aboutsummaryrefslogtreecommitdiffstats
path: root/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzCredentialsService.java
diff options
context:
space:
mode:
Diffstat (limited to 'container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzCredentialsService.java')
-rw-r--r--container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzCredentialsService.java93
1 files changed, 0 insertions, 93 deletions
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzCredentialsService.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzCredentialsService.java
deleted file mode 100644
index 5786eb9e398..00000000000
--- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzCredentialsService.java
+++ /dev/null
@@ -1,93 +0,0 @@
-// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.container.jdisc.athenz.impl;
-
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.yahoo.container.core.identity.IdentityConfig;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
-
-import java.io.IOException;
-import java.io.UncheckedIOException;
-import java.security.KeyPair;
-import java.security.cert.X509Certificate;
-import java.time.Clock;
-
-/**
- * @author bjorncs
- */
-class AthenzCredentialsService {
-
- private static final ObjectMapper mapper = new ObjectMapper();
-
- private final IdentityConfig identityConfig;
- private final IdentityDocumentService identityDocumentService;
- private final AthenzService athenzService;
- private final Clock clock;
-
- AthenzCredentialsService(IdentityConfig identityConfig,
- IdentityDocumentService identityDocumentService,
- AthenzService athenzService,
- Clock clock) {
- this.identityConfig = identityConfig;
- this.identityDocumentService = identityDocumentService;
- this.athenzService = athenzService;
- this.clock = clock;
- }
-
- AthenzCredentials registerInstance() {
- KeyPair keyPair = CryptoUtils.createKeyPair();
- String rawDocument = identityDocumentService.getSignedIdentityDocument();
- SignedIdentityDocument document = parseSignedIdentityDocument(rawDocument);
- PKCS10CertificationRequest csr = CryptoUtils.createCSR(identityConfig.domain(),
- identityConfig.service(),
- document.dnsSuffix,
- document.providerUniqueId,
- keyPair);
- InstanceRegisterInformation instanceRegisterInformation =
- new InstanceRegisterInformation(document.providerService,
- identityConfig.domain(),
- identityConfig.service(),
- rawDocument,
- CryptoUtils.toPem(csr));
- InstanceIdentity instanceIdentity = athenzService.sendInstanceRegisterRequest(instanceRegisterInformation,
- document.ztsEndpoint);
- return toAthenzCredentials(instanceIdentity, keyPair, document);
- }
-
- AthenzCredentials updateCredentials(AthenzCredentials currentCredentials) {
- SignedIdentityDocument document = currentCredentials.getIdentityDocument();
- KeyPair newKeyPair = CryptoUtils.createKeyPair();
- PKCS10CertificationRequest csr = CryptoUtils.createCSR(identityConfig.domain(),
- identityConfig.service(),
- document.dnsSuffix,
- document.providerUniqueId,
- newKeyPair);
- InstanceRefreshInformation refreshInfo = new InstanceRefreshInformation(CryptoUtils.toPem(csr));
- InstanceIdentity instanceIdentity =
- athenzService.sendInstanceRefreshRequest(document.providerService,
- identityConfig.domain(),
- identityConfig.service(),
- document.providerUniqueId,
- refreshInfo,
- document.ztsEndpoint,
- currentCredentials.getCertificate(),
- currentCredentials.getKeyPair().getPrivate());
- return toAthenzCredentials(instanceIdentity, newKeyPair, document);
- }
-
- private AthenzCredentials toAthenzCredentials(InstanceIdentity instanceIdentity,
- KeyPair keyPair,
- SignedIdentityDocument identityDocument) {
- X509Certificate certificate = instanceIdentity.getX509Certificate();
- String serviceToken = instanceIdentity.getServiceToken();
- return new AthenzCredentials(serviceToken, certificate, keyPair, identityDocument, clock.instant());
- }
-
- private static SignedIdentityDocument parseSignedIdentityDocument(String rawDocument) {
- try {
- return mapper.readValue(rawDocument, SignedIdentityDocument.class);
- } catch (IOException e) {
- throw new UncheckedIOException(e);
- }
- }
-
-}