Examples with PrincipalAuthority com.yahoo.athenz.auth.impl.PrincipalAuthority used on opensource projects

Search in sources :

Example 41 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshRequest.

@Test
public void testPostInstanceRefreshRequest() throws IOException {
    Path path = Paths.get("src/test/resources/valid.csr");
    String certCsr = new String(Files.readAllBytes(path));
    InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "syncer", "v=S1,d=athenz;n=syncer;s=sig", 0, new PrincipalAuthority());
    principal.setKeyId("0");
    String publicKeyName = "athenz.syncer_0";
    final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKrvfvBgXWqWAorw5hYJu3dpOJe0gp3n\n" + "TgiiPGT7+jzm6BRcssOBTPFIMkePT2a8Tq+FYSmFnHfbQjwmYw2uMK8CAwEAAQ==\n" + "-----END PUBLIC KEY-----";
    zts.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
    HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
    Mockito.when(servletRequest.isSecure()).thenReturn(true);
    ResourceContext context = createResourceContext(principal, servletRequest);
    Identity identity = zts.postInstanceRefreshRequest(context, "athenz", "syncer", req);
    assertNotNull(identity);
    X509Certificate cert = Crypto.loadX509Certificate(identity.getCertificate());
    assertNotNull(cert);
}
Also used : Path(java.nio.file.Path) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) X509Certificate(java.security.cert.X509Certificate) Test(org.testng.annotations.Test)

Example 42 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshRequestByUserInvalidRequest.

@Test
public void testPostInstanceRefreshRequestByUserInvalidRequest() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    Path path = Paths.get("src/test/resources/valid.csr");
    String certCsr = new String(Files.readAllBytes(path));
    InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
    principal.setKeyId("1");
    String publicKeyName = "athenz.api_v0";
    final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
    ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
    ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
    Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
    ztsImpl.authorizer = authorizer;
    HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
    Mockito.when(servletRequest.isSecure()).thenReturn(true);
    ResourceContext context = createResourceContext(principal, servletRequest);
    try {
        ztsImpl.postInstanceRefreshRequest(context, "athenz", "api", req);
        fail();
    } catch (Exception ex) {
        assertTrue(ex.getMessage().contains("Invalid CSR - data mismatch"), ex.getMessage());
    }
}
Also used : Path(java.nio.file.Path) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) WebApplicationException(javax.ws.rs.WebApplicationException) IOException(java.io.IOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Test(org.testng.annotations.Test)

Example 43 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testResourceAccess.

@Test
public void testResourceAccess() {
    final String domainName = "coretechaccess";
    DataCache domain = new DataCache();
    DomainData domainData = new DomainData();
    domainData.setName(domainName);
    domain.setDomainData(domainData);
    domainData.setRoles(new ArrayList<Role>());
    Role role1 = createRoleObject(domainName, "role1", null, "user.user1", "user.user3");
    Role role2 = createRoleObject(domainName, "role2", null, "user.user2", null);
    domainData.getRoles().add(role1);
    domainData.getRoles().add(role2);
    Policy policy = createPolicyObject(domainName, "access", domainName + ":role.role1", false, "update", domainName + ":table1", AssertionEffect.ALLOW);
    domainData.setPolicies(new com.yahoo.athenz.zms.SignedPolicies());
    domainData.getPolicies().setContents(new com.yahoo.athenz.zms.DomainPolicies());
    domainData.getPolicies().getContents().setPolicies(new ArrayList<Policy>());
    domainData.getPolicies().getContents().getPolicies().add(policy);
    store.getCacheStore().put(domainName, domain);
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    Principal principal = SimplePrincipal.create("user", "user1", "v=U1;d=user;n=user1;s=signature", 0, principalAuthority);
    ResourceContext ctx = createResourceContext(principal, null);
    // process
    ResourceAccess access = zts.getResourceAccess(ctx, "update", domainName + ":table1", null, null);
    assertTrue(access.getGranted());
    access = zts.getResourceAccessExt(ctx, "update", domainName + ":table1", null, null);
    assertTrue(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table2", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccessExt(ctx, "update", domainName + ":table2", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccess(ctx, "delete", domainName + ":table1", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccessExt(ctx, "delete", domainName + ":table1", null, null);
    assertFalse(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table1", null, "user.user2");
    assertFalse(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table1", null, "user.user3");
    assertTrue(access.getGranted());
    access = zts.getResourceAccess(ctx, "update", domainName + ":table2", null, "user.user3");
    assertFalse(access.getGranted());
    store.getCacheStore().invalidate(domainName);
}
Also used : Policy(com.yahoo.athenz.zms.Policy) UserAuthority(com.yahoo.athenz.auth.impl.UserAuthority) Authority(com.yahoo.athenz.auth.Authority) CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) DomainData(com.yahoo.athenz.zms.DomainData) DataCache(com.yahoo.athenz.zts.cache.DataCache) Role(com.yahoo.athenz.zms.Role) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 44 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testCheckRoleTokenAuthorizedServiceRequest.

@Test
public void testCheckRoleTokenAuthorizedServiceRequest() {
    // match authorized service - top level domain
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
    principal.setAuthorizedService("sports.api");
    zts.checkRoleTokenAuthorizedServiceRequest(principal, "sports", "caller");
    // match authorized service - subdomain
    principal.setAuthorizedService("sports.hockey.api");
    zts.checkRoleTokenAuthorizedServiceRequest(principal, "sports.hockey", "caller");
    // mismatch
    principal.setAuthorizedService("weather.api");
    try {
        zts.checkRoleTokenAuthorizedServiceRequest(principal, "sports", "caller");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 403);
    }
}
Also used : SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test)

Example 45 with PrincipalAuthority

use of com.yahoo.athenz.auth.impl.PrincipalAuthority in project athenz by yahoo.

the class ZTSImplTest method testGetServiceIdentityList.

@Test
public void testGetServiceIdentityList() {
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processDomain(signedDomain, false);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    com.yahoo.athenz.zts.ServiceIdentityList svcList = zts.getServiceIdentityList(context, "coretech");
    assertEquals(svcList.getNames().size(), 2);
    assertTrue(svcList.getNames().contains("storage"));
    assertTrue(svcList.getNames().contains("backup"));
}
Also used : SignedDomain(com.yahoo.athenz.zms.SignedDomain) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test)

Aggregations

PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)101 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)74 Test (org.testng.annotations.Test)62 Principal (com.yahoo.athenz.auth.Principal)44 Authority (com.yahoo.athenz.auth.Authority)40 BeforeTest (org.testng.annotations.BeforeTest)26 KeyStore (com.yahoo.athenz.auth.KeyStore)16 SignedDomain (com.yahoo.athenz.zms.SignedDomain)16 IOException (java.io.IOException)16 WebApplicationException (javax.ws.rs.WebApplicationException)16 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)13 Path (java.nio.file.Path)13 ArrayList (java.util.ArrayList)12 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)11 DataStore (com.yahoo.athenz.zts.store.DataStore)11 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)11 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 UnsupportedEncodingException (java.io.UnsupportedEncodingException)9 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial