Class AthenzIdentityProviderImpl
- java.lang.Object
-
- com.yahoo.component.AbstractComponent
-
- com.yahoo.vespa.athenz.identityprovider.client.AthenzIdentityProviderImpl
-
- All Implemented Interfaces:
com.yahoo.component.Component
,com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
,ServiceIdentityProvider
,java.lang.Comparable<com.yahoo.component.Component>
public final class AthenzIdentityProviderImpl extends com.yahoo.component.AbstractComponent implements com.yahoo.container.jdisc.athenz.AthenzIdentityProvider, ServiceIdentityProvider
AAthenzIdentityProvider
/ServiceIdentityProvider
component that provides the tenant identity.- Author:
- mortent, bjorncs
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
CERTIFICATE_EXPIRY_METRIC_NAME
-
Constructor Summary
Constructors Constructor Description AthenzIdentityProviderImpl(com.yahoo.container.core.identity.IdentityConfig config, com.yahoo.jdisc.Metric metric)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.nio.file.Path
athenzTruststorePath()
java.nio.file.Path
certificatePath()
java.nio.file.Path
clientTruststorePath()
The client truststore contains the Athenz certificates fromServiceIdentityProvider.athenzTruststorePath()
and additional certificate authorities that issues trusted server certificates.void
deconstruct()
java.lang.String
domain()
java.lang.String
getAccessToken(java.lang.String domain)
java.lang.String
getAccessToken(java.lang.String domain, java.util.List<java.lang.String> roles)
java.util.List<java.security.cert.X509Certificate>
getIdentityCertificate()
com.yahoo.security.X509CertificateWithKey
getIdentityCertificateWithKey()
javax.net.ssl.SSLContext
getIdentitySslContext()
java.security.PrivateKey
getPrivateKey()
javax.net.ssl.SSLContext
getRoleSslContext(java.lang.String domain, java.lang.String role)
java.lang.String
getRoleToken(java.lang.String domain)
java.lang.String
getRoleToken(java.lang.String domain, java.lang.String role)
AthenzService
identity()
java.nio.file.Path
privateKeyPath()
java.lang.String
service()
java.nio.file.Path
trustStorePath()
-
-
-
Field Detail
-
CERTIFICATE_EXPIRY_METRIC_NAME
public static final java.lang.String CERTIFICATE_EXPIRY_METRIC_NAME
- See Also:
- Constant Field Values
-
-
Method Detail
-
identity
public AthenzService identity()
- Specified by:
identity
in interfaceServiceIdentityProvider
- Returns:
- The Athenz identity of the environment
-
domain
public java.lang.String domain()
- Specified by:
domain
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
service
public java.lang.String service()
- Specified by:
service
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getIdentitySslContext
public javax.net.ssl.SSLContext getIdentitySslContext()
- Specified by:
getIdentitySslContext
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
- Specified by:
getIdentitySslContext
in interfaceServiceIdentityProvider
- Returns:
SSLContext
that is automatically updated.
-
getIdentityCertificateWithKey
public com.yahoo.security.X509CertificateWithKey getIdentityCertificateWithKey()
- Specified by:
getIdentityCertificateWithKey
in interfaceServiceIdentityProvider
- Returns:
- Current certificate and private key. Unlike
ServiceIdentityProvider.getIdentitySslContext()
underlying credentials are not automatically updated.
-
certificatePath
public java.nio.file.Path certificatePath()
- Specified by:
certificatePath
in interfaceServiceIdentityProvider
- Returns:
- Path to X.509 certificate in PEM format
-
privateKeyPath
public java.nio.file.Path privateKeyPath()
- Specified by:
privateKeyPath
in interfaceServiceIdentityProvider
- Returns:
- Path to private key in PEM format
-
athenzTruststorePath
public java.nio.file.Path athenzTruststorePath()
- Specified by:
athenzTruststorePath
in interfaceServiceIdentityProvider
- Returns:
- Path to Athenz truststore in PEM format
-
clientTruststorePath
public java.nio.file.Path clientTruststorePath()
Description copied from interface:ServiceIdentityProvider
The client truststore contains the Athenz certificates fromServiceIdentityProvider.athenzTruststorePath()
and additional certificate authorities that issues trusted server certificates.- Specified by:
clientTruststorePath
in interfaceServiceIdentityProvider
- Returns:
- Path to client truststore in PEM format
-
getRoleSslContext
public javax.net.ssl.SSLContext getRoleSslContext(java.lang.String domain, java.lang.String role)
- Specified by:
getRoleSslContext
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getRoleToken
public java.lang.String getRoleToken(java.lang.String domain)
- Specified by:
getRoleToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getRoleToken
public java.lang.String getRoleToken(java.lang.String domain, java.lang.String role)
- Specified by:
getRoleToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getAccessToken
public java.lang.String getAccessToken(java.lang.String domain)
- Specified by:
getAccessToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getAccessToken
public java.lang.String getAccessToken(java.lang.String domain, java.util.List<java.lang.String> roles)
- Specified by:
getAccessToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getPrivateKey
public java.security.PrivateKey getPrivateKey()
- Specified by:
getPrivateKey
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
trustStorePath
public java.nio.file.Path trustStorePath()
- Specified by:
trustStorePath
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getIdentityCertificate
public java.util.List<java.security.cert.X509Certificate> getIdentityCertificate()
- Specified by:
getIdentityCertificate
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
deconstruct
public void deconstruct()
- Overrides:
deconstruct
in classcom.yahoo.component.AbstractComponent
-
-