Example 86 with PrincipalAuthority
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testPrincipalAuthorityWithAuthorizedService.
@Test
public void testPrincipalAuthorityWithAuthorizedService() throws IOException, CryptoException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
// Create and sign token with key version 0
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add("sports.fantasy");
authorizedServices.add("sports.hockey");
long issueTime = System.currentTimeMillis() / 1000;
PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).ip("127.0.0.2").issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
userTokenToSign.sign(servicePrivateKeyStringK0);
// now let's sign the token for an authorized service
userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
// we're going to pass a different IP so we get the authorized service checks
StringBuilder errMsg = new StringBuilder();
Principal principal = serviceAuthority.authenticate(userTokenToSign.getSignedToken(), "127.0.0.3", "POST", errMsg);
assertNotNull(principal);
assertEquals(principal.getAuthorizedService(), "sports.fantasy");
}
Also used :
ArrayList(java.util.ArrayList)
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
KeyStore(com.yahoo.athenz.auth.KeyStore)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 87 with PrincipalAuthority
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testValidateAuthorizedServiceNoServices.
@Test
public void testValidateAuthorizedServiceNoServices() throws IOException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
long issueTime = System.currentTimeMillis() / 1000;
// Create and sign token
PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).build();
userTokenToSign.sign(servicePrivateKeyStringK0);
// Create a token for validation using the signed data
StringBuilder errMsg = new StringBuilder();
assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}
Also used :
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
KeyStore(com.yahoo.athenz.auth.KeyStore)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 88 with PrincipalAuthority
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testValidateAuthorizedServiceNoSignature.
@Test
public void testValidateAuthorizedServiceNoSignature() throws IOException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
long issueTime = System.currentTimeMillis() / 1000;
// Create and sign token
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add("coretech.storage");
authorizedServices.add("media.storage");
PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).authorizedServices(authorizedServices).expirationWindow(expirationTime).build();
userTokenToSign.sign(servicePrivateKeyStringK0);
// Create a token for validation using the signed data
StringBuilder errMsg = new StringBuilder();
assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}
Also used :
ArrayList(java.util.ArrayList)
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
KeyStore(com.yahoo.athenz.auth.KeyStore)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 89 with PrincipalAuthority
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testRemoteIpCheckNone.
@Test
public void testRemoteIpCheckNone() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
serviceAuthority.ipCheckMode = IpCheckMode.OPS_NONE;
PrincipalToken serviceToken = new PrincipalToken("v=S1;d=user;n=user1;i=10.11.12.23;s=sig");
// all operations must return true
// first let's verify read operation with and without matches
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
// now let's try write operations without authorized service
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
// finally mismatch operation with authorized service
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, "authz_service"));
}
Also used :
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 90 with PrincipalAuthority
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testIsWriteOperation.
@Test
public void testIsWriteOperation() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
assertTrue(serviceAuthority.isWriteOperation("PUT"));
assertTrue(serviceAuthority.isWriteOperation("put"));
assertTrue(serviceAuthority.isWriteOperation("Post"));
assertTrue(serviceAuthority.isWriteOperation("POST"));
assertTrue(serviceAuthority.isWriteOperation("DeLete"));
assertTrue(serviceAuthority.isWriteOperation("DELETE"));
assertFalse(serviceAuthority.isWriteOperation("GET"));
assertFalse(serviceAuthority.isWriteOperation("Get"));
assertFalse(serviceAuthority.isWriteOperation("HEAD"));
assertFalse(serviceAuthority.isWriteOperation(null));
assertFalse(serviceAuthority.isWriteOperation("Unknown"));
assertFalse(serviceAuthority.isWriteOperation(""));
}
Also used :
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Aggregations
PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)101
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)74
Test (org.testng.annotations.Test)62
Principal (com.yahoo.athenz.auth.Principal)44
Authority (com.yahoo.athenz.auth.Authority)40
BeforeTest (org.testng.annotations.BeforeTest)26
KeyStore (com.yahoo.athenz.auth.KeyStore)16
SignedDomain (com.yahoo.athenz.zms.SignedDomain)16
IOException (java.io.IOException)16
WebApplicationException (javax.ws.rs.WebApplicationException)16
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13
Path (java.nio.file.Path)13
ArrayList (java.util.ArrayList)12
ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)11
DataStore (com.yahoo.athenz.zts.store.DataStore)11
MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)11
ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)11
HttpServletRequest (javax.servlet.http.HttpServletRequest)10
UnsupportedEncodingException (java.io.UnsupportedEncodingException)9
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7
