Examples with SimplePrincipal com.yahoo.athenz.auth.impl.SimplePrincipal used on opensource projects

Example 26 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZTSImplTest method testGetPublicKeyEntryInvalidDomain.

@Test
public void testGetPublicKeyEntryInvalidDomain() {
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    try {
        zts.getPublicKeyEntry(context, "nonexistentdomain", "storage", "0");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 404);
    }
}

Example 27 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZTSImplTest method testGetPublicKeyEntry.

@Test
public void testGetPublicKeyEntry() {
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processDomain(signedDomain, false);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    PublicKeyEntry entry = zts.getPublicKeyEntry(context, "coretech", "storage", "0");
    assertEquals(entry.getId(), "0");
    assertEquals(entry.getKey(), ZTS_Y64_CERT0);
}

Example 28 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshRequestUnknownAuthority.

@Test
public void testPostInstanceRefreshRequestUnknownAuthority() throws IOException {
    Path path = Paths.get("src/test/resources/valid.csr");
    String certCsr = new String(Files.readAllBytes(path));
    InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "kings", "v=U1,d=user;n=kings;s=sig", 0, new UserAuthority());
    ResourceContext context = createResourceContext(principal);
    try {
        zts.postInstanceRefreshRequest(context, "user", "kings", req);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 400);
    }
}

Example 29 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class DebugUserAuthority method authenticate.

@Override
public Principal authenticate(String creds, String remoteAddr, String httpMethod, StringBuilder errMsg) {
    errMsg = errMsg == null ? new StringBuilder(512) : errMsg;
    if (!creds.startsWith("Basic ")) {
        errMsg.append("UserAuthority:authenticate: credentials do not start with 'Basic '");
        LOG.error(errMsg.toString());
        return null;
    }
    // decode - need to skip the first 6 bytes for 'Basic '
    String decoded;
    try {
        decoded = new String(Base64.decode(creds.substring(6).getBytes(StandardCharsets.UTF_8)));
    } catch (Exception e) {
        errMsg.append("UserAuthority:authenticate: factory exc=");
        LOG.error(errMsg.toString());
        return null;
    }
    String[] userArray = decoded.split(":");
    String username = userArray[0];
    if (LOG.isDebugEnabled()) {
        LOG.debug("UserAuthority.authenticate: valid user=" + username);
    }
    // all the role members in Athenz are normalized to lower case so we need to make
    // sure our principal's name and domain are created with lower case as well
    long issueTime = 0;
    SimplePrincipal princ = (SimplePrincipal) SimplePrincipal.create(getDomain().toLowerCase(), userArray[0].toLowerCase(), creds, issueTime, this);
    princ.setUnsignedCreds(creds);
    return princ;
}

Example 30 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshInformationSSHMismatchSerial.

@Test
public void testPostInstanceRefreshInformationSSHMismatchSerial() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    SignedDomain providerDomain = signedAuthorizedProviderDomain();
    store.processDomain(providerDomain, false);
    SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
    store.processDomain(tenantDomain, false);
    InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
    X509CertRecord certRecord = new X509CertRecord();
    certRecord.setInstanceId("1001");
    certRecord.setProvider("athenz.provider");
    certRecord.setService("athenz.production");
    certRecord.setCurrentSerial("123413");
    certRecord.setPrevSerial("123413");
    Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
    Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(true);
    ztsImpl.instanceCertManager = instanceManager;
    InstanceRefreshInformation info = new InstanceRefreshInformation().setSsh("ssh-csr");
    CertificateAuthority certAuthority = new CertificateAuthority();
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
    Path path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    principal.setX509Certificate(cert);
    ResourceContext context = createResourceContext(principal);
    try {
        ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz", "production", "1001", info);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 403);
    }
}