Example 1 with InstanceRegisterInformation
use of com.yahoo.athenz.zts.InstanceRegisterInformation in project athenz by yahoo.
the class InstanceClientRegister method main.
public static void main(String[] args) throws MalformedURLException, IOException {
// parse our command line to retrieve required input
CommandLine cmd = parseCommandLine(args);
String domainName = cmd.getOptionValue("domain").toLowerCase();
String serviceName = cmd.getOptionValue("service").toLowerCase();
String provider = cmd.getOptionValue("provider").toLowerCase();
String instance = cmd.getOptionValue("instance");
String dnsSuffix = cmd.getOptionValue("dnssuffix");
String providerKeyPath = cmd.getOptionValue("providerkey");
String providerKeyId = cmd.getOptionValue("providerkeyid");
String instanceKeyPath = cmd.getOptionValue("instancekey");
String ztsUrl = cmd.getOptionValue("ztsurl");
// get our configured private key
PrivateKey providerKey = Crypto.loadPrivateKey(new File(providerKeyPath));
// first we are going to generate our attestation data
// which we are going to use jwt. ZTS Server will send
// this object to the specified provider for validation
String compactJws = Jwts.builder().setSubject(domainName + "." + serviceName).setIssuer(provider).setAudience("zts").setId(instance).setExpiration(new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.MINUTES))).setHeaderParam("keyId", providerKeyId).signWith(SignatureAlgorithm.RS256, providerKey).compact();
System.out.println("JWS: \n" + compactJws + "\n");
// now we need to generate our CSR so we can get
// a TLS certificate for our instance
PrivateKey instanceKey = Crypto.loadPrivateKey(new File(instanceKeyPath));
String csr = generateCSR(domainName, serviceName, instance, dnsSuffix, instanceKey);
if (csr == null) {
System.err.println("Unable to generate CSR for instance");
System.exit(1);
}
System.out.println("CSR: \n" + csr + "\n");
// now let's generate our instance register object that will be sent
// to the ZTS Server
InstanceRegisterInformation info = new InstanceRegisterInformation().setAttestationData(compactJws).setDomain(domainName).setService(serviceName).setProvider(provider).setToken(true).setCsr(csr);
// now contact zts server to request identity for instance
InstanceIdentity identity = null;
Map<String, List<String>> responseHeaders = new HashMap<>();
try (ZTSClient ztsClient = new ZTSClient(ztsUrl)) {
identity = ztsClient.postInstanceRegisterInformation(info, responseHeaders);
} catch (ZTSClientException ex) {
System.out.println("Unable to register instance: " + ex.getMessage());
System.exit(2);
}
System.out.println("Identity TLS Certificate: \n" + identity.getX509Certificate());
Map<String, String> attrs = identity.getAttributes();
if (attrs != null) {
System.out.println("Provider Attributes:");
for (String key : attrs.keySet()) {
System.out.println("\t" + key + ": " + attrs.get(key));
}
}
}
Also used :
PrivateKey(java.security.PrivateKey)
HashMap(java.util.HashMap)
InstanceRegisterInformation(com.yahoo.athenz.zts.InstanceRegisterInformation)
ZTSClient(com.yahoo.athenz.zts.ZTSClient)
DERIA5String(org.bouncycastle.asn1.DERIA5String)
InstanceIdentity(com.yahoo.athenz.zts.InstanceIdentity)
Date(java.util.Date)
CommandLine(org.apache.commons.cli.CommandLine)
List(java.util.List)
ZTSClientException(com.yahoo.athenz.zts.ZTSClientException)
File(java.io.File)
Aggregations
InstanceIdentity (com.yahoo.athenz.zts.InstanceIdentity)1
InstanceRegisterInformation (com.yahoo.athenz.zts.InstanceRegisterInformation)1
ZTSClient (com.yahoo.athenz.zts.ZTSClient)1
ZTSClientException (com.yahoo.athenz.zts.ZTSClientException)1
File (java.io.File)1
PrivateKey (java.security.PrivateKey)1
Date (java.util.Date)1
HashMap (java.util.HashMap)1
List (java.util.List)1
CommandLine (org.apache.commons.cli.CommandLine)1
DERIA5String (org.bouncycastle.asn1.DERIA5String)1
