java.lang.Object
- com.yahoo.component.AbstractComponent
- - com.yahoo.vespa.athenz.identityprovider.client.AthenzIdentityProviderImpl

All Implemented Interfaces:

com.yahoo.component.Component, com.yahoo.container.jdisc.athenz.AthenzIdentityProvider, ServiceIdentityProvider, java.lang.Comparable<com.yahoo.component.Component>
```
public final class AthenzIdentityProviderImpl
extends com.yahoo.component.AbstractComponent
implements com.yahoo.container.jdisc.athenz.AthenzIdentityProvider, ServiceIdentityProvider
```
A AthenzIdentityProvider / ServiceIdentityProvider component that provides the tenant identity.

Author:

mortent, bjorncs

Field Summary

Fields
Modifier and Type Field Description

static java.lang.String CERTIFICATE_EXPIRY_METRIC_NAME
- Fields inherited from class com.yahoo.component.AbstractComponent
  isDeconstructable

Constructor Summary

Constructors
Constructor Description

AthenzIdentityProviderImpl(com.yahoo.container.core.identity.IdentityConfig config, com.yahoo.jdisc.Metric metric)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`java.nio.file.Path`	`athenzTruststorePath()`
`java.nio.file.Path`	`certificatePath()`
`java.nio.file.Path`	`clientTruststorePath()`	The client truststore contains the Athenz certificates from `ServiceIdentityProvider.athenzTruststorePath()` and additional certificate authorities that issues trusted server certificates.
`void`	`deconstruct()`
`java.lang.String`	`domain()`
`java.lang.String`	`getAccessToken(java.lang.String domain)`
`java.lang.String`	`getAccessToken(java.lang.String domain, java.util.List<java.lang.String> roles)`
`java.util.List<java.security.cert.X509Certificate>`	`getIdentityCertificate()`
`com.yahoo.security.X509CertificateWithKey`	`getIdentityCertificateWithKey()`
`javax.net.ssl.SSLContext`	`getIdentitySslContext()`
`java.security.PrivateKey`	`getPrivateKey()`
`javax.net.ssl.SSLContext`	`getRoleSslContext(java.lang.String domain, java.lang.String role)`
`java.lang.String`	`getRoleToken(java.lang.String domain)`
`java.lang.String`	`getRoleToken(java.lang.String domain, java.lang.String role)`
`AthenzService`	`identity()`
`java.nio.file.Path`	`privateKeyPath()`
`java.lang.String`	`service()`
`java.nio.file.Path`	`trustStorePath()`

Methods inherited from class com.yahoo.component.AbstractComponent
clone, compareTo, getClassName, getId, getIdString, hasInitializedId, initId, isDeconstructable, setIsDeconstructable, toString

Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - CERTIFICATE_EXPIRY_METRIC_NAME
```
public static final java.lang.String CERTIFICATE_EXPIRY_METRIC_NAME
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - AthenzIdentityProviderImpl
```
@Inject
public AthenzIdentityProviderImpl(com.yahoo.container.core.identity.IdentityConfig config,
                                  com.yahoo.jdisc.Metric metric)
```
- Method Detail
  - identity
```
public AthenzService identity()
```
    Specified by:
    
    identity in interface ServiceIdentityProvider
    
    Returns:
    
    The Athenz identity of the environment
  - domain
```
public java.lang.String domain()
```
    Specified by:
    
    domain in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
  - service
```
public java.lang.String service()
```
    Specified by:
    
    service in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
  - getIdentitySslContext
```
public javax.net.ssl.SSLContext getIdentitySslContext()
```
    Specified by:
    
    getIdentitySslContext in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
    
    Specified by:
    
    getIdentitySslContext in interface ServiceIdentityProvider
    
    Returns:
    
    SSLContext that is automatically updated.
  - getIdentityCertificateWithKey
```
public com.yahoo.security.X509CertificateWithKey getIdentityCertificateWithKey()
```
    Specified by:
    
    getIdentityCertificateWithKey in interface ServiceIdentityProvider
    
    Returns:
    
    Current certificate and private key. Unlike ServiceIdentityProvider.getIdentitySslContext() underlying credentials are not automatically updated.
  - certificatePath
```
public java.nio.file.Path certificatePath()
```
    Specified by:
    
    certificatePath in interface ServiceIdentityProvider
    
    Returns:
    
    Path to X.509 certificate in PEM format
  - privateKeyPath
```
public java.nio.file.Path privateKeyPath()
```
    Specified by:
    
    privateKeyPath in interface ServiceIdentityProvider
    
    Returns:
    
    Path to private key in PEM format
  - athenzTruststorePath
```
public java.nio.file.Path athenzTruststorePath()
```
    Specified by:
    
    athenzTruststorePath in interface ServiceIdentityProvider
    
    Returns:
    
    Path to Athenz truststore in PEM format
  - clientTruststorePath
```
public java.nio.file.Path clientTruststorePath()
```
    Description copied from interface: ServiceIdentityProvider
    
    The client truststore contains the Athenz certificates from ServiceIdentityProvider.athenzTruststorePath() and additional certificate authorities that issues trusted server certificates.
    
    Specified by:
    
    clientTruststorePath in interface ServiceIdentityProvider
    
    Returns:
    
    Path to client truststore in PEM format
  - getRoleSslContext
```
public javax.net.ssl.SSLContext getRoleSslContext(java.lang.String domain,
                                                  java.lang.String role)
```
    Specified by:
    
    getRoleSslContext in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
  - getRoleToken
```
public java.lang.String getRoleToken(java.lang.String domain)
```
    Specified by:
    
    getRoleToken in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
  - getRoleToken
```
public java.lang.String getRoleToken(java.lang.String domain,
                                     java.lang.String role)
```
    Specified by:
    
    getRoleToken in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
  - getAccessToken
```
public java.lang.String getAccessToken(java.lang.String domain)
```
    Specified by:
    
    getAccessToken in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
  - getAccessToken
```
public java.lang.String getAccessToken(java.lang.String domain,
                                       java.util.List<java.lang.String> roles)
```
    Specified by:
    
    getAccessToken in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
  - getPrivateKey
```
public java.security.PrivateKey getPrivateKey()
```
    Specified by:
    
    getPrivateKey in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
  - trustStorePath
```
public java.nio.file.Path trustStorePath()
```
    Specified by:
    
    trustStorePath in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
  - getIdentityCertificate
```
public java.util.List<java.security.cert.X509Certificate> getIdentityCertificate()
```
    Specified by:
    
    getIdentityCertificate in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
  - deconstruct
```
public void deconstruct()
```
    Overrides:
    
    deconstruct in class com.yahoo.component.AbstractComponent

Class AthenzIdentityProviderImpl

Field Summary

Fields inherited from class com.yahoo.component.AbstractComponent

Constructor Summary

Method Summary

Methods inherited from class com.yahoo.component.AbstractComponent

Methods inherited from class java.lang.Object

Field Detail

CERTIFICATE_EXPIRY_METRIC_NAME

Constructor Detail

AthenzIdentityProviderImpl

Method Detail

identity

domain

service

getIdentitySslContext

getIdentityCertificateWithKey

certificatePath

privateKeyPath

athenzTruststorePath

clientTruststorePath

getRoleSslContext

getRoleToken

getRoleToken

getAccessToken

getAccessToken

getPrivateKey

trustStorePath

getIdentityCertificate

deconstruct