use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestByUserCert.
@Test
public void testPostInstanceRefreshRequestByUserCert() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("0");
String publicKeyName = "athenz.syncer_v0";
final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
ztsImpl.authorizer = authorizer;
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
try {
ztsImpl.postInstanceRefreshRequest(context, "user", "doe", req);
fail();
} catch (Exception ex) {
assertTrue(ex.getMessage().contains("TLS Certificates require ServiceTokens"), ex.getMessage());
}
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestByUserPublicKeyMismatch.
@Test
public void testPostInstanceRefreshRequestByUserPublicKeyMismatch() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/valid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("1");
String publicKeyName = "athenz.syncer_v0";
final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "ABCwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
ztsImpl.authorizer = authorizer;
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
try {
ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
fail();
} catch (Exception ex) {
assertTrue(ex.getMessage().contains("Invalid CSR - public key mismatch"), ex.getMessage());
}
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testGetHostServices.
@Test
public void testGetHostServices() {
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processDomain(signedDomain, false);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
HostServices hosts = zts.getHostServices(context, "host1");
assertTrue(hosts.getNames().size() == 1);
assertTrue(hosts.getNames().contains("coretech.storage"));
hosts = zts.getHostServices(context, "host2");
assertTrue(hosts.getNames().size() == 2);
assertTrue(hosts.getNames().contains("coretech.storage"));
assertTrue(hosts.getNames().contains("coretech.backup"));
hosts = zts.getHostServices(context, "host3");
assertTrue(hosts.getNames().size() == 1);
assertTrue(hosts.getNames().contains("coretech.backup"));
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testGetServiceIdentityInvalid.
@Test
public void testGetServiceIdentityInvalid() {
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processDomain(signedDomain, false);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
try {
@SuppressWarnings("unused") com.yahoo.athenz.zts.ServiceIdentity svc = zts.getServiceIdentity(context, "coretech", "storage2");
fail();
} catch (ResourceException ex) {
assertTrue(true);
}
try {
@SuppressWarnings("unused") com.yahoo.athenz.zts.ServiceIdentity svc = zts.getServiceIdentity(context, "testDomain2", "storage");
fail();
} catch (ResourceException ex) {
assertTrue(true);
}
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class ZTSImplTest method testGetPublicKeyEntryInvalidKeyId.
@Test
public void testGetPublicKeyEntryInvalidKeyId() {
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processDomain(signedDomain, false);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
// with null we get 400
try {
zts.getPublicKeyEntry(context, "coretech", "storage", null);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 400);
}
// with nonexistent we get 404
try {
zts.getPublicKeyEntry(context, "coretech", "storage", "999999");
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 404);
}
}
Aggregations