use of org.platformlayer.auth.system.PlatformLayerAuthAdminClient in project platformlayer by platformlayer.
the class ProjectContext method getProjectCredentials.
public CertificateAndKey getProjectCredentials() throws OpsException {
// OK... this is weird... we sign the project cert with the project cert.
// It sort of makes sense, in that we don't want to share the project signing cert outside the auth server
ProjectId projectId = getProjectId();
KeyPair keyPair = privateData.findKeyPair(projectId, null, METADATA_PROJECT_KEY);
List<X509Certificate> chain = privateData.findCertificate(projectId, null, METADATA_PROJECT_CERT);
if (keyPair == null) {
keyPair = RsaUtils.generateRsaKeyPair();
privateData.putKeyPair(projectId, null, METADATA_PROJECT_KEY, keyPair);
}
if (chain == null) {
AuthenticationTokenValidator authenticationTokenValidator = OpsContext.get().getInjector().getInstance(AuthenticationTokenValidator.class);
ProjectAuthorization projectAuthorization = Scope.get().get(ProjectAuthorization.class);
String projectKey = projectAuthorization.getName();
if (!projectKey.equals(projectId.getKey())) {
throw new IllegalStateException();
}
PlatformLayerAuthAdminClient adminClient = PlatformLayerAuthAdminClient.find(authenticationTokenValidator);
Csr csr = Csr.buildCsr(keyPair, getX500Principal());
chain = adminClient.signCsr(projectId.getKey(), projectAuthorization.getProjectSecret(), csr.getEncoded());
privateData.putCertificate(projectId, null, METADATA_PROJECT_CERT, chain);
}
return new SimpleCertificateAndKey(chain, keyPair.getPrivate());
}
Aggregations