Examples with Principal com.yahoo.athenz.auth.Principal used on opensource projects

Search in sources :

Example 81 with Principal

use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.

the class CertificateAuthorityTest method testAuthenticateRoleCertificate.

@Test
public void testAuthenticateRoleCertificate() throws Exception, IOException {
    CertificateAuthority authority = new CertificateAuthority();
    authority.initialize();
    try (InputStream inStream = new FileInputStream("src/test/resources/valid_email_x509.cert")) {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
        X509Certificate[] certs = new X509Certificate[1];
        certs[0] = cert;
        Principal principal = authority.authenticate(certs, null);
        assertNotNull(principal);
        assertEquals("athens", principal.getDomain());
        assertEquals("zts", principal.getName());
        assertEquals("sports:role.readers", principal.getRoles().get(0));
    }
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) CertificateFactory(java.security.cert.CertificateFactory) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 82 with Principal

use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.

the class CertificateAuthorityTest method testAuthenticateCertificate.

@Test
public void testAuthenticateCertificate() throws Exception, IOException {
    CertificateAuthority authority = new CertificateAuthority();
    authority.initialize();
    try (InputStream inStream = new FileInputStream("src/test/resources/valid_cn_x509.cert")) {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
        X509Certificate[] certs = new X509Certificate[1];
        certs[0] = cert;
        Principal principal = authority.authenticate(certs, null);
        assertNotNull(principal);
        assertEquals("athenz", principal.getDomain());
        assertEquals("syncer", principal.getName());
        assertNull(principal.getRoles());
    }
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) CertificateFactory(java.security.cert.CertificateFactory) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 83 with Principal

use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.

the class CertificateAuthorityTest method testAuthenciateInvalidArray.

@Test
public void testAuthenciateInvalidArray() {
    CertificateAuthority authority = new CertificateAuthority();
    authority.initialize();
    StringBuilder errMsg = new StringBuilder(512);
    Principal principal = authority.authenticate((X509Certificate[]) null, errMsg);
    assertNull(principal);
    X509Certificate[] certs = new X509Certificate[1];
    certs[0] = null;
    principal = authority.authenticate(certs, errMsg);
    assertNull(principal);
}
Also used : CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) Principal(com.yahoo.athenz.auth.Principal) X509Certificate(java.security.cert.X509Certificate) Test(org.testng.annotations.Test)

Example 84 with Principal

use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.

the class KerberosAuthorityTest method testKerberosAuthorityMockPrivExcAction.

@Test(groups = "kerberos-tests")
public void testKerberosAuthorityMockPrivExcAction() throws Exception {
    System.setProperty(KerberosToken.KRB_PROP_TOKEN_PRIV_ACTION, "com.yahoo.athenz.auth.impl.MockPrivExcAction");
    System.setProperty(KerberosToken.KRB_PROP_TOKEN_PRIV_ACTION + "_TEST_REALM", "USER_REALM");
    String token = "YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAfakecreds";
    System.setProperty(KerberosAuthority.KRB_PROP_SVCPRPL, "myserver@EXAMPLE.COM");
    System.setProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS, KRB_LOGIN_CB_CLASS);
    System.setProperty(KerberosAuthority.KRB_PROP_KEYTAB, "src/test/resources/example.keytab");
    KerberosAuthority authority = new KerberosAuthority();
    authority.initialize();
    String creds = KerberosToken.KRB_AUTH_VAL_FLD + " " + token;
    String remoteAddr = "localhost";
    KerberosToken ktoken = new KerberosToken(creds, remoteAddr);
    boolean ret = ktoken.validate(null, null);
    assertEquals(ret, true);
    StringBuilder errMsg = new StringBuilder();
    Principal principal = authority.authenticate(ktoken.getSignedToken(), null, "GET", errMsg);
    assertNotNull(principal);
    assertNotNull(principal.getAuthority());
    assertEquals(principal.getCredentials(), ktoken.getSignedToken());
    assertEquals(principal.getDomain(), ktoken.getDomain());
    assertEquals(principal.getDomain(), KerberosToken.USER_DOMAIN);
    assertEquals(principal.getName(), ktoken.getUserName());
    assertTrue(principal.getName().indexOf('@') == -1);
    principal = authority.authenticate(ktoken.getSignedToken(), null, "GET", null);
    assertNotNull(principal);
    // test with ygrid realm
    System.setProperty(KerberosToken.KRB_PROP_TOKEN_PRIV_ACTION + "_TEST_REALM", KerberosToken.KRB_USER_REALM);
    ktoken = new KerberosToken(creds, remoteAddr);
    ret = ktoken.validate(null, null);
    assertEquals(ret, true);
    errMsg = new StringBuilder();
    principal = authority.authenticate(ktoken.getSignedToken(), null, "GET", errMsg);
    assertNotNull(principal);
    assertNotNull(principal.getAuthority());
    assertEquals(principal.getCredentials(), ktoken.getSignedToken());
    assertEquals(principal.getDomain(), ktoken.getDomain());
    assertEquals(principal.getDomain(), KerberosToken.KRB_USER_DOMAIN);
    assertEquals(principal.getName(), ktoken.getUserName());
    assertTrue(principal.getName().indexOf('@') == -1);
    principal = authority.authenticate(ktoken.getSignedToken(), null, "GET", null);
    assertNotNull(principal);
    // test with invalid realm
    System.setProperty(KerberosToken.KRB_PROP_TOKEN_PRIV_ACTION + "_TEST_REALM", "REALM.SOMECOMPANY.COM");
    ktoken = new KerberosToken(creds, remoteAddr);
    ret = ktoken.validate(null, null);
    assertEquals(ret, false);
    errMsg = new StringBuilder();
    principal = authority.authenticate(ktoken.getSignedToken(), null, "GET", errMsg);
    assertNull(principal);
    principal = authority.authenticate(ktoken.getSignedToken(), null, "GET", null);
    assertNull(principal);
    principal = authority.authenticate(null, null, "GET", null);
    assertNull(principal);
    System.clearProperty(KerberosToken.KRB_PROP_TOKEN_PRIV_ACTION);
    System.clearProperty(KerberosAuthority.KRB_PROP_SVCPRPL);
    System.clearProperty(KerberosAuthority.KRB_PROP_LOGIN_CB_CLASS);
    System.clearProperty(KerberosAuthority.KRB_PROP_KEYTAB);
}
Also used : KerberosToken(com.yahoo.athenz.auth.token.KerberosToken) Principal(com.yahoo.athenz.auth.Principal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosAuthority(com.yahoo.athenz.auth.impl.KerberosAuthority) BeforeTest(org.testng.annotations.BeforeTest) Test(org.testng.annotations.Test)

Example 85 with Principal

use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.

the class KerberosAuthorityTest method testKerberosAuthorityBadCreds.

@Test(groups = "kerberos-tests")
public void testKerberosAuthorityBadCreds() {
    KerberosAuthority authority = new KerberosAuthority("myserver@athenz.com", "src/test/resources/example.keytab", null);
    authority.initialize();
    assertNull(authority.getDomain());
    assertEquals(authority.getHeader(), KerberosAuthority.KRB_AUTH_HEADER);
    KerberosToken token = null;
    String creds = "invalid_creds";
    String remoteAddr = "some.address";
    try {
        token = new KerberosToken(creds, remoteAddr);
        fail("new KerberosToken with bad creds");
    } catch (Exception exc) {
        String msg = exc.getMessage();
        assertTrue(msg.contains("creds do not contain required Negotiate component"));
    }
    creds = KerberosToken.KRB_AUTH_VAL_FLD + " YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAfakecreds";
    token = new KerberosToken(creds, remoteAddr);
    StringBuilder errMsg = new StringBuilder();
    Principal principal = authority.authenticate(token.getSignedToken(), null, "GET", errMsg);
    assertNull(principal);
}
Also used : KerberosToken(com.yahoo.athenz.auth.token.KerberosToken) Principal(com.yahoo.athenz.auth.Principal) KerberosPrincipal(javax.security.auth.kerberos.KerberosPrincipal) KerberosAuthority(com.yahoo.athenz.auth.impl.KerberosAuthority) BeforeTest(org.testng.annotations.BeforeTest) Test(org.testng.annotations.Test)

Aggregations

Principal (com.yahoo.athenz.auth.Principal)259 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)219 Test (org.testng.annotations.Test)168 Authority (com.yahoo.athenz.auth.Authority)66 PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)52 ArrayList (java.util.ArrayList)35 SignedDomain (com.yahoo.athenz.zms.SignedDomain)33 BeforeTest (org.testng.annotations.BeforeTest)17 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)14 SimpleServiceIdentityProvider (com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)13 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13 AuditLogMsgBuilder (com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)13 IOException (java.io.IOException)13 HttpServletRequest (javax.servlet.http.HttpServletRequest)12 KeyStore (com.yahoo.athenz.auth.KeyStore)11 UnsupportedEncodingException (java.io.UnsupportedEncodingException)10 WebApplicationException (javax.ws.rs.WebApplicationException)10 X509Certificate (java.security.cert.X509Certificate)9 ServiceIdentityProvider (com.yahoo.athenz.auth.ServiceIdentityProvider)8 CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial