Class AthenzIdentityProviderImpl
- java.lang.Object
-
- com.yahoo.component.AbstractComponent
-
- com.yahoo.vespa.athenz.identityprovider.client.AthenzIdentityProviderImpl
-
- All Implemented Interfaces:
com.yahoo.component.Component
,com.yahoo.component.Deconstructable
,com.yahoo.container.jdisc.athenz.AthenzIdentityProvider
,ServiceIdentityProvider
,Comparable<com.yahoo.component.Component>
public final class AthenzIdentityProviderImpl extends com.yahoo.component.AbstractComponent implements com.yahoo.container.jdisc.athenz.AthenzIdentityProvider, ServiceIdentityProvider
AAthenzIdentityProvider
/ServiceIdentityProvider
component that provides the tenant identity.- Author:
- mortent, bjorncs
-
-
Field Summary
Fields Modifier and Type Field Description static String
CERTIFICATE_EXPIRY_METRIC_NAME
-
Constructor Summary
Constructors Constructor Description AthenzIdentityProviderImpl(com.yahoo.container.core.identity.IdentityConfig config, com.yahoo.jdisc.Metric metric)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Path
athenzTruststorePath()
Path
certificatePath()
Path
clientTruststorePath()
The client truststore contains the Athenz certificates fromServiceIdentityProvider.athenzTruststorePath()
and additional certificate authorities that issues trusted server certificates.void
deconstruct()
String
domain()
String
getAccessToken(String domain)
String
getAccessToken(String domain, List<String> roles)
List<X509Certificate>
getIdentityCertificate()
com.yahoo.security.X509CertificateWithKey
getIdentityCertificateWithKey()
SSLContext
getIdentitySslContext()
PrivateKey
getPrivateKey()
SSLContext
getRoleSslContext(String domain, String role)
String
getRoleToken(String domain)
String
getRoleToken(String domain, String role)
AthenzService
identity()
Path
privateKeyPath()
String
service()
Path
trustStorePath()
-
-
-
Field Detail
-
CERTIFICATE_EXPIRY_METRIC_NAME
public static final String CERTIFICATE_EXPIRY_METRIC_NAME
- See Also:
- Constant Field Values
-
-
Method Detail
-
identity
public AthenzService identity()
- Specified by:
identity
in interfaceServiceIdentityProvider
- Returns:
- The Athenz identity of the environment
-
domain
public String domain()
- Specified by:
domain
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
service
public String service()
- Specified by:
service
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getIdentitySslContext
public SSLContext getIdentitySslContext()
- Specified by:
getIdentitySslContext
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
- Specified by:
getIdentitySslContext
in interfaceServiceIdentityProvider
- Returns:
SSLContext
that is automatically updated.
-
getIdentityCertificateWithKey
public com.yahoo.security.X509CertificateWithKey getIdentityCertificateWithKey()
- Specified by:
getIdentityCertificateWithKey
in interfaceServiceIdentityProvider
- Returns:
- Current certificate and private key. Unlike
ServiceIdentityProvider.getIdentitySslContext()
underlying credentials are not automatically updated.
-
certificatePath
public Path certificatePath()
- Specified by:
certificatePath
in interfaceServiceIdentityProvider
- Returns:
- Path to X.509 certificate in PEM format
-
privateKeyPath
public Path privateKeyPath()
- Specified by:
privateKeyPath
in interfaceServiceIdentityProvider
- Returns:
- Path to private key in PEM format
-
athenzTruststorePath
public Path athenzTruststorePath()
- Specified by:
athenzTruststorePath
in interfaceServiceIdentityProvider
- Returns:
- Path to Athenz truststore in PEM format
-
clientTruststorePath
public Path clientTruststorePath()
Description copied from interface:ServiceIdentityProvider
The client truststore contains the Athenz certificates fromServiceIdentityProvider.athenzTruststorePath()
and additional certificate authorities that issues trusted server certificates.- Specified by:
clientTruststorePath
in interfaceServiceIdentityProvider
- Returns:
- Path to client truststore in PEM format
-
getRoleSslContext
public SSLContext getRoleSslContext(String domain, String role)
- Specified by:
getRoleSslContext
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getRoleToken
public String getRoleToken(String domain)
- Specified by:
getRoleToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getRoleToken
public String getRoleToken(String domain, String role)
- Specified by:
getRoleToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getAccessToken
public String getAccessToken(String domain)
- Specified by:
getAccessToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getAccessToken
public String getAccessToken(String domain, List<String> roles)
- Specified by:
getAccessToken
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getPrivateKey
public PrivateKey getPrivateKey()
- Specified by:
getPrivateKey
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
trustStorePath
public Path trustStorePath()
- Specified by:
trustStorePath
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getIdentityCertificate
public List<X509Certificate> getIdentityCertificate()
- Specified by:
getIdentityCertificate
in interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
deconstruct
public void deconstruct()
- Specified by:
deconstruct
in interfacecom.yahoo.component.Deconstructable
- Overrides:
deconstruct
in classcom.yahoo.component.AbstractComponent
-
-