From d7b5cfd1e64ddabe37c68c31e714a328b38ae61a Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@oath.com>
Date: Fri, 16 Mar 2018 13:23:15 +0100
Subject: Identity cert should always be retrieved using AthenzIdentityProvider

---
 .../api/integration/athenz/ZtsClient.java           |  3 ---
 .../controller/athenz/impl/ZtsClientImpl.java       | 21 ---------------------
 .../controller/athenz/mock/ZtsClientMock.java       | 13 -------------
 3 files changed, 37 deletions(-)

diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java
index 381896c11cf..7c1f8875fb8 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/ZtsClient.java
@@ -3,7 +3,6 @@ package com.yahoo.vespa.hosted.controller.api.integration.athenz;
 
 import com.yahoo.vespa.athenz.api.AthenzDomain;
 import com.yahoo.vespa.athenz.api.AthenzIdentity;
-import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate;
 import com.yahoo.vespa.athenz.api.AthenzRoleCertificate;
 
 import java.util.List;
@@ -15,8 +14,6 @@ public interface ZtsClient {
 
     List<AthenzDomain> getTenantDomainsForUser(AthenzIdentity principal);
 
-    AthenzIdentityCertificate getIdentityCertificate();
-
     AthenzRoleCertificate getRoleCertificate(AthenzDomain roleDomain, String roleName);
 
 }
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java
index 0166c02db2e..841754782b8 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/impl/ZtsClientImpl.java
@@ -2,7 +2,6 @@
 package com.yahoo.vespa.hosted.controller.athenz.impl;
 
 import com.yahoo.athenz.auth.util.Crypto;
-import com.yahoo.athenz.zts.InstanceRefreshRequest;
 import com.yahoo.athenz.zts.RoleCertificateRequest;
 import com.yahoo.athenz.zts.TenantDomains;
 import com.yahoo.athenz.zts.ZTSClient;
@@ -10,7 +9,6 @@ import com.yahoo.athenz.zts.ZTSClientException;
 import com.yahoo.log.LogLevel;
 import com.yahoo.vespa.athenz.api.AthenzDomain;
 import com.yahoo.vespa.athenz.api.AthenzIdentity;
-import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate;
 import com.yahoo.vespa.athenz.api.AthenzRoleCertificate;
 import com.yahoo.vespa.athenz.api.AthenzService;
 import com.yahoo.vespa.hosted.controller.api.integration.athenz.ZtsClient;
@@ -61,25 +59,6 @@ public class ZtsClientImpl implements ZtsClient {
         });
     }
 
-    @Override
-    public AthenzIdentityCertificate getIdentityCertificate() {
-        return getOrThrow(() -> {
-            log.log(LogLevel.DEBUG,
-                    String.format("postInstanceRefreshRequest(service=%s)", service.getFullName()));
-            InstanceRefreshRequest req =
-                    ZTSClient.generateInstanceRefreshRequest(
-                            service.getDomain().getName(),
-                            service.getName(),
-                            privateKey,
-                            certificateDnsDomain,
-                            (int) certExpiry.getSeconds());
-            X509Certificate certificate = Crypto.loadX509Certificate(
-                    ztsClient.postInstanceRefreshRequest(service.getDomain().getName(), service.getName(), req)
-                            .getCertificate());
-            return new AthenzIdentityCertificate(certificate, privateKey);
-        });
-    }
-
     @Override
     public AthenzRoleCertificate getRoleCertificate(AthenzDomain roleDomain, String roleName) {
         return getOrThrow(() -> {
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java
index 7aea79a93c6..b6026308272 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/mock/ZtsClientMock.java
@@ -4,7 +4,6 @@ package com.yahoo.vespa.hosted.controller.athenz.mock;
 import com.yahoo.athenz.auth.util.Crypto;
 import com.yahoo.vespa.athenz.api.AthenzDomain;
 import com.yahoo.vespa.athenz.api.AthenzIdentity;
-import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate;
 import com.yahoo.vespa.athenz.api.AthenzRoleCertificate;
 import com.yahoo.vespa.hosted.controller.api.integration.athenz.ZtsClient;
 import org.bouncycastle.asn1.x500.X500Name;
@@ -43,18 +42,6 @@ public class ZtsClientMock implements ZtsClient {
                 .collect(toList());
     }
 
-    @Override
-    public AthenzIdentityCertificate getIdentityCertificate() {
-        log.log(Level.INFO, "getIdentityCertificate()");
-        try {
-            KeyPair keyPair = createKeyPair();
-            String subject = "CN=controller";
-            return new AthenzIdentityCertificate(createCertificate(keyPair, subject), keyPair.getPrivate());
-        } catch (NoSuchAlgorithmException | OperatorCreationException | IOException e) {
-            throw new RuntimeException(e);
-        }
-    }
-
     @Override
     public AthenzRoleCertificate getRoleCertificate(AthenzDomain roleDomain, String roleName) {
         log.log(Level.INFO,
-- 
cgit v1.2.3