Search in sources :

Example 1 with ProviderUniqueId

use of com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.ProviderUniqueId in project vespa by vespa-engine.

the class InstanceValidatorTest method createInstanceConfirmation.

private static InstanceConfirmation createInstanceConfirmation(PrivateKey privateKey, ApplicationId applicationId, String domain, String service) {
    IdentityDocument identityDocument = new IdentityDocument(new ProviderUniqueId(applicationId.tenant().value(), applicationId.application().value(), "environment", "region", applicationId.instance().value(), "cluster-id", 0), "hostname", "instance-hostname", Instant.now());
    try {
        ObjectMapper mapper = Utils.getMapper();
        String encodedIdentityDocument = Base64.getEncoder().encodeToString(mapper.writeValueAsString(identityDocument).getBytes());
        Signature sigGenerator = Signature.getInstance("SHA512withRSA");
        sigGenerator.initSign(privateKey);
        sigGenerator.update(encodedIdentityDocument.getBytes());
        return new InstanceConfirmation("provider", domain, service, new SignedIdentityDocument(encodedIdentityDocument, Base64.getEncoder().encodeToString(sigGenerator.sign()), 0, identityDocument.providerUniqueId.asString(), "dnssuffix", "service", "localhost/zts", 1));
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}
Also used : ProviderUniqueId(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.ProviderUniqueId) SignedIdentityDocument(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument) IdentityDocument(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.IdentityDocument) Signature(java.security.Signature) SignedIdentityDocument(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Example 2 with ProviderUniqueId

use of com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.ProviderUniqueId in project vespa by vespa-engine.

the class InstanceValidator method isValidInstance.

public boolean isValidInstance(InstanceConfirmation instanceConfirmation) {
    SignedIdentityDocument signedIdentityDocument = instanceConfirmation.signedIdentityDocument;
    ProviderUniqueId providerUniqueId = signedIdentityDocument.identityDocument.providerUniqueId;
    ApplicationId applicationId = ApplicationId.from(providerUniqueId.tenant, providerUniqueId.application, providerUniqueId.instance);
    if (!isSameIdentityAsInServicesXml(applicationId, instanceConfirmation.domain, instanceConfirmation.service)) {
        return false;
    }
    log.log(LogLevel.INFO, () -> String.format("Validating instance %s.", providerUniqueId));
    if (isInstanceSignatureValid(instanceConfirmation)) {
        log.log(LogLevel.INFO, () -> String.format("Instance %s is valid.", providerUniqueId));
        return true;
    }
    log.log(LogLevel.ERROR, () -> String.format("Instance %s has invalid signature.", providerUniqueId));
    return false;
}
Also used : ProviderUniqueId(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.ProviderUniqueId) SignedIdentityDocument(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument) ApplicationId(com.yahoo.config.provision.ApplicationId)

Aggregations

ProviderUniqueId (com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.ProviderUniqueId)2 SignedIdentityDocument (com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 ApplicationId (com.yahoo.config.provision.ApplicationId)1 IdentityDocument (com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.IdentityDocument)1 Signature (java.security.Signature)1