Package com.yahoo.vespa.athenz.identityprovider.client

Class AthenzIdentityProviderImpl

java.lang.Object

com.yahoo.component.AbstractComponent

com.yahoo.vespa.athenz.identityprovider.client.AthenzIdentityProviderImpl

All Implemented Interfaces:

com.yahoo.component.Component, com.yahoo.component.Deconstructable, com.yahoo.container.jdisc.athenz.AthenzIdentityProvider, ServiceIdentityProvider, Comparable<com.yahoo.component.Component>

public final class AthenzIdentityProviderImpl
extends com.yahoo.component.AbstractComponent
implements com.yahoo.container.jdisc.athenz.AthenzIdentityProvider, ServiceIdentityProvider

A AthenzIdentityProvider / ServiceIdentityProvider component that provides the tenant identity.

Author:

mortent, bjorncs

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CERTIFICATE_EXPIRY_METRIC_NAME

Fields inherited from class com.yahoo.component.AbstractComponent

isDeconstructable

Constructor Summary

Constructors

Constructor	Description
AthenzIdentityProviderImpl(com.yahoo.container.core.identity.IdentityConfig config, com.yahoo.jdisc.Metric metric)

Method Summary

Modifier and Type	Method	Description
Path	athenzTruststorePath()
Path	certificatePath()
Path	clientTruststorePath()	The client truststore contains the Athenz certificates from ServiceIdentityProvider.athenzTruststorePath() and additional certificate authorities that issues trusted server certificates.
void	deconstruct()
String	domain()
String	getAccessToken(String domain)
String	getAccessToken(String domain, List<String> roles)
List<X509Certificate>	getIdentityCertificate()
com.yahoo.security.X509CertificateWithKey	getIdentityCertificateWithKey()
SSLContext	getIdentitySslContext()
PrivateKey	getPrivateKey()
SSLContext	getRoleSslContext(String domain, String role)
String	getRoleToken(String domain)
String	getRoleToken(String domain, String role)
AthenzService	identity()
Path	privateKeyPath()
String	service()
Path	trustStorePath()

Methods inherited from class com.yahoo.component.AbstractComponent

clone, compareTo, getClassName, getId, getIdString, hasInitializedId, initId, isDeconstructable, setIsDeconstructable, toString

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Details

CERTIFICATE_EXPIRY_METRIC_NAME

public static final String CERTIFICATE_EXPIRY_METRIC_NAME

See Also:

• Constant Field Values

Constructor Details

AthenzIdentityProviderImpl

@Inject
public AthenzIdentityProviderImpl(com.yahoo.container.core.identity.IdentityConfig config,
 com.yahoo.jdisc.Metric metric)

Method Details

identity

public AthenzService identity()

Specified by:

identity in interface ServiceIdentityProvider

Returns:

The Athenz identity of the environment

domain

public String domain()

Specified by:

domain in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

service

public String service()

Specified by:

service in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

getIdentitySslContext

public SSLContext getIdentitySslContext()

Specified by:

getIdentitySslContext in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

Specified by:

getIdentitySslContext in interface ServiceIdentityProvider

Returns:

SSLContext that is automatically updated.

getIdentityCertificateWithKey

public com.yahoo.security.X509CertificateWithKey getIdentityCertificateWithKey()

Specified by:

getIdentityCertificateWithKey in interface ServiceIdentityProvider

Returns:

Current certificate and private key. Unlike ServiceIdentityProvider.getIdentitySslContext() underlying credentials are not automatically updated.

certificatePath

public Path certificatePath()

Specified by:

certificatePath in interface ServiceIdentityProvider

Returns:

Path to X.509 certificate in PEM format

privateKeyPath

public Path privateKeyPath()

Specified by:

privateKeyPath in interface ServiceIdentityProvider

Returns:

Path to private key in PEM format

athenzTruststorePath

public Path athenzTruststorePath()

Specified by:

athenzTruststorePath in interface ServiceIdentityProvider

Returns:

Path to Athenz truststore in PEM format

clientTruststorePath

public Path clientTruststorePath()

Description copied from interface: ServiceIdentityProvider

The client truststore contains the Athenz certificates from ServiceIdentityProvider.athenzTruststorePath() and additional certificate authorities that issues trusted server certificates.

Specified by:

clientTruststorePath in interface ServiceIdentityProvider

Returns:

Path to client truststore in PEM format

getRoleSslContext

public SSLContext getRoleSslContext(String domain,
 String role)

Specified by:

getRoleSslContext in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

getRoleToken

public String getRoleToken(String domain)

Specified by:

getRoleToken in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

getRoleToken

public String getRoleToken(String domain,
 String role)

Specified by:

getRoleToken in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

getAccessToken

public String getAccessToken(String domain)

Specified by:

getAccessToken in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

getAccessToken

public String getAccessToken(String domain,
 List<String> roles)

Specified by:

getAccessToken in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

getPrivateKey

public PrivateKey getPrivateKey()

Specified by:

getPrivateKey in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

trustStorePath

public Path trustStorePath()

Specified by:

trustStorePath in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

getIdentityCertificate

public List<X509Certificate> getIdentityCertificate()

Specified by:

getIdentityCertificate in interface com.yahoo.container.jdisc.athenz.AthenzIdentityProvider

deconstruct

public void deconstruct()

Specified by:

deconstruct in interface com.yahoo.component.Deconstructable

Overrides:

deconstruct in class com.yahoo.component.AbstractComponent