Examples with KeyStore com.yahoo.athenz.auth.KeyStore used on opensource projects

Example 31 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testGetPublicKeyKeyServiceInvalid.

@Test
public void testGetPublicKeyKeyServiceInvalid() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = Mockito.mock(KeyStore.class);
    serviceAuthority.setKeyStore(keyStore);
    Mockito.when(keyStore.getPublicKey("sys.auth", "zms", "v1")).thenReturn("zms-key");
    Mockito.when(keyStore.getPublicKey("sys.auth", "zts", "v1")).thenReturn("zts-key");
    Mockito.when(keyStore.getPublicKey("athenz", "svc", "v1")).thenReturn("athenz-key");
    String key = serviceAuthority.getPublicKey("athenz", "svc", "bondo", "v1", false);
    assertEquals(key, "athenz-key");
}

Example 32 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedIlligalServiceName.

@Test
public void testValidateAuthorizedIlligalServiceName() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add(".fantasy");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService(".fantasy", "1", servicePrivateKeyStringK1);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}

Example 33 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class PrincipalAuthorityTest method testGetPublicKeyKeyServiceZts.

@Test
public void testGetPublicKeyKeyServiceZts() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = Mockito.mock(KeyStore.class);
    serviceAuthority.setKeyStore(keyStore);
    Mockito.when(keyStore.getPublicKey("sys.auth", "zms", "v1")).thenReturn("zms-key");
    Mockito.when(keyStore.getPublicKey("sys.auth", "zts", "v1")).thenReturn("zts-key");
    Mockito.when(keyStore.getPublicKey("athenz", "svc", "v1")).thenReturn("athenz-key");
    String key = serviceAuthority.getPublicKey("athenz", "svc", "zts", "v1", false);
    assertEquals(key, "zts-key");
}

Example 34 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class OAuthCertBoundJwtAccessTokenAuthorityTest method testGetPublicKey.

@Test
public void testGetPublicKey() throws Exception {
    KeyStore keyStoreMock = Mockito.spy(baseKeyStore);
    Mockito.when(keyStoreMock.getPublicKey("domain", "service", "keyId")).thenReturn("public_key_in_pem");
    OAuthCertBoundJwtAccessTokenAuthority authority = new OAuthCertBoundJwtAccessTokenAuthority();
    authority.setKeyStore(keyStoreMock);
    assertEquals(authority.getPublicKey("domain", "service", "keyId"), "public_key_in_pem");
}

Example 35 with KeyStore

use of com.yahoo.athenz.auth.KeyStore in project athenz by yahoo.

the class InstanceZTSProviderTest method testConfirmInstanceUnknownHostname.

@Test
public void testConfirmInstanceUnknownHostname() {
    KeyStore keystore = Mockito.mock(KeyStore.class);
    Mockito.when(keystore.getPublicKey("sports", "api", "v0")).thenReturn(servicePublicKeyStringK0);
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    Mockito.when(hostnameResolver.isValidHostname("hostabc.athenz.com")).thenReturn(true);
    Mockito.when(hostnameResolver.getAllByName("hostabc.athenz.com")).thenReturn(new HashSet<>(Collections.singletonList("10.1.1.2")));
    InstanceZTSProvider provider = new InstanceZTSProvider();
    provider.initialize("provider", "com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider", null, keystore);
    provider.setHostnameResolver(hostnameResolver);
    PrincipalToken tokenToSign = new PrincipalToken.Builder("S1", "sports", "api").keyId("v0").salt("salt").issueTime(System.currentTimeMillis() / 1000).expirationWindow(3600).build();
    tokenToSign.sign(servicePrivateKeyStringK0);
    InstanceConfirmation confirmation = new InstanceConfirmation();
    confirmation.setAttestationData(tokenToSign.getSignedToken());
    confirmation.setDomain("sports");
    confirmation.setService("api");
    confirmation.setProvider("sys.auth.zts");
    Map<String, String> attributes = new HashMap<>();
    attributes.put(InstanceProvider.ZTS_INSTANCE_SAN_DNS, "api.sports.zts.athenz.cloud,inst1.instanceid.athenz.zts.athenz.cloud");
    attributes.put(InstanceProvider.ZTS_INSTANCE_HOSTNAME, "hostabc.athenz.com");
    attributes.put(InstanceProvider.ZTS_INSTANCE_CLIENT_IP, "10.1.1.1");
    attributes.put(InstanceProvider.ZTS_INSTANCE_SAN_IP, "10.1.1.1");
    attributes.put(InstanceProvider.ZTS_INSTANCE_CSR_PUBLIC_KEY, servicePublicKeyStringK0);
    confirmation.setAttributes(attributes);
    try {
        provider.confirmInstance(confirmation);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 403);
        assertTrue(ex.getMessage().contains("validate certificate request hostname"));
    }
    provider.close();
}