summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java10
-rw-r--r--vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java8
-rw-r--r--vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java6
-rw-r--r--vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/CsrGenerator.java (renamed from vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGenerator.java)12
-rw-r--r--vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java4
5 files changed, 20 insertions, 20 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
index 996a33aa8cf..22957124da1 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java
@@ -16,7 +16,7 @@ import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper;
import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocumentClient;
import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument;
import com.yahoo.vespa.athenz.identityprovider.client.DefaultIdentityDocumentClient;
-import com.yahoo.vespa.athenz.identityprovider.client.InstanceCsrGenerator;
+import com.yahoo.vespa.athenz.identityprovider.client.CsrGenerator;
import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier;
import com.yahoo.vespa.athenz.utils.SiaUtils;
import com.yahoo.vespa.hosted.dockerapi.ContainerName;
@@ -65,7 +65,7 @@ public class AthenzCredentialsMaintainer {
private final Clock clock;
private final ServiceIdentityProvider hostIdentityProvider;
private final IdentityDocumentClient identityDocumentClient;
- private final InstanceCsrGenerator csrGenerator;
+ private final CsrGenerator csrGenerator;
private final AthenzService configserverIdentity;
private Instant lastRefreshAttempt = Instant.EPOCH; // Used as an optimization to ensure ZTS is not DDoS'ed on continuously failing refresh attempts
@@ -81,7 +81,7 @@ public class AthenzCredentialsMaintainer {
this.containerIdentity = environment.getNodeAthenzIdentity();
this.ztsEndpoint = environment.getZtsUri();
this.configserverIdentity = environment.getConfigserverAthenzIdentity();
- this.csrGenerator = new InstanceCsrGenerator(environment.getCertificateDnsSuffix(), configserverIdentity.getFullName());
+ this.csrGenerator = new CsrGenerator(environment.getCertificateDnsSuffix(), configserverIdentity.getFullName());
this.trustStorePath = environment.getTrustStorePath();
this.privateKeyFile = SiaUtils.getPrivateKeyFile(containerSiaDirectory, containerIdentity);
this.certificateFile = SiaUtils.getCertificateFile(containerSiaDirectory, containerIdentity);
@@ -172,7 +172,7 @@ public class AthenzCredentialsMaintainer {
private void registerIdentity() {
KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
SignedIdentityDocument signedIdentityDocument = identityDocumentClient.getNodeIdentityDocument(hostname);
- com.yahoo.vespa.athenz.tls.Pkcs10Csr csr = csrGenerator.generateCsr(
+ com.yahoo.vespa.athenz.tls.Pkcs10Csr csr = csrGenerator.generateInstanceCsr(
containerIdentity, signedIdentityDocument.providerUniqueId(), signedIdentityDocument.ipAddresses(), keyPair);
try (ZtsClient ztsClient = new DefaultZtsClient(ztsEndpoint, hostIdentityProvider)) {
InstanceIdentity instanceIdentity =
@@ -195,7 +195,7 @@ public class AthenzCredentialsMaintainer {
private void refreshIdentity() {
SignedIdentityDocument identityDocument = EntityBindingsMapper.readSignedIdentityDocumentFromFile(identityDocumentFile);
KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
- com.yahoo.vespa.athenz.tls.Pkcs10Csr csr = csrGenerator.generateCsr(containerIdentity, identityDocument.providerUniqueId(), identityDocument.ipAddresses(), keyPair);
+ com.yahoo.vespa.athenz.tls.Pkcs10Csr csr = csrGenerator.generateInstanceCsr(containerIdentity, identityDocument.providerUniqueId(), identityDocument.ipAddresses(), keyPair);
SSLContext containerIdentitySslContext =
new SslContextBuilder()
.withKeyStore(privateKeyFile, certificateFile)
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java
index afbdb7fed6c..907c262e4d3 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java
@@ -51,7 +51,7 @@ class AthenzCredentialsService {
private final ServiceIdentityProvider nodeIdentityProvider;
private final File trustStoreJks;
private final String hostname;
- private final InstanceCsrGenerator instanceCsrGenerator;
+ private final CsrGenerator csrGenerator;
private final Clock clock;
AthenzCredentialsService(IdentityConfig identityConfig,
@@ -66,7 +66,7 @@ class AthenzCredentialsService {
this.nodeIdentityProvider = nodeIdentityProvider;
this.trustStoreJks = trustStoreJks;
this.hostname = hostname;
- this.instanceCsrGenerator = new InstanceCsrGenerator(identityConfig.athenzDnsSuffix(), identityConfig.configserverIdentityName());
+ this.csrGenerator = new CsrGenerator(identityConfig.athenzDnsSuffix(), identityConfig.configserverIdentityName());
this.clock = clock;
}
@@ -78,7 +78,7 @@ class AthenzCredentialsService {
KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
IdentityDocumentClient identityDocumentClient = createIdentityDocumentClient();
SignedIdentityDocument document = identityDocumentClient.getTenantIdentityDocument(hostname);
- Pkcs10Csr csr = instanceCsrGenerator.generateCsr(
+ Pkcs10Csr csr = csrGenerator.generateInstanceCsr(
tenantIdentity,
document.providerUniqueId(),
document.ipAddresses(),
@@ -102,7 +102,7 @@ class AthenzCredentialsService {
AthenzCredentials updateCredentials(SignedIdentityDocument document, SSLContext sslContext) {
KeyPair newKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
- Pkcs10Csr csr = instanceCsrGenerator.generateCsr(
+ Pkcs10Csr csr = csrGenerator.generateInstanceCsr(
tenantIdentity,
document.providerUniqueId(),
document.ipAddresses(),
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
index 00fb3f80bee..333f5ec9b85 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java
@@ -70,7 +70,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen
private final LoadingCache<AthenzRole, SSLContext> roleSslContextCache;
private final LoadingCache<AthenzRole, ZToken> roleSpecificRoleTokenCache;
private final LoadingCache<AthenzDomain, ZToken> domainSpecificRoleTokenCache;
- private final InstanceCsrGenerator instanceCsrGenerator;
+ private final CsrGenerator csrGenerator;
@Inject
public AthenzIdentityProviderImpl(IdentityConfig config, Metric metric) {
@@ -102,7 +102,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen
roleSslContextCache = createCache(ROLE_SSL_CONTEXT_EXPIRY, this::createRoleSslContext);
roleSpecificRoleTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createRoleToken);
domainSpecificRoleTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createRoleToken);
- this.instanceCsrGenerator = new InstanceCsrGenerator(config.athenzDnsSuffix(), config.configserverIdentityName());
+ this.csrGenerator = new CsrGenerator(config.athenzDnsSuffix(), config.configserverIdentityName());
registerInstance();
}
@@ -177,7 +177,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen
}
private SSLContext createRoleSslContext(AthenzRole role) {
- Pkcs10Csr csr = instanceCsrGenerator.generateRoleCsr(identity, role, credentials.getIdentityDocument().providerUniqueId(), credentials.getKeyPair());
+ Pkcs10Csr csr = csrGenerator.generateRoleCsr(identity, role, credentials.getIdentityDocument().providerUniqueId(), credentials.getKeyPair());
try (ZtsClient client = createZtsClient()) {
X509Certificate roleCertificate = client.getRoleCertificate(role, csr);
return new SslContextBuilder()
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGenerator.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/CsrGenerator.java
index 6b6426c0bad..e22c8621e99 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGenerator.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/CsrGenerator.java
@@ -22,20 +22,20 @@ import static com.yahoo.vespa.athenz.tls.SubjectAlternativeName.Type.RFC822_NAME
*
* @author bjorncs
*/
-public class InstanceCsrGenerator {
+public class CsrGenerator {
private final String dnsSuffix;
private final String providerService;
- public InstanceCsrGenerator(String dnsSuffix, String providerService) {
+ public CsrGenerator(String dnsSuffix, String providerService) {
this.dnsSuffix = dnsSuffix;
this.providerService = providerService;
}
- public Pkcs10Csr generateCsr(AthenzIdentity instanceIdentity,
- VespaUniqueInstanceId instanceId,
- Set<String> ipAddresses,
- KeyPair keyPair) {
+ public Pkcs10Csr generateInstanceCsr(AthenzIdentity instanceIdentity,
+ VespaUniqueInstanceId instanceId,
+ Set<String> ipAddresses,
+ KeyPair keyPair) {
X500Principal subject = new X500Principal(String.format("OU=%s, CN=%s", providerService, instanceIdentity.getFullName()));
// Add SAN dnsname <service>.<domain-with-dashes>.<provider-dnsname-suffix>
// and SAN dnsname <provider-unique-instance-id>.instanceid.athenz.<provider-dnsname-suffix>
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java
index d401696015e..ed5c5586d6d 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java
@@ -25,13 +25,13 @@ public class InstanceCsrGeneratorTest {
@Test
public void it_generates_csr_with_correct_subject() {
- InstanceCsrGenerator instanceCsrGenerator = new InstanceCsrGenerator(DNS_SUFFIX, PROVIDER_SERVICE);
+ CsrGenerator csrGenerator = new CsrGenerator(DNS_SUFFIX, PROVIDER_SERVICE);
AthenzService service = new AthenzService(ATHENZ_SERVICE);
VespaUniqueInstanceId vespaUniqueInstanceId = VespaUniqueInstanceId.fromDottedString("0.default.default.foo-app.vespa.us-north-1.prod.node");
KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
- Pkcs10Csr csr = instanceCsrGenerator.generateCsr(service, vespaUniqueInstanceId, Collections.emptySet(), keyPair);
+ Pkcs10Csr csr = csrGenerator.generateInstanceCsr(service, vespaUniqueInstanceId, Collections.emptySet(), keyPair);
assertEquals(new X500Principal(String.format("OU=%s, CN=%s", PROVIDER_SERVICE, ATHENZ_SERVICE)), csr.getSubject());
}
}