Search in sources :

Example 6 with Authorizer

use of com.yahoo.athenz.auth.Authorizer in project athenz by yahoo.

the class X509CertRequestTest method testValidate.

@Test
public void testValidate() throws IOException {
    Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
    String csr = new String(Files.readAllBytes(path));
    X509CertRequest certReq = new X509CertRequest(csr);
    assertNotNull(certReq);
    Authorizer authorizer = Mockito.mock(Authorizer.class);
    Principal provider = Mockito.mock(Principal.class);
    Mockito.when(authorizer.access("launch", "sys.auth:dns.ostk.athenz.cloud", provider, (String) null)).thenReturn(true);
    StringBuilder errorMsg = new StringBuilder(256);
    assertTrue(certReq.validate(provider, "athenz", "production", "1001", authorizer, errorMsg));
    assertTrue(certReq.validate(provider, "athenz", "production", "1001", null, errorMsg));
}
Also used : Path(java.nio.file.Path) Authorizer(com.yahoo.athenz.auth.Authorizer) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 7 with Authorizer

use of com.yahoo.athenz.auth.Authorizer in project athenz by yahoo.

the class ResourceContextTest method testAuthorize.

@Test
public void testAuthorize() {
    HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse httpServletResponse = Mockito.mock(HttpServletResponse.class);
    Authorizer authorizer = Mockito.mock(Authorizer.class);
    Http.AuthorityList authorities = new Http.AuthorityList();
    ResourceContext context = new ResourceContext(httpServletRequest, httpServletResponse, authorities, authorizer);
    try {
        context.authorize("action", "resource", "domain");
    } catch (ResourceException expected) {
        assertEquals(expected.getCode(), 401);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authorizer(com.yahoo.athenz.auth.Authorizer) HttpServletResponse(javax.servlet.http.HttpServletResponse) Test(org.testng.annotations.Test)

Example 8 with Authorizer

use of com.yahoo.athenz.auth.Authorizer in project athenz by yahoo.

the class ResourceContextTest method testAuthenticate.

@Test
public void testAuthenticate() {
    HttpServletRequest httpServletRequest = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse httpServletResponse = Mockito.mock(HttpServletResponse.class);
    Authorizer authorizer = Mockito.mock(Authorizer.class);
    Http.AuthorityList authorities = new Http.AuthorityList();
    ResourceContext context = new ResourceContext(httpServletRequest, httpServletResponse, authorities, authorizer);
    context.checked = true;
    assertNull(context.authenticate());
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authorizer(com.yahoo.athenz.auth.Authorizer) HttpServletResponse(javax.servlet.http.HttpServletResponse) Test(org.testng.annotations.Test)

Example 9 with Authorizer

use of com.yahoo.athenz.auth.Authorizer in project athenz by yahoo.

the class RsrcCtxWrapperTest method TestAuthorizeInvalid.

@Test(expectedExceptions = { ResourceException.class })
public void TestAuthorizeInvalid() {
    HttpServletRequest reqMock = Mockito.mock(HttpServletRequest.class);
    HttpServletResponse resMock = Mockito.mock(HttpServletResponse.class);
    AuthorityList authListMock = new AuthorityList();
    Authorizer authorizerMock = Mockito.mock(Authorizer.class);
    Mockito.when(reqMock.getHeader("testheader")).thenReturn("testcred");
    Mockito.when(reqMock.getRemoteAddr()).thenReturn("1.1.1.1");
    Mockito.when(reqMock.getMethod()).thenReturn("POST");
    // force true access right
    Mockito.when(authorizerMock.access(Mockito.<String>any(), Mockito.<String>any(), Mockito.any(), Mockito.any())).thenReturn(true);
    RsrcCtxWrapper wrapper = new RsrcCtxWrapper(reqMock, resMock, authListMock, false, authorizerMock);
    // when not set authority
    wrapper.authorize("add-domain", "test", "test");
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) Authorizer(com.yahoo.athenz.auth.Authorizer) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthorityList(com.yahoo.athenz.common.server.rest.Http.AuthorityList) Test(org.testng.annotations.Test)

Example 10 with Authorizer

use of com.yahoo.athenz.auth.Authorizer in project athenz by yahoo.

the class HttpTest method testAuthorizedBadRequest.

@Test
public void testAuthorizedBadRequest() throws Exception {
    Authorizer authorizer = Mockito.mock(Authorizer.class);
    Principal principal = Mockito.mock(Principal.class);
    try {
        Http.authorize(authorizer, principal, "action", null, null);
    } catch (ResourceException expected) {
        assertEquals(expected.getCode(), 400);
    }
}
Also used : Authorizer(com.yahoo.athenz.auth.Authorizer) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Aggregations

Authorizer (com.yahoo.athenz.auth.Authorizer)11 Test (org.testng.annotations.Test)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)7 Principal (com.yahoo.athenz.auth.Principal)6 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 AuthorityList (com.yahoo.athenz.common.server.rest.Http.AuthorityList)3 Authority (com.yahoo.athenz.auth.Authority)2 Path (java.nio.file.Path)2