From c490daf8bc4ed21e3aadf7239ab847e5643041ad Mon Sep 17 00:00:00 2001 From: Jon Marius Venstad Date: Tue, 30 Apr 2019 15:18:11 +0200 Subject: Add filter which accepts only requests with verified signatures --- hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java | 6 ++---- hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java | 6 ++---- 2 files changed, 4 insertions(+), 8 deletions(-) (limited to 'hosted-api/src/main/java/ai') diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java index fb8eb1421b4..48ff10695d3 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestSigner.java @@ -5,8 +5,6 @@ import com.yahoo.security.KeyUtils; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.net.http.HttpRequest; -import java.security.Key; -import java.security.PrivateKey; import java.security.Signature; import java.security.SignatureException; import java.time.Clock; @@ -26,13 +24,13 @@ public class RequestSigner { private final String keyId; private final Clock clock; - /** Creates a new request signer from the PEM encoded RSA key at the specified path, owned by the given application. */ + /** Creates a new request signer from the given PEM encoded ECDSA key, with a public key with the given ID. */ public RequestSigner(String pemPrivateKey, String keyId) { this(pemPrivateKey, keyId, Clock.systemUTC()); } /** Creates a new request signer with a custom clock. */ - RequestSigner(String pemPrivateKey, String keyId, Clock clock) { + public RequestSigner(String pemPrivateKey, String keyId, Clock clock) { this.signer = KeyUtils.createSigner(KeyUtils.fromPemEncodedPrivateKey(pemPrivateKey)); this.keyId = keyId; this.clock = clock; diff --git a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java index a46a93f624e..1d672a56dcb 100644 --- a/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java +++ b/hosted-api/src/main/java/ai/vespa/hosted/api/RequestVerifier.java @@ -3,14 +3,11 @@ package ai.vespa.hosted.api; import com.yahoo.security.KeyUtils; import java.net.URI; -import java.security.Key; -import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; import java.time.Clock; import java.time.Duration; import java.time.Instant; -import java.util.Arrays; import java.util.Base64; /** @@ -23,11 +20,12 @@ public class RequestVerifier { private final Signature verifier; private final Clock clock; + /** Creates a new request verifier from the given PEM encoded ECDSA public key. */ public RequestVerifier(String pemPublicKey) { this(pemPublicKey, Clock.systemUTC()); } - RequestVerifier(String pemPublicKey, Clock clock) { + public RequestVerifier(String pemPublicKey, Clock clock) { this.verifier = KeyUtils.createVerifier(KeyUtils.fromPemEncodedPublicKey(pemPublicKey)); this.clock = clock; } -- cgit v1.2.3