Examples with KeyStore com.yahoo.athenz.auth.KeyStore used on opensource projects

Example 16 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedServiceNoSignature.

@Test
public void testValidateAuthorizedServiceNoSignature() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("coretech.storage");
    authorizedServices.add("media.storage");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).authorizedServices(authorizedServices).expirationWindow(expirationTime).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}

Example 17 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class RoleAuthorityTest method testIsWriteOperationNull.

@Test
public void testIsWriteOperationNull() throws IOException {
    RoleAuthority roleAuthority = new RoleAuthority();
    roleAuthority.initialize();
    KeyStore keyStore = new KeyStoreMock();
    roleAuthority.setKeyStore(keyStore);
    // Add some roles
    List<String> roles = new ArrayList<String>();
    roles.add("storage.tenant.weather.updater");
    // Create and sign token with keyVersion = 0
    RoleToken roleToken = new RoleToken.Builder(rolVersion, svcDomain, roles).salt(salt).ip("127.0.0.1").expirationWindow(expirationTime).principal(".").keyId(testKeyVersionK0).build();
    roleToken.sign(ztsPrivateKeyStringK0);
    Principal principal = roleAuthority.authenticate(roleToken.getSignedToken(), "127.0.0.2", null, null);
    assertNotNull(principal);
}

Example 18 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class RoleAuthorityTest method testAuthenticateIlligal.

@Test
public void testAuthenticateIlligal() throws IOException {
    RoleAuthority roleAuthority = new RoleAuthority();
    roleAuthority.initialize();
    Principal principal = roleAuthority.authenticate("", "10.72.118.45", "GET", null);
    assertNull(principal);
    KeyStore keyStore = new KeyStoreMock();
    roleAuthority.setKeyStore(keyStore);
    // Add some roles
    List<String> roles = new ArrayList<String>();
    roles.add("storage.tenant.weather.updater");
    // Create and sign token with keyVersion = 0
    RoleToken roleToken = new RoleToken.Builder(rolVersion, svcDomain, roles).salt(salt).ip("127.0.0.1").expirationWindow(expirationTime).principal(".").keyId(testKeyVersionK0).build();
    roleToken.sign(ztsPrivateKeyStringK0);
    principal = roleAuthority.authenticate(roleToken.getSignedToken(), "127.0.0.2", "DELETE", null);
    assertNull(principal);
    roleToken = new RoleToken.Builder(rolVersion, svcDomain, roles).salt(salt).ip("127.0.0.1").expirationWindow(expirationTime).principal("illigal.joe").keyId(testKeyVersionK0).build();
    roleToken.sign(ztsPrivateKeyStringK0);
    principal = roleAuthority.authenticate(roleToken.getSignedToken(), "127.0.0.2", "DELETE", null);
    assertNotNull(principal);
}

Example 19 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedServiceMultiple.

@Test
public void testValidateAuthorizedServiceMultiple() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("sports.fantasy");
    authorizedServices.add("sports.hockey");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertEquals(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg), "sports.fantasy");
}

Example 20 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testGetPublicKeyKeyServiceInvalid.

@Test
public void testGetPublicKeyKeyServiceInvalid() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = Mockito.mock(KeyStore.class);
    serviceAuthority.setKeyStore(keyStore);
    Mockito.when(keyStore.getPublicKey("sys.auth", "zms", "v1")).thenReturn("zms-key");
    Mockito.when(keyStore.getPublicKey("sys.auth", "zts", "v1")).thenReturn("zts-key");
    Mockito.when(keyStore.getPublicKey("athenz", "svc", "v1")).thenReturn("athenz-key");
    String key = serviceAuthority.getPublicKey("athenz", "svc", "bondo", "v1", false);
    assertEquals(key, "athenz-key");
}