use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testGetPublicKeyKeyServiceEmpty.
@Test
public void testGetPublicKeyKeyServiceEmpty() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = Mockito.mock(KeyStore.class);
serviceAuthority.setKeyStore(keyStore);
Mockito.when(keyStore.getPublicKey("sys.auth", "zms", "v1")).thenReturn("zms-key");
Mockito.when(keyStore.getPublicKey("sys.auth", "zts", "v1")).thenReturn("zts-key");
Mockito.when(keyStore.getPublicKey("athenz", "svc", "v1")).thenReturn("athenz-key");
String key = serviceAuthority.getPublicKey("athenz", "svc", "", "v1", false);
assertEquals(key, "athenz-key");
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testPrincipalAuthority.
@Test
public void testPrincipalAuthority() throws IOException, CryptoException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
assertNull(serviceAuthority.getDomain());
assertEquals(serviceAuthority.getHeader(), "Athenz-Principal-Auth");
// Create and sign token with no key version
PrincipalToken serviceToken = new PrincipalToken.Builder(svcVersion, svcDomain, svcName).host(host).salt(salt).expirationWindow(expirationTime).build();
serviceToken.sign(servicePrivateKeyStringK0);
StringBuilder errMsg = new StringBuilder();
Principal principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", errMsg);
assertNotNull(principal);
assertNotNull(principal.getAuthority());
assertEquals(principal.getCredentials(), serviceToken.getSignedToken());
assertEquals(principal.getDomain(), serviceToken.getDomain());
assertEquals(principal.getName(), serviceToken.getName());
assertEquals(principal.getKeyId(), "0");
principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", null);
assertNotNull(principal);
// Create and sign token with key version 0
serviceToken = new PrincipalToken.Builder(svcVersion, svcDomain, svcName).host(host).salt(salt).expirationWindow(expirationTime).keyId(testKeyVersionK0).build();
serviceToken.sign(servicePrivateKeyStringK0);
principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", errMsg);
assertNotNull(principal);
assertEquals(principal.getCredentials(), serviceToken.getSignedToken());
// Create and sign token with key version 1
serviceToken = new PrincipalToken.Builder(svcVersion, svcDomain, svcName).host(host).salt(salt).expirationWindow(expirationTime).keyId(testKeyVersionK1).build();
serviceToken.sign(servicePrivateKeyStringK1);
principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", errMsg);
assertNotNull(principal);
assertEquals(principal.getCredentials(), serviceToken.getSignedToken());
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testGetAuthorizedServiceNameMultipleServices.
@Test
public void testGetAuthorizedServiceNameMultipleServices() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add("coretech.storage");
authorizedServices.add("media.storage");
assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, null), null);
assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, "sports.storage"), null);
assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, "coretech.storage"), "coretech.storage");
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testGetPublicKeyKeyServiceZms.
@Test
public void testGetPublicKeyKeyServiceZms() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = Mockito.mock(KeyStore.class);
serviceAuthority.setKeyStore(keyStore);
Mockito.when(keyStore.getPublicKey("sys.auth", "zms", "v1")).thenReturn("zms-key");
Mockito.when(keyStore.getPublicKey("athenz", "svc", "v1")).thenReturn("athenz-key");
String key = serviceAuthority.getPublicKey("athenz", "svc", "zms", "v1", false);
assertEquals(key, "zms-key");
}
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testValidateAuthorizedServiceSingle.
@Test
public void testValidateAuthorizedServiceSingle() throws IOException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
long issueTime = System.currentTimeMillis() / 1000;
// Create and sign token
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add("sports.fantasy");
PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
userTokenToSign.sign(servicePrivateKeyStringK0);
// now let's sign the token for an authorized service
userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
// Create a token for validation using the signed data
assertEquals(serviceAuthority.validateAuthorizeService(userTokenToSign, null), "sports.fantasy");
}
Aggregations