use of com.yahoo.athenz.auth.token.jwts.JwtsHelper in project athenz by yahoo.
the class InstanceAzureProvider method initialize.
@Override
public void initialize(String provider, String providerEndpoint, SSLContext sslContext, KeyStore keyStore) {
azureProvider = System.getProperty(AZURE_PROP_PROVIDER);
azureMgmtBaseUri = System.getProperty(AZURE_PROP_MGMT_BASE_URI, "https://management.azure.com");
azureMetaBaseUri = System.getProperty(AZURE_PROP_META_BASE_URI, "http://169.254.169.254");
// we need to extract Azure jwks uri and initialize our jwks signer
boolean enabled = true;
final String openIdConfigUri = System.getProperty(AZURE_PROP_OPENID_CONFIG_URI, AZURE_OPENID_CONFIG_URI);
JwtsHelper helper = new JwtsHelper();
azureJwksUri = helper.extractJwksUri(openIdConfigUri, sslContext);
if (StringUtil.isEmpty(azureJwksUri)) {
LOGGER.error("Azure jwks uri not available - no instance requests will be authorized");
enabled = false;
}
signingKeyResolver = new JwtsSigningKeyResolver(azureJwksUri, sslContext, true);
if (signingKeyResolver.publicKeyCount() == 0) {
LOGGER.error("No Azure public keys available - no instance requests will be authorized");
enabled = false;
}
// determine the dns suffix. if this is not specified we'll
// be rejecting all entries
dnsSuffixes = new HashSet<>();
final String dnsSuffix = System.getProperty(AZURE_PROP_DNS_SUFFIX);
if (StringUtil.isEmpty(dnsSuffix)) {
LOGGER.error("Azure Suffix not specified - no instance requests will be authorized");
enabled = false;
} else {
dnsSuffixes.addAll(Arrays.asList(dnsSuffix.split(",")));
}
ztsResourceUri = System.getProperty(AZURE_PROP_ZTS_RESOURCE_URI);
if (StringUtil.isEmpty(ztsResourceUri)) {
LOGGER.error("Azure ZTS Resource URI not specified - no instance requests will be authorized");
enabled = false;
}
// get our json deserializer
jsonMapper = new ObjectMapper();
jsonMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
try {
httpDriver = getHttpDriver(sslContext);
} catch (Exception ex) {
LOGGER.error("Azure HTTP Client not created - no instance requests will be authorized");
httpDriver = null;
enabled = false;
}
if (enabled) {
try {
fetchAccessToken();
} catch (Exception ex) {
LOGGER.error("Unable to fetch VM access token", ex);
}
// now setup our credential updater
int credsUpdateTime = Integer.parseInt(System.getProperty(AZURE_PROP_TOKEN_UPDATE_TIMEOUT, "10"));
scheduledThreadPool = Executors.newScheduledThreadPool(1);
scheduledThreadPool.scheduleAtFixedRate(new AzureCredentialsUpdater(), credsUpdateTime, credsUpdateTime, TimeUnit.MINUTES);
}
}
Aggregations