Examples with GetCallerIdentityResult com.amazonaws.services.securitytoken.model.GetCallerIdentityResult used on opensource projects

Search in sources :

Example 1 with GetCallerIdentityResult

use of com.amazonaws.services.securitytoken.model.GetCallerIdentityResult in project athenz by yahoo.

the class InstanceAWSProviderTest method testVerifyInstanceIdentity.

@Test
public void testVerifyInstanceIdentity() {
    MockInstanceAWSProvider provider = new MockInstanceAWSProvider();
    provider.setIdentitySuper(true);
    AWSSecurityTokenServiceClient mockClient = Mockito.mock(AWSSecurityTokenServiceClient.class);
    GetCallerIdentityResult result = Mockito.mock(GetCallerIdentityResult.class);
    Mockito.when(result.getArn()).thenReturn("arn:aws:sts::1234:assumed-role/athenz.service/athenz.service");
    Mockito.when(mockClient.getCallerIdentity(ArgumentMatchers.any())).thenReturn(result);
    provider.setStsClient(mockClient);
    AWSAttestationData info = new AWSAttestationData();
    info.setRole("athenz.service");
    assertTrue(provider.verifyInstanceIdentity(info, "1234"));
}
Also used : AWSSecurityTokenServiceClient(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient) GetCallerIdentityResult(com.amazonaws.services.securitytoken.model.GetCallerIdentityResult) Test(org.testng.annotations.Test)

Example 2 with GetCallerIdentityResult

use of com.amazonaws.services.securitytoken.model.GetCallerIdentityResult in project athenz by yahoo.

the class InstanceAWSProviderTest method testVerifyInstanceIdentityARNMismatch.

@Test
public void testVerifyInstanceIdentityARNMismatch() {
    MockInstanceAWSProvider provider = new MockInstanceAWSProvider();
    provider.setIdentitySuper(true);
    AWSSecurityTokenServiceClient mockClient = Mockito.mock(AWSSecurityTokenServiceClient.class);
    GetCallerIdentityResult result = Mockito.mock(GetCallerIdentityResult.class);
    Mockito.when(result.getArn()).thenReturn("arn:aws:sts::1235:assumed-role/athenz.service/athenz.service");
    Mockito.when(mockClient.getCallerIdentity(ArgumentMatchers.any())).thenReturn(result);
    provider.setStsClient(mockClient);
    AWSAttestationData info = new AWSAttestationData();
    info.setRole("athenz.service");
    assertFalse(provider.verifyInstanceIdentity(info, "1234"));
}
Also used : AWSSecurityTokenServiceClient(com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient) GetCallerIdentityResult(com.amazonaws.services.securitytoken.model.GetCallerIdentityResult) Test(org.testng.annotations.Test)

Example 3 with GetCallerIdentityResult

use of com.amazonaws.services.securitytoken.model.GetCallerIdentityResult in project athenz by yahoo.

the class InstanceAWSProvider method verifyInstanceIdentity.

boolean verifyInstanceIdentity(AWSAttestationData info, final String awsAccount) {
    GetCallerIdentityRequest req = new GetCallerIdentityRequest();
    try {
        AWSSecurityTokenService client = getInstanceClient(info);
        if (client == null) {
            LOGGER.error("verifyInstanceIdentity - unable to get AWS STS client object");
            return false;
        }
        GetCallerIdentityResult res = client.getCallerIdentity(req);
        if (res == null) {
            LOGGER.error("verifyInstanceIdentity - unable to get caller identity");
            return false;
        }
        String arn = "arn:aws:sts::" + awsAccount + ":assumed-role/" + info.getRole() + "/";
        if (!res.getArn().startsWith(arn)) {
            LOGGER.error("verifyInstanceIdentity - ARN mismatch - request: {} caller-idenity: {}", arn, res.getArn());
            return false;
        }
        return true;
    } catch (Exception ex) {
        LOGGER.error("CloudStore: verifyInstanceIdentity - unable get caller identity: {}", ex.getMessage());
        return false;
    }
}
Also used : GetCallerIdentityRequest(com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest) AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService) GetCallerIdentityResult(com.amazonaws.services.securitytoken.model.GetCallerIdentityResult) CryptoException(com.yahoo.athenz.auth.util.CryptoException) ResourceException(com.yahoo.athenz.instance.provider.ResourceException)

Aggregations

GetCallerIdentityResult (com.amazonaws.services.securitytoken.model.GetCallerIdentityResult)3 AWSSecurityTokenServiceClient (com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient)2 Test (org.testng.annotations.Test)2 AWSSecurityTokenService (com.amazonaws.services.securitytoken.AWSSecurityTokenService)1 GetCallerIdentityRequest (com.amazonaws.services.securitytoken.model.GetCallerIdentityRequest)1 CryptoException (com.yahoo.athenz.auth.util.CryptoException)1 ResourceException (com.yahoo.athenz.instance.provider.ResourceException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial