Search in sources :

Example 1 with Identity

use of com.spotify.sshagentproxy.Identity in project helios by spotify.

the class HttpsHandlersTest method testSshAgent.

@Test
public void testSshAgent() throws Exception {
    final byte[] random = new byte[255];
    new Random().nextBytes(random);
    final AgentProxy proxy = mock(AgentProxy.class);
    final Identity identity = mock(Identity.class);
    when(identity.getKeyBlob()).thenReturn(random);
    when(proxy.sign(any(Identity.class), any(byte[].class))).thenAnswer(new Answer<byte[]>() {

        @Override
        public byte[] answer(InvocationOnMock invocation) throws Throwable {
            final byte[] bytesToSign = (byte[]) invocation.getArguments()[1];
            return sha1digest(bytesToSign);
        }
    });
    final SshAgentHttpsHandler h = new SshAgentHttpsHandler("foo", true, proxy, identity);
    final CertificateAndPrivateKey pair = h.createCertificateAndPrivateKey();
    assertNotNull(pair);
    assertNotNull(pair.getCertificate());
    assertNotNull(pair.getPrivateKey());
}
Also used : SshAgentHttpsHandler(com.spotify.helios.client.HttpsHandlers.SshAgentHttpsHandler) Random(java.util.Random) InvocationOnMock(org.mockito.invocation.InvocationOnMock) AgentProxy(com.spotify.sshagentproxy.AgentProxy) Identity(com.spotify.sshagentproxy.Identity) CertificateAndPrivateKey(com.spotify.helios.client.tls.CertificateAndPrivateKey) Test(org.junit.Test)

Example 2 with Identity

use of com.spotify.sshagentproxy.Identity in project helios by spotify.

the class AuthenticatingHttpConnectorTest method testOneIdentity_ResponseIsUnauthorized.

@Test
public void testOneIdentity_ResponseIsUnauthorized() throws Exception {
    final AgentProxy proxy = mock(AgentProxy.class);
    final Identity identity = mockIdentity();
    final AuthenticatingHttpConnector authConnector = createAuthenticatingConnector(Optional.of(proxy), ImmutableList.of(identity));
    final String path = "/another/one";
    final HttpsURLConnection connection = mock(HttpsURLConnection.class);
    when(connector.connect(argThat(matchesAnyEndpoint(path)), eq(method), eq(entity), eq(headers))).thenReturn(connection);
    when(connection.getResponseCode()).thenReturn(401);
    final URI uri = new URI("https://helios" + path);
    final HttpURLConnection returnedConnection = authConnector.connect(uri, method, entity, headers);
    verify(connector).setExtraHttpsHandler(isA(HttpsHandler.class));
    assertSame("If there is only one identity do not expect any additional endpoints to " + "be called after the first returns Unauthorized", returnedConnection, connection);
}
Also used : HttpURLConnection(java.net.HttpURLConnection) HttpsHandler(com.spotify.sshagenttls.HttpsHandler) AgentProxy(com.spotify.sshagentproxy.AgentProxy) Identity(com.spotify.sshagentproxy.Identity) URI(java.net.URI) HttpsURLConnection(javax.net.ssl.HttpsURLConnection) Test(org.junit.Test)

Example 3 with Identity

use of com.spotify.sshagentproxy.Identity in project helios by spotify.

the class AuthenticatingHttpConnectorTest method testTwoIdentities_ResponseIsUnauthorized.

@Test
public void testTwoIdentities_ResponseIsUnauthorized() throws Exception {
    final AgentProxy proxy = mock(AgentProxy.class);
    final Identity id1 = mockIdentity();
    final Identity id2 = mockIdentity();
    final AuthenticatingHttpConnector authConnector = createAuthenticatingConnector(Optional.of(proxy), ImmutableList.of(id1, id2));
    final String path = "/another/one";
    // set up two seperate connect() calls - the first returns 401 and the second 200 OK
    final HttpsURLConnection connection1 = mock(HttpsURLConnection.class);
    when(connection1.getResponseCode()).thenReturn(401);
    final HttpsURLConnection connection2 = mock(HttpsURLConnection.class);
    when(connection2.getResponseCode()).thenReturn(200);
    when(connector.connect(argThat(matchesAnyEndpoint(path)), eq(method), eq(entity), eq(headers))).thenReturn(connection1, connection2);
    final URI uri = new URI("https://helios" + path);
    final HttpURLConnection returnedConnection = authConnector.connect(uri, method, entity, headers);
    verify(connector, times(2)).setExtraHttpsHandler(isA(HttpsHandler.class));
    assertSame("Expect returned connection to be the second one, with successful response code", returnedConnection, connection2);
}
Also used : HttpURLConnection(java.net.HttpURLConnection) HttpsHandler(com.spotify.sshagenttls.HttpsHandler) AgentProxy(com.spotify.sshagentproxy.AgentProxy) Identity(com.spotify.sshagentproxy.Identity) URI(java.net.URI) HttpsURLConnection(javax.net.ssl.HttpsURLConnection) Test(org.junit.Test)

Example 4 with Identity

use of com.spotify.sshagentproxy.Identity in project helios by spotify.

the class AuthenticatingHttpConnectorTest method mockIdentity.

private Identity mockIdentity() {
    final Identity identity = mock(Identity.class);
    when(identity.getComment()).thenReturn("a comment");
    return identity;
}
Also used : Identity(com.spotify.sshagentproxy.Identity)

Example 5 with Identity

use of com.spotify.sshagentproxy.Identity in project helios by spotify.

the class AuthenticatingHttpConnector method connectWithIdentities.

private HttpURLConnection connectWithIdentities(final List<Identity> identities, final URI uri, final String method, final byte[] entity, final Map<String, List<String>> headers) throws IOException, HeliosException {
    if (identities.isEmpty()) {
        throw new IllegalArgumentException("identities cannot be empty");
    }
    final Queue<Identity> queue = new LinkedList<>(identities);
    HttpURLConnection connection = null;
    while (!queue.isEmpty()) {
        final Identity identity = queue.poll();
        delegate.setExtraHttpsHandler(SshAgentHttpsHandler.builder().setUser(user).setFailOnCertError(false).setAgentProxy(agentProxy.get()).setIdentity(identity).setX500Principal(new X500Principal("C=US,O=Spotify,CN=helios-client")).setCertCacheDir(Paths.get(System.getProperty("user.home"), ".helios")).build());
        connection = doConnect(uri, method, entity, headers);
        // check the status and retry the request if necessary
        final int responseCode = connection.getResponseCode();
        final boolean retryResponse = responseCode == HTTP_FORBIDDEN || responseCode == HTTP_UNAUTHORIZED;
        if (retryResponse && !queue.isEmpty()) {
            // there was some sort of security error. if we have any more SSH identities to try,
            // retry with the next available identity
            log.debug("retrying with next SSH identity since {} failed", identity == null ? "the previous one" : identity.getComment());
            continue;
        }
        break;
    }
    return connection;
}
Also used : HttpURLConnection(java.net.HttpURLConnection) X500Principal(javax.security.auth.x500.X500Principal) Identity(com.spotify.sshagentproxy.Identity) LinkedList(java.util.LinkedList)

Aggregations

Identity (com.spotify.sshagentproxy.Identity)8 AgentProxy (com.spotify.sshagentproxy.AgentProxy)6 Test (org.junit.Test)6 HttpURLConnection (java.net.HttpURLConnection)5 URI (java.net.URI)5 HttpsURLConnection (javax.net.ssl.HttpsURLConnection)5 HttpsHandler (com.spotify.sshagenttls.HttpsHandler)4 SshAgentHttpsHandler (com.spotify.helios.client.HttpsHandlers.SshAgentHttpsHandler)1 CertificateAndPrivateKey (com.spotify.helios.client.tls.CertificateAndPrivateKey)1 LinkedList (java.util.LinkedList)1 Random (java.util.Random)1 X500Principal (javax.security.auth.x500.X500Principal)1 InvocationOnMock (org.mockito.invocation.InvocationOnMock)1