use of com.spotify.sshagentproxy.Identity in project helios by spotify.
the class HttpsHandlersTest method testSshAgent.
@Test
public void testSshAgent() throws Exception {
final byte[] random = new byte[255];
new Random().nextBytes(random);
final AgentProxy proxy = mock(AgentProxy.class);
final Identity identity = mock(Identity.class);
when(identity.getKeyBlob()).thenReturn(random);
when(proxy.sign(any(Identity.class), any(byte[].class))).thenAnswer(new Answer<byte[]>() {
@Override
public byte[] answer(InvocationOnMock invocation) throws Throwable {
final byte[] bytesToSign = (byte[]) invocation.getArguments()[1];
return sha1digest(bytesToSign);
}
});
final SshAgentHttpsHandler h = new SshAgentHttpsHandler("foo", true, proxy, identity);
final CertificateAndPrivateKey pair = h.createCertificateAndPrivateKey();
assertNotNull(pair);
assertNotNull(pair.getCertificate());
assertNotNull(pair.getPrivateKey());
}
use of com.spotify.sshagentproxy.Identity in project helios by spotify.
the class AuthenticatingHttpConnectorTest method testOneIdentity_ResponseIsUnauthorized.
@Test
public void testOneIdentity_ResponseIsUnauthorized() throws Exception {
final AgentProxy proxy = mock(AgentProxy.class);
final Identity identity = mockIdentity();
final AuthenticatingHttpConnector authConnector = createAuthenticatingConnector(Optional.of(proxy), ImmutableList.of(identity));
final String path = "/another/one";
final HttpsURLConnection connection = mock(HttpsURLConnection.class);
when(connector.connect(argThat(matchesAnyEndpoint(path)), eq(method), eq(entity), eq(headers))).thenReturn(connection);
when(connection.getResponseCode()).thenReturn(401);
final URI uri = new URI("https://helios" + path);
final HttpURLConnection returnedConnection = authConnector.connect(uri, method, entity, headers);
verify(connector).setExtraHttpsHandler(isA(HttpsHandler.class));
assertSame("If there is only one identity do not expect any additional endpoints to " + "be called after the first returns Unauthorized", returnedConnection, connection);
}
use of com.spotify.sshagentproxy.Identity in project helios by spotify.
the class AuthenticatingHttpConnectorTest method testTwoIdentities_ResponseIsUnauthorized.
@Test
public void testTwoIdentities_ResponseIsUnauthorized() throws Exception {
final AgentProxy proxy = mock(AgentProxy.class);
final Identity id1 = mockIdentity();
final Identity id2 = mockIdentity();
final AuthenticatingHttpConnector authConnector = createAuthenticatingConnector(Optional.of(proxy), ImmutableList.of(id1, id2));
final String path = "/another/one";
// set up two seperate connect() calls - the first returns 401 and the second 200 OK
final HttpsURLConnection connection1 = mock(HttpsURLConnection.class);
when(connection1.getResponseCode()).thenReturn(401);
final HttpsURLConnection connection2 = mock(HttpsURLConnection.class);
when(connection2.getResponseCode()).thenReturn(200);
when(connector.connect(argThat(matchesAnyEndpoint(path)), eq(method), eq(entity), eq(headers))).thenReturn(connection1, connection2);
final URI uri = new URI("https://helios" + path);
final HttpURLConnection returnedConnection = authConnector.connect(uri, method, entity, headers);
verify(connector, times(2)).setExtraHttpsHandler(isA(HttpsHandler.class));
assertSame("Expect returned connection to be the second one, with successful response code", returnedConnection, connection2);
}
use of com.spotify.sshagentproxy.Identity in project helios by spotify.
the class AuthenticatingHttpConnectorTest method mockIdentity.
private Identity mockIdentity() {
final Identity identity = mock(Identity.class);
when(identity.getComment()).thenReturn("a comment");
return identity;
}
use of com.spotify.sshagentproxy.Identity in project helios by spotify.
the class AuthenticatingHttpConnector method connectWithIdentities.
private HttpURLConnection connectWithIdentities(final List<Identity> identities, final URI uri, final String method, final byte[] entity, final Map<String, List<String>> headers) throws IOException, HeliosException {
if (identities.isEmpty()) {
throw new IllegalArgumentException("identities cannot be empty");
}
final Queue<Identity> queue = new LinkedList<>(identities);
HttpURLConnection connection = null;
while (!queue.isEmpty()) {
final Identity identity = queue.poll();
delegate.setExtraHttpsHandler(SshAgentHttpsHandler.builder().setUser(user).setFailOnCertError(false).setAgentProxy(agentProxy.get()).setIdentity(identity).setX500Principal(new X500Principal("C=US,O=Spotify,CN=helios-client")).setCertCacheDir(Paths.get(System.getProperty("user.home"), ".helios")).build());
connection = doConnect(uri, method, entity, headers);
// check the status and retry the request if necessary
final int responseCode = connection.getResponseCode();
final boolean retryResponse = responseCode == HTTP_FORBIDDEN || responseCode == HTTP_UNAUTHORIZED;
if (retryResponse && !queue.isEmpty()) {
// there was some sort of security error. if we have any more SSH identities to try,
// retry with the next available identity
log.debug("retrying with next SSH identity since {} failed", identity == null ? "the previous one" : identity.getComment());
continue;
}
break;
}
return connection;
}
Aggregations