Examples with Authority com.yahoo.athenz.auth.Authority used on opensource projects

Example 71 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class ProviderMockClientTest method testPutTenant.

@Test
public void testPutTenant() {
    String systemAdminUser = "user.user_admin";
    Authority authority = new com.yahoo.athenz.auth.impl.PrincipalAuthority();
    Principal p = SimplePrincipal.create("user", systemAdminUser, "v=U1;d=user;n=" + systemAdminUser + ";s=signature", 0, authority);
    ProviderMockClient provider = new ProviderMockClient("localhost:3306/athenz", p);
    Tenant tenant = new Tenant();
    tenant.setName("name");
    assertNull(provider.putTenant("providerService1", "tenantDom1", "zms", tenant));
}

Example 72 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class Http method authenticate.

public static Principal authenticate(HttpServletRequest request, AuthorityList authorities) {
    if (authorities == null) {
        LOG.error("authenticate: No authorites configured");
        throw new ResourceException(ResourceException.INTERNAL_SERVER_ERROR, "No authorities configured");
    }
    StringBuilder authErrMsg = new StringBuilder(512);
    for (Authority authority : authorities.authorities) {
        Principal principal = null;
        StringBuilder errMsg = new StringBuilder(512);
        switch(authority.getCredSource()) {
            case HEADER:
                String creds = authenticatingCredentials(request, authority);
                if (creds != null) {
                    principal = authority.authenticate(creds, ServletRequestUtil.getRemoteAddress(request), request.getMethod(), errMsg);
                }
                break;
            case CERTIFICATE:
                X509Certificate[] certs = (X509Certificate[]) request.getAttribute(JAVAX_CERT_ATTR);
                if (certs != null) {
                    principal = authority.authenticate(certs, errMsg);
                }
                break;
            case REQUEST:
                principal = authority.authenticate(request, errMsg);
                break;
        }
        if (principal != null) {
            return principal;
        }
        if (errMsg.length() > 0) {
            authErrMsg.append(":error: ").append(errMsg);
        }
    }
    if (authErrMsg.length() > 0) {
        request.setAttribute(INVALID_CRED_ATTR, authErrMsg.toString());
        LOG.error("authenticate: {}", authErrMsg.toString());
    } else {
        request.setAttribute(INVALID_CRED_ATTR, "No credentials provided");
        LOG.error("authenticate: No credentials provided");
    }
    throw new ResourceException(ResourceException.UNAUTHORIZED, "Invalid credentials");
}

Example 73 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class DebugKerberosAuthorityTest method testDebugKerberosAuthoritySysProp.

@Test
public void testDebugKerberosAuthoritySysProp() {
    System.setProperty(DebugKerberosAuthority.ATHENZ_PROP_USER_NAME, "tiesto");
    Authority authority = new DebugKerberosAuthority();
    assertNotNull(authority);
    authority.initialize();
    assertEquals(authority.getDomain(), USER_DOMAIN);
    assertEquals(authority.getHeader(), DebugKerberosAuthority.KRB_HEADER);
    // invalid authenticate values
    assertNull(authority.authenticate(null, "6.21.20.16", "GET", null));
    assertNull(authority.authenticate("abc", "6.21.20.16", "GET", null));
    assertNull(authority.authenticate(KRB_TOKEN, "6.21.20.16", "GET", null));
    // valid values
    Principal prnc = authority.authenticate(DebugKerberosAuthority.TOKEN_PREFIX + " " + KRB_TOKEN, "6.21.20.16", "GET", null);
    assertNotNull(prnc);
    assertEquals(prnc.getDomain(), USER_DOMAIN);
    assertEquals(prnc.getName(), "tiesto");
    assertEquals(prnc.getCredentials(), KRB_TOKEN);
    assertNull(prnc.getRoles());
    // now use debug token that contains user name
    String token = DebugKerberosAuthority.TOKEN_PREFIX + " " + DebugKerberosAuthority.TOKEN_DEBUG_USER_FIELD + "jamesdean";
    prnc = authority.authenticate(token, "6.21.20.16", "GET", null);
    assertNotNull(prnc);
    assertEquals(prnc.getDomain(), USER_DOMAIN);
    assertEquals(prnc.getName(), "jamesdean");
    assertEquals(prnc.getCredentials(), DebugKerberosAuthority.TOKEN_DEBUG_USER_FIELD + "jamesdean");
    assertNull(prnc.getRoles());
    System.clearProperty(DebugKerberosAuthority.ATHENZ_PROP_USER_NAME);
}

Example 74 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class DebugKerberosAuthorityTest method testDebugKerberosAuthority.

@Test
public void testDebugKerberosAuthority() {
    Authority authority = new DebugKerberosAuthority();
    assertNotNull(authority);
    authority.initialize();
    assertEquals(authority.getDomain(), USER_DOMAIN);
    assertEquals(authority.getHeader(), DebugKerberosAuthority.KRB_HEADER);
    // invalid authenticate values
    assertNull(authority.authenticate(null, "6.21.20.16", "GET", null));
    assertNull(authority.authenticate("abc", "6.21.20.16", "GET", null));
    assertNull(authority.authenticate(KRB_TOKEN, "6.21.20.16", "GET", null));
    // valid values
    Principal prnc = authority.authenticate(DebugKerberosAuthority.TOKEN_PREFIX + " " + KRB_TOKEN, "6.21.20.16", "GET", null);
    assertNotNull(prnc);
    assertEquals(prnc.getDomain(), USER_DOMAIN);
    assertEquals(prnc.getName(), "anonymous");
    assertEquals(prnc.getCredentials(), KRB_TOKEN);
    assertNull(prnc.getRoles());
}

Example 75 with Authority

use of com.yahoo.athenz.auth.Authority in project athenz by yahoo.

the class DebugRoleAuthorityTest method testRoleAuthority.

@Test
public void testRoleAuthority() {
    Authority roleAuthority = new com.yahoo.athenz.common.server.debug.DebugRoleAuthority();
    assertNotNull(roleAuthority);
    roleAuthority.initialize();
    ((DebugRoleAuthority) roleAuthority).setKeyStore(null);
    assertNull(roleAuthority.getDomain());
    assertEquals(roleAuthority.getHeader(), "Athenz-Role-Auth");
    // invalid authenticate values
    assertNull(roleAuthority.authenticate(null, "10.11.12.13", "GET", null));
    assertNull(roleAuthority.authenticate("abc", "10.11.12.13", "GET", null));
    assertNull(roleAuthority.authenticate("v=Z1;d=coretech;s=signature", "10.11.12.13", "GET", null));
    assertNull(roleAuthority.authenticate("v=Z1;r=role1,role2,role3;s=signature", "10.11.12.13", "GET", null));
    assertNull(roleAuthority.authenticate("v=U1;d=coretech;r=role1,role2,role3;s=signature", "10.11.12.13", "GET", null));
    // valid values
    String token = "v=Z1;d=coretech;r=role1,role2,role3;s=signature";
    Principal p = roleAuthority.authenticate(token, "10.11.12.13", "GET", null);
    assertNotNull(p);
    assertEquals(p.getDomain(), "coretech");
    assertEquals(p.getCredentials(), token);
    assertNull(p.getName());
    List<String> roles = p.getRoles();
    assertEquals(roles.size(), 3);
    assertTrue(roles.contains("role1"));
    assertTrue(roles.contains("role2"));
    assertTrue(roles.contains("role3"));
}