Example 1 with ProviderUniqueId
use of com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.ProviderUniqueId in project vespa by vespa-engine.
the class InstanceValidatorTest method createInstanceConfirmation.
private static InstanceConfirmation createInstanceConfirmation(PrivateKey privateKey, ApplicationId applicationId, String domain, String service) {
IdentityDocument identityDocument = new IdentityDocument(new ProviderUniqueId(applicationId.tenant().value(), applicationId.application().value(), "environment", "region", applicationId.instance().value(), "cluster-id", 0), "hostname", "instance-hostname", Instant.now());
try {
ObjectMapper mapper = Utils.getMapper();
String encodedIdentityDocument = Base64.getEncoder().encodeToString(mapper.writeValueAsString(identityDocument).getBytes());
Signature sigGenerator = Signature.getInstance("SHA512withRSA");
sigGenerator.initSign(privateKey);
sigGenerator.update(encodedIdentityDocument.getBytes());
return new InstanceConfirmation("provider", domain, service, new SignedIdentityDocument(encodedIdentityDocument, Base64.getEncoder().encodeToString(sigGenerator.sign()), 0, identityDocument.providerUniqueId.asString(), "dnssuffix", "service", "localhost/zts", 1));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
ProviderUniqueId(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.ProviderUniqueId)
SignedIdentityDocument(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument)
IdentityDocument(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.IdentityDocument)
Signature(java.security.Signature)
SignedIdentityDocument(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
Example 2 with ProviderUniqueId
use of com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.ProviderUniqueId in project vespa by vespa-engine.
the class InstanceValidator method isValidInstance.
public boolean isValidInstance(InstanceConfirmation instanceConfirmation) {
SignedIdentityDocument signedIdentityDocument = instanceConfirmation.signedIdentityDocument;
ProviderUniqueId providerUniqueId = signedIdentityDocument.identityDocument.providerUniqueId;
ApplicationId applicationId = ApplicationId.from(providerUniqueId.tenant, providerUniqueId.application, providerUniqueId.instance);
if (!isSameIdentityAsInServicesXml(applicationId, instanceConfirmation.domain, instanceConfirmation.service)) {
return false;
}
log.log(LogLevel.INFO, () -> String.format("Validating instance %s.", providerUniqueId));
if (isInstanceSignatureValid(instanceConfirmation)) {
log.log(LogLevel.INFO, () -> String.format("Instance %s is valid.", providerUniqueId));
return true;
}
log.log(LogLevel.ERROR, () -> String.format("Instance %s has invalid signature.", providerUniqueId));
return false;
}
Also used :
ProviderUniqueId(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.ProviderUniqueId)
SignedIdentityDocument(com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument)
ApplicationId(com.yahoo.config.provision.ApplicationId)
Aggregations
ProviderUniqueId (com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.ProviderUniqueId)2
SignedIdentityDocument (com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
ApplicationId (com.yahoo.config.provision.ApplicationId)1
IdentityDocument (com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.IdentityDocument)1
Signature (java.security.Signature)1
