Class AthenzIdentityProviderImpl
- java.lang.Object
-
- com.yahoo.component.AbstractComponent
-
- com.yahoo.vespa.athenz.identityprovider.client.AthenzIdentityProviderImpl
-
- All Implemented Interfaces:
com.yahoo.component.Component,com.yahoo.component.Deconstructable,com.yahoo.container.jdisc.athenz.AthenzIdentityProvider,ServiceIdentityProvider,Comparable<com.yahoo.component.Component>
public final class AthenzIdentityProviderImpl extends com.yahoo.component.AbstractComponent implements com.yahoo.container.jdisc.athenz.AthenzIdentityProvider, ServiceIdentityProvider
AAthenzIdentityProvider/ServiceIdentityProvidercomponent that provides the tenant identity.- Author:
- mortent, bjorncs
-
-
Field Summary
Fields Modifier and Type Field Description static StringCERTIFICATE_EXPIRY_METRIC_NAME
-
Constructor Summary
Constructors Constructor Description AthenzIdentityProviderImpl(com.yahoo.container.core.identity.IdentityConfig config, com.yahoo.jdisc.Metric metric)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description PathathenzTruststorePath()PathcertificatePath()PathclientTruststorePath()The client truststore contains the Athenz certificates fromServiceIdentityProvider.athenzTruststorePath()and additional certificate authorities that issues trusted server certificates.voiddeconstruct()Stringdomain()StringgetAccessToken(String domain)StringgetAccessToken(String domain, List<String> roles)List<X509Certificate>getIdentityCertificate()com.yahoo.security.X509CertificateWithKeygetIdentityCertificateWithKey()SSLContextgetIdentitySslContext()PrivateKeygetPrivateKey()SSLContextgetRoleSslContext(String domain, String role)StringgetRoleToken(String domain)StringgetRoleToken(String domain, String role)AthenzServiceidentity()PathprivateKeyPath()Stringservice()PathtrustStorePath()
-
-
-
Field Detail
-
CERTIFICATE_EXPIRY_METRIC_NAME
public static final String CERTIFICATE_EXPIRY_METRIC_NAME
- See Also:
- Constant Field Values
-
-
Method Detail
-
identity
public AthenzService identity()
- Specified by:
identityin interfaceServiceIdentityProvider- Returns:
- The Athenz identity of the environment
-
domain
public String domain()
- Specified by:
domainin interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
service
public String service()
- Specified by:
servicein interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getIdentitySslContext
public SSLContext getIdentitySslContext()
- Specified by:
getIdentitySslContextin interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider- Specified by:
getIdentitySslContextin interfaceServiceIdentityProvider- Returns:
SSLContextthat is automatically updated.
-
getIdentityCertificateWithKey
public com.yahoo.security.X509CertificateWithKey getIdentityCertificateWithKey()
- Specified by:
getIdentityCertificateWithKeyin interfaceServiceIdentityProvider- Returns:
- Current certificate and private key. Unlike
ServiceIdentityProvider.getIdentitySslContext()underlying credentials are not automatically updated.
-
certificatePath
public Path certificatePath()
- Specified by:
certificatePathin interfaceServiceIdentityProvider- Returns:
- Path to X.509 certificate in PEM format
-
privateKeyPath
public Path privateKeyPath()
- Specified by:
privateKeyPathin interfaceServiceIdentityProvider- Returns:
- Path to private key in PEM format
-
athenzTruststorePath
public Path athenzTruststorePath()
- Specified by:
athenzTruststorePathin interfaceServiceIdentityProvider- Returns:
- Path to Athenz truststore in PEM format
-
clientTruststorePath
public Path clientTruststorePath()
Description copied from interface:ServiceIdentityProviderThe client truststore contains the Athenz certificates fromServiceIdentityProvider.athenzTruststorePath()and additional certificate authorities that issues trusted server certificates.- Specified by:
clientTruststorePathin interfaceServiceIdentityProvider- Returns:
- Path to client truststore in PEM format
-
getRoleSslContext
public SSLContext getRoleSslContext(String domain, String role)
- Specified by:
getRoleSslContextin interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getRoleToken
public String getRoleToken(String domain)
- Specified by:
getRoleTokenin interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getRoleToken
public String getRoleToken(String domain, String role)
- Specified by:
getRoleTokenin interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getAccessToken
public String getAccessToken(String domain)
- Specified by:
getAccessTokenin interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getAccessToken
public String getAccessToken(String domain, List<String> roles)
- Specified by:
getAccessTokenin interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getPrivateKey
public PrivateKey getPrivateKey()
- Specified by:
getPrivateKeyin interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
trustStorePath
public Path trustStorePath()
- Specified by:
trustStorePathin interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
getIdentityCertificate
public List<X509Certificate> getIdentityCertificate()
- Specified by:
getIdentityCertificatein interfacecom.yahoo.container.jdisc.athenz.AthenzIdentityProvider
-
deconstruct
public void deconstruct()
- Specified by:
deconstructin interfacecom.yahoo.component.Deconstructable- Overrides:
deconstructin classcom.yahoo.component.AbstractComponent
-
-