Example 11 with PrincipalAuthority
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testGetPublicKeyKeyServiceEmpty.
@Test
public void testGetPublicKeyKeyServiceEmpty() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = Mockito.mock(KeyStore.class);
serviceAuthority.setKeyStore(keyStore);
Mockito.when(keyStore.getPublicKey("sys.auth", "zms", "v1")).thenReturn("zms-key");
Mockito.when(keyStore.getPublicKey("sys.auth", "zts", "v1")).thenReturn("zts-key");
Mockito.when(keyStore.getPublicKey("athenz", "svc", "v1")).thenReturn("athenz-key");
String key = serviceAuthority.getPublicKey("athenz", "svc", "", "v1", false);
assertEquals(key, "athenz-key");
}
Also used :
KeyStore(com.yahoo.athenz.auth.KeyStore)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 12 with PrincipalAuthority
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testPrincipalAuthority.
@Test
public void testPrincipalAuthority() throws IOException, CryptoException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
assertNull(serviceAuthority.getDomain());
assertEquals(serviceAuthority.getHeader(), "Athenz-Principal-Auth");
// Create and sign token with no key version
PrincipalToken serviceToken = new PrincipalToken.Builder(svcVersion, svcDomain, svcName).host(host).salt(salt).expirationWindow(expirationTime).build();
serviceToken.sign(servicePrivateKeyStringK0);
StringBuilder errMsg = new StringBuilder();
Principal principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", errMsg);
assertNotNull(principal);
assertNotNull(principal.getAuthority());
assertEquals(principal.getCredentials(), serviceToken.getSignedToken());
assertEquals(principal.getDomain(), serviceToken.getDomain());
assertEquals(principal.getName(), serviceToken.getName());
assertEquals(principal.getKeyId(), "0");
principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", null);
assertNotNull(principal);
// Create and sign token with key version 0
serviceToken = new PrincipalToken.Builder(svcVersion, svcDomain, svcName).host(host).salt(salt).expirationWindow(expirationTime).keyId(testKeyVersionK0).build();
serviceToken.sign(servicePrivateKeyStringK0);
principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", errMsg);
assertNotNull(principal);
assertEquals(principal.getCredentials(), serviceToken.getSignedToken());
// Create and sign token with key version 1
serviceToken = new PrincipalToken.Builder(svcVersion, svcDomain, svcName).host(host).salt(salt).expirationWindow(expirationTime).keyId(testKeyVersionK1).build();
serviceToken.sign(servicePrivateKeyStringK1);
principal = serviceAuthority.authenticate(serviceToken.getSignedToken(), null, "GET", errMsg);
assertNotNull(principal);
assertEquals(principal.getCredentials(), serviceToken.getSignedToken());
}
Also used :
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
KeyStore(com.yahoo.athenz.auth.KeyStore)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 13 with PrincipalAuthority
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testGetAuthorizedServiceNameMultipleServices.
@Test
public void testGetAuthorizedServiceNameMultipleServices() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add("coretech.storage");
authorizedServices.add("media.storage");
assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, null), null);
assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, "sports.storage"), null);
assertEquals(serviceAuthority.getAuthorizedServiceName(authorizedServices, "coretech.storage"), "coretech.storage");
}
Also used :
ArrayList(java.util.ArrayList)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 14 with PrincipalAuthority
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testGetPublicKeyKeyServiceZms.
@Test
public void testGetPublicKeyKeyServiceZms() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = Mockito.mock(KeyStore.class);
serviceAuthority.setKeyStore(keyStore);
Mockito.when(keyStore.getPublicKey("sys.auth", "zms", "v1")).thenReturn("zms-key");
Mockito.when(keyStore.getPublicKey("athenz", "svc", "v1")).thenReturn("athenz-key");
String key = serviceAuthority.getPublicKey("athenz", "svc", "zms", "v1", false);
assertEquals(key, "zms-key");
}
Also used :
KeyStore(com.yahoo.athenz.auth.KeyStore)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 15 with PrincipalAuthority
use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.
the class PrincipalAuthorityTest method testValidateAuthorizedServiceSingle.
@Test
public void testValidateAuthorizedServiceSingle() throws IOException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
long issueTime = System.currentTimeMillis() / 1000;
// Create and sign token
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add("sports.fantasy");
PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
userTokenToSign.sign(servicePrivateKeyStringK0);
// now let's sign the token for an authorized service
userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
// Create a token for validation using the signed data
assertEquals(serviceAuthority.validateAuthorizeService(userTokenToSign, null), "sports.fantasy");
}
Also used :
ArrayList(java.util.ArrayList)
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
KeyStore(com.yahoo.athenz.auth.KeyStore)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Aggregations
PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)101
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)74
Test (org.testng.annotations.Test)62
Principal (com.yahoo.athenz.auth.Principal)44
Authority (com.yahoo.athenz.auth.Authority)40
BeforeTest (org.testng.annotations.BeforeTest)26
KeyStore (com.yahoo.athenz.auth.KeyStore)16
SignedDomain (com.yahoo.athenz.zms.SignedDomain)16
IOException (java.io.IOException)16
WebApplicationException (javax.ws.rs.WebApplicationException)16
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13
Path (java.nio.file.Path)13
ArrayList (java.util.ArrayList)12
ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)11
DataStore (com.yahoo.athenz.zts.store.DataStore)11
MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)11
ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)11
HttpServletRequest (javax.servlet.http.HttpServletRequest)10
UnsupportedEncodingException (java.io.UnsupportedEncodingException)9
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7
