From e0b06c1104b0815bf8bfe23628b4ada8f899918e Mon Sep 17 00:00:00 2001
From: Martin Polden <mpolden@mpolden.no>
Date: Mon, 23 Sep 2019 13:26:07 +0200
Subject: Add InstanceRefresh type and serialization

---
 .../vespa/hosted/ca/instance/InstanceIdentity.java |  2 +-
 .../vespa/hosted/ca/instance/InstanceRefresh.java  | 40 ++++++++++++++++++++++
 .../hosted/ca/instance/InstanceRegistration.java   |  5 +--
 .../hosted/ca/restapi/InstanceSerializer.java      |  6 ++++
 .../hosted/ca/restapi/InstanceSerializerTest.java  | 11 ++++++
 5 files changed, 61 insertions(+), 3 deletions(-)
 create mode 100644 athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceRefresh.java

(limited to 'athenz-identity-provider-service')

diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceIdentity.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceIdentity.java
index b499debcc47..25c4cbb2281 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceIdentity.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceIdentity.java
@@ -7,7 +7,7 @@ import java.util.Optional;
 
 /**
  * A signed instance identity object that includes a client certificate. This is the result of a successful
- * {@link InstanceRegistration}.
+ * {@link InstanceRegistration} and is the same type as InstanceIdentity in the ZTS API.
  *
  * @author mpolden
  */
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceRefresh.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceRefresh.java
new file mode 100644
index 00000000000..fbcda5e68cb
--- /dev/null
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceRefresh.java
@@ -0,0 +1,40 @@
+// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+package com.yahoo.vespa.hosted.ca.instance;
+
+import com.yahoo.security.Pkcs10Csr;
+
+import java.util.Objects;
+
+/**
+ * Information for refreshing a instance in the system. This is the same type as InstanceRefreshInformation type in
+ * the ZTS API.
+ *
+ * @author mpolden
+ */
+public class InstanceRefresh {
+
+    private final Pkcs10Csr csr;
+
+    public InstanceRefresh(Pkcs10Csr csr) {
+        this.csr = Objects.requireNonNull(csr, "csr must be non-null");
+    }
+
+    /** The Certificate Signed Request describing the wanted certificate */
+    public Pkcs10Csr csr() {
+        return csr;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        InstanceRefresh that = (InstanceRefresh) o;
+        return csr.equals(that.csr);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(csr);
+    }
+
+}
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceRegistration.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceRegistration.java
index 7a9ec74e075..2a2b702d21b 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceRegistration.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/instance/InstanceRegistration.java
@@ -6,8 +6,8 @@ import com.yahoo.security.Pkcs10Csr;
 import java.util.Objects;
 
 /**
- * Information for registering a new instance in the system. This is similar to the InstanceRegisterInformation type in
- * ZTS.
+ * Information for registering a new instance in the system. This is the same type as InstanceRegisterInformation type
+ * in the ZTS API.
  *
  * @author mpolden
  */
@@ -47,6 +47,7 @@ public class InstanceRegistration {
         return attestationData;
     }
 
+    /** The Certificate Signed Request describing the wanted certificate */
     public Pkcs10Csr csr() {
         return csr;
     }
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/InstanceSerializer.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/InstanceSerializer.java
index 46a09e9c6f2..a2537cd68f1 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/InstanceSerializer.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/InstanceSerializer.java
@@ -6,6 +6,7 @@ import com.yahoo.security.X509CertificateUtils;
 import com.yahoo.slime.Cursor;
 import com.yahoo.slime.Slime;
 import com.yahoo.vespa.hosted.ca.instance.InstanceIdentity;
+import com.yahoo.vespa.hosted.ca.instance.InstanceRefresh;
 import com.yahoo.vespa.hosted.ca.instance.InstanceRegistration;
 
 /**
@@ -33,6 +34,11 @@ public class InstanceSerializer {
                                         Pkcs10CsrUtils.fromPem(requireField(CSR_FIELD, root).asString()));
     }
 
+    public static InstanceRefresh refreshFromSlime(Slime slime) {
+        Cursor root = slime.get();
+        return new InstanceRefresh(Pkcs10CsrUtils.fromPem(requireField(CSR_FIELD, root).asString()));
+    }
+
     public static Slime identityToSlime(InstanceIdentity identity) {
         Slime slime = new Slime();
         Cursor root = slime.setObject();
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/InstanceSerializerTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/InstanceSerializerTest.java
index 51010422b6d..83ea9249ad0 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/InstanceSerializerTest.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/InstanceSerializerTest.java
@@ -7,6 +7,7 @@ import com.yahoo.slime.Slime;
 import com.yahoo.vespa.config.SlimeUtils;
 import com.yahoo.vespa.hosted.ca.CertificateTester;
 import com.yahoo.vespa.hosted.ca.instance.InstanceIdentity;
+import com.yahoo.vespa.hosted.ca.instance.InstanceRefresh;
 import com.yahoo.vespa.hosted.ca.instance.InstanceRegistration;
 import org.junit.Test;
 
@@ -55,6 +56,16 @@ public class InstanceSerializerTest {
         assertEquals(json, asJsonString(InstanceSerializer.identityToSlime(identity)));
     }
 
+    @Test
+    public void serialize_instance_refresh() {
+        var csr = CertificateTester.createCsr();
+        var csrPem = Pkcs10CsrUtils.toPem(csr);
+        var json = "{\"csr\": \"" + csrPem + "\"}";
+        var instanceRefresh = new InstanceRefresh(csr);
+        var deserialized = InstanceSerializer.refreshFromSlime(SlimeUtils.jsonToSlime(json));
+        assertEquals(instanceRefresh, deserialized);
+    }
+
     private static String asJsonString(Slime slime) {
         try {
             return new String(SlimeUtils.toJsonBytes(slime), StandardCharsets.UTF_8);
-- 
cgit v1.2.3