Examples with JwtsHelper - com.yahoo.athenz.auth.token.jwts.JwtsHelper

Example 1 with JwtsHelper

use of com.yahoo.athenz.auth.token.jwts.JwtsHelper in project athenz by yahoo.

the class InstanceAzureProvider method initialize.

@Override
public void initialize(String provider, String providerEndpoint, SSLContext sslContext, KeyStore keyStore) {
    azureProvider = System.getProperty(AZURE_PROP_PROVIDER);
    azureMgmtBaseUri = System.getProperty(AZURE_PROP_MGMT_BASE_URI, "https://management.azure.com");
    azureMetaBaseUri = System.getProperty(AZURE_PROP_META_BASE_URI, "http://169.254.169.254");
    // we need to extract Azure jwks uri and initialize our jwks signer
    boolean enabled = true;
    final String openIdConfigUri = System.getProperty(AZURE_PROP_OPENID_CONFIG_URI, AZURE_OPENID_CONFIG_URI);
    JwtsHelper helper = new JwtsHelper();
    azureJwksUri = helper.extractJwksUri(openIdConfigUri, sslContext);
    if (StringUtil.isEmpty(azureJwksUri)) {
        LOGGER.error("Azure jwks uri not available - no instance requests will be authorized");
        enabled = false;
    }
    signingKeyResolver = new JwtsSigningKeyResolver(azureJwksUri, sslContext, true);
    if (signingKeyResolver.publicKeyCount() == 0) {
        LOGGER.error("No Azure public keys available - no instance requests will be authorized");
        enabled = false;
    }
    // determine the dns suffix. if this is not specified we'll
    // be rejecting all entries
    dnsSuffixes = new HashSet<>();
    final String dnsSuffix = System.getProperty(AZURE_PROP_DNS_SUFFIX);
    if (StringUtil.isEmpty(dnsSuffix)) {
        LOGGER.error("Azure Suffix not specified - no instance requests will be authorized");
        enabled = false;
    } else {
        dnsSuffixes.addAll(Arrays.asList(dnsSuffix.split(",")));
    }
    ztsResourceUri = System.getProperty(AZURE_PROP_ZTS_RESOURCE_URI);
    if (StringUtil.isEmpty(ztsResourceUri)) {
        LOGGER.error("Azure ZTS Resource URI not specified - no instance requests will be authorized");
        enabled = false;
    }
    // get our json deserializer
    jsonMapper = new ObjectMapper();
    jsonMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
    try {
        httpDriver = getHttpDriver(sslContext);
    } catch (Exception ex) {
        LOGGER.error("Azure HTTP Client not created - no instance requests will be authorized");
        httpDriver = null;
        enabled = false;
    }
    if (enabled) {
        try {
            fetchAccessToken();
        } catch (Exception ex) {
            LOGGER.error("Unable to fetch VM access token", ex);
        }
        // now setup our credential updater
        int credsUpdateTime = Integer.parseInt(System.getProperty(AZURE_PROP_TOKEN_UPDATE_TIMEOUT, "10"));
        scheduledThreadPool = Executors.newScheduledThreadPool(1);
        scheduledThreadPool.scheduleAtFixedRate(new AzureCredentialsUpdater(), credsUpdateTime, credsUpdateTime, TimeUnit.MINUTES);
    }
}

Also used : JwtsHelper(com.yahoo.athenz.auth.token.jwts.JwtsHelper) JwtsSigningKeyResolver(com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) IOException(java.io.IOException) ResourceException(com.yahoo.athenz.instance.provider.ResourceException)

Aggregations

ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 JwtsHelper (com.yahoo.athenz.auth.token.jwts.JwtsHelper)1 JwtsSigningKeyResolver (com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver)1 ResourceException (com.yahoo.athenz.instance.provider.ResourceException)1 IOException (java.io.IOException)1