Search in sources :

Example 11 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class PrincipalAuthorityTest method testGetPublicKeyKeyServiceEmpty.

@Test
public void testGetPublicKeyKeyServiceEmpty() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = Mockito.mock(KeyStore.class);
    serviceAuthority.setKeyStore(keyStore);
    Mockito.when(keyStore.getPublicKey("sys.auth", "zms", "v1")).thenReturn("zms-key");
    Mockito.when(keyStore.getPublicKey("sys.auth", "zts", "v1")).thenReturn("zts-key");
    Mockito.when(keyStore.getPublicKey("athenz", "svc", "v1")).thenReturn("athenz-key");
    String key = serviceAuthority.getPublicKey("athenz", "svc", "", "v1", false);
    assertEquals(key, "athenz-key");
}
Also used : KeyStore(com.yahoo.athenz.auth.KeyStore) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 12 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class PrincipalAuthorityTest method testPrincipalAuthority.

@Test
public void testPrincipalAuthority() throws IOException, CryptoException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    assertNull(serviceAuthority.getDomain());
    assertEquals(serviceAuthority.getHeader(), "Athenz-Principal-Auth");
    // Create and sign token with no key version
    PrincipalToken serviceToken = new PrincipalToken.Builder(svcVersion, svcDomain, svcName).host(host).salt(salt).expirationWindow(expirationTime).build();
    serviceToken.sign(servicePrivateKeyStringK0);
    StringBuilder errMsg = new StringBuilder();
    Principal principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", errMsg);
    assertNotNull(principal);
    assertNotNull(principal.getAuthority());
    assertEquals(principal.getCredentials(), serviceToken.getSignedToken());
    assertEquals(principal.getDomain(), serviceToken.getDomain());
    assertEquals(principal.getName(), serviceToken.getName());
    assertEquals(principal.getKeyId(), "0");
    principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", null);
    assertNotNull(principal);
    // Create and sign token with key version 0
    serviceToken = new PrincipalToken.Builder(svcVersion, svcDomain, svcName).host(host).salt(salt).expirationWindow(expirationTime).keyId(testKeyVersionK0).build();
    serviceToken.sign(servicePrivateKeyStringK0);
    principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", errMsg);
    assertNotNull(principal);
    assertEquals(principal.getCredentials(), serviceToken.getSignedToken());
    // Create and sign token with key version 1
    serviceToken = new PrincipalToken.Builder(svcVersion, svcDomain, svcName).host(host).salt(salt).expirationWindow(expirationTime).keyId(testKeyVersionK1).build();
    serviceToken.sign(servicePrivateKeyStringK1);
    principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", errMsg);
    assertNotNull(principal);
    assertEquals(principal.getCredentials(), serviceToken.getSignedToken());
}
Also used : PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 13 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class PrincipalAuthorityTest method testGetAuthorizedServiceNameMultipleServices.

@Test
public void testGetAuthorizedServiceNameMultipleServices() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("coretech.storage");
    authorizedServices.add("media.storage");
    assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, null), null);
    assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, "sports.storage"), null);
    assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, "coretech.storage"), "coretech.storage");
}
Also used : ArrayList(java.util.ArrayList) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 14 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class PrincipalAuthorityTest method testGetPublicKeyKeyServiceZms.

@Test
public void testGetPublicKeyKeyServiceZms() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = Mockito.mock(KeyStore.class);
    serviceAuthority.setKeyStore(keyStore);
    Mockito.when(keyStore.getPublicKey("sys.auth", "zms", "v1")).thenReturn("zms-key");
    Mockito.when(keyStore.getPublicKey("athenz", "svc", "v1")).thenReturn("athenz-key");
    String key = serviceAuthority.getPublicKey("athenz", "svc", "zms", "v1", false);
    assertEquals(key, "zms-key");
}
Also used : KeyStore(com.yahoo.athenz.auth.KeyStore) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 15 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedServiceSingle.

@Test
public void testValidateAuthorizedServiceSingle() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("sports.fantasy");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
    // Create a token for validation using the signed data
    assertEquals(serviceAuthority.validateAuthorizeService(userTokenToSign, null), "sports.fantasy");
}
Also used : ArrayList(java.util.ArrayList) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Aggregations

PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)101 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)74 Test (org.testng.annotations.Test)62 Principal (com.yahoo.athenz.auth.Principal)44 Authority (com.yahoo.athenz.auth.Authority)40 BeforeTest (org.testng.annotations.BeforeTest)26 KeyStore (com.yahoo.athenz.auth.KeyStore)16 SignedDomain (com.yahoo.athenz.zms.SignedDomain)16 IOException (java.io.IOException)16 WebApplicationException (javax.ws.rs.WebApplicationException)16 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13 Path (java.nio.file.Path)13 ArrayList (java.util.ArrayList)12 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)11 DataStore (com.yahoo.athenz.zts.store.DataStore)11 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)11 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 UnsupportedEncodingException (java.io.UnsupportedEncodingException)9 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7