Search in sources :

Example 26 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testPrincipalTokenValidateForAuthorizedService.

// @Test
public void testPrincipalTokenValidateForAuthorizedService() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("test.fantasy");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService("test.fantasy", "1", servicePrivateKeyStringK1);
    // Create a token for validation using the signed data
    serviceAuthority.validateAuthorizeService(userTokenToSign, null);
}
Also used : ArrayList(java.util.ArrayList) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore)

Example 27 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testPrincipalAuthorityWithNullAuthorizedService.

@Test
public void testPrincipalAuthorityWithNullAuthorizedService() throws IOException {
    PrincipalAuthority authority = new PrincipalAuthority();
    PrincipalAuthority serviceAuthority = Mockito.spy(authority);
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    // Create and sign token with key version 0
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("sports.fantasy");
    authorizedServices.add("sports.hockey");
    long issueTime = System.currentTimeMillis() / 1000;
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).ip("127.0.0.2").issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
    // we're going to pass a different IP so we get the authorized service checks
    doReturn(null).when(serviceAuthority).validateAuthorizeService(any(), any());
    StringBuilder errMsg = new StringBuilder();
    Principal principal = serviceAuthority.authenticate(userTokenToSign.getSignedToken(), "127.0.0.3", "POST", errMsg);
    assertNull(principal);
}
Also used : ArrayList(java.util.ArrayList) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 28 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedServiceMultiple.

@Test
public void testValidateAuthorizedServiceMultiple() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("sports.fantasy");
    authorizedServices.add("sports.hockey");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertEquals(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg), "sports.fantasy");
}
Also used : ArrayList(java.util.ArrayList) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 29 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedServiceNoServices.

@Test
public void testValidateAuthorizedServiceNoServices() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}
Also used : PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 30 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testGetPublicKeyDefault.

@Test
public void testGetPublicKeyDefault() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = Mockito.mock(KeyStore.class);
    serviceAuthority.setKeyStore(keyStore);
    Mockito.when(keyStore.getPublicKey("sys.auth", "zms", "v1")).thenReturn("zms-key");
    Mockito.when(keyStore.getPublicKey("sys.auth", "zts", "v1")).thenReturn("zts-key");
    Mockito.when(keyStore.getPublicKey("cd.step", "sd10000", "v1")).thenReturn("cd-key");
    Mockito.when(keyStore.getPublicKey("athenz", "svc", "v1")).thenReturn("athenz-key");
    String key = serviceAuthority.getPublicKey("athenz", "svc", null, "v1", false);
    assertEquals(key, "athenz-key");
}
Also used : KeyStore(com.yahoo.athenz.auth.KeyStore) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Aggregations

KeyStore (com.yahoo.athenz.auth.KeyStore)51 Test (org.testng.annotations.Test)50 BeforeTest (org.testng.annotations.BeforeTest)28 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)25 InstanceZTSProvider (com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider)19 ArrayList (java.util.ArrayList)17 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)16 Principal (com.yahoo.athenz.auth.Principal)15 PublicKey (java.security.PublicKey)9 ResourceException (com.yahoo.athenz.instance.provider.ResourceException)8 RoleToken (com.yahoo.athenz.auth.token.RoleToken)7 Path (java.nio.file.Path)7 PrivateKey (java.security.PrivateKey)6 HostnameResolver (com.yahoo.athenz.common.server.dns.HostnameResolver)4 InstanceRegisterToken (com.yahoo.athenz.zts.InstanceRegisterToken)4 SigningKeyResolver (io.jsonwebtoken.SigningKeyResolver)2 DefaultClaims (io.jsonwebtoken.impl.DefaultClaims)2 DefaultJwsHeader (io.jsonwebtoken.impl.DefaultJwsHeader)2 FileReader (java.io.FileReader)2 Field (java.lang.reflect.Field)2