocumentEntity that = (IdentityDocumentEntity) o; + return Objects.equals(providerUniqueId, that.providerUniqueId) && + Objects.equals(configServerHostname, that.configServerHostname) && + Objects.equals(instanceHostname, that.instanceHostname) && + Objects.equals(createdAt, that.createdAt) && + Objects.equals(ipAddresses, that.ipAddresses); + } + + @Override + public int hashCode() { + + return Objects.hash(providerUniqueId, configServerHostname, instanceHostname, createdAt, ipAddresses); + } +} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/ProviderUniqueId.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/ProviderUniqueId.java index 81064b0c927..eea469f282a 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/ProviderUniqueId.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/ProviderUniqueId.java @@ -8,7 +8,9 @@ import java.util.Objects; /** * @author bjorncs + * @deprecated Use {@link VespaUniqueInstanceIdEntity} instead. */ +@Deprecated public class ProviderUniqueId { @JsonProperty("tenant") diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocument.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocument.java index 6ddbb4af620..20c3e236667 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocument.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocument.java @@ -16,7 +16,9 @@ import java.util.Objects; /** * @author bjorncs + * @deprecated Use {@link SignedIdentityDocumentEntity} instead. */ +@Deprecated @JsonIgnoreProperties(ignoreUnknown = true) public class SignedIdentityDocument { diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocumentEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocumentEntity.java new file mode 100644 index 00000000000..2d6294e536c --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/SignedIdentityDocumentEntity.java @@ -0,0 +1,99 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.identityprovider.api.bindings; + +import com.fasterxml.jackson.annotation.JsonCreator; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; + +import java.io.IOException; +import java.io.UncheckedIOException; +import java.net.URI; +import java.util.Base64; +import java.util.Objects; + +/** + * @author bjorncs + */ +@JsonIgnoreProperties(ignoreUnknown = true) +public class SignedIdentityDocumentEntity { + + public static final int DEFAULT_KEY_VERSION = 0; + public static final int DEFAULT_DOCUMENT_VERSION = 1; + + private static final ObjectMapper mapper = createObjectMapper(); + + @JsonProperty("identity-document")public final String rawIdentityDocument; + @JsonIgnore public final IdentityDocumentEntity identityDocument; + @JsonProperty("signature") public final String signature; + @JsonProperty("signing-key-version") public final int signingKeyVersion; + @JsonProperty("provider-unique-id") public final String providerUniqueId; // String representation + @JsonProperty("dns-suffix") public final String dnsSuffix; + @JsonProperty("provider-service") public final String providerService; + @JsonProperty("zts-endpoint") public final URI ztsEndpoint; + @JsonProperty("document-version") public final int documentVersion; + + @JsonCreator + public SignedIdentityDocumentEntity(@JsonProperty("identity-document") String rawIdentityDocument, + @JsonProperty("signature") String signature, + @JsonProperty("signing-key-version") int signingKeyVersion, + @JsonProperty("provider-unique-id") String providerUniqueId, + @JsonProperty("dns-suffix") String dnsSuffix, + @JsonProperty("provider-service") String providerService, + @JsonProperty("zts-endpoint") URI ztsEndpoint, + @JsonProperty("document-version") int documentVersion) { + this.rawIdentityDocument = rawIdentityDocument; + this.identityDocument = parseIdentityDocument(rawIdentityDocument); + this.signature = signature; + this.signingKeyVersion = signingKeyVersion; + this.providerUniqueId = providerUniqueId; + this.dnsSuffix = dnsSuffix; + this.providerService = providerService; + this.ztsEndpoint = ztsEndpoint; + this.documentVersion = documentVersion; + } + + private static IdentityDocumentEntity parseIdentityDocument(String rawIdentityDocument) { + try { + return mapper.readValue(Base64.getDecoder().decode(rawIdentityDocument), IdentityDocumentEntity.class); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + private static ObjectMapper createObjectMapper() { + ObjectMapper mapper = new ObjectMapper(); + mapper.registerModule(new JavaTimeModule()); + return mapper; + } + + @Override + public String toString() { + return "SignedIdentityDocumentEntity{" + + "rawIdentityDocument='" + rawIdentityDocument + '\'' + + ", identityDocument=" + identityDocument + + ", signature='" + signature + '\'' + + ", signingKeyVersion=" + signingKeyVersion + + ", documentVersion=" + documentVersion + + '}'; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + SignedIdentityDocumentEntity that = (SignedIdentityDocumentEntity) o; + return signingKeyVersion == that.signingKeyVersion && + documentVersion == that.documentVersion && + Objects.equals(rawIdentityDocument, that.rawIdentityDocument) && + Objects.equals(identityDocument, that.identityDocument) && + Objects.equals(signature, that.signature); + } + + @Override + public int hashCode() { + return Objects.hash(rawIdentityDocument, identityDocument, signature, signingKeyVersion, documentVersion); + } +} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/VespaUniqueInstanceIdEntity.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/VespaUniqueInstanceIdEntity.java new file mode 100644 index 00000000000..3127752ac7d --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/api/bindings/VespaUniqueInstanceIdEntity.java @@ -0,0 +1,75 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.identityprovider.api.bindings; + +import com.fasterxml.jackson.annotation.JsonProperty; + +import java.util.Objects; + +/** + * @author bjorncs + */ +public class VespaUniqueInstanceIdEntity { + + @JsonProperty("tenant") + public final String tenant; + @JsonProperty("application") + public final String application; + @JsonProperty("environment") + public final String environment; + @JsonProperty("region") + public final String region; + @JsonProperty("instance") + public final String instance; + @JsonProperty("cluster-id") + public final String clusterId; + @JsonProperty("cluster-index") + public final int clusterIndex; + + public VespaUniqueInstanceIdEntity(@JsonProperty("tenant") String tenant, + @JsonProperty("application") String application, + @JsonProperty("environment") String environment, + @JsonProperty("region") String region, + @JsonProperty("instance") String instance, + @JsonProperty("cluster-id") String clusterId, + @JsonProperty("cluster-index") int clusterIndex) { + this.tenant = tenant; + this.application = application; + this.environment = environment; + this.region = region; + this.instance = instance; + this.clusterId = clusterId; + this.clusterIndex = clusterIndex; + } + + @Override + public String toString() { + return "VespaUniqueInstanceIdEntity{" + + "tenant='" + tenant + '\'' + + ", application='" + application + '\'' + + ", environment='" + environment + '\'' + + ", region='" + region + '\'' + + ", instance='" + instance + '\'' + + ", clusterId='" + clusterId + '\'' + + ", clusterIndex=" + clusterIndex + + '}'; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + VespaUniqueInstanceIdEntity that = (VespaUniqueInstanceIdEntity) o; + return clusterIndex == that.clusterIndex && + Objects.equals(tenant, that.tenant) && + Objects.equals(application, that.application) && + Objects.equals(environment, that.environment) && + Objects.equals(region, that.region) && + Objects.equals(instance, that.instance) && + Objects.equals(clusterId, that.clusterId); + } + + @Override + public int hashCode() { + return Objects.hash(tenant, application, environment, region, instance, clusterId, clusterIndex); + } +} |