diff options
Diffstat (limited to 'controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates')
10 files changed, 45 insertions, 22 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java index 53d807b0139..09120f8cd21 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; import java.util.List; @@ -13,9 +13,9 @@ public record EndpointCertificate(String keyName, String certName, int version, String rootRequestId, // The id of the first request made for this certificate. Should not change. Optional<String> leafRequestId, // The id of the last known request made for this certificate. Changes on refresh, may be outdated! List<String> requestedDnsSans, String issuer, Optional<Long> expiry, - Optional<Long> lastRefreshed, Optional<String> randomizedId) { + Optional<Long> lastRefreshed, Optional<String> generatedId) { - public EndpointCertificate withRandomizedId(String randomizedId) { + public EndpointCertificate withGeneratedId(String generatedId) { return new EndpointCertificate( this.keyName, this.certName, @@ -27,7 +27,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - Optional.of(randomizedId)); + Optional.of(generatedId)); } public EndpointCertificate withKeyName(String keyName) { @@ -42,7 +42,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); } public EndpointCertificate withCertName(String certName) { @@ -57,7 +57,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); } public EndpointCertificate withVersion(int version) { @@ -72,7 +72,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); } public EndpointCertificate withLastRequested(long lastRequested) { @@ -87,7 +87,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); } public EndpointCertificate withLastRefreshed(long lastRefreshed) { @@ -102,7 +102,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, Optional.of(lastRefreshed), - this.randomizedId); + this.generatedId); } public EndpointCertificate withRootRequestId(String rootRequestId) { @@ -117,7 +117,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); } public EndpointCertificate withLeafRequestId(Optional<String> leafRequestId) { @@ -132,7 +132,30 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); + } + + /** Returns whether given DNS name matches any of the requested SANs in this */ + public boolean sanMatches(String dnsName) { + return sanMatches(dnsName, requestedDnsSans); + } + + static boolean sanMatches(String dnsName, List<String> sanDnsNames) { + return sanDnsNames.stream().anyMatch(sanDnsName -> sanMatches(dnsName, sanDnsName)); + } + + private static boolean sanMatches(String dnsName, String sanDnsName) { + String[] sanNameParts = sanDnsName.split("\\."); + String[] dnsNameParts = dnsName.split("\\."); + if (sanNameParts.length != dnsNameParts.length || sanNameParts.length == 0) { + return false; + } + for (int i = 0; i < sanNameParts.length; i++) { + if (!sanNameParts[i].equals("*") && !sanNameParts[i].equals(dnsNameParts[i])) { + return false; + } + } + return true; } } diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateDetails.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateDetails.java index 18565011d25..ad4b360aae2 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateDetails.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateDetails.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; import java.util.List; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateException.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateException.java index 7f4f22ced40..8ee1f313e6d 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateException.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateException.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; /** diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java index 865abeac031..30e9295f347 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProvider.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; import java.util.List; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProviderMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProviderMock.java index 223eeb19a86..d73c6b53965 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProviderMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateProviderMock.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; import java.time.Instant; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequest.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequest.java index 877f7ed64b0..8d4514c5713 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequest.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateRequest.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; import java.util.List; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidator.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidator.java index b6bc8b9f129..c3b1c074b3c 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidator.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidator.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; import com.yahoo.config.provision.zone.ZoneId; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java index e09e2d096c2..13fa6c862a7 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorImpl.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; import com.yahoo.config.provision.zone.ZoneId; @@ -67,7 +67,7 @@ public class EndpointCertificateValidatorImpl implements EndpointCertificateVali } catch (SecretNotFoundException s) { // Normally because the cert is in the process of being provisioned - this will cause a retry in InternalStepRunner - throw new EndpointCertificateException(EndpointCertificateException.Type.CERT_NOT_AVAILABLE, "Certificate not found in secret store"); + throw new EndpointCertificateException(EndpointCertificateException.Type.CERT_NOT_AVAILABLE, "Certificate not found in secret store", s); } catch (EndpointCertificateException e) { if (!e.type().equals(EndpointCertificateException.Type.CERT_NOT_AVAILABLE)) { // such failures are normal and will be retried, it takes some time to show up in the secret store log.log(Level.WARNING, "Certificate validation failure for " + serializedInstanceId, e); diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorMock.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorMock.java index 428058315c9..594f5fd6b92 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorMock.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificateValidatorMock.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; import com.yahoo.config.provision.zone.ZoneId; diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/package-info.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/package-info.java index 5aa02c0deed..ec5b54d62d6 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/package-info.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/package-info.java @@ -1,5 +1,5 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. @ExportPackage package com.yahoo.vespa.hosted.controller.api.integration.certificates; -import com.yahoo.osgi.annotation.ExportPackage;
\ No newline at end of file +import com.yahoo.osgi.annotation.ExportPackage; |