From b3e8953bc5a8396b76613d1b8dbcd504262658f8 Mon Sep 17 00:00:00 2001
From: Morten Tokle <mortent@verizonmedia.com>
Date: Fri, 9 Apr 2021 08:09:12 +0200
Subject: Validate ips on register

---
 .../hosted/athenz/instanceproviderservice/InstanceValidator.java  | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'athenz-identity-provider-service/src/main')

diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/InstanceValidator.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/InstanceValidator.java
index 3dcb5a13d6d..816da5d095d 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/InstanceValidator.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/InstanceValidator.java
@@ -87,11 +87,15 @@ public class InstanceValidator {
         log.log(Level.FINE, () -> String.format("Validating instance %s.", providerUniqueId));
 
         PublicKey publicKey = keyProvider.getPublicKey(signedIdentityDocument.signingKeyVersion());
-        if (signer.hasValidSignature(signedIdentityDocument, publicKey)) {
+        if (! signer.hasValidSignature(signedIdentityDocument, publicKey)) {
+            log.log(Level.SEVERE, () -> String.format("Instance %s has invalid signature.", providerUniqueId));
+            return false;
+        }
+
+        if(validateAttributes(instanceConfirmation, providerUniqueId)) {
             log.log(Level.FINE, () -> String.format("Instance %s is valid.", providerUniqueId));
             return true;
         }
-        log.log(Level.SEVERE, () -> String.format("Instance %s has invalid signature.", providerUniqueId));
         return false;
     }
 
-- 
cgit v1.2.3