From 2dbee1b12184e0919fd88e4eb457c426ef99e23e Mon Sep 17 00:00:00 2001 From: Morten Tokle Date: Tue, 24 Oct 2017 13:26:45 +0200 Subject: Expose domain and service from AthenzIDP --- .../jdisc/athenz/AthenzIdentityProvider.java | 7 +++-- .../athenz/impl/AthenzIdentityProviderImpl.java | 32 ++++++++++++++++------ .../jdisc/athenz/AthenzIdentityProviderTest.java | 2 +- 3 files changed, 28 insertions(+), 13 deletions(-) (limited to 'container-disc/src') diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java index f5930ab9e4e..e5b8bc9bb01 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProvider.java @@ -6,7 +6,8 @@ package com.yahoo.container.jdisc.athenz; */ public interface AthenzIdentityProvider { - String getNToken(); - - String getX509Cert(); + public String getNToken(); + public String getX509Cert(); + public String domain(); + public String service(); } diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java index a7844a95308..12b83ec938a 100644 --- a/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/athenz/impl/AthenzIdentityProviderImpl.java @@ -37,6 +37,8 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen private final String dnsSuffix; private final String providerUniqueId; + private final String domain; + private final String service; @Inject public AthenzIdentityProviderImpl(IdentityConfig config, ConfigserverConfig configserverConfig) throws IOException { @@ -46,18 +48,20 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen // Test only public AthenzIdentityProviderImpl(IdentityConfig config, ServiceProviderApi serviceProviderApi, AthenzService athenzService) throws IOException { KeyPair keyPair = createKeyPair(); + this.domain = config.domain(); + this.service = config.service(); String signedIdentityDocument = serviceProviderApi.getSignedIdentityDocument(); String athenzUrl = getZtsEndpoint(signedIdentityDocument); - dnsSuffix = getDnsSuffix(signedIdentityDocument); - providerUniqueId = getProviderUniqueId(signedIdentityDocument); + this.dnsSuffix = getDnsSuffix(signedIdentityDocument); + this.providerUniqueId = getProviderUniqueId(signedIdentityDocument); String providerServiceName = getProviderServiceName(signedIdentityDocument); InstanceRegisterInformation instanceRegisterInformation = new InstanceRegisterInformation( providerServiceName, - config.domain(), - config.serviceName(), + this.domain, + this.service, signedIdentityDocument, - createCSR(keyPair, config), + createCSR(keyPair), true ); instanceIdentity = athenzService.sendInstanceRegisterRequest(instanceRegisterInformation, athenzUrl); @@ -94,15 +98,15 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen } } - private String createCSR(KeyPair keyPair, IdentityConfig identityConfig) throws IOException { + private String createCSR(KeyPair keyPair) throws IOException { try { // Add SAN dnsname .. // and SAN dnsname .instanceid.athenz. GeneralNames subjectAltNames = new GeneralNames(new GeneralName[]{ new GeneralName(GeneralName.dNSName, String.format("%s.%s.%s", - identityConfig.serviceName(), - identityConfig.domain().replace(".", "-"), + service(), + domain().replace(".", "-"), dnsSuffix)), new GeneralName(GeneralName.dNSName, String.format("%s.instanceid.athenz.%s", providerUniqueId, @@ -113,7 +117,7 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen extGen.addExtension(Extension.subjectAlternativeName, false, subjectAltNames); X500Principal subject = new X500Principal( - String.format("CN=%s.%s", identityConfig.domain(), identityConfig.serviceName())); + String.format("CN=%s.%s", domain(), service())); PKCS10CertificationRequestBuilder requestBuilder = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic()); @@ -142,5 +146,15 @@ public final class AthenzIdentityProviderImpl extends AbstractComponent implemen public String getX509Cert() { return instanceIdentity.getX509Certificate(); } + + @Override + public String domain() { + return domain; + } + + @Override + public String service() { + return service; + } } diff --git a/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java b/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java index 4577402b8c1..f9a5d323bcd 100644 --- a/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java +++ b/container-disc/src/test/java/com/yahoo/container/jdisc/athenz/AthenzIdentityProviderTest.java @@ -22,7 +22,7 @@ public class AthenzIdentityProviderTest { @Test public void ntoken_fetched_on_init() throws IOException { - IdentityConfig config = new IdentityConfig(new IdentityConfig.Builder().serviceName("tenantService").domain("tenantDomain")); + IdentityConfig config = new IdentityConfig(new IdentityConfig.Builder().service("tenantService").domain("tenantDomain")); ServiceProviderApi serviceProviderApi = mock(ServiceProviderApi.class); AthenzService athenzService = mock(AthenzService.class); -- cgit v1.2.3