Examples with SimplePrincipal com.yahoo.athenz.auth.impl.SimplePrincipal used on opensource projects

Example 81 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZTSImplTest method testGetPublicKeyEntryInvalidKeyId.

@Test
public void testGetPublicKeyEntryInvalidKeyId() {
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processDomain(signedDomain, false);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    // with null we get 400
    try {
        zts.getPublicKeyEntry(context, "coretech", "storage", null);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 400);
    }
    // with nonexistent we get 404
    try {
        zts.getPublicKeyEntry(context, "coretech", "storage", "999999");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 404);
    }
}

Example 82 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshRequestByUser.

@Test
public void testPostInstanceRefreshRequestByUser() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
    String certCsr = new String(Files.readAllBytes(path));
    InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
    principal.setKeyId("0");
    String publicKeyName = "athenz.syncer_v0";
    final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
    ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
    ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
    Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
    ztsImpl.authorizer = authorizer;
    HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
    Mockito.when(servletRequest.isSecure()).thenReturn(true);
    ResourceContext context = createResourceContext(principal, servletRequest);
    Identity identity = ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
    assertNotNull(identity);
    assertNotNull(identity.getCertificate());
}

Example 83 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testProviderResourceGroupRolesWithAuthorizedServiceNoAccess.

@Test
public void testProviderResourceGroupRolesWithAuthorizedServiceNoAccess() {
    TestAuditLogger alogger = new TestAuditLogger();
    String storeFile = ZMS_DATA_STORE_FILE + "_putprovrsrcdomnoaccess";
    ZMSImpl zmsImpl = getZmsImpl(storeFile, alogger);
    String tenantDomain = "provrscgrprolesauthorizedservicenoaccess";
    String providerService = "index";
    String providerDomain = "coretech";
    String resourceGroup = "hockey";
    setupTenantDomainProviderService(zmsImpl, tenantDomain, providerDomain, providerService, "http://localhost:8090/tableprovider");
    // tenant is setup so let's setup up policy to authorize access to tenants
    // without this role/policy we won't be authorized to add tenant roles
    // to the provider domain even with authorized service details
    Role role = createRoleObject(providerDomain, "self_serve", null, providerDomain + "." + providerService, null);
    zmsImpl.putRole(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, role);
    Policy policy = createPolicyObject(providerDomain, "self_serve", "self_serve", "update", providerDomain + ":tenant.*", AssertionEffect.ALLOW);
    zmsImpl.putPolicy(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, policy);
    // now we're going to setup our provider role call
    List<TenantRoleAction> roleActions = new ArrayList<TenantRoleAction>();
    for (Struct.Field f : RESOURCE_PROVIDER_ROLE_ACTIONS) {
        roleActions.add(new TenantRoleAction().setRole(f.name()).setAction((String) f.value()));
    }
    ProviderResourceGroupRoles providerRoles = new ProviderResourceGroupRoles().setDomain(providerDomain).setService(providerService).setTenant(tenantDomain).setRoles(roleActions).setResourceGroup(resourceGroup);
    // we are going to create a principal object with authorized service
    // set to coretech.index
    String userId = "user1";
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String unsignedCreds = "v=U1;d=user;n=" + userId;
    Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=signature", 0, principalAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    ((SimplePrincipal) principal).setAuthorizedService("coretech.index");
    ResourceContext ctx = createResourceContext(principal);
    try {
        zmsImpl.putProviderResourceGroupRoles(ctx, tenantDomain, providerDomain, providerService, resourceGroup, auditRef, providerRoles);
        fail();
    } catch (ResourceException ex) {
        assertEquals(403, ex.getCode());
    }
    // clean up our domains
    zmsImpl.deleteTopLevelDomain(mockDomRsrcCtx, tenantDomain, auditRef);
    zmsImpl.deleteTopLevelDomain(mockDomRsrcCtx, providerDomain, auditRef);
    FileConnection.deleteDirectory(new File("/tmp/zms_core_unit_tests/" + storeFile));
}

Example 84 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testDeleteDomainTemplateNull.

@Test
public void testDeleteDomainTemplateNull() {
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "user1";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    try {
        zms.deleteDomainTemplate(rsrcCtx1, "dom1", null, "zms");
        fail();
    } catch (ResourceException ex) {
        assertTrue(true);
    }
}

Example 85 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testGetUserTokenDefaultSelfName.

@Test
public void testGetUserTokenDefaultSelfName() {
    // Use real Principal Authority to verify signatures
    PrincipalAuthority principalAuthority = new com.yahoo.athenz.auth.impl.PrincipalAuthority();
    principalAuthority.setKeyStore(zms);
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "user10";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    zms.privateKeyId = "0";
    zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey));
    UserToken token = zms.getUserToken(rsrcCtx1, "_self_", null, false);
    assertNotNull(token);
    assertTrue(token.getToken().startsWith("v=U1;d=user;n=" + userId + ";"));
    assertTrue(token.getToken().contains(";h=localhost"));
    assertTrue(token.getToken().contains(";i=10.11.12.13"));
    assertTrue(token.getToken().contains(";k=0"));
    // Verify signature
    Principal principalToVerify = principalAuthority.authenticate(token.getToken(), "10.11.12.13", "GET", null);
    assertNotNull(principalToVerify);
}