aboutsummaryrefslogtreecommitdiffstats
path: root/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/role/SecurityContext.java
blob: 499f21a2a0929fd282c785a8dfa03254b2124ac5 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller.api.role;

import java.security.Principal;
import java.time.Instant;
import java.util.Objects;
import java.util.Set;

/**
 * @author tokle
 */
public class SecurityContext {

    public static final String ATTRIBUTE_NAME = SecurityContext.class.getName();

    private final Principal principal;
    private final Set<Role> roles;
    private final Instant issuedAt;
    private final Instant expiresAt;

    public SecurityContext(Principal principal, Set<Role> roles, Instant issuedAt) {
        this(principal, roles, issuedAt, Instant.MAX);
    }

    public SecurityContext(Principal principal, Set<Role> roles, Instant issuedAt, Instant expiresAt) {
        this.principal = Objects.requireNonNull(principal);
        this.roles = Set.copyOf(roles);
        this.issuedAt = Objects.requireNonNull(issuedAt);
        this.expiresAt = Objects.requireNonNull(expiresAt);
    }

    public SecurityContext(Principal principal, Set<Role> roles) {
        this(principal, roles, Instant.EPOCH, Instant.MAX);
    }

    public Principal principal() {
        return principal;
    }

    public Set<Role> roles() {
        return roles;
    }

    public Instant issuedAt() {
        return issuedAt;
    }

    /** @return credential expiration or {@link Instant#MAX} is not available */
    public Instant expiresAt() { return expiresAt; }

    public SecurityContext withRoles(Set<Role> roles) {
        return new SecurityContext(this.principal, roles, this.issuedAt, this.expiresAt);
    }

    @Override
    public boolean equals(Object o) {
        if (this == o) return true;
        if (o == null || getClass() != o.getClass()) return false;
        SecurityContext that = (SecurityContext) o;
        return Objects.equals(principal, that.principal) && Objects.equals(roles, that.roles)
                && Objects.equals(issuedAt, that.issuedAt) && Objects.equals(expiresAt, that.expiresAt);
    }

    @Override
    public int hashCode() {
        return Objects.hash(principal, roles, issuedAt, expiresAt);
    }

    @Override
    public String toString() {
        return "SecurityContext{" +
                "principal=" + principal +
                ", roles=" + roles +
                ", issuedAt=" + issuedAt +
                ", expiresAt=" + expiresAt +
                '}';
    }

}