Example 1 with GetCallerIdentityResponse
use of com.nike.cerberus.aws.sts.GetCallerIdentityResponse in project cerberus by Nike-Inc.
the class AwsIamStsAuthController method authenticate.
@RequestMapping(method = POST)
public AuthTokenResponse authenticate(@RequestHeader(value = HEADER_X_AMZ_DATE, required = false) String headerXAmzDate, @RequestHeader(value = HEADER_X_AMZ_SECURITY_TOKEN, required = false) String headerXAmzSecurityToken, @RequestHeader(value = HEADER_AUTHORIZATION, required = false) String headerAuthorization) {
String iamPrincipalArn;
AuthTokenResponse authResponse;
try {
if (headerAuthorization == null || headerXAmzDate == null) {
throw new ApiException(DefaultApiError.MISSING_AWS_SIGNATURE_HEADERS);
}
AwsStsHttpHeader header = new AwsStsHttpHeader(headerXAmzDate, headerXAmzSecurityToken, headerAuthorization);
GetCallerIdentityResponse getCallerIdentityResponse = awsStsClient.getCallerIdentity(header);
iamPrincipalArn = getCallerIdentityResponse.getGetCallerIdentityResult().getArn();
authResponse = authenticationService.stsAuthenticate(iamPrincipalArn);
auditLoggingFilterDetails.setAction("Successfully authenticated with AWS IAM STS Auth");
} catch (Exception e) {
String auditMessage = String.format("Failed to authenticate with AWS IAM STS Auth: %s", e.getMessage());
auditLoggingFilterDetails.setAction(auditMessage);
throw e;
}
return authResponse;
}
Also used :
AuthTokenResponse(com.nike.cerberus.domain.AuthTokenResponse)
GetCallerIdentityResponse(com.nike.cerberus.aws.sts.GetCallerIdentityResponse)
ApiException(com.nike.backstopper.exception.ApiException)
ApiException(com.nike.backstopper.exception.ApiException)
AwsStsHttpHeader(com.nike.cerberus.aws.sts.AwsStsHttpHeader)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 2 with GetCallerIdentityResponse
use of com.nike.cerberus.aws.sts.GetCallerIdentityResponse in project cerberus by Nike-Inc.
the class AwsIamStsAuthControllerTest method testAuthenticateWhenSTSAuthenticateThrowsException.
@Test
public void testAuthenticateWhenSTSAuthenticateThrowsException() {
GetCallerIdentityResponse getCallerIdentityResponse = Mockito.mock(GetCallerIdentityResponse.class);
GetCallerIdentityResult getCallerIdentityResult = Mockito.mock(GetCallerIdentityResult.class);
Mockito.when(getCallerIdentityResponse.getGetCallerIdentityResult()).thenReturn(getCallerIdentityResult);
Mockito.when(getCallerIdentityResult.getArn()).thenReturn("arn");
Mockito.when(awsStsClient.getCallerIdentity(Mockito.any(AwsStsHttpHeader.class))).thenReturn(getCallerIdentityResponse);
RuntimeException runtimeException = new RuntimeException();
Mockito.when(authenticationService.stsAuthenticate("arn")).thenThrow(runtimeException);
RuntimeException actualException = null;
try {
awsIamStsAuthController.authenticate("date", "token", "authorization");
} catch (RuntimeException e) {
actualException = e;
}
Assert.assertSame(runtimeException, actualException);
String auditMessage = String.format("Failed to authenticate with AWS IAM STS Auth: %s", actualException.getMessage());
Mockito.verify(auditLoggingFilterDetails, Mockito.atLeastOnce()).setAction(auditMessage);
}
Also used :
GetCallerIdentityResponse(com.nike.cerberus.aws.sts.GetCallerIdentityResponse)
GetCallerIdentityResult(com.amazonaws.services.securitytoken.model.GetCallerIdentityResult)
AwsStsHttpHeader(com.nike.cerberus.aws.sts.AwsStsHttpHeader)
Test(org.junit.Test)
Example 3 with GetCallerIdentityResponse
use of com.nike.cerberus.aws.sts.GetCallerIdentityResponse in project cerberus by Nike-Inc.
the class AwsIamStsAuthControllerTest method testAuthenticate.
@Test
public void testAuthenticate() {
GetCallerIdentityResponse getCallerIdentityResponse = Mockito.mock(GetCallerIdentityResponse.class);
GetCallerIdentityResult getCallerIdentityResult = Mockito.mock(GetCallerIdentityResult.class);
Mockito.when(getCallerIdentityResponse.getGetCallerIdentityResult()).thenReturn(getCallerIdentityResult);
Mockito.when(getCallerIdentityResult.getArn()).thenReturn("arn");
Mockito.when(awsStsClient.getCallerIdentity(Mockito.any(AwsStsHttpHeader.class))).thenReturn(getCallerIdentityResponse);
AuthTokenResponse authTokenResponse = Mockito.mock(AuthTokenResponse.class);
Mockito.when(authenticationService.stsAuthenticate("arn")).thenReturn(authTokenResponse);
AuthTokenResponse actualAuthTokenResponse = awsIamStsAuthController.authenticate("date", "token", "authorization");
Assert.assertSame(authTokenResponse, actualAuthTokenResponse);
Mockito.verify(auditLoggingFilterDetails).setAction("Successfully authenticated with AWS IAM STS Auth");
}
Also used :
AuthTokenResponse(com.nike.cerberus.domain.AuthTokenResponse)
GetCallerIdentityResponse(com.nike.cerberus.aws.sts.GetCallerIdentityResponse)
GetCallerIdentityResult(com.amazonaws.services.securitytoken.model.GetCallerIdentityResult)
AwsStsHttpHeader(com.nike.cerberus.aws.sts.AwsStsHttpHeader)
Test(org.junit.Test)
Aggregations
AwsStsHttpHeader (com.nike.cerberus.aws.sts.AwsStsHttpHeader)3
GetCallerIdentityResponse (com.nike.cerberus.aws.sts.GetCallerIdentityResponse)3
GetCallerIdentityResult (com.amazonaws.services.securitytoken.model.GetCallerIdentityResult)2
AuthTokenResponse (com.nike.cerberus.domain.AuthTokenResponse)2
Test (org.junit.Test)2
ApiException (com.nike.backstopper.exception.ApiException)1
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)1
