Search in sources :

Example 1 with PlatformLayerAuthAdminClient

use of org.platformlayer.auth.system.PlatformLayerAuthAdminClient in project platformlayer by platformlayer.

the class ProjectContext method getProjectCredentials.

public CertificateAndKey getProjectCredentials() throws OpsException {
    // OK... this is weird... we sign the project cert with the project cert.
    // It sort of makes sense, in that we don't want to share the project signing cert outside the auth server
    ProjectId projectId = getProjectId();
    KeyPair keyPair = privateData.findKeyPair(projectId, null, METADATA_PROJECT_KEY);
    List<X509Certificate> chain = privateData.findCertificate(projectId, null, METADATA_PROJECT_CERT);
    if (keyPair == null) {
        keyPair = RsaUtils.generateRsaKeyPair();
        privateData.putKeyPair(projectId, null, METADATA_PROJECT_KEY, keyPair);
    }
    if (chain == null) {
        AuthenticationTokenValidator authenticationTokenValidator = OpsContext.get().getInjector().getInstance(AuthenticationTokenValidator.class);
        ProjectAuthorization projectAuthorization = Scope.get().get(ProjectAuthorization.class);
        String projectKey = projectAuthorization.getName();
        if (!projectKey.equals(projectId.getKey())) {
            throw new IllegalStateException();
        }
        PlatformLayerAuthAdminClient adminClient = PlatformLayerAuthAdminClient.find(authenticationTokenValidator);
        Csr csr = Csr.buildCsr(keyPair, getX500Principal());
        chain = adminClient.signCsr(projectId.getKey(), projectAuthorization.getProjectSecret(), csr.getEncoded());
        privateData.putCertificate(projectId, null, METADATA_PROJECT_CERT, chain);
    }
    return new SimpleCertificateAndKey(chain, keyPair.getPrivate());
}
Also used : KeyPair(java.security.KeyPair) SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) ProjectId(org.platformlayer.ids.ProjectId) ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator) PlatformLayerAuthAdminClient(org.platformlayer.auth.system.PlatformLayerAuthAdminClient) X509Certificate(java.security.cert.X509Certificate)

Aggregations

SimpleCertificateAndKey (com.fathomdb.crypto.SimpleCertificateAndKey)1 KeyPair (java.security.KeyPair)1 X509Certificate (java.security.cert.X509Certificate)1 AuthenticationTokenValidator (org.platformlayer.auth.AuthenticationTokenValidator)1 PlatformLayerAuthAdminClient (org.platformlayer.auth.system.PlatformLayerAuthAdminClient)1 ProjectId (org.platformlayer.ids.ProjectId)1 ProjectAuthorization (org.platformlayer.model.ProjectAuthorization)1