use of com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument in project vespa by vespa-engine.
the class InstanceValidator method isInstanceSignatureValid.
boolean isInstanceSignatureValid(InstanceConfirmation instanceConfirmation) {
SignedIdentityDocument signedIdentityDocument = instanceConfirmation.signedIdentityDocument;
PublicKey publicKey = keyProvider.getPublicKey(signedIdentityDocument.signingKeyVersion);
return isSignatureValid(publicKey, signedIdentityDocument.rawIdentityDocument, signedIdentityDocument.signature);
}
use of com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument in project vespa by vespa-engine.
the class InstanceValidatorTest method createInstanceConfirmation.
private static InstanceConfirmation createInstanceConfirmation(PrivateKey privateKey, ApplicationId applicationId, String domain, String service) {
IdentityDocument identityDocument = new IdentityDocument(new ProviderUniqueId(applicationId.tenant().value(), applicationId.application().value(), "environment", "region", applicationId.instance().value(), "cluster-id", 0), "hostname", "instance-hostname", Instant.now());
try {
ObjectMapper mapper = Utils.getMapper();
String encodedIdentityDocument = Base64.getEncoder().encodeToString(mapper.writeValueAsString(identityDocument).getBytes());
Signature sigGenerator = Signature.getInstance("SHA512withRSA");
sigGenerator.initSign(privateKey);
sigGenerator.update(encodedIdentityDocument.getBytes());
return new InstanceConfirmation("provider", domain, service, new SignedIdentityDocument(encodedIdentityDocument, Base64.getEncoder().encodeToString(sigGenerator.sign()), 0, identityDocument.providerUniqueId.asString(), "dnssuffix", "service", "localhost/zts", 1));
} catch (Exception e) {
throw new RuntimeException(e);
}
}
use of com.yahoo.vespa.hosted.athenz.instanceproviderservice.identitydocument.SignedIdentityDocument in project vespa by vespa-engine.
the class InstanceValidator method isValidInstance.
public boolean isValidInstance(InstanceConfirmation instanceConfirmation) {
SignedIdentityDocument signedIdentityDocument = instanceConfirmation.signedIdentityDocument;
ProviderUniqueId providerUniqueId = signedIdentityDocument.identityDocument.providerUniqueId;
ApplicationId applicationId = ApplicationId.from(providerUniqueId.tenant, providerUniqueId.application, providerUniqueId.instance);
if (!isSameIdentityAsInServicesXml(applicationId, instanceConfirmation.domain, instanceConfirmation.service)) {
return false;
}
log.log(LogLevel.INFO, () -> String.format("Validating instance %s.", providerUniqueId));
if (isInstanceSignatureValid(instanceConfirmation)) {
log.log(LogLevel.INFO, () -> String.format("Instance %s is valid.", providerUniqueId));
return true;
}
log.log(LogLevel.ERROR, () -> String.format("Instance %s has invalid signature.", providerUniqueId));
return false;
}
Aggregations