Search in sources :

Example 1 with ServiceAccountIAMTokenClient

use of com.mesosphere.sdk.dcos.clients.ServiceAccountIAMTokenClient in project dcos-commons by mesosphere.

the class SchedulerConfig method getDcosAuthTokenProvider.

/**
 * Returns a token provider which may be used to retrieve DC/OS JWT auth tokens, or throws an exception if the local
 * environment doesn't provide the needed information (e.g. on a DC/OS Open cluster)
 */
public TokenProvider getDcosAuthTokenProvider() throws IOException {
    JSONObject serviceAccountObject = new JSONObject(envStore.getRequired(SIDECHANNEL_AUTH_ENV_NAME));
    PemReader pemReader = new PemReader(new StringReader(serviceAccountObject.getString("private_key")));
    try {
        RSAPrivateKey privateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(pemReader.readPemObject().getContent()));
        RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(privateKey.getModulus(), privateKey.getPrivateExponent()));
        ServiceAccountIAMTokenClient serviceAccountIAMTokenProvider = new ServiceAccountIAMTokenClient(new DcosHttpExecutor(new DcosHttpClientBuilder().setDefaultConnectionTimeout(DEFAULT_AUTH_TOKEN_REFRESH_TIMEOUT_S).setRedirectStrategy(new LaxRedirectStrategy())), serviceAccountObject.getString("uid"), Algorithm.RSA256(publicKey, privateKey));
        Duration authTokenRefreshThreshold = Duration.ofSeconds(envStore.getOptionalInt(AUTH_TOKEN_REFRESH_THRESHOLD_S_ENV, DEFAULT_AUTH_TOKEN_REFRESH_THRESHOLD_S));
        return new CachedTokenProvider(serviceAccountIAMTokenProvider, authTokenRefreshThreshold);
    } catch (InvalidKeySpecException e) {
        throw new IllegalArgumentException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new IllegalStateException(e);
    } finally {
        pemReader.close();
    }
}
Also used : DcosHttpClientBuilder(com.mesosphere.sdk.dcos.DcosHttpClientBuilder) CachedTokenProvider(com.mesosphere.sdk.dcos.auth.CachedTokenProvider) Duration(java.time.Duration) RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) PemReader(org.bouncycastle.util.io.pem.PemReader) DcosHttpExecutor(com.mesosphere.sdk.dcos.DcosHttpExecutor) JSONObject(org.json.JSONObject) RSAPublicKey(java.security.interfaces.RSAPublicKey) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) StringReader(java.io.StringReader) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) LaxRedirectStrategy(org.apache.http.impl.client.LaxRedirectStrategy) ServiceAccountIAMTokenClient(com.mesosphere.sdk.dcos.clients.ServiceAccountIAMTokenClient)

Aggregations

DcosHttpClientBuilder (com.mesosphere.sdk.dcos.DcosHttpClientBuilder)1 DcosHttpExecutor (com.mesosphere.sdk.dcos.DcosHttpExecutor)1 CachedTokenProvider (com.mesosphere.sdk.dcos.auth.CachedTokenProvider)1 ServiceAccountIAMTokenClient (com.mesosphere.sdk.dcos.clients.ServiceAccountIAMTokenClient)1 StringReader (java.io.StringReader)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 RSAPublicKey (java.security.interfaces.RSAPublicKey)1 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)1 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1 RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)1 Duration (java.time.Duration)1 LaxRedirectStrategy (org.apache.http.impl.client.LaxRedirectStrategy)1 PemReader (org.bouncycastle.util.io.pem.PemReader)1 JSONObject (org.json.JSONObject)1