Search in sources :

Example 51 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshRequestByUserNoPublicKey.

@Test
public void testPostInstanceRefreshRequestByUserNoPublicKey() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
    String certCsr = new String(Files.readAllBytes(path));
    InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
    principal.setKeyId("1");
    ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
    Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
    ztsImpl.authorizer = authorizer;
    HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
    Mockito.when(servletRequest.isSecure()).thenReturn(true);
    ResourceContext context = createResourceContext(principal, servletRequest);
    try {
        ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
        fail();
    } catch (Exception ex) {
        assertTrue(ex.getMessage().contains("Unable to retrieve public key"), ex.getMessage());
    }
}
Also used : Path(java.nio.file.Path) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) WebApplicationException(javax.ws.rs.WebApplicationException) IOException(java.io.IOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Test(org.testng.annotations.Test)

Example 52 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testGetTenantDomainsInvalidDomain.

@Test
public void testGetTenantDomainsInvalidDomain() {
    SignedDomain signedDomain = createSignedDomain("athenz.product", "weather.frontpage", "storage", true);
    store.processDomain(signedDomain, false);
    signedDomain = createTenantSignedDomain("weather.frontpage", "athenz.product", "storage");
    store.processDomain(signedDomain, false);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    try {
        zts.getTenantDomains(context, "athenz.non_product", "user100", null, null);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 404);
    }
}
Also used : SignedDomain(com.yahoo.athenz.zms.SignedDomain) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test)

Example 53 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testGetServiceIdentityListNoServices.

@Test
public void testGetServiceIdentityListNoServices() {
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", false);
    store.processDomain(signedDomain, false);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    com.yahoo.athenz.zts.ServiceIdentityList svcList = zts.getServiceIdentityList(context, "coretech");
    assertEquals(svcList.getNames().size(), 0);
}
Also used : SignedDomain(com.yahoo.athenz.zms.SignedDomain) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test)

Example 54 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshRequestByUserIdentityFailure.

@Test
public void testPostInstanceRefreshRequestByUserIdentityFailure() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
    String certCsr = new String(Files.readAllBytes(path));
    InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
    principal.setKeyId("0");
    String publicKeyName = "athenz.syncer_v0";
    final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
    ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
    ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
    Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
    ztsImpl.authorizer = authorizer;
    HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
    Mockito.when(servletRequest.isSecure()).thenReturn(true);
    ResourceContext context = createResourceContext(principal, servletRequest);
    CertSigner certSigner = Mockito.mock(CertSigner.class);
    Mockito.when(certSigner.generateX509Certificate(Mockito.anyString(), Mockito.anyString(), Mockito.anyInt())).thenReturn(null);
    ztsImpl.certSigner = certSigner;
    try {
        ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
        fail();
    } catch (Exception ex) {
        assertTrue(ex.getMessage().contains("Unable to generate identity"), ex.getMessage());
    }
}
Also used : Path(java.nio.file.Path) CertSigner(com.yahoo.athenz.common.server.cert.CertSigner) SelfCertSigner(com.yahoo.athenz.zts.cert.impl.SelfCertSigner) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) WebApplicationException(javax.ws.rs.WebApplicationException) IOException(java.io.IOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Test(org.testng.annotations.Test)

Example 55 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testCheckRoleTokenAuthorizedServiceRequestNoAuthzService.

@Test
public void testCheckRoleTokenAuthorizedServiceRequestNoAuthzService() {
    // null authorized service
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
    zts.checkRoleTokenAuthorizedServiceRequest(principal, "athenz", "caller");
    // empty authorized service
    principal.setAuthorizedService("");
    zts.checkRoleTokenAuthorizedServiceRequest(principal, "athenz", "caller");
}
Also used : SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test)

Aggregations

PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)101 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)74 Test (org.testng.annotations.Test)62 Principal (com.yahoo.athenz.auth.Principal)44 Authority (com.yahoo.athenz.auth.Authority)40 BeforeTest (org.testng.annotations.BeforeTest)26 KeyStore (com.yahoo.athenz.auth.KeyStore)16 SignedDomain (com.yahoo.athenz.zms.SignedDomain)16 IOException (java.io.IOException)16 WebApplicationException (javax.ws.rs.WebApplicationException)16 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13 Path (java.nio.file.Path)13 ArrayList (java.util.ArrayList)12 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)11 DataStore (com.yahoo.athenz.zts.store.DataStore)11 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)11 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 UnsupportedEncodingException (java.io.UnsupportedEncodingException)9 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7