Search in sources :

Example 91 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class RoleAuthorityTest method testIsWriteOperation.

@Test
public void testIsWriteOperation() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    assertTrue(serviceAuthority.isWriteOperation("PUT"));
    assertTrue(serviceAuthority.isWriteOperation("put"));
    assertTrue(serviceAuthority.isWriteOperation("Post"));
    assertTrue(serviceAuthority.isWriteOperation("POST"));
    assertTrue(serviceAuthority.isWriteOperation("DeLete"));
    assertTrue(serviceAuthority.isWriteOperation("DELETE"));
    assertFalse(serviceAuthority.isWriteOperation("GET"));
    assertFalse(serviceAuthority.isWriteOperation("Get"));
    assertFalse(serviceAuthority.isWriteOperation("HEAD"));
    assertFalse(serviceAuthority.isWriteOperation(null));
    assertFalse(serviceAuthority.isWriteOperation("Unknown"));
    assertFalse(serviceAuthority.isWriteOperation(""));
}
Also used : PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 92 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class PrincipalAuthorityTest method testRemoteIpCheckWrite.

@Test
public void testRemoteIpCheckWrite() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    serviceAuthority.ipCheckMode = IpCheckMode.OPS_WRITE;
    PrincipalToken serviceToken = new PrincipalToken("v=S1;d=user;n=user1;i=10.11.12.23;s=sig");
    // first let's verify read operation with and without matches
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
    // now let's try write operations without authorized service
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
    assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
    // finally mismatch operation with authorized service
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, "authz_service"));
}
Also used : PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 93 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class PrincipalAuthorityTest method testGetAuthorizedServiceNameSingleServices.

@Test
public void testGetAuthorizedServiceNameSingleServices() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("coretech.storage");
    assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, null), "coretech.storage");
    assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, "sports.storage"), null);
    assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, "coretech.storage"), "coretech.storage");
}
Also used : ArrayList(java.util.ArrayList) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 94 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class PrincipalAuthorityTest method testInitialize.

@Test
public void testInitialize() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
    Class<PrincipalAuthority> c = PrincipalAuthority.class;
    PrincipalAuthority principalAuthority = new PrincipalAuthority();
    System.setProperty(PrincipalAuthority.ATHENZ_PROP_TOKEN_OFFSET, "-1");
    principalAuthority.initialize();
    Field f1 = c.getDeclaredField("allowedOffset");
    f1.setAccessible(true);
    int m = (Integer) f1.get(principalAuthority);
    assertEquals(m, 300);
    assertEquals(principalAuthority.userDomain, "user");
}
Also used : Field(java.lang.reflect.Field) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 95 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class PrincipalAuthorityTest method testRemoteIpCheckAll.

@Test
public void testRemoteIpCheckAll() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    serviceAuthority.ipCheckMode = IpCheckMode.OPS_ALL;
    PrincipalToken serviceToken = new PrincipalToken("v=S1;d=domain;n=service;i=10.11.12.23;s=sig");
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
    assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
    assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
}
Also used : PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Aggregations

PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)101 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)74 Test (org.testng.annotations.Test)62 Principal (com.yahoo.athenz.auth.Principal)44 Authority (com.yahoo.athenz.auth.Authority)40 BeforeTest (org.testng.annotations.BeforeTest)26 KeyStore (com.yahoo.athenz.auth.KeyStore)16 SignedDomain (com.yahoo.athenz.zms.SignedDomain)16 IOException (java.io.IOException)16 WebApplicationException (javax.ws.rs.WebApplicationException)16 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13 Path (java.nio.file.Path)13 ArrayList (java.util.ArrayList)12 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)11 DataStore (com.yahoo.athenz.zts.store.DataStore)11 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)11 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 UnsupportedEncodingException (java.io.UnsupportedEncodingException)9 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7