1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller.api.integration.certificates;
import com.yahoo.config.provision.ApplicationId;
import java.time.Clock;
import java.time.Instant;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
/**
* @author tokle
* @author andreer
*/
public class EndpointCertificateMock implements EndpointCertificateProvider {
private final Map<ApplicationId, List<String>> dnsNames = new HashMap<>();
private final Map<String, EndpointCertificateMetadata> providerMetadata = new HashMap<>();
private final Clock clock;
public EndpointCertificateMock(Clock clock) {
this.clock = clock;
}
public List<String> dnsNamesOf(ApplicationId application) {
return Collections.unmodifiableList(dnsNames.getOrDefault(application, List.of()));
}
@Override
public EndpointCertificateMetadata requestCaSignedCertificate(ApplicationId applicationId, List<String> dnsNames, Optional<EndpointCertificateMetadata> currentMetadata) {
this.dnsNames.put(applicationId, dnsNames);
String endpointCertificatePrefix = String.format("vespa.tls.%s.%s.%s", applicationId.tenant(),
applicationId.application(), applicationId.instance());
long epochSecond = Instant.now().getEpochSecond();
long inAnHour = epochSecond + 3600;
String requestId = UUID.randomUUID().toString();
int version = currentMetadata.map(c -> currentMetadata.get().version()+1).orElse(0);
EndpointCertificateMetadata metadata = new EndpointCertificateMetadata(endpointCertificatePrefix + "-key", endpointCertificatePrefix + "-cert", version, 0,
currentMetadata.map(EndpointCertificateMetadata::rootRequestId).orElse(requestId), Optional.of(requestId), dnsNames, "mockCa", Optional.of(inAnHour), Optional.of(epochSecond));
currentMetadata.ifPresent(c -> providerMetadata.remove(c.leafRequestId().orElseThrow()));
providerMetadata.put(requestId, metadata);
return metadata;
}
@Override
public List<EndpointCertificateRequestMetadata> listCertificates() {
return providerMetadata.values().stream()
.map(p -> new EndpointCertificateRequestMetadata(
p.leafRequestId().orElse(p.rootRequestId()),
"requestor",
"ticketId",
"athenzDomain",
p.requestedDnsSans().stream()
.map(san -> new EndpointCertificateRequestMetadata.DnsNameStatus(san, "done"))
.collect(Collectors.toUnmodifiableList()),
3600,
"ok",
"2021-09-28T00:14:31.946562037Z",
p.expiry().orElseThrow(),
p.issuer(),
"rsa_2048"
))
.collect(Collectors.toUnmodifiableList());
}
@Override
public void deleteCertificate(ApplicationId applicationId, String requestId) {
dnsNames.remove(applicationId);
providerMetadata.remove(requestId);
}
@Override
public EndpointCertificateDetails certificateDetails(String requestId) {
var metadata = providerMetadata.get(requestId);
if(metadata==null) throw new RuntimeException("Unknown certificate request");
return new EndpointCertificateDetails(requestId,
"requestor",
"ok",
"ticket_id",
"athenz_domain",
metadata.requestedDnsSans().stream().map(name -> new EndpointCertificateRequestMetadata.DnsNameStatus(name, "done")).toList(),
"duration_sec",
"expiry",
metadata.keyName(),
metadata.keyName(),
"0",
metadata.certName(),
metadata.certName(),
"0",
"2021-09-28T00:14:31.946562037Z",
true,
"public_key_algo",
"issuer",
"serial");
}
}
|