diff options
Diffstat (limited to 'node-repository')
-rw-r--r-- | node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java | 2 | ||||
-rw-r--r-- | node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/HostAuthenticator.java | 6 | ||||
-rw-r--r-- | node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/NodePrincipal.java (renamed from node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/TlsPrincipal.java) | 6 | ||||
-rw-r--r-- | node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/HostAuthenticatorTest.java | 6 |
4 files changed, 9 insertions, 11 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java index 360a6a1aa73..ccc09aad24a 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java @@ -70,7 +70,7 @@ public class AuthorizationFilter implements SecurityRequestFilter { List<X509Certificate> clientCertificateChain = request.getClientCertificateChain(); if (clientCertificateChain.isEmpty()) return Optional.of(ErrorResponse.unauthorized(createErrorMessage(request, "Missing credentials"))); - TlsPrincipal hostIdentity = hostAuthenticator.authenticate(clientCertificateChain); + NodePrincipal hostIdentity = hostAuthenticator.authenticate(clientCertificateChain); if (!authorizer.test(hostIdentity, request.getUri())) return Optional.of(ErrorResponse.forbidden(createErrorMessage(request, "Invalid credentials"))); request.setUserPrincipal(hostIdentity); diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/HostAuthenticator.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/HostAuthenticator.java index a6e56e2073d..de8d117de11 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/HostAuthenticator.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/HostAuthenticator.java @@ -33,7 +33,7 @@ class HostAuthenticator { this.nodeRepository = nodeRepository; } - TlsPrincipal authenticate(List<X509Certificate> certificateChain) throws AuthenticationException { + NodePrincipal authenticate(List<X509Certificate> certificateChain) throws AuthenticationException { X509Certificate clientCertificate = certificateChain.get(0); String subjectCommonName = X509CertificateUtils.getSubjectCommonNames(clientCertificate).stream() .findFirst() @@ -51,10 +51,10 @@ class HostAuthenticator { default: throw new AuthenticationException("Untrusted common name in subject: " + subjectCommonName); } - return new TlsPrincipal(hostname, certificateChain); + return new NodePrincipal(hostname, certificateChain); } else { // self-signed where common name is hostname // TODO Remove this branch once self-signed certificates are gone - return new TlsPrincipal(subjectCommonName, certificateChain); + return new NodePrincipal(subjectCommonName, certificateChain); } } diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/TlsPrincipal.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/NodePrincipal.java index 227c514160b..dbff2b0da34 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/TlsPrincipal.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/NodePrincipal.java @@ -1,8 +1,6 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.provision.restapi.v2.filter; -import com.yahoo.vespa.athenz.tls.SubjectAlternativeName; - import java.security.Principal; import java.security.cert.X509Certificate; import java.util.List; @@ -10,11 +8,11 @@ import java.util.List; /** * @author bjorncs */ -public class TlsPrincipal implements Principal { +public class NodePrincipal implements Principal { private final String hostIdentity; private final List<X509Certificate> clientCertificateChain; - public TlsPrincipal(String hostIdentity, List<X509Certificate> clientCertificateChain) { + public NodePrincipal(String hostIdentity, List<X509Certificate> clientCertificateChain) { this.hostIdentity = hostIdentity; this.clientCertificateChain = clientCertificateChain; } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/HostAuthenticatorTest.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/HostAuthenticatorTest.java index fa6c25c189b..e301d8a80f9 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/HostAuthenticatorTest.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/HostAuthenticatorTest.java @@ -55,7 +55,7 @@ public class HostAuthenticatorTest { KEYPAIR, new X500Principal("CN=" + HOSTNAME), Instant.EPOCH, Instant.EPOCH.plusSeconds(60), SHA256_WITH_RSA, 1) .build(); HostAuthenticator authenticator = new HostAuthenticator(ZONE, nodeRepositoryDummy.nodeRepository()); - TlsPrincipal identity = authenticator.authenticate(singletonList(certificate)); + NodePrincipal identity = authenticator.authenticate(singletonList(certificate)); assertEquals(HOSTNAME, identity.getName()); } @@ -72,7 +72,7 @@ public class HostAuthenticatorTest { .addSubjectAlternativeName(OPENSTACK_ID + ".instanceid.athenz.provider-name.ostk.yahoo.cloud") .build(); HostAuthenticator authenticator = new HostAuthenticator(ZONE, nodeRepositoryDummy.nodeRepository()); - TlsPrincipal identity = authenticator.authenticate(singletonList(certificate)); + NodePrincipal identity = authenticator.authenticate(singletonList(certificate)); assertEquals(HOSTNAME, identity.getName()); } @@ -96,7 +96,7 @@ public class HostAuthenticatorTest { .addSubjectAlternativeName(vespaUniqueInstanceId.asDottedString() + ".instanceid.athenz.provider-name.vespa.yahoo.cloud") .build(); HostAuthenticator authenticator = new HostAuthenticator(ZONE, nodeRepositoryDummy.nodeRepository()); - TlsPrincipal identity = authenticator.authenticate(singletonList(certificate)); + NodePrincipal identity = authenticator.authenticate(singletonList(certificate)); assertEquals(HOSTNAME, identity.getName()); } |