Package com.yahoo.container.jdisc.athenz

Interface AthenzIdentityProvider

public interface AthenzIdentityProvider
Provides convenience methods to interact with Athenz authenticated services
Author:
mortent, bjorncs

  • Method Details

    • domain

      String domain()
      Get the Athenz domain associated with this identity provider.
      Returns:
      The Athenz domain.

    • service

      String service()
      Get the Athenz service name associated with this identity provider.
      Returns:
      The Athenz service name.

    • getIdentitySslContext

      SSLContext getIdentitySslContext()
      Get the SSLContext used for authenticating with the configured Athenz service
      Returns:
      An SSLContext for identity authentication.

    • getRoleSslContext

      SSLContext getRoleSslContext(String domain, String role)
      Get the SSLContext for authenticating with an Athenz role
      Parameters:
      domain - Athenz domain name for the role
      role - Athenz role name
      Returns:
      A SSLContext for role authentication within the specified domain and role.

    • getRoleToken

      String getRoleToken(String domain)
      Get a role token for the specified Athenz domain.
      Parameters:
      domain - The Athenz domain for the role token
      Returns:
      A role token for the specified domain.

    • getRoleToken

      String getRoleToken(String domain, String role)
      Get a role token for a specific Athenz role.
      Parameters:
      domain - The Athenz domain name for the role
      role - The Athenz role name
      Returns:
      A role token for the specified domain and role.

    • getAccessToken

      String getAccessToken(String domain)
      Get an access token for the specified Athenz domain.
      Parameters:
      domain - Athenz domain name for the token
      Returns:
      An access token for the specified domain.

    • getAccessToken

      String getAccessToken(String domain, List<String> roles)
      Get an access token for a list of roles in an Athenz domain.
      Parameters:
      domain - Athenz domain name for the roles
      roles - The list of Athenz roles names
      Returns:
      An access token for the specified roles.

    • getAccessToken

      String getAccessToken(String domain, List<String> roles, List<String> proxyPrincipal)
      Get an access token for the specified Athenz domain.
      Parameters:
      domain - Athenz domain name
      roles - List of Athenz role names. Empty list or null will fetch a token for all roles in the domain.
      proxyPrincipal - List of principals to allow proxying the token. Each principal must be provided as: <domain>:service.<service> Empty list or null will return a token without proxy principals.
      Returns:
      An access token for the specified domain.

    • getIdentityCertificate

      List<X509Certificate> getIdentityCertificate()
      Get the X.509 identity certificate associated with this identity provider.
      Returns:
      The X.509 identity certificate.

    • getRoleCertificate

      X509Certificate getRoleCertificate(String domain, String role)
      Get the X.509 role certificate for a specific Athenz role.
      Parameters:
      domain - Athenz domain name for the role
      role - Athenz role name
      Returns:
      An X.509 role certificate for the specified domain and role.

    • getPrivateKey

      PrivateKey getPrivateKey()
      Get the private key associated with this identity provider.
      Returns:
      The private key used for authentication.

    • trustStorePath

      Path trustStorePath()
      Get the path to the trust store used for SSL verification.
      Returns:
      The path to the trust store.

    • deconstruct

      void deconstruct()