Example 1 with ServerPrivateKey
use of com.yahoo.athenz.auth.ServerPrivateKey in project athenz by yahoo.
the class FilePrivateKeyStoreTest method testRetrieveRSAPrivateKeyValid.
@Test
public void testRetrieveRSAPrivateKeyValid() {
FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory();
PrivateKeyStore store = factory.create();
String saveProp = System.getProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_RSA_KEY);
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_RSA_KEY, "src/test/resources/unit_test_zts_private_k0.key");
ServerPrivateKey privKey = store.getPrivateKey("zms", "localhost", "us-east-1", "rsa");
assertNotNull(privKey);
if (saveProp == null) {
System.clearProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_RSA_KEY);
} else {
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_RSA_KEY, saveProp);
}
}
Also used :
PrivateKeyStore(com.yahoo.athenz.auth.PrivateKeyStore)
ServerPrivateKey(com.yahoo.athenz.auth.ServerPrivateKey)
Test(org.testng.annotations.Test)
Example 2 with ServerPrivateKey
use of com.yahoo.athenz.auth.ServerPrivateKey in project athenz by yahoo.
the class FilePrivateKeyStoreTest method testRetrieveECPrivateKeyValid.
@Test
public void testRetrieveECPrivateKeyValid() {
FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory();
PrivateKeyStore store = factory.create();
String saveProp = System.getProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY);
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY, "src/test/resources/unit_test_ec_private.key");
ServerPrivateKey privKey = store.getPrivateKey("zms", "localhost", "us-east-1", "ec");
assertNotNull(privKey);
if (saveProp == null) {
System.clearProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY);
} else {
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY, saveProp);
}
}
Also used :
PrivateKeyStore(com.yahoo.athenz.auth.PrivateKeyStore)
ServerPrivateKey(com.yahoo.athenz.auth.ServerPrivateKey)
Test(org.testng.annotations.Test)
Example 3 with ServerPrivateKey
use of com.yahoo.athenz.auth.ServerPrivateKey in project athenz by yahoo.
the class ZMSImplTest method testGetSignedDomainsWithMetaAttrs.
@Test
public void testGetSignedDomainsWithMetaAttrs() {
// create multiple top level domains
TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject("SignedDom1", "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser());
zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom1);
// set the meta attributes for domain
DomainMeta meta = zmsTestInitializer.createDomainMetaObject("Tenant Domain1", null, true, false, "12345", 0);
zmsTestInitializer.getZms().putDomainMeta(zmsTestInitializer.getMockDomRsrcCtx(), "signeddom1", zmsTestInitializer.getAuditRef(), meta);
meta = zmsTestInitializer.createDomainMetaObject("Tenant Domain1", null, true, false, "12345", 987654103);
zmsTestInitializer.getZms().putDomainSystemMeta(zmsTestInitializer.getMockDomRsrcCtx(), "signeddom1", "account", zmsTestInitializer.getAuditRef(), meta);
zmsTestInitializer.getZms().putDomainSystemMeta(zmsTestInitializer.getMockDomRsrcCtx(), "signeddom1", "productid", zmsTestInitializer.getAuditRef(), meta);
TopLevelDomain dom2 = zmsTestInitializer.createTopLevelDomainObject("SignedDom2", "Test Domain2", "testOrg", zmsTestInitializer.getAdminUser());
zmsTestInitializer.getZms().postTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), zmsTestInitializer.getAuditRef(), dom2);
meta = zmsTestInitializer.createDomainMetaObject("Tenant Domain2", null, true, false, "12346", null);
zmsTestInitializer.getZms().putDomainMeta(zmsTestInitializer.getMockDomRsrcCtx(), "signeddom2", zmsTestInitializer.getAuditRef(), meta);
meta = zmsTestInitializer.createDomainMetaObject("Tenant Domain2", null, true, false, "12346", null);
zmsTestInitializer.getZms().putDomainSystemMeta(zmsTestInitializer.getMockDomRsrcCtx(), "signeddom2", "account", zmsTestInitializer.getAuditRef(), meta);
zmsTestInitializer.setupPrincipalSystemMetaDelete(zmsTestInitializer.getZms(), zmsTestInitializer.getMockDomRsrcCtx().principal().getFullName(), "signeddom2", "productid");
meta = zmsTestInitializer.createDomainMetaObject("Tenant Domain2", null, true, false, "12346", null);
zmsTestInitializer.getZms().putDomainSystemMeta(zmsTestInitializer.getMockDomRsrcCtx(), "signeddom2", "productid", zmsTestInitializer.getAuditRef(), meta);
zmsTestInitializer.cleanupPrincipalSystemMetaDelete(zmsTestInitializer.getZms());
DomainList domList = zmsTestInitializer.getZms().getDomainList(zmsTestInitializer.getMockDomRsrcCtx(), null, null, null, null, null, null, null, null, null, null, null, null, null);
assertNotNull(domList);
zmsTestInitializer.getZms().privateKey = new ServerPrivateKey(Crypto.loadPrivateKey(Crypto.ybase64DecodeString(zmsTestInitializer.getPrivKey())), "0");
Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
Principal sysPrincipal = principalAuthority.authenticate("v=U1;d=sys;n=zts;s=signature", "10.11.12.13", "GET", null);
ResourceContext rsrcCtx = zmsTestInitializer.createResourceContext(sysPrincipal);
// we're going to ask for entries with ypm id so we'll only
// get one of the domains back - dom1 but not dom2
Response response = zmsTestInitializer.getZms().getSignedDomains(rsrcCtx, null, "true", "ypmid", Boolean.TRUE, false, null);
SignedDomains sdoms = (SignedDomains) response.getEntity();
assertNotNull(sdoms);
List<SignedDomain> list = sdoms.getDomains();
assertNotNull(list);
boolean dom1Found = false;
boolean dom2Found = false;
for (SignedDomain sDomain : list) {
DomainData domainData = sDomain.getDomain();
switch(domainData.getName()) {
case "signeddom1":
dom1Found = true;
break;
case "signeddom2":
dom2Found = true;
break;
}
}
assertTrue(dom1Found);
assertFalse(dom2Found);
// now asking for specific domains with ypm id
// first signeddom1 with should return
response = zmsTestInitializer.getZms().getSignedDomains(rsrcCtx, "signeddom1", "true", "ypmid", Boolean.TRUE, false, null);
sdoms = (SignedDomains) response.getEntity();
assertNotNull(sdoms);
list = sdoms.getDomains();
assertNotNull(list);
assertEquals(list.size(), 1);
DomainData domainData = list.get(0).getDomain();
assertEquals(domainData.getName(), "signeddom1");
// then signeddom2 with should not return
response = zmsTestInitializer.getZms().getSignedDomains(rsrcCtx, "signeddom2", "true", "ypmid", Boolean.TRUE, false, null);
sdoms = (SignedDomains) response.getEntity();
assertNotNull(sdoms);
list = sdoms.getDomains();
assertNotNull(list);
assertEquals(list.size(), 0);
zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), "SignedDom1", zmsTestInitializer.getAuditRef());
zmsTestInitializer.getZms().deleteTopLevelDomain(zmsTestInitializer.getMockDomRsrcCtx(), "SignedDom2", zmsTestInitializer.getAuditRef());
}
Also used :
Authority(com.yahoo.athenz.auth.Authority)
ServerPrivateKey(com.yahoo.athenz.auth.ServerPrivateKey)
Response(javax.ws.rs.core.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Principal(com.yahoo.athenz.auth.Principal)
Example 4 with ServerPrivateKey
use of com.yahoo.athenz.auth.ServerPrivateKey in project athenz by yahoo.
the class AwsPrivateKeyStoreTest method testGetPrivateKeyAlgorithm.
private void testGetPrivateKeyAlgorithm(final String service) throws IOException {
final String bucketName = "my_bucket";
final String keyName = "my_key";
final String algKeyName = "my_key.rsa";
final String keyId = "my_key_id";
final String algKeyId = "my_key_id.rsa";
final String expectedKeyId = "1";
System.setProperty("athenz.aws.s3.region", "us-east-1");
System.setProperty("athenz.aws." + service + ".bucket_name", bucketName);
System.setProperty("athenz.aws." + service + ".key_name", keyName);
System.setProperty("athenz.aws." + service + ".key_id_name", keyId);
AmazonS3 s3 = mock(AmazonS3.class);
AWSKMS kms = mock(AWSKMS.class);
S3Object s3ObjectKey = mock(S3Object.class);
Mockito.when(s3.getObject(bucketName, algKeyName)).thenReturn(s3ObjectKey);
File privKeyFile = new File("src/test/resources/unit_test_zts_private.pem");
final String privKey = new String(Files.readAllBytes(privKeyFile.toPath()), StandardCharsets.UTF_8);
InputStream isKey = new ByteArrayInputStream(privKey.getBytes());
S3ObjectInputStream s3ObjectKeyInputStream = new S3ObjectInputStream(isKey, null);
Mockito.when(s3ObjectKey.getObjectContent()).thenReturn(s3ObjectKeyInputStream);
S3Object s3ObjectKeyId = mock(S3Object.class);
Mockito.when(s3.getObject(bucketName, algKeyId)).thenReturn(s3ObjectKeyId);
InputStream isKeyId = new ByteArrayInputStream(expectedKeyId.getBytes());
S3ObjectInputStream s3ObjectKeyIdInputStream = new S3ObjectInputStream(isKeyId, null);
Mockito.when(s3ObjectKeyId.getObjectContent()).thenReturn(s3ObjectKeyIdInputStream);
AwsPrivateKeyStore awsPrivateKeyStore = new AwsPrivateKeyStore(s3, kms);
ServerPrivateKey serverPrivateKey = awsPrivateKeyStore.getPrivateKey(service, "testServerHostName", "us-east-1", "rsa");
assertNotNull(serverPrivateKey);
assertNotNull(serverPrivateKey.getKey());
assertEquals(serverPrivateKey.getAlgorithm().toString(), "RS256");
assertEquals(serverPrivateKey.getId(), "1");
System.clearProperty("athenz.aws.s3.region");
System.clearProperty("athenz.aws." + service + ".bucket_name");
System.clearProperty("athenz.aws." + service + ".key_name");
System.clearProperty("athenz.aws." + service + ".key_id_name");
}
Also used :
AmazonS3(com.amazonaws.services.s3.AmazonS3)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
S3ObjectInputStream(com.amazonaws.services.s3.model.S3ObjectInputStream)
InputStream(java.io.InputStream)
S3ObjectInputStream(com.amazonaws.services.s3.model.S3ObjectInputStream)
S3Object(com.amazonaws.services.s3.model.S3Object)
File(java.io.File)
ServerPrivateKey(com.yahoo.athenz.auth.ServerPrivateKey)
AWSKMS(com.amazonaws.services.kms.AWSKMS)
Example 5 with ServerPrivateKey
use of com.yahoo.athenz.auth.ServerPrivateKey in project athenz by yahoo.
the class ZMSImplTest method testGetUserToken.
@Test
public void testGetUserToken() {
// Use real Principal Authority to verify signatures
PrincipalAuthority principalAuthority = new com.yahoo.athenz.auth.impl.PrincipalAuthority();
principalAuthority.setKeyStore(zmsTestInitializer.getZms());
Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
String userId = "george";
Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
assertNotNull(principal);
((SimplePrincipal) principal).setUnsignedCreds(userId);
ResourceContext rsrcCtx1 = zmsTestInitializer.createResourceContext(principal);
zmsTestInitializer.getZms().privateKey = new ServerPrivateKey(Crypto.loadPrivateKey(Crypto.ybase64DecodeString(zmsTestInitializer.getPrivKey())), "0");
zmsTestInitializer.loadServerPublicKeys(zmsTestInitializer.getZms());
UserToken token = zmsTestInitializer.getZms().getUserToken(rsrcCtx1, userId, null, null);
assertNotNull(token);
assertTrue(token.getToken().startsWith("v=U1;d=user;n=" + userId + ";"));
assertTrue(token.getToken().contains(";h=localhost"));
assertTrue(token.getToken().contains(";i=10.11.12.13"));
assertTrue(token.getToken().contains(";k=0"));
// Verify signature
Principal principalToVerify = principalAuthority.authenticate(token.getToken(), "10.11.12.13", "GET", null);
assertNotNull(principalToVerify);
zmsTestInitializer.getZms().privateKey = new ServerPrivateKey(Crypto.loadPrivateKey(Crypto.ybase64DecodeString(zmsTestInitializer.getPrivKeyK1())), "1");
token = zmsTestInitializer.getZms().getUserToken(rsrcCtx1, userId, null, false);
assertNotNull(token);
assertTrue(token.getToken().contains("k=1"));
// Verify signature
principalToVerify = principalAuthority.authenticate(token.getToken(), "10.11.12.13", "GET", null);
assertNotNull(principalToVerify);
zmsTestInitializer.getZms().privateKey = new ServerPrivateKey(Crypto.loadPrivateKey(Crypto.ybase64DecodeString(zmsTestInitializer.getPrivKeyK2())), "2");
token = zmsTestInitializer.getZms().getUserToken(rsrcCtx1, userId, null, null);
assertNotNull(token);
assertTrue(token.getToken().contains("k=2"));
// Verify signature
principalToVerify = principalAuthority.authenticate(token.getToken(), "10.11.12.13", "GET", null);
assertNotNull(principalToVerify);
}
Also used :
Authority(com.yahoo.athenz.auth.Authority)
ServerPrivateKey(com.yahoo.athenz.auth.ServerPrivateKey)
Principal(com.yahoo.athenz.auth.Principal)
Aggregations
ServerPrivateKey (com.yahoo.athenz.auth.ServerPrivateKey)15
Authority (com.yahoo.athenz.auth.Authority)7
Principal (com.yahoo.athenz.auth.Principal)7
HttpServletResponse (javax.servlet.http.HttpServletResponse)4
Response (javax.ws.rs.core.Response)4
PrivateKey (java.security.PrivateKey)3
Test (org.testng.annotations.Test)3
PrivateKeyStore (com.yahoo.athenz.auth.PrivateKeyStore)2
File (java.io.File)2
AWSKMS (com.amazonaws.services.kms.AWSKMS)1
AmazonS3 (com.amazonaws.services.s3.AmazonS3)1
S3Object (com.amazonaws.services.s3.model.S3Object)1
S3ObjectInputStream (com.amazonaws.services.s3.model.S3ObjectInputStream)1
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)1
HostnameResolver (com.yahoo.athenz.common.server.dns.HostnameResolver)1
InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)1
SignedDomain (com.yahoo.athenz.zms.SignedDomain)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
