Example 51 with KeyStore
use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.
the class InstanceZTSProviderTest method testConfirmInstanceUnknownHostname.
@Test
public void testConfirmInstanceUnknownHostname() {
KeyStore keystore = Mockito.mock(KeyStore.class);
Mockito.when(keystore.getPublicKey("sports", "api", "v0")).thenReturn(servicePublicKeyStringK0);
HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
Mockito.when(hostnameResolver.isValidHostname("hostabc.athenz.com")).thenReturn(true);
Mockito.when(hostnameResolver.getAllByName("hostabc.athenz.com")).thenReturn(new HashSet<>(Collections.singletonList("10.1.1.2")));
InstanceZTSProvider provider = new InstanceZTSProvider();
provider.initialize("provider", "com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider", null, keystore);
provider.setHostnameResolver(hostnameResolver);
PrincipalToken tokenToSign = new PrincipalToken.Builder("S1", "sports", "api").keyId("v0").salt("salt").issueTime(System.currentTimeMillis() / 1000).expirationWindow(3600).build();
tokenToSign.sign(servicePrivateKeyStringK0);
InstanceConfirmation confirmation = new InstanceConfirmation();
confirmation.setAttestationData(tokenToSign.getSignedToken());
confirmation.setDomain("sports");
confirmation.setService("api");
confirmation.setProvider("sys.auth.zts");
Map<String, String> attributes = new HashMap<>();
attributes.put(InstanceProvider.ZTS_INSTANCE_SAN_DNS, "api.sports.zts.athenz.cloud,inst1.instanceid.athenz.zts.athenz.cloud");
attributes.put(InstanceProvider.ZTS_INSTANCE_HOSTNAME, "hostabc.athenz.com");
attributes.put(InstanceProvider.ZTS_INSTANCE_CLIENT_IP, "10.1.1.1");
attributes.put(InstanceProvider.ZTS_INSTANCE_SAN_IP, "10.1.1.1");
attributes.put(InstanceProvider.ZTS_INSTANCE_CSR_PUBLIC_KEY, servicePublicKeyStringK0);
confirmation.setAttributes(attributes);
try {
provider.confirmInstance(confirmation);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 403);
assertTrue(ex.getMessage().contains("validate certificate request hostname"));
}
provider.close();
}
Also used :
InstanceConfirmation(com.yahoo.athenz.instance.provider.InstanceConfirmation)
HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver)
InstanceZTSProvider(com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider)
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
ResourceException(com.yahoo.athenz.instance.provider.ResourceException)
KeyStore(com.yahoo.athenz.auth.KeyStore)
Test(org.testng.annotations.Test)
Aggregations
KeyStore (com.yahoo.athenz.auth.KeyStore)51
Test (org.testng.annotations.Test)50
BeforeTest (org.testng.annotations.BeforeTest)28
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)25
InstanceZTSProvider (com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider)19
ArrayList (java.util.ArrayList)17
InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)16
Principal (com.yahoo.athenz.auth.Principal)15
PublicKey (java.security.PublicKey)9
ResourceException (com.yahoo.athenz.instance.provider.ResourceException)8
RoleToken (com.yahoo.athenz.auth.token.RoleToken)7
Path (java.nio.file.Path)7
PrivateKey (java.security.PrivateKey)6
HostnameResolver (com.yahoo.athenz.common.server.dns.HostnameResolver)4
InstanceRegisterToken (com.yahoo.athenz.zts.InstanceRegisterToken)4
SigningKeyResolver (io.jsonwebtoken.SigningKeyResolver)2
DefaultClaims (io.jsonwebtoken.impl.DefaultClaims)2
DefaultJwsHeader (io.jsonwebtoken.impl.DefaultJwsHeader)2
FileReader (java.io.FileReader)2
Field (java.lang.reflect.Field)2
