use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestByUserNoPublicKey.
@Test
public void testPostInstanceRefreshRequestByUserNoPublicKey() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("1");
ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
ztsImpl.authorizer = authorizer;
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
try {
ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
fail();
} catch (Exception ex) {
assertTrue(ex.getMessage().contains("Unable to retrieve public key"), ex.getMessage());
}
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testGetTenantDomainsInvalidDomain.
@Test
public void testGetTenantDomainsInvalidDomain() {
SignedDomain signedDomain = createSignedDomain("athenz.product", "weather.frontpage", "storage", true);
store.processDomain(signedDomain, false);
signedDomain = createTenantSignedDomain("weather.frontpage", "athenz.product", "storage");
store.processDomain(signedDomain, false);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
try {
zts.getTenantDomains(context, "athenz.non_product", "user100", null, null);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 404);
}
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testGetServiceIdentityListNoServices.
@Test
public void testGetServiceIdentityListNoServices() {
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", false);
store.processDomain(signedDomain, false);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
com.yahoo.athenz.zts.ServiceIdentityList svcList = zts.getServiceIdentityList(context, "coretech");
assertEquals(svcList.getNames().size(), 0);
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestByUserIdentityFailure.
@Test
public void testPostInstanceRefreshRequestByUserIdentityFailure() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("0");
String publicKeyName = "athenz.syncer_v0";
final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
ztsImpl.authorizer = authorizer;
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
CertSigner certSigner = Mockito.mock(CertSigner.class);
Mockito.when(certSigner.generateX509Certificate(Mockito.anyString(), Mockito.anyString(), Mockito.anyInt())).thenReturn(null);
ztsImpl.certSigner = certSigner;
try {
ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
fail();
} catch (Exception ex) {
assertTrue(ex.getMessage().contains("Unable to generate identity"), ex.getMessage());
}
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testCheckRoleTokenAuthorizedServiceRequestNoAuthzService.
@Test
public void testCheckRoleTokenAuthorizedServiceRequestNoAuthzService() {
// null authorized service
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
zts.checkRoleTokenAuthorizedServiceRequest(principal, "athenz", "caller");
// empty authorized service
principal.setAuthorizedService("");
zts.checkRoleTokenAuthorizedServiceRequest(principal, "athenz", "caller");
}
Aggregations