diff options
-rw-r--r-- | node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java | 10 | ||||
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java | 8 | ||||
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java | 6 | ||||
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/CsrGenerator.java (renamed from vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGenerator.java) | 12 | ||||
-rw-r--r-- | vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java | 4 |
5 files changed, 20 insertions, 20 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java index 996a33aa8cf..22957124da1 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/identity/AthenzCredentialsMaintainer.java @@ -16,7 +16,7 @@ import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper; import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocumentClient; import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; import com.yahoo.vespa.athenz.identityprovider.client.DefaultIdentityDocumentClient; -import com.yahoo.vespa.athenz.identityprovider.client.InstanceCsrGenerator; +import com.yahoo.vespa.athenz.identityprovider.client.CsrGenerator; import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier; import com.yahoo.vespa.athenz.utils.SiaUtils; import com.yahoo.vespa.hosted.dockerapi.ContainerName; @@ -65,7 +65,7 @@ public class AthenzCredentialsMaintainer { private final Clock clock; private final ServiceIdentityProvider hostIdentityProvider; private final IdentityDocumentClient identityDocumentClient; - private final InstanceCsrGenerator csrGenerator; + private final CsrGenerator csrGenerator; private final AthenzService configserverIdentity; private Instant lastRefreshAttempt = Instant.EPOCH; // Used as an optimization to ensure ZTS is not DDoS'ed on continuously failing refresh attempts @@ -81,7 +81,7 @@ public class AthenzCredentialsMaintainer { this.containerIdentity = environment.getNodeAthenzIdentity(); this.ztsEndpoint = environment.getZtsUri(); this.configserverIdentity = environment.getConfigserverAthenzIdentity(); - this.csrGenerator = new InstanceCsrGenerator(environment.getCertificateDnsSuffix(), configserverIdentity.getFullName()); + this.csrGenerator = new CsrGenerator(environment.getCertificateDnsSuffix(), configserverIdentity.getFullName()); this.trustStorePath = environment.getTrustStorePath(); this.privateKeyFile = SiaUtils.getPrivateKeyFile(containerSiaDirectory, containerIdentity); this.certificateFile = SiaUtils.getCertificateFile(containerSiaDirectory, containerIdentity); @@ -172,7 +172,7 @@ public class AthenzCredentialsMaintainer { private void registerIdentity() { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); SignedIdentityDocument signedIdentityDocument = identityDocumentClient.getNodeIdentityDocument(hostname); - com.yahoo.vespa.athenz.tls.Pkcs10Csr csr = csrGenerator.generateCsr( + com.yahoo.vespa.athenz.tls.Pkcs10Csr csr = csrGenerator.generateInstanceCsr( containerIdentity, signedIdentityDocument.providerUniqueId(), signedIdentityDocument.ipAddresses(), keyPair); try (ZtsClient ztsClient = new DefaultZtsClient(ztsEndpoint, hostIdentityProvider)) { InstanceIdentity instanceIdentity = @@ -195,7 +195,7 @@ public class AthenzCredentialsMaintainer { private void refreshIdentity() { SignedIdentityDocument identityDocument = EntityBindingsMapper.readSignedIdentityDocumentFromFile(identityDocumentFile); KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - com.yahoo.vespa.athenz.tls.Pkcs10Csr csr = csrGenerator.generateCsr(containerIdentity, identityDocument.providerUniqueId(), identityDocument.ipAddresses(), keyPair); + com.yahoo.vespa.athenz.tls.Pkcs10Csr csr = csrGenerator.generateInstanceCsr(containerIdentity, identityDocument.providerUniqueId(), identityDocument.ipAddresses(), keyPair); SSLContext containerIdentitySslContext = new SslContextBuilder() .withKeyStore(privateKeyFile, certificateFile) diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java index afbdb7fed6c..907c262e4d3 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzCredentialsService.java @@ -51,7 +51,7 @@ class AthenzCredentialsService { private final ServiceIdentityProvider nodeIdentityProvider; private final File trustStoreJks; private final String hostname; - private final InstanceCsrGenerator instanceCsrGenerator; + private final CsrGenerator csrGenerator; private final Clock clock; AthenzCredentialsService(IdentityConfig identityConfig, @@ -66,7 +66,7 @@ class AthenzCredentialsService { this.nodeIdentityProvider = nodeIdentityProvider; this.trustStoreJks = trustStoreJks; this.hostname = hostname; - this.instanceCsrGenerator = new InstanceCsrGenerator(identityConfig.athenzDnsSuffix(), identityConfig.configserverIdentityName()); + this.csrGenerator = new CsrGenerator(identityConfig.athenzDnsSuffix(), identityConfig.configserverIdentityName()); this.clock = clock; } @@ -78,7 +78,7 @@ class AthenzCredentialsService { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); IdentityDocumentClient identityDocumentClient = createIdentityDocumentClient(); SignedIdentityDocument document = identityDocumentClient.getTenantIdentityDocument(hostname); - Pkcs10Csr csr = instanceCsrGenerator.generateCsr( + Pkcs10Csr csr = csrGenerator.generateInstanceCsr( tenantIdentity, document.providerUniqueId(), document.ipAddresses(), @@ -102,7 +102,7 @@ class AthenzCredentialsService { AthenzCredentials updateCredentials(SignedIdentityDocument document, SSLContext sslContext) { KeyPair newKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - Pkcs10Csr csr = instanceCsrGenerator.generateCsr( + Pkcs10Csr csr = csrGenerator.generateInstanceCsr( tenantIdentity, document.providerUniqueId(), document.ipAddresses(), diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java index 00fb3f80bee..333f5ec9b85 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/AthenzIdentityProviderImpl.java @@ -70,7 +70,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen private final LoadingCache<AthenzRole, SSLContext> roleSslContextCache; private final LoadingCache<AthenzRole, ZToken> roleSpecificRoleTokenCache; private final LoadingCache<AthenzDomain, ZToken> domainSpecificRoleTokenCache; - private final InstanceCsrGenerator instanceCsrGenerator; + private final CsrGenerator csrGenerator; @Inject public AthenzIdentityProviderImpl(IdentityConfig config, Metric metric) { @@ -102,7 +102,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen roleSslContextCache = createCache(ROLE_SSL_CONTEXT_EXPIRY, this::createRoleSslContext); roleSpecificRoleTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createRoleToken); domainSpecificRoleTokenCache = createCache(ROLE_TOKEN_EXPIRY, this::createRoleToken); - this.instanceCsrGenerator = new InstanceCsrGenerator(config.athenzDnsSuffix(), config.configserverIdentityName()); + this.csrGenerator = new CsrGenerator(config.athenzDnsSuffix(), config.configserverIdentityName()); registerInstance(); } @@ -177,7 +177,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen } private SSLContext createRoleSslContext(AthenzRole role) { - Pkcs10Csr csr = instanceCsrGenerator.generateRoleCsr(identity, role, credentials.getIdentityDocument().providerUniqueId(), credentials.getKeyPair()); + Pkcs10Csr csr = csrGenerator.generateRoleCsr(identity, role, credentials.getIdentityDocument().providerUniqueId(), credentials.getKeyPair()); try (ZtsClient client = createZtsClient()) { X509Certificate roleCertificate = client.getRoleCertificate(role, csr); return new SslContextBuilder() diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGenerator.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/CsrGenerator.java index 6b6426c0bad..e22c8621e99 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGenerator.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identityprovider/client/CsrGenerator.java @@ -22,20 +22,20 @@ import static com.yahoo.vespa.athenz.tls.SubjectAlternativeName.Type.RFC822_NAME * * @author bjorncs */ -public class InstanceCsrGenerator { +public class CsrGenerator { private final String dnsSuffix; private final String providerService; - public InstanceCsrGenerator(String dnsSuffix, String providerService) { + public CsrGenerator(String dnsSuffix, String providerService) { this.dnsSuffix = dnsSuffix; this.providerService = providerService; } - public Pkcs10Csr generateCsr(AthenzIdentity instanceIdentity, - VespaUniqueInstanceId instanceId, - Set<String> ipAddresses, - KeyPair keyPair) { + public Pkcs10Csr generateInstanceCsr(AthenzIdentity instanceIdentity, + VespaUniqueInstanceId instanceId, + Set<String> ipAddresses, + KeyPair keyPair) { X500Principal subject = new X500Principal(String.format("OU=%s, CN=%s", providerService, instanceIdentity.getFullName())); // Add SAN dnsname <service>.<domain-with-dashes>.<provider-dnsname-suffix> // and SAN dnsname <provider-unique-instance-id>.instanceid.athenz.<provider-dnsname-suffix> diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java index d401696015e..ed5c5586d6d 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java @@ -25,13 +25,13 @@ public class InstanceCsrGeneratorTest { @Test public void it_generates_csr_with_correct_subject() { - InstanceCsrGenerator instanceCsrGenerator = new InstanceCsrGenerator(DNS_SUFFIX, PROVIDER_SERVICE); + CsrGenerator csrGenerator = new CsrGenerator(DNS_SUFFIX, PROVIDER_SERVICE); AthenzService service = new AthenzService(ATHENZ_SERVICE); VespaUniqueInstanceId vespaUniqueInstanceId = VespaUniqueInstanceId.fromDottedString("0.default.default.foo-app.vespa.us-north-1.prod.node"); KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - Pkcs10Csr csr = instanceCsrGenerator.generateCsr(service, vespaUniqueInstanceId, Collections.emptySet(), keyPair); + Pkcs10Csr csr = csrGenerator.generateInstanceCsr(service, vespaUniqueInstanceId, Collections.emptySet(), keyPair); assertEquals(new X500Principal(String.format("OU=%s, CN=%s", PROVIDER_SERVICE, ATHENZ_SERVICE)), csr.getSubject()); } } |