use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestUserAuthority.
@Test
public void testPostInstanceRefreshRequestUserAuthority() throws IOException {
Path path = Paths.get("src/test/resources/valid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "joe", "v=U1,d=user;n=joe;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
try {
zts.postInstanceRefreshRequest(context, "user", "joe", req);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 400);
assertTrue(ex.getMessage().contains("TLS Certificates require ServiceTokens"), ex.getMessage());
}
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testGetTenantDomainsSingleDomain.
@Test
public void testGetTenantDomainsSingleDomain() {
SignedDomain signedDomain = createSignedDomain("athenz.product", "weather.frontpage", "storage", true);
store.processDomain(signedDomain, false);
signedDomain = createTenantSignedDomain("weather.frontpage", "athenz.product", "storage");
store.processDomain(signedDomain, false);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
TenantDomains tenantDomains = zts.getTenantDomains(context, "athenz.product", "user_domain.user100", null, null);
assertNotNull(tenantDomains);
assertEquals(tenantDomains.getTenantDomainNames().size(), 1);
assertEquals(tenantDomains.getTenantDomainNames().get(0), "weather.frontpage");
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testGetTenantDomainsMultipleDomains.
@Test
public void testGetTenantDomainsMultipleDomains() {
SignedDomain signedDomain = createMultipleSignedDomains("athenz.multiple", "hockey.kings", "hockey.stars", "storage", true);
store.processDomain(signedDomain, false);
signedDomain = createTenantSignedDomain("hockey.kings", "athenz.multiple", "storage");
store.processDomain(signedDomain, false);
signedDomain = createTenantSignedDomain("hockey.stars", "athenz.multiple", "storage");
store.processDomain(signedDomain, false);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
TenantDomains tenantDomains = zts.getTenantDomains(context, "athenz.multiple", "user_domain.user100", null, null);
assertNotNull(tenantDomains);
assertEquals(tenantDomains.getTenantDomainNames().size(), 2);
assertTrue(tenantDomains.getTenantDomainNames().contains("hockey.kings"));
assertTrue(tenantDomains.getTenantDomainNames().contains("hockey.stars"));
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestByUserPrincipalMismatch.
@Test
public void testPostInstanceRefreshRequestByUserPrincipalMismatch() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("0");
String publicKeyName = "athenz.syncer_v0";
final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(false);
ztsImpl.authorizer = authorizer;
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
try {
ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
fail();
} catch (Exception ex) {
assertTrue(ex.getMessage().contains("Principal mismatch"));
}
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testGetTenantDomainsSingleDomainWithUserDomain.
@Test
public void testGetTenantDomainsSingleDomainWithUserDomain() {
SignedDomain signedDomain = createSignedDomain("athenz.product", "weather.frontpage", "storage", true);
store.processDomain(signedDomain, false);
signedDomain = createTenantSignedDomain("weather.frontpage", "athenz.product", "storage");
store.processDomain(signedDomain, false);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
TenantDomains tenantDomains = zts.getTenantDomains(context, "athenz.product", "user_domain.user100", null, null);
assertNotNull(tenantDomains);
assertEquals(tenantDomains.getTenantDomainNames().size(), 1);
assertEquals(tenantDomains.getTenantDomainNames().get(0), "weather.frontpage");
}
Aggregations