Examples with PrincipalAuthority - com.yahoo.athenz.auth.impl.PrincipalAuthority

Example 56 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSClientTest method testLookupRoleTokenServiceProvider.

@SuppressWarnings("static-access")
@Test
public void testLookupRoleTokenServiceProvider() {
    String domName = "svcdomtest";
    Long expiryTime = (System.currentTimeMillis() / 1000) + 3500L;
    String token = "v=Z1;d=" + domName + ";r=admin;p=sports.hockey;h=localhost;a=f10bc905071a72d1;t=1448045776;e=" + expiryTime.toString() + ";k=0;i=10.11.12.13;s=pujvQuvaLa2jgE3k24bCw5Hm7AP9dUQkmkwNfX2bPhVXyhdRkOlbttF4exJm9V571sJXid6vsihgopCdxqW_qA--";
    RoleToken roleToken = new RoleToken().setToken(token).setExpiryTime((System.currentTimeMillis() / 1000) + 3500L);
    java.util.ServiceLoader<ZTSClientService> providers = java.util.ServiceLoader.load(ZTSClientService.class);
    for (ZTSClientService provider : providers) {
        if (provider instanceof ZTSClientServiceProvider) {
            ZTSClientServiceProvider sprov = (ZTSClientServiceProvider) provider;
            sprov.setToken(roleToken, domName, null, null);
            roleToken = null;
            break;
        }
    }
    // means it found the test service provider
    assertNull(roleToken);
    // now get role token for that domain
    Authority principalAuthority = new PrincipalAuthority();
    Principal principal = SimplePrincipal.create("sports", "hockey", "v=S1;d=sports;n=hockey;s=sig", principalAuthority);
    ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
    ztsClientMock.setRoleName("role1");
    ZTSClient client = new ZTSClient("http://localhost:4080", principal);
    client.setZTSRDLGeneratedClient(ztsClientMock);
    // purposely ignoring cache so 1st thing it will do is check in the providers
    RoleToken rToken = client.getRoleToken(domName, null, null, null, true, null);
    assertNotNull(rToken);
    // not in cache
    String cacheKey = client.getRoleTokenCacheKey(domName, null, null);
    rToken = client.lookupRoleTokenInCache(cacheKey, null, null);
    assertNull(rToken);
    // don't ignore cache so 1st thing it will do is check in the cache
    // before it checks the providers
    rToken = client.getRoleToken(domName, null, null, null, false, null);
    assertNotNull(rToken);
    client.close();
}

Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 57 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testGetPublicKeyEntryInvalidService.

@Test
public void testGetPublicKeyEntryInvalidService() {
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processDomain(signedDomain, false);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    try {
        zts.getPublicKeyEntry(context, "coretech", "nonexistentservice", "0");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 404);
    }
}

Also used : SignedDomain(com.yahoo.athenz.zms.SignedDomain) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test)

Example 58 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshRequestPrincipalMismatch.

@Test
public void testPostInstanceRefreshRequestPrincipalMismatch() throws IOException {
    Path path = Paths.get("src/test/resources/valid.csr");
    String certCsr = new String(Files.readAllBytes(path));
    InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    try {
        zts.postInstanceRefreshRequest(context, "basketbal", "kings", req);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 400);
        assertTrue(ex.getMessage().contains("Principal mismatch"), ex.getMessage());
    }
    try {
        zts.postInstanceRefreshRequest(context, "hockey", "bruins", req);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 400);
        assertTrue(ex.getMessage().contains("Principal mismatch"), ex.getMessage());
    }
}

Also used : Path(java.nio.file.Path) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test)

Example 59 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testGetTenantDomainsInvalidUser.

@Test
public void testGetTenantDomainsInvalidUser() {
    SignedDomain signedDomain = createSignedDomain("athenz.product", "weather.frontpage", "storage", true);
    store.processDomain(signedDomain, false);
    signedDomain = createTenantSignedDomain("weather.frontpage", "athenz.product", "storage");
    store.processDomain(signedDomain, false);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    TenantDomains tenantDomains = zts.getTenantDomains(context, "athenz.product", "user1099", null, null);
    assertNotNull(tenantDomains);
    assertEquals(tenantDomains.getTenantDomainNames().size(), 0);
}

Example 60 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testGetAWSTemporaryCredentialsNoCloudStore.

@Test
public void testGetAWSTemporaryCredentialsNoCloudStore() {
    SignedDomain signedDomain = createAwsSignedDomain("athenz.product", "1234");
    store.processDomain(signedDomain, false);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    try {
        zts.getAWSTemporaryCredentials(context, "athenz.product", "aws_role_name");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 400);
    }
}

Aggregations

PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)101 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)74 Test (org.testng.annotations.Test)62 Principal (com.yahoo.athenz.auth.Principal)44 Authority (com.yahoo.athenz.auth.Authority)40 BeforeTest (org.testng.annotations.BeforeTest)26 KeyStore (com.yahoo.athenz.auth.KeyStore)16 SignedDomain (com.yahoo.athenz.zms.SignedDomain)16 IOException (java.io.IOException)16 WebApplicationException (javax.ws.rs.WebApplicationException)16 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13 Path (java.nio.file.Path)13 ArrayList (java.util.ArrayList)12 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)11 DataStore (com.yahoo.athenz.zts.store.DataStore)11 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)11 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 UnsupportedEncodingException (java.io.UnsupportedEncodingException)9 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7