use of com.mesosphere.sdk.dcos.DcosHttpClientBuilder in project dcos-commons by mesosphere.
the class SchedulerConfig method getDcosAuthTokenProvider.
/**
* Returns a token provider which may be used to retrieve DC/OS JWT auth tokens, or throws an exception if the local
* environment doesn't provide the needed information (e.g. on a DC/OS Open cluster)
*/
public TokenProvider getDcosAuthTokenProvider() throws IOException {
JSONObject serviceAccountObject = new JSONObject(envStore.getRequired(SIDECHANNEL_AUTH_ENV_NAME));
PemReader pemReader = new PemReader(new StringReader(serviceAccountObject.getString("private_key")));
try {
RSAPrivateKey privateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(pemReader.readPemObject().getContent()));
RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(privateKey.getModulus(), privateKey.getPrivateExponent()));
ServiceAccountIAMTokenClient serviceAccountIAMTokenProvider = new ServiceAccountIAMTokenClient(new DcosHttpExecutor(new DcosHttpClientBuilder().setDefaultConnectionTimeout(DEFAULT_AUTH_TOKEN_REFRESH_TIMEOUT_S).setRedirectStrategy(new LaxRedirectStrategy())), serviceAccountObject.getString("uid"), Algorithm.RSA256(publicKey, privateKey));
Duration authTokenRefreshThreshold = Duration.ofSeconds(envStore.getOptionalInt(AUTH_TOKEN_REFRESH_THRESHOLD_S_ENV, DEFAULT_AUTH_TOKEN_REFRESH_THRESHOLD_S));
return new CachedTokenProvider(serviceAccountIAMTokenProvider, authTokenRefreshThreshold);
} catch (InvalidKeySpecException e) {
throw new IllegalArgumentException(e);
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(e);
} finally {
pemReader.close();
}
}
Aggregations