diff --git a/docs/principal_authentication.md b/docs/principal_authentication.md index dd80e68a3cb..a4ae7faca08 100644 --- a/docs/principal_authentication.md +++ b/docs/principal_authentication.md @@ -63,8 +63,8 @@ to decide if further checks and/or restrictions are necessary. Both ZMS and ZTS Servers expect to find the list of authority classes in their respective system properties: -ZMS: athenz.zms.authority_classes -ZTS: athenz.zts.authority_classes +* ZMS: athenz.zms.authority_classes +* ZTS: athenz.zts.authority_classes The value of the property must be a comma separated (no spaces) list of authority class names. For example, diff --git a/servers/zms/conf/container_settings b/servers/zms/conf/container_settings index c51b24ba11d..f4a4671a46a 100644 --- a/servers/zms/conf/container_settings +++ b/servers/zms/conf/container_settings @@ -13,6 +13,7 @@ CONTAINER_ADMINUSER="user.${USER}" CONTAINER_PRIVKEY="${ROOT}/var/zms_server/keys/zms_private.pem" CONTAINER_PUBKEY="${ROOT}/var/zms_server/keys/zms_public.pem" CONTAINER_PRIVKEY_ID="0" +# CONTAINER_PRIVATE_KEY_STORE_FACTORY_CLASS= # ** default ports for zms server. http support is disabled # ** https support enabled - must provide certificate for server diff --git a/servers/zms/scripts/zms_debug.sh b/servers/zms/scripts/zms_debug.sh index afd08e605ab..d970bc9fea9 100755 --- a/servers/zms/scripts/zms_debug.sh +++ b/servers/zms/scripts/zms_debug.sh @@ -7,7 +7,7 @@ export ZMS_OPTS="${ZMS_OPTS} -Dathenz.zms.domain_admin=user.$USER,user.zms_test_ export ZMS_OPTS="${ZMS_OPTS} -Dathenz.zms.authority_classes=com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority,com.yahoo.athenz.common.server.debug.DebugUserAuthority,com.yahoo.athenz.common.server.debug.DebugRoleAuthority,com.yahoo.athenz.common.server.debug.DebugKerberosAuthority" export ZMS_OPTS="${ZMS_OPTS} -Dathenz.zms.home=./" export ZMS_OPTS="${ZMS_OPTS} -Dathenz.zms.port=4080" -export ZMS_OPTS="${ZMS_OPTS} -Dathenz.zms.private_key_store_class=com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory" +export ZMS_OPTS="${ZMS_OPTS} -Dathenz.zms.private_key_store_factory_class=com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory" export ZMS_OPTS="${ZMS_OPTS} -Dathenz.zms.privatekey=src/test/resources/zms_private.pem" export ZMS_OPTS="${ZMS_OPTS} -Dathenz.zms.privatekey.version=0" export ZMS_OPTS="${ZMS_OPTS} -Dathenz.zms.publickey=src/test/resources/zms_public.pem" diff --git a/servers/zms/scripts/zms_start.sh b/servers/zms/scripts/zms_start.sh index e724bf6e82d..25c4242a70a 100644 --- a/servers/zms/scripts/zms_start.sh +++ b/servers/zms/scripts/zms_start.sh @@ -51,6 +51,10 @@ if [ "x${CONTAINER_PUBKEY}" != "x" ]; then export JAVA_OPTS="${JAVA_OPTS} -Dathenz.zms.publickey=${CONTAINER_PUBKEY}" fi +if [ "x${CONTAINER_PRIVATE_KEY_STORE_FACTORY_CLASS}" != "x" ]; then + export JAVA_OPTS="${JAVA_OPTS} -Dathenz.zms.private_key_store_factory_class=${CONTAINER_PRIVATE_KEY_STORE_FACTORY_CLASS}" +fi + if [ "x${CONTAINER_HOSTNAME}" != "x" ]; then export JAVA_OPTS="${JAVA_OPTS} -Dathenz.zms.hostname=${CONTAINER_HOSTNAME}" fi diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMS.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMS.java index 3ebba20d4c7..de437588d0d 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMS.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMS.java @@ -35,7 +35,7 @@ public class ZMS { private static final Logger LOG = LoggerFactory.getLogger(ZMS.class); private static final String ZMS_PRINCIPAL_AUTHORITY_CLASS = "com.yahoo.athenz.auth.impl.PrincipalAuthority"; - private static final String ZMS_PKEY_STORE_CLASS = "com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory"; + private static final String ZMS_PKEY_STORE_FACTORY_CLASS = "com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory"; private static String ROOT_DIR; @@ -183,8 +183,8 @@ public static ZMSJettyContainer createJettyContainer() { authorities.add(authority); } - String pkeyFactoryClass = System.getProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_CLASS, - ZMS_PKEY_STORE_CLASS); + String pkeyFactoryClass = System.getProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS, + ZMS_PKEY_STORE_FACTORY_CLASS); PrivateKeyStoreFactory pkeyFactory = null; try { pkeyFactory = (PrivateKeyStoreFactory) Class.forName(pkeyFactoryClass).newInstance(); @@ -196,7 +196,7 @@ public static ZMSJettyContainer createJettyContainer() { String metricFactoryClass = System.getProperty(ZMSConsts.ZMS_PROP_METRIC_FACTORY_CLASS, ZMSConsts.ZMS_METRIC_FACTORY_CLASS); - boolean statsEnabled = Boolean.parseBoolean(System.getProperty(ZMSConsts.ZMS_PROP_STATS_ENABLED, "false")); + boolean statsEnabled = Boolean.parseBoolean(System.getProperty(ZMSConsts.ZMS_PROP_STATS_ENABLED, "false")); if (!statsEnabled && !metricFactoryClass.equals(ZMSConsts.ZMS_METRIC_FACTORY_CLASS)) { LOG.warn("Override users metric factory property with default since stats are disabled"); metricFactoryClass = ZMSConsts.ZMS_METRIC_FACTORY_CLASS; diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSConsts.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSConsts.java index 0a8ac40bd0c..84989cd68eb 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSConsts.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSConsts.java @@ -34,7 +34,7 @@ public final class ZMSConsts { public static final String ZMS_PROP_VIRTUAL_DOMAIN_LIMIT = "athenz.zms.virtual_domain_limit"; public static final String ZMS_PROP_READ_ONLY_MODE = "athenz.zms.read_only_mode"; public static final String ZMS_PROP_DOMAIN_NAME_MAX_SIZE = "athenz.zms.domain_name_max_len"; - public static final String ZMS_PROP_METRIC_FACTORY_CLASS = "athenz.zms.metric_class"; + public static final String ZMS_PROP_METRIC_FACTORY_CLASS = "athenz.zms.metric_factory_class"; public static final String ZMS_PROP_CONFLICT_RETRY_COUNT = "athenz.zms.request_conflict_retry_count"; public static final String ZMS_PROP_CONFLICT_RETRY_SLEEP_TIME = "athenz.zms.request_conflict_retry_sleep_time"; @@ -89,7 +89,7 @@ public final class ZMSConsts { public static final String ZMS_PROP_AUDIT_LOGGER_CLASS_PARAM = "athenz.zms.audit_logger_class_param"; public static final String ZMS_PROP_AUDIT_LOG_MSG_BLDR_CLASS = "athenz.zms.audit_log_msg_builder_class"; - public static final String ZMS_PROP_PRIVATE_KEY_STORE_CLASS = "athenz.zms.private_key_store_class"; + public static final String ZMS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS = "athenz.zms.private_key_store_factory_class"; public static final String ZMS_METRIC_FACTORY_CLASS = "com.yahoo.athenz.common.metrics.impl.NoOpMetricFactory"; diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java index 21f89ed1c7b..5120206041c 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java @@ -113,12 +113,15 @@ public void setUp() throws Exception { System.setProperty(ZMSConsts.ZMS_PROP_STATS_ENABLED, "true"); System.setProperty(ZMSConsts.ZMS_PROP_PROVIDER_ENDPOINTS, ".athenzcompany.com"); - System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_CLASS, "com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory"); + System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS, + "com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory"); System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY, "src/test/resources/zms_private.pem"); System.setProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY, "src/test/resources/zms_public.pem"); System.setProperty(ZMSConsts.ZMS_PROP_DOMAIN_ADMIN, "user.testadminuser"); - System.setProperty(ZMSConsts.ZMS_PROP_AUTHZ_SERVICE_FNAME, "src/test/resources/authorized_services.json"); - System.setProperty(ZMSConsts.ZMS_PROP_SOLUTION_TEMPLATE_FNAME, "src/test/resources/solution_templates.json"); + System.setProperty(ZMSConsts.ZMS_PROP_AUTHZ_SERVICE_FNAME, + "src/test/resources/authorized_services.json"); + System.setProperty(ZMSConsts.ZMS_PROP_SOLUTION_TEMPLATE_FNAME, + "src/test/resources/solution_templates.json"); System.setProperty("logback.configurationFile", "src/test/resources/logback.xml"); setupServiceId(); diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSServerImplTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSServerImplTest.java index f334657d44b..5a624376db9 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSServerImplTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSServerImplTest.java @@ -32,7 +32,7 @@ public class ZMSServerImplTest { @BeforeMethod public void setUp() throws Exception { - System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_CLASS, + System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS, "com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory"); System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY, "src/test/resources/zms_private.pem"); System.setProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY, "src/test/resources/zms_public.pem"); @@ -43,7 +43,7 @@ public void setUp() throws Exception { @AfterMethod public void cleanup() { System.clearProperty(ZMSConsts.ZMS_PROP_HOME); - System.clearProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_CLASS); + System.clearProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS); System.clearProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY); System.clearProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY); System.clearProperty(ZMSConsts.ZMS_PROP_DOMAIN_ADMIN); diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSTest.java index d5d192ab578..33254a92f28 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSTest.java @@ -27,7 +27,8 @@ public class ZMSTest { @BeforeClass public void setUp() throws Exception { - System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_CLASS, "com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory"); + System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS, + "com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory"); System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY, "src/test/resources/zms_private.pem"); System.setProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY, "src/test/resources/zms_public.pem"); System.setProperty(ZMSConsts.ZMS_PROP_DOMAIN_ADMIN, "user.testadminuser"); diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreTest.java index 8120edf640a..e177ef0fe6d 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreTest.java @@ -34,7 +34,8 @@ public class FilePrivateKeyStoreTest { @BeforeClass public void setUp() throws Exception { - System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_CLASS, "com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory"); + System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS, + "com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory"); System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY, "src/test/resources/zms_private.pem"); System.setProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY, "src/test/resources/zms_public.pem"); } diff --git a/servers/zts/conf/container_settings b/servers/zts/conf/container_settings index 1febb493824..21a1d5e75a9 100644 --- a/servers/zts/conf/container_settings +++ b/servers/zts/conf/container_settings @@ -30,7 +30,7 @@ CONTAINER_ATHENZ_CONF="conf/zts_server/athenz.conf" CONTAINER_LOG_CONFIG="${ROOT}/conf/zts_server/logback.xml" # ** we're going to use self signer class -CONTAINER_CERT_SIGNER_CLASS="com.yahoo.athenz.zts.cert.impl.SelfCertSignerFactory" +CONTAINER_CERT_SIGNER_FACTORY_CLASS="com.yahoo.athenz.zts.cert.impl.SelfCertSignerFactory" CONTAINER_SELF_SIGNER_PRIVATE_KEY_FNAME="${ROOT}/var/zts_server/keys/zts_private.pem" # ** server settings @@ -60,9 +60,9 @@ CONTAINER_SELF_SIGNER_PRIVATE_KEY_FNAME="${ROOT}/var/zts_server/keys/zts_private # CONTAINER_ACCESS_LOG_ROTATION_PERIOD= # CONTAINER_ACCESS_LOG_ROTATION_UNIT= -# ** configure what implemenation classes to use -# CONTAINER_DATA_CHANGE_LOG_STORE_CLASS= -# CONTAINER_PRIVATE_KEY_STORE_CLASS= +# ** configure what implementation classes to use +# CONTAINER_DATA_CHANGE_LOG_STORE_FACTORY_CLASS= +# CONTAINER_PRIVATE_KEY_STORE_FACTORY_CLASS= # CONTAINER_HOST_SIGNER_SERVICE= # CONTAINER_CERTSIGN_BASE_URI= diff --git a/servers/zts/scripts/zts_debug.sh b/servers/zts/scripts/zts_debug.sh index ea9e0a452c6..5005beceb70 100755 --- a/servers/zts/scripts/zts_debug.sh +++ b/servers/zts/scripts/zts_debug.sh @@ -7,7 +7,7 @@ export ZTS_OPTS="${ZTS_OPTS} -Dathenz.zts.zms_url=http://localhost:4080/" export ZTS_OPTS="${ZTS_OPTS} -Dathenz.zts.authority_classes=com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority,com.yahoo.athenz.common.server.debug.DebugUserAuthority,com.yahoo.athenz.common.server.debug.DebugRoleAuthority,com.yahoo.athenz.common.server.debug.DebugKerberosAuthority" export ZTS_OPTS="${ZTS_OPTS} -Dathenz.zts.port=8080" export ZTS_OPTS="${ZTS_OPTS} -Dathenz.zts.privatekey=src/test/resources/zts_private.pem" -export ZTS_OPTS="${ZTS_OPTS} -Dathenz.zts.private_key_store_class=com.yahoo.athenz.zts.pkey.file.FilePrivateKeyStoreFactory" +export ZTS_OPTS="${ZTS_OPTS} -Dathenz.zts.private_key_store_factory_class=com.yahoo.athenz.zts.pkey.file.FilePrivateKeyStoreFactory" export ZTS_OPTS="${ZTS_OPTS} -Dathenz.zts.privatekey_id=0" export ZTS_OPTS="${ZTS_OPTS} -Dathenz.zts.access_log_dir=./zts_logs" export ZTS_OPTS="${ZTS_OPTS} -Dathenz.zts.enable_stats=false" diff --git a/servers/zts/scripts/zts_start.sh b/servers/zts/scripts/zts_start.sh index 0f72ce47579..9773bf2a1c5 100644 --- a/servers/zts/scripts/zts_start.sh +++ b/servers/zts/scripts/zts_start.sh @@ -128,16 +128,16 @@ if [ "x${CONTAINER_LISTEN_HOST}" != "x" ]; then export JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.listen_host=${CONTAINER_LISTEN_HOST}" fi -if [ "x${CONTAINER_DATA_CHANGE_LOG_STORE_CLASS}" != "x" ]; then - export JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.data_change_log_store_class=${CONTAINER_DATA_CHANGE_LOG_STORE_CLASS}" +if [ "x${CONTAINER_DATA_CHANGE_LOG_STORE_FACTORY_CLASS}" != "x" ]; then + export JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.data_change_log_store_factory_class=${CONTAINER_DATA_CHANGE_LOG_STORE_CLASS}" fi -if [ "x${CONTAINER_PRIVATE_KEY_STORE_CLASS}" != "x" ]; then - export JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.private_key_store_class=${CONTAINER_PRIVATE_KEY_STORE_CLASS}" +if [ "x${CONTAINER_PRIVATE_KEY_STORE_FACTORY_CLASS}" != "x" ]; then + export JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.private_key_store_factory_class=${CONTAINER_PRIVATE_KEY_STORE_FACTORY_CLASS}" fi -if [ "x${CONTAINER_CERT_SIGNER_CLASS}" != "x" ]; then - export JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.cert_signer_class=${CONTAINER_CERT_SIGNER_CLASS}" +if [ "x${CONTAINER_CERT_SIGNER_FACTORY_CLASS}" != "x" ]; then + export JAVA_OPTS="${JAVA_OPTS} -Dathenz.zts.cert_signer_factory_class=${CONTAINER_CERT_SIGNER_FACTORY_CLASS}" fi if [ "x${CONTAINER_SELF_SIGNER_PRIVATE_KEY_FNAME}" != "x" ]; then diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTS.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTS.java index e5d2f514db8..7ce0ae1c350 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTS.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTS.java @@ -46,11 +46,11 @@ public class ZTS { private static final Logger LOG = LoggerFactory.getLogger(ZTS.class); - static final String ZTS_PRINCIPAL_AUTHORITY_CLASS = "com.yahoo.athenz.auth.impl.PrincipalAuthority"; - static final String ZTS_CHANGE_LOG_STORE_CLASS = "com.yahoo.athenz.zts.store.file.ZMSFileChangeLogStoreFactory"; - static final String ZTS_PKEY_STORE_CLASS = "com.yahoo.athenz.zts.pkey.file.FilePrivateKeyStoreFactory"; - static final String ZTS_CERT_SIGNER_CLASS = "com.yahoo.athenz.zts.cert.impl.HttpCertSignerFactory"; - static final String ZTS_INSTANCE_IDENTITY_STORE_CLASS = "com.yahoo.athenz.zts.cert.impl.LocalInstanceIdentityStoreFactory"; + static final String ZTS_PRINCIPAL_AUTHORITY_CLASS = "com.yahoo.athenz.auth.impl.PrincipalAuthority"; + static final String ZTS_CHANGE_LOG_STORE_FACTORY_CLASS = "com.yahoo.athenz.zts.store.file.ZMSFileChangeLogStoreFactory"; + static final String ZTS_PKEY_STORE_FACTORY_CLASS = "com.yahoo.athenz.zts.pkey.file.FilePrivateKeyStoreFactory"; + static final String ZTS_CERT_SIGNER_FACTORY_CLASS = "com.yahoo.athenz.zts.cert.impl.HttpCertSignerFactory"; + static final String ZTS_INSTANCE_IDENTITY_STORE_FACTORY_CLASS = "com.yahoo.athenz.zts.cert.impl.LocalInstanceIdentityStoreFactory"; // This String is used to create the desired AuditLogMsgBuilder object. // Its OK if its null, we will just get the default msg builder. @@ -159,8 +159,8 @@ static int getPortNumber(String property, int defaultValue) { static CertSigner getCertSigner() { - String certSignerFactoryClass = System.getProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS, - ZTS_CERT_SIGNER_CLASS); + String certSignerFactoryClass = System.getProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS, + ZTS_CERT_SIGNER_FACTORY_CLASS); CertSignerFactory certSignerFactory = null; try { certSignerFactory = (CertSignerFactory) Class.forName(certSignerFactoryClass).newInstance(); @@ -177,8 +177,9 @@ static CertSigner getCertSigner() { static InstanceIdentityStore getInstanceIdentityStore(CertSigner certSigner) { - String instanceIdentityStoreFactoryClass = System.getProperty(ZTSConsts.ZTS_PROP_INSTANCE_IDENTITY_STORE_CLASS, - ZTS_INSTANCE_IDENTITY_STORE_CLASS); + String instanceIdentityStoreFactoryClass = System.getProperty( + ZTSConsts.ZTS_PROP_INSTANCE_IDENTITY_STORE_FACTORY_CLASS, + ZTS_INSTANCE_IDENTITY_STORE_FACTORY_CLASS); InstanceIdentityStoreFactory instanceIdentityStoreFactory = null; try { instanceIdentityStoreFactory = (InstanceIdentityStoreFactory) @@ -222,7 +223,8 @@ static Metric getMetric() { static PrivateKeyStore getPrivateKeyStore() { - String pkeyFactoryClass = System.getProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY_STORE_CLASS, ZTS_PKEY_STORE_CLASS); + String pkeyFactoryClass = System.getProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS, + ZTS_PKEY_STORE_FACTORY_CLASS); PrivateKeyStoreFactory pkeyFactory = null; try { pkeyFactory = (PrivateKeyStoreFactory) Class.forName(pkeyFactoryClass).newInstance(); @@ -239,8 +241,8 @@ static PrivateKeyStore getPrivateKeyStore() { private static ChangeLogStore getChangeLogStore(String homeDir, PrivateKey pkey, String pkeyId, CloudStore cloudStore) { - String clogFactoryClass = System.getProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS, - ZTS_CHANGE_LOG_STORE_CLASS); + String clogFactoryClass = System.getProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS, + ZTS_CHANGE_LOG_STORE_FACTORY_CLASS); ChangeLogStoreFactory clogFactory = null; try { clogFactory = (ChangeLogStoreFactory) Class.forName(clogFactoryClass).newInstance(); diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTSConsts.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTSConsts.java index 1c7d6d8c5a8..79041fff823 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTSConsts.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTSConsts.java @@ -48,7 +48,7 @@ public final class ZTSConsts { public static final String ZTS_PROP_CA_CERTIFICATE = "athenz.zts.ca_certificate"; public static final String ZTS_PROP_STATS_ENABLED = "athenz.zts.enable_stats"; - public static final String ZTS_PROP_METRIC_FACTORY_CLASS = "athenz.zts.metric_class"; + public static final String ZTS_PROP_METRIC_FACTORY_CLASS = "athenz.zts.metric_factory_class"; public static final String ZTS_PROP_KEYSTORE_PASSWORD = "athenz.zts.ssl_key_store_password"; public static final String ZTS_PROP_KEYMANAGER_PASSWORD = "athenz.zts.ssl_key_manager_password"; @@ -72,12 +72,11 @@ public final class ZTSConsts { public static final String ZTS_PROP_HOSTNAME = "athenz.zts.hostname"; public static final String ZTS_PROP_AUTHORITY_CLASSES = "athenz.zts.authority_classes"; - public static final String ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS = "athenz.zts.data_change_log_store_class"; - public static final String ZTS_PROP_PRIVATE_KEY_STORE_CLASS = "athenz.zts.private_key_store_class"; - public static final String ZTS_PROP_CERT_SIGNER_CLASS = "athenz.zts.cert_signer_class"; + public static final String ZTS_PROP_CERT_SIGNER_FACTORY_CLASS = "athenz.zts.cert_signer_factory_class"; public static final String ZTS_PROP_MAX_THREADS = "athenz.zts.http_max_threads"; public static final String ZTS_PROP_LEAST_PRIVILEGE_PRINCIPLE = "athenz.zts.least_privilege_principle"; + public static final String ZTS_PROP_ROLE_TOKEN_MAX_TIMEOUT = "athenz.zts.role_token_max_timeout"; public static final String ZTS_PROP_ROLE_TOKEN_DEFAULT_TIMEOUT = "athenz.zts.role_token_default_timeout"; public static final String ZTS_PROP_SIGNED_POLICY_TIMEOUT = "athenz.zts.signed_policy_timeout"; @@ -88,7 +87,10 @@ public final class ZTSConsts { public static final String ZTS_PROP_SELF_SIGNER_PRIVATE_KEY_FNAME = "athenz.zts.self_signer_private_key_fname"; public static final String ZTS_PROP_SELF_SIGNER_PRIVATE_KEY_PASSWORD = "athenz.zts.self_signer_private_key_password"; public static final String ZTS_PROP_SELF_SIGNER_CERT_DN = "athenz.zts.self_signer_cert_dn"; - public static final String ZTS_PROP_INSTANCE_IDENTITY_STORE_CLASS = "athenz.zts.instance_identity_store_class"; + + public static final String ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS = "athenz.zts.data_change_log_store_factory_class"; + public static final String ZTS_PROP_INSTANCE_IDENTITY_STORE_FACTORY_CLASS = "athenz.zts.instance_identity_store_factory_class"; + public static final String ZTS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS = "athenz.zts.private_key_store_factory_class"; public static final String ZTS_PROP_USER_DOMAIN = "athenz.user_domain"; public static final String ZTS_PROP_ATHENZ_CONF = "athenz.athenz_conf"; diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSImplTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSImplTest.java index e51ce952e53..1d9af45fa15 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSImplTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSImplTest.java @@ -271,7 +271,7 @@ public void setUpClass() throws Exception { System.setProperty(ZTSConsts.ZTS_PROP_METRIC_FACTORY_CLASS, ZTSConsts.ZTS_METRIC_FACTORY_CLASS); System.setProperty(ZTSConsts.ZTS_PROP_STATS_ENABLED, "true"); - System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY_STORE_CLASS, + System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS, "com.yahoo.athenz.zts.pkey.file.FilePrivateKeyStoreFactory"); System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY, "src/test/resources/zts_private.pem"); System.setProperty(ZTSConsts.ZTS_PROP_ATHENZ_CONF, "src/test/resources/athenz.conf"); diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSTest.java index efa0ff62f5b..36c825d0e90 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSTest.java @@ -27,14 +27,17 @@ public class ZTSTest { - private static final String ZTS_CHANGE_LOG_STORE_CLASS = "com.yahoo.athenz.zts.store.file.MockZMSFileChangeLogStoreFactory"; - private static final String ZTS_SELF_CERT_SIGNER_STORE_CLASS = "com.yahoo.athenz.zts.cert.impl.SelfCertSignerFactory"; + private static final String ZTS_CHANGE_LOG_STORE_FACTORY_CLASS = + "com.yahoo.athenz.zts.store.file.MockZMSFileChangeLogStoreFactory"; + private static final String ZTS_SELF_CERT_SIGNER_STORE_FACTORY_CLASS = + "com.yahoo.athenz.zts.cert.impl.SelfCertSignerFactory"; @BeforeClass public void setUp() throws Exception { - System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY_STORE_CLASS, "com.yahoo.athenz.zts.pkey.file.FilePrivateKeyStoreFactory"); + System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS, + "com.yahoo.athenz.zts.pkey.file.FilePrivateKeyStoreFactory"); System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY, "src/test/resources/zts_private.pem"); - System.setProperty(ZTSConsts.ZTS_PROP_ATHENZ_CONF, "src/test/resources/athenz.conf"); + System.setProperty(ZTSConsts.ZTS_PROP_ATHENZ_CONF, "src/test/resources/athenz.conf"); System.setProperty("logback.configurationFile", "src/test/resources/logback.xml"); } @@ -66,8 +69,10 @@ public void testGetServerHostNameNoProperty() { @Test public void initContainerValidPorts() { - System.setProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS, ZTS_CHANGE_LOG_STORE_CLASS); - System.setProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS, ZTS_SELF_CERT_SIGNER_STORE_CLASS); + System.setProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS, + ZTS_CHANGE_LOG_STORE_FACTORY_CLASS); + System.setProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS, + ZTS_SELF_CERT_SIGNER_STORE_FACTORY_CLASS); System.setProperty(ZTSConsts.ZTS_PROP_HOME, "/tmp/zts_server"); System.setProperty(ZTSConsts.ZTS_PROP_HTTP_PORT, "4080"); @@ -87,15 +92,17 @@ public void initContainerValidPorts() { assertTrue(connectors[1].getProtocols().contains("http/1.1")); assertTrue(connectors[1].getProtocols().contains("ssl")); - System.clearProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS); - System.clearProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS); + System.clearProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS); + System.clearProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS); } @Test public void initContainerOnlyHTTPSPort() { - System.setProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS, ZTS_CHANGE_LOG_STORE_CLASS); - System.setProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS, ZTS_SELF_CERT_SIGNER_STORE_CLASS); + System.setProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS, + ZTS_CHANGE_LOG_STORE_FACTORY_CLASS); + System.setProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS, + ZTS_SELF_CERT_SIGNER_STORE_FACTORY_CLASS); System.setProperty(ZTSConsts.ZTS_PROP_HOME, "/tmp/zts_server"); System.setProperty(ZTSConsts.ZTS_PROP_HTTP_PORT, "0"); @@ -112,14 +119,16 @@ public void initContainerOnlyHTTPSPort() { assertTrue(connectors[0].getProtocols().contains("http/1.1")); assertTrue(connectors[0].getProtocols().contains("ssl")); - System.clearProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS); - System.clearProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS); + System.clearProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS); + System.clearProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS); } @Test public void initContainerOnlyHTTPPort() { - System.setProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS, ZTS_CHANGE_LOG_STORE_CLASS); - System.setProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS, ZTS_SELF_CERT_SIGNER_STORE_CLASS); + System.setProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS, + ZTS_CHANGE_LOG_STORE_FACTORY_CLASS); + System.setProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS, + ZTS_SELF_CERT_SIGNER_STORE_FACTORY_CLASS); System.setProperty(ZTSConsts.ZTS_PROP_HOME, "/tmp/zts_server"); System.setProperty(ZTSConsts.ZTS_PROP_HTTP_PORT, "4080"); @@ -136,14 +145,16 @@ public void initContainerOnlyHTTPPort() { assertTrue(connectors[0].getProtocols().contains("http/1.1")); assertFalse(connectors[0].getProtocols().contains("ssl")); - System.clearProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS); - System.clearProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS); + System.clearProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS); + System.clearProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS); } @Test public void initContainerInvalidHTTPPort() { - System.setProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS, ZTS_CHANGE_LOG_STORE_CLASS); - System.setProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS, ZTS_SELF_CERT_SIGNER_STORE_CLASS); + System.setProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS, + ZTS_CHANGE_LOG_STORE_FACTORY_CLASS); + System.setProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS, + ZTS_SELF_CERT_SIGNER_STORE_FACTORY_CLASS); System.setProperty(ZTSConsts.ZTS_PROP_HOME, "/tmp/zts_server"); System.setProperty(ZTSConsts.ZTS_PROP_HTTP_PORT, "-10"); @@ -163,14 +174,16 @@ public void initContainerInvalidHTTPPort() { assertTrue(connectors[1].getProtocols().contains("http/1.1")); assertTrue(connectors[1].getProtocols().contains("ssl")); - System.clearProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS); - System.clearProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS); + System.clearProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS); + System.clearProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS); } @Test public void initContainerInvalidHTTPSPort() { - System.setProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS, ZTS_CHANGE_LOG_STORE_CLASS); - System.setProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS, ZTS_SELF_CERT_SIGNER_STORE_CLASS); + System.setProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS, + ZTS_CHANGE_LOG_STORE_FACTORY_CLASS); + System.setProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS, + ZTS_SELF_CERT_SIGNER_STORE_FACTORY_CLASS); System.setProperty(ZTSConsts.ZTS_PROP_HOME, "/tmp/zts_server"); System.setProperty(ZTSConsts.ZTS_PROP_HTTP_PORT, "4080"); @@ -187,8 +200,8 @@ public void initContainerInvalidHTTPSPort() { assertTrue(connectors[0].getProtocols().contains("http/1.1")); assertFalse(connectors[0].getProtocols().contains("ssl")); - System.clearProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_CLASS); - System.clearProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_CLASS); + System.clearProperty(ZTSConsts.ZTS_PROP_DATA_CHANGE_LOG_STORE_FACTORY_CLASS); + System.clearProperty(ZTSConsts.ZTS_PROP_CERT_SIGNER_FACTORY_CLASS); } @Test diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/store/DataStoreTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/store/DataStoreTest.java index a46ab72d63d..982bf4798fa 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/store/DataStoreTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/store/DataStoreTest.java @@ -107,7 +107,8 @@ public class DataStoreTest { @BeforeClass public void setUpClass() throws Exception { - System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY_STORE_CLASS, "com.yahoo.athenz.zts.pkey.file.FilePrivateKeyStoreFactory"); + System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY_STORE_FACTORY_CLASS, + "com.yahoo.athenz.zts.pkey.file.FilePrivateKeyStoreFactory"); System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY, "src/test/resources/zts_private.pem"); System.setProperty(ZTSConsts.ZTS_PROP_ATHENZ_CONF, "src/test/resources/athenz.conf"); }