Example 26 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testSameCredentialsAsBeforePrincipalNoCreds.
@Test
public void testSameCredentialsAsBeforePrincipalNoCreds() {
Principal principal = SimplePrincipal.create("user_domain", "user", (String) null, PRINCIPAL_AUTHORITY);
ZTSClient client = new ZTSClient("http://localhost:4080/", principal);
Principal newPrincipal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
assertFalse(client.sameCredentialsAsBefore(newPrincipal));
client.close();
}
Also used :
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Example 27 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testPrefetchRoleTokenShouldCallServer.
@Test
public void testPrefetchRoleTokenShouldCallServer() throws Exception {
System.out.println("testPrefetchRoleTokenShouldCallServer");
ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
int intervalSecs = Integer.parseInt(System.getProperty(ZTSClient.ZTS_CLIENT_PROP_PREFETCH_SLEEP_INTERVAL, "5"));
ztsClientMock.setTestSleepInterval(intervalSecs);
// token expires in 5 seconds
ztsClientMock.setExpiryTime(intervalSecs);
ztsClientMock.setRoleName("role1");
Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
ServiceIdentityProvider siaProvider = Mockito.mock(ServiceIdentityProvider.class);
Mockito.when(siaProvider.getIdentity(Mockito.<String>any(), Mockito.<String>any())).thenReturn(principal);
ZTSClient client = new ZTSClient("http://localhost:4080/", "user_domain", "user", siaProvider);
client.removePrefetcher();
client.setZTSRDLGeneratedClient(ztsClientMock);
String domain1 = "coretech";
// initially, roleToken was never fetched.
assertTrue(ztsClientMock.getLastRoleTokenFetchedTime(domain1, null, null) < 0);
// initialize the prefetch token process.
client.prefetchRoleToken(domain1, null, null, null, null);
// make sure only unique items are in the queue
assertEquals(client.getScheduledItemsSize(), 1);
RoleToken roleToken1 = client.getRoleToken(domain1);
assertTrue(roleToken1 != null);
long rtExpiry = roleToken1.getExpiryTime();
System.out.println("testPrefetchRoleTokenShouldCallServer: roleToken1:domain=" + domain1 + " expires at " + rtExpiry + " curtime_secs=" + (System.currentTimeMillis() / 1000));
System.out.println("testPrefetchRoleTokenShouldCallServer: sleep Secs=" + (2 * intervalSecs) + "+0.1");
Thread.sleep((2 * intervalSecs * 1000) + 100);
System.out.println("testPrefetchRoleTokenShouldCallServer: nap over so what happened");
assertEquals(client.getScheduledItemsSize(), 1);
long lastTimerTriggered1 = ZTSClient.FETCHER_LAST_RUN_AT.get();
long lastTokenFetchedTime1 = ztsClientMock.getLastRoleTokenFetchedTime(domain1, null, null);
roleToken1 = client.getRoleToken(domain1);
long rtExpiry2 = roleToken1.getExpiryTime();
System.out.println("testPrefetchRoleTokenShouldCallServer: roleToken1:domain=" + domain1 + " expires at " + rtExpiry2 + " curtime_secs=" + (System.currentTimeMillis() / 1000));
// this token was refreshed
assertTrue(rtExpiry2 > rtExpiry);
assertTrue(lastTokenFetchedTime1 > 0);
// wait a few seconds, and see subsequent fetch happened.
System.out.println("testPrefetchRoleTokenShouldCallServer: again sleep Secs=" + (2 * intervalSecs) + "+0.1");
Thread.sleep((2 * intervalSecs * 1000) + 100);
System.out.println("testPrefetchRoleTokenShouldCallServer: again nap over so what happened");
long lastTokenFetchedTime2 = ztsClientMock.getLastRoleTokenFetchedTime(domain1, null, null);
RoleToken roleToken2 = client.getRoleToken(domain1);
long rt2Expiry = roleToken2.getExpiryTime();
System.out.println("testPrefetchRoleTokenShouldCallServer: roleToken2:domain=" + domain1 + " expires at " + rt2Expiry + " curtime_secs=" + (System.currentTimeMillis() / 1000));
// this token was refreshed
assertTrue(rt2Expiry > rtExpiry2);
// token should be different
assertNotEquals(roleToken1.getToken(), roleToken2.getToken());
long lastTokenFetchedTime3 = ztsClientMock.getLastRoleTokenFetchedTime(domain1, null, null);
long lastTimerTriggered2 = ZTSClient.FETCHER_LAST_RUN_AT.get();
// Since token should be good for 5 seconds,
// lastTokenFetchedTime1 & 2 & 3 all should be different,
assertNotEquals(lastTokenFetchedTime1, lastTokenFetchedTime2);
assertNotEquals(lastTokenFetchedTime3, lastTokenFetchedTime2);
// make sure the Timer actually triggered.
assertTrue(lastTimerTriggered1 > 0);
assertTrue(lastTimerTriggered2 > 0);
assertNotEquals(lastTimerTriggered1, lastTimerTriggered2);
assertTrue(lastTimerTriggered2 > lastTimerTriggered1);
client.removePrefetcher();
client.close();
}
Also used :
SimpleServiceIdentityProvider(com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)
ServiceIdentityProvider(com.yahoo.athenz.auth.ServiceIdentityProvider)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Example 28 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testPostRoleCertificateRequest.
@Test
public void testPostRoleCertificateRequest() {
Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
ZTSClient client = new ZTSClient("http://localhost:4080", principal);
ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
client.setZTSRDLGeneratedClient(ztsClientMock);
RoleCertificateRequest req = new RoleCertificateRequest().setCsr("csr");
RoleToken roleToken = client.postRoleCertificateRequest("coretech", "role1", req);
assertNotNull(roleToken);
try {
client.postRoleCertificateRequest("exc", "no-role", req);
fail();
} catch (ZTSClientException ex) {
assertEquals(ex.getCode(), 400);
}
try {
client.postRoleCertificateRequest("good-domain", "no-role", req);
fail();
} catch (ZTSClientException ex) {
assertEquals(ex.getCode(), 403);
}
client.close();
}
Also used :
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Example 29 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testLookupRoleTokenInCacheExpired.
@SuppressWarnings("static-access")
@Test
public void testLookupRoleTokenInCacheExpired() {
Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
ZTSClient client = new ZTSClient("http://localhost:4080/", principal);
String cacheKey = "p=auth_creds;d=coretech;r=Role1";
RoleToken roleToken = new RoleToken().setToken("role_token").setExpiryTime((System.currentTimeMillis() / 1000) + 1000L);
client.ROLE_TOKEN_CACHE.put(cacheKey, roleToken);
assertNull(client.lookupRoleTokenInCache(cacheKey, 3000, 4000));
assertNull(client.lookupRoleTokenInCache(cacheKey, 500, 800));
client.ROLE_TOKEN_CACHE.clear();
client.close();
}
Also used :
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Example 30 with Principal
use of com.yahoo.athenz.auth.Principal in project athenz by yahoo.
the class ZTSClientTest method testHostNameVerifierVerifyCertNull.
@Test
public void testHostNameVerifierVerifyCertNull() throws SSLPeerUnverifiedException {
ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
Principal principal = SimplePrincipal.create("user_domain", "user", "v=S1;d=user_domain;n=user;s=sig", PRINCIPAL_AUTHORITY);
ZTSClient client = new ZTSClient("http://localhost:4080", principal);
client.setZTSRDLGeneratedClient(ztsClientMock);
ZTSClient.AWSHostNameVerifier hostnameVerifier = client.new AWSHostNameVerifier("host1");
SSLSession session = Mockito.mock(SSLSession.class);
Mockito.when(session.getPeerCertificates()).thenReturn(null);
assertFalse(hostnameVerifier.verify("host1", session));
System.out.println("hashCode:" + client.hashCode());
client.close();
}
Also used :
SSLSession(javax.net.ssl.SSLSession)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
Aggregations
Principal (com.yahoo.athenz.auth.Principal)258
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)218
Test (org.testng.annotations.Test)168
Authority (com.yahoo.athenz.auth.Authority)66
PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)52
ArrayList (java.util.ArrayList)35
SignedDomain (com.yahoo.athenz.zms.SignedDomain)33
BeforeTest (org.testng.annotations.BeforeTest)17
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)14
SimpleServiceIdentityProvider (com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)13
AuditLogMsgBuilder (com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)13
IOException (java.io.IOException)13
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)12
HttpServletRequest (javax.servlet.http.HttpServletRequest)12
KeyStore (com.yahoo.athenz.auth.KeyStore)11
UnsupportedEncodingException (java.io.UnsupportedEncodingException)10
WebApplicationException (javax.ws.rs.WebApplicationException)10
X509Certificate (java.security.cert.X509Certificate)9
ServiceIdentityProvider (com.yahoo.athenz.auth.ServiceIdentityProvider)8
CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)8
