fineract-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From my...@apache.org
Subject [fineract-cn-provisioner] 11/50: Adjusting provisioner to changes made in anubis and identity in preparation for application key registration and key rotation.
Date Mon, 22 Jan 2018 15:16:09 GMT
This is an automated email from the ASF dual-hosted git repository.

myrle pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract-cn-provisioner.git

commit 2c578cc593c099ad9f80b20f1c2b5f07632293f9
Author: myrle-krantz <mkrantz@mifos.org>
AuthorDate: Wed Apr 12 20:09:32 2017 +0200

    Adjusting provisioner to changes made in anubis and identity in preparation for application
key registration and key rotation.
---
 .../tenant/TestTenantApplicationAssignment.java    | 54 +++++++++++++++++++---
 .../config/ProvisionerServiceConfig.java           | 23 +--------
 .../internal/service/TenantApplicationService.java | 27 ++++++-----
 .../internal/service/TenantService.java            | 14 +++---
 .../service/applications/AnubisInitializer.java    |  4 +-
 .../applications/IdentityServiceInitializer.java   | 31 +++++++------
 .../provisioner/internal/util/TokenProvider.java   | 10 +++-
 7 files changed, 99 insertions(+), 64 deletions(-)

diff --git a/component-test/src/main/java/io/mifos/provisioner/tenant/TestTenantApplicationAssignment.java
b/component-test/src/main/java/io/mifos/provisioner/tenant/TestTenantApplicationAssignment.java
index 3896bf8..6375a2c 100644
--- a/component-test/src/main/java/io/mifos/provisioner/tenant/TestTenantApplicationAssignment.java
+++ b/component-test/src/main/java/io/mifos/provisioner/tenant/TestTenantApplicationAssignment.java
@@ -16,6 +16,7 @@
 package io.mifos.provisioner.tenant;
 
 import io.mifos.anubis.api.v1.client.Anubis;
+import io.mifos.anubis.api.v1.domain.ApplicationSignatureSet;
 import io.mifos.anubis.api.v1.domain.PermittableEndpoint;
 import io.mifos.anubis.api.v1.domain.Signature;
 import io.mifos.anubis.provider.SystemRsaKeyProvider;
@@ -25,6 +26,7 @@ import io.mifos.core.api.context.AutoSeshat;
 import io.mifos.core.api.util.ApiConstants;
 import io.mifos.core.api.util.ApiFactory;
 import io.mifos.core.lang.AutoTenantContext;
+import io.mifos.core.lang.security.RsaKeyPairFactory;
 import io.mifos.core.test.env.TestEnvironment;
 import io.mifos.identity.api.v1.client.IdentityManager;
 import io.mifos.identity.api.v1.domain.PermittableGroup;
@@ -107,7 +109,7 @@ public class TestTenantApplicationAssignment {
   private static ProvisionerMariaDBInitializer mariaDBInitializer = new ProvisionerMariaDBInitializer();
   private static ProvisionerCassandraInitializer cassandraInitializer = new ProvisionerCassandraInitializer();
   private static SystemSecurityEnvironment systemSecurityEnvironment
-          = new SystemSecurityEnvironment(testEnvironment.getSystemPublicKey(), testEnvironment.getSystemPrivateKey());
+          = new SystemSecurityEnvironment(testEnvironment.getSystemKeyTimestamp(), testEnvironment.getSystemPublicKey(),
testEnvironment.getSystemPrivateKey());
 
   @ClassRule
   public static TestRule orderClassRules = RuleChain
@@ -168,27 +170,34 @@ public class TestTenantApplicationAssignment {
     }
   }
 
-  private class VerifyIsisInitializeContext implements Answer<Signature> {
+  private class VerifyIsisInitializeContext implements Answer<ApplicationSignatureSet>
{
 
+    private final String keyTimestamp;
     private final BigInteger modulus;
     private final BigInteger exponent;
 
     private boolean validSecurityContext = false;
 
-    VerifyIsisInitializeContext(final BigInteger modulus, final BigInteger exponent) {
+    VerifyIsisInitializeContext(final String keyTimestamp, final BigInteger modulus, final
BigInteger exponent) {
+      this.keyTimestamp = keyTimestamp;
       this.modulus = modulus;
       this.exponent = exponent;
     }
 
     @Override
-    public Signature answer(final InvocationOnMock invocation) throws Throwable {
+    public ApplicationSignatureSet answer(final InvocationOnMock invocation) throws Throwable
{
       validSecurityContext = systemSecurityEnvironment.isValidSystemSecurityContext("identity",
"1", Fixture.TENANT_IDENTIFIER);
 
       final Signature fakeSignature = new Signature();
       fakeSignature.setPublicKeyMod(modulus);
       fakeSignature.setPublicKeyExp(exponent);
 
-      return fakeSignature;
+      final ApplicationSignatureSet ret = new ApplicationSignatureSet();
+      ret.setTimestamp(keyTimestamp);
+      ret.setApplicationSignature(fakeSignature);
+      ret.setIdentityManagerSignature(fakeSignature);
+
+      return ret;
     }
 
     boolean isValidSecurityContext() {
@@ -216,6 +225,32 @@ public class TestTenantApplicationAssignment {
     }
   }
 
+  private class VerifyCreateSignatureSetContext implements Answer<ApplicationSignatureSet>
{
+
+    private boolean validSecurityContext = false;
+    final private String target;
+
+    private VerifyCreateSignatureSetContext(final String target) {
+      this.target = target;
+    }
+
+    @Override
+    public ApplicationSignatureSet answer(final InvocationOnMock invocation) throws Throwable
{
+      final String timestamp = invocation.getArgumentAt(0, String.class);
+      final Signature identityManagerSignature = invocation.getArgumentAt(1, Signature.class);
+      validSecurityContext = systemSecurityEnvironment.isValidSystemSecurityContext(target,
"1", Fixture.TENANT_IDENTIFIER);
+      final RsaKeyPairFactory.KeyPairHolder keys = RsaKeyPairFactory.createKeyPair();
+      return new ApplicationSignatureSet(
+              timestamp,
+              new Signature(keys.getPublicKeyMod(), keys.getPublicKeyExp()),
+              identityManagerSignature);
+    }
+
+    boolean isValidSecurityContext() {
+      return validSecurityContext;
+    }
+  }
+
 
   private class VerifyAnubisPermittablesContext implements Answer<List<PermittableEndpoint>>
{
 
@@ -265,6 +300,7 @@ public class TestTenantApplicationAssignment {
     final VerifyIsisInitializeContext verifyInitializeContextAndReturnSignature;
     try (final AutoTenantContext ignored = new AutoTenantContext(Fixture.TENANT_IDENTIFIER))
{
       verifyInitializeContextAndReturnSignature = new VerifyIsisInitializeContext(
+              systemSecurityEnvironment.tenantKeyTimestamp(),
               systemSecurityEnvironment.tenantPublicKey().getModulus(),
               systemSecurityEnvironment.tenantPublicKey().getPublicExponent());
     }
@@ -282,7 +318,7 @@ public class TestTenantApplicationAssignment {
       Assert.assertNotNull(identityServiceAdminInitialization.getAdminPassword());
     }
 
-    verify(applicationCallContextProviderSpy).getApplicationCallContext(Fixture.TENANT_IDENTIFIER,
"identity-v1");
+    verify(applicationCallContextProviderSpy, atMost(2)).getApplicationCallContext(Fixture.TENANT_IDENTIFIER,
"identity-v1");
 
 
     //Create horus application.
@@ -309,12 +345,15 @@ public class TestTenantApplicationAssignment {
     final PermittableEndpoint mPermittableEndpoint = new PermittableEndpoint("/m/n", "GET",
"m");
 
     final VerifyAnubisInitializeContext verifyAnubisInitializeContext;
+    final VerifyCreateSignatureSetContext verifyCreateSignatureSetContext;
     final VerifyAnubisPermittablesContext verifyAnubisPermittablesContext;
     try (final AutoTenantContext ignored = new AutoTenantContext(Fixture.TENANT_IDENTIFIER))
{
       verifyAnubisInitializeContext = new VerifyAnubisInitializeContext("office");
+      verifyCreateSignatureSetContext = new VerifyCreateSignatureSetContext("office");
       verifyAnubisPermittablesContext = new VerifyAnubisPermittablesContext(Arrays.asList(xxPermittableEndpoint,
xxPermittableEndpoint, xyPermittableEndpoint, xyGetPermittableEndpoint, mPermittableEndpoint));
     }
-    doAnswer(verifyAnubisInitializeContext).when(anubisMock).initialize(anyObject(), anyObject());
+    doAnswer(verifyAnubisInitializeContext).when(anubisMock).initializeResources();
+    doAnswer(verifyCreateSignatureSetContext).when(anubisMock).createSignatureSet(anyString(),
anyObject());
     doAnswer(verifyAnubisPermittablesContext).when(anubisMock).getPermittableEndpoints();
 
     {
@@ -330,6 +369,7 @@ public class TestTenantApplicationAssignment {
     verify(identityServiceMock).createPermittableGroup(new PermittableGroup("m", Collections.singletonList(mPermittableEndpoint)));
 
     Assert.assertTrue(verifyAnubisInitializeContext.isValidSecurityContext());
+    Assert.assertTrue(verifyCreateSignatureSetContext.isValidSecurityContext());
     Assert.assertTrue(verifyAnubisPermittablesContext.isValidSecurityContext());
   }
 }
diff --git a/service/src/main/java/io/mifos/provisioner/config/ProvisionerServiceConfig.java
b/service/src/main/java/io/mifos/provisioner/config/ProvisionerServiceConfig.java
index 037f533..b2264aa 100644
--- a/service/src/main/java/io/mifos/provisioner/config/ProvisionerServiceConfig.java
+++ b/service/src/main/java/io/mifos/provisioner/config/ProvisionerServiceConfig.java
@@ -16,14 +16,10 @@
 package io.mifos.provisioner.config;
 
 import io.mifos.anubis.config.EnableAnubis;
-import io.mifos.anubis.config.TenantSignatureProvider;
-import io.mifos.anubis.repository.TenantAuthorizationDataRepository;
 import io.mifos.anubis.token.SystemAccessTokenSerializer;
 import io.mifos.core.api.util.ApiFactory;
 import io.mifos.core.async.config.EnableAsync;
 import io.mifos.core.cassandra.config.EnableCassandra;
-import io.mifos.core.cassandra.core.CassandraSessionProvider;
-import io.mifos.core.lang.ApplicationName;
 import io.mifos.core.lang.config.EnableApplicationName;
 import io.mifos.core.lang.config.EnableServiceException;
 import io.mifos.core.mariadb.config.EnableMariaDB;
@@ -50,7 +46,7 @@ import java.math.BigInteger;
 })
 @EnableCrypto
 @EnableAsync
-@EnableAnubis(storeTenantKeysAtInitialization = false)
+@EnableAnubis(provideSignatureRestController = false)
 @EnableMariaDB
 @EnableCassandra
 @EnableServiceException
@@ -70,6 +66,7 @@ public class ProvisionerServiceConfig {
   public TokenProvider tokenProvider(final Environment environment,
                                      @SuppressWarnings("SpringJavaAutowiringInspection")
final SystemAccessTokenSerializer tokenSerializer) {
     return new TokenProvider(
+        environment.getProperty("system.publicKey.timestamp"),
         new BigInteger(environment.getProperty("system.privateKey.modulus")),
         new BigInteger(environment.getProperty("system.privateKey.exponent")), tokenSerializer);
   }
@@ -78,20 +75,4 @@ public class ProvisionerServiceConfig {
   public ApiFactory apiFactory(@Qualifier(ProvisionerConstants.LOGGER_NAME) final Logger
logger) {
     return new ApiFactory(logger);
   }
-
-  @Bean
-  public TenantSignatureProvider tenantSignatureProvider()
-  {
-    return tenant -> {
-      throw new IllegalArgumentException("no io.mifos.provisioner.tenant signatures here.");
-    };
-  }
-
-  @Bean
-  public TenantAuthorizationDataRepository tenantAuthorizationDataRepository(
-          final ApplicationName applicationName,
-          final CassandraSessionProvider cassandraSessionProvider)
-  {
-    return new TenantAuthorizationDataRepository(applicationName, cassandraSessionProvider);
-  }
 }
diff --git a/service/src/main/java/io/mifos/provisioner/internal/service/TenantApplicationService.java
b/service/src/main/java/io/mifos/provisioner/internal/service/TenantApplicationService.java
index 222c4e4..6ac79ff 100644
--- a/service/src/main/java/io/mifos/provisioner/internal/service/TenantApplicationService.java
+++ b/service/src/main/java/io/mifos/provisioner/internal/service/TenantApplicationService.java
@@ -18,18 +18,16 @@ package io.mifos.provisioner.internal.service;
 import com.datastax.driver.core.ResultSet;
 import com.datastax.driver.mapping.Mapper;
 import com.datastax.driver.mapping.Result;
-
-import io.mifos.anubis.api.v1.TokenConstants;
+import io.mifos.anubis.api.v1.domain.ApplicationSignatureSet;
 import io.mifos.anubis.api.v1.domain.Signature;
-import io.mifos.anubis.repository.TenantAuthorizationDataRepository;
+import io.mifos.anubis.config.TenantSignatureRepository;
 import io.mifos.core.cassandra.core.CassandraSessionProvider;
 import io.mifos.core.lang.AutoTenantContext;
 import io.mifos.core.lang.ServiceException;
 import io.mifos.provisioner.internal.repository.ApplicationEntity;
-import io.mifos.provisioner.internal.repository.TenantCassandraRepository;
 import io.mifos.provisioner.internal.repository.TenantApplicationEntity;
+import io.mifos.provisioner.internal.repository.TenantCassandraRepository;
 import io.mifos.provisioner.internal.repository.TenantEntity;
-
 import io.mifos.provisioner.internal.service.applications.AnubisInitializer;
 import io.mifos.provisioner.internal.service.applications.IdentityServiceInitializer;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -38,7 +36,10 @@ import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
 
 import javax.annotation.Nonnull;
-import java.util.*;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 @Component
@@ -47,20 +48,20 @@ public class TenantApplicationService {
   private final CassandraSessionProvider cassandraSessionProvider;
   private final AnubisInitializer anubisInitializer;
   private final IdentityServiceInitializer identityServiceInitializer;
-  private final TenantAuthorizationDataRepository tenantAuthorizationDataRepository;
+  private final TenantSignatureRepository tenantSignatureRepository;
   private final TenantCassandraRepository tenantCassandraRepository;
 
   @Autowired
   public TenantApplicationService(final CassandraSessionProvider cassandraSessionProvider,
                                   final AnubisInitializer anubisInitializer,
                                   final IdentityServiceInitializer identityServiceInitializer,
-                                  final TenantAuthorizationDataRepository tenantAuthorizationDataRepository,
+                                  @SuppressWarnings("SpringJavaAutowiringInspection") final
TenantSignatureRepository tenantSignatureRepository,
                                   final TenantCassandraRepository tenantCassandraRepository)
{
     super();
     this.cassandraSessionProvider = cassandraSessionProvider;
     this.anubisInitializer = anubisInitializer;
     this.identityServiceInitializer = identityServiceInitializer;
-    this.tenantAuthorizationDataRepository = tenantAuthorizationDataRepository;
+    this.tenantSignatureRepository = tenantSignatureRepository;
     this.tenantCassandraRepository = tenantCassandraRepository;
   }
 
@@ -80,7 +81,7 @@ public class TenantApplicationService {
 
       initializeIsis(x, applicationNameToUriPairs);
 
-      getIsisSignature(x).ifPresent(y -> initializeAnubis(x, y, applicationNameToUriPairs));
+      getLatestIdentityManagerSignatureSet(x).ifPresent(y -> initializeAnubis(x, y.getTimestamp(),
y.getIdentityManagerSignature(), applicationNameToUriPairs));
     });
 
     tenantEntity.orElseThrow(
@@ -127,9 +128,9 @@ public class TenantApplicationService {
     }
   }
 
-  private Optional<Signature> getIsisSignature(final @Nonnull TenantEntity tenantEntity)
{
+  private Optional<ApplicationSignatureSet> getLatestIdentityManagerSignatureSet(final
@Nonnull TenantEntity tenantEntity) {
     try (final AutoTenantContext ignored = new AutoTenantContext(tenantEntity.getIdentifier()))
{
-      return tenantAuthorizationDataRepository.getSignature(TokenConstants.VERSION);
+      return tenantSignatureRepository.getLatestSignatureSet();
     }
   }
 
@@ -146,6 +147,7 @@ public class TenantApplicationService {
 
   private void initializeAnubis(
           final @Nonnull TenantEntity tenantEntity,
+          final @Nonnull String keyTimestamp,
           final @Nonnull Signature identityServiceTenantSignature,
           final @Nonnull Set<ApplicationNameToUriPair> applicationNameToUriPairs) {
     applicationNameToUriPairs.forEach(applicationNameUriPair ->
@@ -153,6 +155,7 @@ public class TenantApplicationService {
                     tenantEntity.getIdentifier(),
                     applicationNameUriPair.name,
                     applicationNameUriPair.uri,
+                    keyTimestamp,
                     identityServiceTenantSignature)
     );
   }
diff --git a/service/src/main/java/io/mifos/provisioner/internal/service/TenantService.java
b/service/src/main/java/io/mifos/provisioner/internal/service/TenantService.java
index 7409f00..aa499a7 100644
--- a/service/src/main/java/io/mifos/provisioner/internal/service/TenantService.java
+++ b/service/src/main/java/io/mifos/provisioner/internal/service/TenantService.java
@@ -15,20 +15,20 @@
  */
 package io.mifos.provisioner.internal.service;
 
-import io.mifos.anubis.api.v1.domain.Signature;
+import io.mifos.anubis.api.v1.domain.ApplicationSignatureSet;
 import io.mifos.anubis.repository.TenantAuthorizationDataRepository;
 import io.mifos.core.lang.AutoTenantContext;
 import io.mifos.core.lang.ServiceException;
-import io.mifos.provisioner.internal.repository.TenantCassandraRepository;
-import io.mifos.provisioner.internal.util.DataSourceUtils;
-import io.mifos.provisioner.internal.util.DataStoreOption;
 import io.mifos.provisioner.api.v1.domain.CassandraConnectionInfo;
 import io.mifos.provisioner.api.v1.domain.DatabaseConnectionInfo;
 import io.mifos.provisioner.api.v1.domain.Tenant;
 import io.mifos.provisioner.config.ProvisionerConstants;
+import io.mifos.provisioner.internal.repository.TenantCassandraRepository;
 import io.mifos.provisioner.internal.repository.TenantDAO;
 import io.mifos.provisioner.internal.repository.TenantEntity;
 import io.mifos.provisioner.internal.service.applications.IdentityServiceInitializer;
+import io.mifos.provisioner.internal.util.DataSourceUtils;
+import io.mifos.provisioner.internal.util.DataStoreOption;
 import org.slf4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -60,7 +60,7 @@ public class TenantService {
   public TenantService(@Qualifier(ProvisionerConstants.LOGGER_NAME) final Logger logger,
                        final Environment environment,
                        final TenantApplicationService tenantApplicationService,
-                       final TenantAuthorizationDataRepository tenantAuthorizationDataRepository,
+                       @SuppressWarnings("SpringJavaAutowiringInspection") final TenantAuthorizationDataRepository
tenantAuthorizationDataRepository,
                        final TenantCassandraRepository tenantCassandraRepository,
                        final IdentityServiceInitializer identityServiceInitializer) {
     super();
@@ -110,10 +110,10 @@ public class TenantService {
     });
 
     IdentityServiceInitializer.IdentityServiceInitializationResult identityServiceInitializationResult
= identityServiceInitializer.initializeIsis(tenantIdentifier, identityManagerAppName, identityManagerUri);
-    final Signature identityServiceTenantSignature = identityServiceInitializationResult.getSignature();
+    final ApplicationSignatureSet identityServiceTenantSignatureSet = identityServiceInitializationResult.getSignatureSet();
 
     try (final AutoTenantContext ignored = new AutoTenantContext(tenantIdentifier)) {
-      tenantAuthorizationDataRepository.provisionTenant(identityServiceTenantSignature.getPublicKeyMod(),
identityServiceTenantSignature.getPublicKeyExp());
+      tenantAuthorizationDataRepository.createSignatureSet(identityServiceTenantSignatureSet.getTimestamp(),
identityServiceTenantSignatureSet.getIdentityManagerSignature());
     }
 
     return identityServiceInitializationResult.getAdminPassword();
diff --git a/service/src/main/java/io/mifos/provisioner/internal/service/applications/AnubisInitializer.java
b/service/src/main/java/io/mifos/provisioner/internal/service/applications/AnubisInitializer.java
index c3f31de..c30876e 100644
--- a/service/src/main/java/io/mifos/provisioner/internal/service/applications/AnubisInitializer.java
+++ b/service/src/main/java/io/mifos/provisioner/internal/service/applications/AnubisInitializer.java
@@ -46,12 +46,14 @@ public class AnubisInitializer {
   public void initializeAnubis(final @Nonnull String tenantIdentifier,
                                final @Nonnull String applicationName,
                                final @Nonnull String uri,
+                               final @Nonnull String keyTimestamp,
                                final @Nonnull Signature signature) {
     try (final AutoCloseable ignored
                  = this.applicationCallContextProvider.getApplicationCallContext(tenantIdentifier,
applicationName))
     {
       final Anubis anubis = this.applicationCallContextProvider.getApplication(Anubis.class,
uri);
-      anubis.initialize(signature.getPublicKeyMod(), signature.getPublicKeyExp());
+      anubis.createSignatureSet(keyTimestamp, signature);
+      anubis.initializeResources();
       logger.info("Anubis initialization for io.mifos.provisioner.tenant '{}' and application
'{}' succeeded with signature '{}'.",
               tenantIdentifier, applicationName, signature);
 
diff --git a/service/src/main/java/io/mifos/provisioner/internal/service/applications/IdentityServiceInitializer.java
b/service/src/main/java/io/mifos/provisioner/internal/service/applications/IdentityServiceInitializer.java
index 3606a10..a875555 100644
--- a/service/src/main/java/io/mifos/provisioner/internal/service/applications/IdentityServiceInitializer.java
+++ b/service/src/main/java/io/mifos/provisioner/internal/service/applications/IdentityServiceInitializer.java
@@ -17,8 +17,8 @@ package io.mifos.provisioner.internal.service.applications;
 
 
 import io.mifos.anubis.api.v1.client.Anubis;
+import io.mifos.anubis.api.v1.domain.ApplicationSignatureSet;
 import io.mifos.anubis.api.v1.domain.PermittableEndpoint;
-import io.mifos.anubis.api.v1.domain.Signature;
 import io.mifos.identity.api.v1.client.IdentityManager;
 import io.mifos.identity.api.v1.client.PermittableGroupAlreadyExistsException;
 import io.mifos.identity.api.v1.client.TenantAlreadyInitializedException;
@@ -51,22 +51,22 @@ public class IdentityServiceInitializer {
   private String domain;
 
   public class IdentityServiceInitializationResult {
-    private final Signature signature;
+    private final ApplicationSignatureSet signatureSet;
     @SuppressWarnings("OptionalUsedAsFieldOrParameterType")
     private final Optional<String> adminPassword;
 
-    private IdentityServiceInitializationResult(final Signature signature, final String adminPassword)
{
-      this.signature = signature;
+    private IdentityServiceInitializationResult(final ApplicationSignatureSet signatureSet,
final String adminPassword) {
+      this.signatureSet = signatureSet;
       this.adminPassword = Optional.of(adminPassword);
     }
 
-    private IdentityServiceInitializationResult(final Signature signature) {
-      this.signature = signature;
+    private IdentityServiceInitializationResult(final ApplicationSignatureSet signatureSet)
{
+      this.signatureSet = signatureSet;
       this.adminPassword = Optional.empty();
     }
 
-    public Signature getSignature() {
-      return signature;
+    public ApplicationSignatureSet getSignatureSet() {
+      return signatureSet;
     }
 
     public Optional<String> getAdminPassword() {
@@ -102,16 +102,17 @@ public class IdentityServiceInitializer {
         final byte[] hash = this.hashGenerator.hash(encodedPassword, salt, ProvisionerConstants.ITERATION_COUNT,
ProvisionerConstants.HASH_LENGTH);
         final String encodedPasswordHash = Base64Utils.encodeToString(hash);
 
-        final Signature signature = identityService.initialize(encodedPasswordHash);
-        logger.info("Isis initialization for io.mifos.provisioner.tenant '{}' succeeded with
signature '{}'.", tenantIdentifier, signature);
+        final ApplicationSignatureSet signatureSet = identityService.initialize(encodedPasswordHash);
+        logger.info("Isis initialization for io.mifos.provisioner.tenant '{}' succeeded with
signature set '{}'.", tenantIdentifier, signatureSet);
 
-        return new IdentityServiceInitializationResult(signature, encodedPasswordHash);
+        return new IdentityServiceInitializationResult(signatureSet, encodedPasswordHash);
       } catch (final TenantAlreadyInitializedException aiex) {
-        final Signature signature = identityService.getSignature();
-        logger.info("Isis initialization for io.mifos.provisioner.tenant '{}' failed because
it was already initialized.  Pre-existing signature '{}'.",
-                tenantIdentifier, signature);
+        final Anubis identityManagerAnubisApi = applicationCallContextProvider.getApplication(Anubis.class,
identityManagerUri);
+        final ApplicationSignatureSet signatureSet = identityManagerAnubisApi.getLatestSignatureSet();
+        logger.info("Isis initialization for io.mifos.provisioner.tenant '{}' failed because
it was already initialized.  Pre-existing signature set '{}'.",
+                tenantIdentifier, signatureSet);
 
-        return new IdentityServiceInitializationResult(signature);
+        return new IdentityServiceInitializationResult(signatureSet);
       }
     } catch (final Exception e) {
       throw new IllegalStateException(e);
diff --git a/service/src/main/java/io/mifos/provisioner/internal/util/TokenProvider.java b/service/src/main/java/io/mifos/provisioner/internal/util/TokenProvider.java
index a1081b7..fc3d6ea 100644
--- a/service/src/main/java/io/mifos/provisioner/internal/util/TokenProvider.java
+++ b/service/src/main/java/io/mifos/provisioner/internal/util/TokenProvider.java
@@ -26,10 +26,12 @@ import java.security.spec.RSAPrivateKeySpec;
 import java.util.concurrent.TimeUnit;
 
 public class TokenProvider {
+  private final String keyTimestamp;
   private PrivateKey privateKey;
   private final SystemAccessTokenSerializer tokenSerializer;
 
   public TokenProvider(
+      final String keyTimestamp,
       final BigInteger privateKeyModulus,
       final BigInteger privateKeyExponent,
       final SystemAccessTokenSerializer tokenSerializer) {
@@ -37,6 +39,7 @@ public class TokenProvider {
     this.tokenSerializer = tokenSerializer;
 
     try {
+      this.keyTimestamp = keyTimestamp;
       final KeyFactory keyFactory = KeyFactory.getInstance("RSA");
 
       final RSAPrivateKeySpec rsaPrivateKeySpec
@@ -48,8 +51,13 @@ public class TokenProvider {
     }
   }
 
-  public TokenSerializationResult createToken(final String subject, final String audience,
final long ttl, final TimeUnit timeUnit) {
+  public TokenSerializationResult createToken(
+          final String subject,
+          final String audience,
+          final long ttl,
+          final TimeUnit timeUnit) {
     SystemAccessTokenSerializer.Specification specification = new SystemAccessTokenSerializer.Specification();
+    specification.setKeyTimestamp(keyTimestamp);
     specification.setTenant(subject);
     specification.setTargetApplicationName(audience);
     specification.setSecondsToLive(timeUnit.toSeconds(ttl));

-- 
To stop receiving notification emails like this one, please contact
myrle@apache.org.

Mime
View raw message