From d2bb598fc5c89052e25cfee49960bb177bc9ff03 Mon Sep 17 00:00:00 2001 From: Morten Tokle Date: Tue, 20 Feb 2018 10:50:56 +0100 Subject: Revert "Merge pull request #5072 from vespa-engine/revert-4984-mortent/ckms" This reverts commit 6d7b65adfcd1e918da8173dab25bf701074f3cdc, reversing changes made to 2ecdfefd5616743f62691f64a517ab787d6f0c10. --- .../vespa/athenz/identity/SiaIdentityProvider.java | 51 ++++++++++++++++++++++ .../yahoo/vespa/athenz/identity/package-info.java | 8 ++++ .../resources/configdefinitions/sia-provider.def | 6 +++ 3 files changed, 65 insertions(+) create mode 100644 vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java create mode 100644 vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/package-info.java create mode 100644 vespa-athenz/src/main/resources/configdefinitions/sia-provider.def (limited to 'vespa-athenz') diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java new file mode 100644 index 00000000000..c050ddce2c6 --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/SiaIdentityProvider.java @@ -0,0 +1,51 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.identity; + +import com.yahoo.athenz.auth.util.Crypto; +import com.yahoo.container.jdisc.athenz.AthenzIdentityProvider; +import com.yahoo.vespa.athenz.api.AthenzDomain; +import com.yahoo.vespa.athenz.api.AthenzIdentityCertificate; +import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.vespa.athenz.tls.AthenzSslContextBuilder; + +import javax.net.ssl.SSLContext; +import java.io.File; +import java.nio.file.Paths; +import java.security.PrivateKey; +import java.security.cert.X509Certificate; + +/** + * @author mortent + */ +public class SiaIdentityProvider implements AthenzIdentityProvider { + + private final AthenzDomain domain; + private final AthenzService service; + private final String path; + + public SiaIdentityProvider(SiaProviderConfig siaProviderConfig) { + this.domain = new AthenzDomain(siaProviderConfig.athenzDomain()); + this.service = new AthenzService(domain, siaProviderConfig.athenzService()); + this.path = siaProviderConfig.keyPathPrefix(); + } + + @Override + public String getDomain() { + return domain.getName(); + } + + @Override + public String getService() { + return service.getName(); + } + + @Override + public SSLContext getIdentitySslContext() { + X509Certificate certificate = Crypto.loadX509Certificate(Paths.get(path, "certs", String.format("%s.%s.cert.pem", getDomain(),getService())).toFile()); + PrivateKey privateKey = Crypto.loadPrivateKey(Paths.get(path, "keys", String.format("%s.%s.key.pem", getDomain(),getService())).toFile()); + + return new AthenzSslContextBuilder() + .withIdentityCertificate(new AthenzIdentityCertificate(certificate, privateKey)) + .build(); + } +} diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/package-info.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/package-info.java new file mode 100644 index 00000000000..da31e72a1fa --- /dev/null +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/identity/package-info.java @@ -0,0 +1,8 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +/** + * @author mortent + */ +@ExportPackage +package com.yahoo.vespa.athenz.identity; + +import com.yahoo.osgi.annotation.ExportPackage; \ No newline at end of file diff --git a/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def b/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def new file mode 100644 index 00000000000..f668ef544f7 --- /dev/null +++ b/vespa-athenz/src/main/resources/configdefinitions/sia-provider.def @@ -0,0 +1,6 @@ +# Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +namespace=vespa.athenz.identity + +athenzDomain string +athenzService string +keyPathPrefix string -- cgit v1.2.3