Examples with SimplePrincipal com.yahoo.athenz.auth.impl.SimplePrincipal used on opensource projects

Search in sources :

Example 36 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class SimplePrincipalTest method testSimplePrincipalExtraFields.

@Test
public void testSimplePrincipalExtraFields() {
    UserAuthority userAuthority = new UserAuthority();
    userAuthority.initialize();
    Principal p = SimplePrincipal.create("user", "jdoe", fakeCreds, 101, userAuthority);
    ((SimplePrincipal) p).setOriginalRequestor("athenz.ci");
    ((SimplePrincipal) p).setKeyService("zts");
    ((SimplePrincipal) p).setKeyId("v1");
    X509Certificate cert = Mockito.mock(X509Certificate.class);
    ((SimplePrincipal) p).setX509Certificate(cert);
    assertEquals(p.toString(), "user.jdoe");
    assertEquals(p.getOriginalRequestor(), "athenz.ci");
    assertEquals(p.getKeyService(), "zts");
    assertEquals(p.getKeyId(), "v1");
    assertEquals(p.getX509Certificate(), cert);
}
Also used : UserAuthority(com.yahoo.athenz.auth.impl.UserAuthority) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) X509Certificate(java.security.cert.X509Certificate) Test(org.testng.annotations.Test)

Example 37 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testPutProviderResourceGroupRolesWithAuthorizedService.

@Test
public void testPutProviderResourceGroupRolesWithAuthorizedService() {
    String tenantDomain = "providerresourcegrouprolesauthorizedservice";
    String providerService = "storage";
    String providerDomain = "coretech";
    String resourceGroup = "hockey";
    setupTenantDomainProviderService(tenantDomain, providerDomain, providerService, "http://localhost:8090/tableprovider");
    // tenant is setup so let's setup up policy to authorize access to tenants
    // without this role/policy we won't be authorized to add tenant roles
    // to the provider domain even with authorized service details
    Role role = createRoleObject(providerDomain, "self_serve", null, providerDomain + "." + providerService, null);
    zms.putRole(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, role);
    Policy policy = createPolicyObject(providerDomain, "self_serve", "self_serve", "update", providerDomain + ":tenant.*", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, policy);
    // now we're going to setup our provider role call
    List<TenantRoleAction> roleActions = new ArrayList<TenantRoleAction>();
    for (Struct.Field f : RESOURCE_PROVIDER_ROLE_ACTIONS) {
        roleActions.add(new TenantRoleAction().setRole(f.name()).setAction((String) f.value()));
    }
    ProviderResourceGroupRoles providerRoles = new ProviderResourceGroupRoles().setDomain(providerDomain).setService(providerService).setTenant(tenantDomain).setRoles(roleActions).setResourceGroup(resourceGroup);
    // we are going to create a principal object with authorized service
    // set to coretech.storage
    String userId = "user1";
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String unsignedCreds = "v=U1;d=user;n=" + userId;
    Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=signature", 0, principalAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    ((SimplePrincipal) principal).setAuthorizedService("coretech.storage");
    ResourceContext ctx = createResourceContext(principal);
    // after this call we should have roles set for both provider and tenant
    zms.putProviderResourceGroupRoles(ctx, tenantDomain, providerDomain, providerService, resourceGroup, auditRef, providerRoles);
    ProviderResourceGroupRoles pRoles = zms.getProviderResourceGroupRoles(ctx, tenantDomain, providerDomain, providerService, resourceGroup);
    assertNotNull(pRoles);
    assertEquals(providerDomain.toLowerCase(), pRoles.getDomain());
    assertEquals(providerService.toLowerCase(), pRoles.getService());
    assertEquals(tenantDomain.toLowerCase(), pRoles.getTenant());
    assertEquals(resourceGroup.toLowerCase(), pRoles.getResourceGroup());
    assertEquals(RESOURCE_PROVIDER_ROLE_ACTIONS.size(), pRoles.getRoles().size());
    List<TenantRoleAction> traList = pRoles.getRoles();
    List<String> roles = new ArrayList<>();
    for (TenantRoleAction ra : traList) {
        roles.add(ra.getRole());
    }
    assertTrue(roles.contains("reader"));
    assertTrue(roles.contains("writer"));
    // now get the tenant roles for the provider
    TenantResourceGroupRoles tRoles = zms.getTenantResourceGroupRoles(mockDomRsrcCtx, providerDomain, providerService, tenantDomain, resourceGroup);
    assertNotNull(tRoles);
    assertEquals(tRoles.getDomain(), providerDomain);
    assertEquals(tRoles.getService(), providerService);
    assertEquals(tRoles.getTenant(), tenantDomain);
    assertEquals(tRoles.getResourceGroup(), resourceGroup);
    assertEquals(RESOURCE_PROVIDER_ROLE_ACTIONS.size(), tRoles.getRoles().size());
    traList = pRoles.getRoles();
    roles = new ArrayList<>();
    for (TenantRoleAction ra : traList) {
        roles.add(ra.getRole());
    }
    assertTrue(roles.contains("reader"));
    assertTrue(roles.contains("writer"));
    // now we're going to delete the provider roles using the standard
    // resource object without the authorized service. in this case
    // the provider roles are going to be deleted but not the tenant
    // roles from the provider domain
    zms.deleteProviderResourceGroupRoles(mockDomRsrcCtx, tenantDomain, providerDomain, providerService, resourceGroup, auditRef);
    // so for tenant we're going to 0 provider roles
    pRoles = zms.getProviderResourceGroupRoles(mockDomRsrcCtx, tenantDomain, providerDomain, providerService, resourceGroup);
    assertNotNull(pRoles);
    assertEquals(0, pRoles.getRoles().size());
    // but for provider we're still going to get full set of roles
    tRoles = zms.getTenantResourceGroupRoles(mockDomRsrcCtx, providerDomain, providerService, tenantDomain, resourceGroup);
    assertNotNull(tRoles);
    assertEquals(2, tRoles.getRoles().size());
    // now this time we're going to delete with the principal with the
    // authorized service token
    zms.deleteProviderResourceGroupRoles(ctx, tenantDomain, providerDomain, providerService, resourceGroup, auditRef);
    // so for tenant we're still going to 0 provider roles
    pRoles = zms.getProviderResourceGroupRoles(ctx, tenantDomain, providerDomain, providerService, resourceGroup);
    assertNotNull(pRoles);
    assertEquals(0, pRoles.getRoles().size());
    // and for provider we're now going to get 0 tenant roles as well
    tRoles = zms.getTenantResourceGroupRoles(mockDomRsrcCtx, providerDomain, providerService, tenantDomain, resourceGroup);
    assertNotNull(tRoles);
    assertEquals(0, tRoles.getRoles().size());
    // clean up our domains
    zms.deleteTopLevelDomain(mockDomRsrcCtx, tenantDomain, auditRef);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, providerDomain, auditRef);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) ArrayList(java.util.ArrayList) Struct(com.yahoo.rdl.Struct) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 38 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testGetUserTokenExpiredIssueTime.

@Test
public void testGetUserTokenExpiredIssueTime() {
    // Use real Principal Authority to verify signatures
    PrincipalAuthority principalAuthority = new com.yahoo.athenz.auth.impl.PrincipalAuthority();
    principalAuthority.setKeyStore(zms);
    // we're going to set the issue time 2 hours before the current time
    long issueTime = (System.currentTimeMillis() / 1000) - 7200;
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "george";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    zms.privateKeyId = "0";
    zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey));
    UserToken token = zms.getUserToken(rsrcCtx1, userId, null, null);
    assertNotNull(token);
    // Verify signature
    Principal principalToVerify = principalAuthority.authenticate(token.getToken(), "10.11.12.13", "GET", null);
    assertNotNull(principalToVerify);
    // verify that the issue time for the user token is not our issue time
    PrincipalToken pToken = new PrincipalToken(token.getToken());
    assertNotEquals(pToken.getTimestamp(), issueTime);
    // verify that our expiry is close to 1 hour default value
    assertTrue(pToken.getExpiryTime() - (System.currentTimeMillis() / 1000) > 3500);
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 39 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testGetUserTokenAuthorizedService.

@Test
public void testGetUserTokenAuthorizedService() {
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "george";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    zms.privateKeyId = "0";
    zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey));
    UserToken token = zms.getUserToken(rsrcCtx1, userId, "coretech.storage", null);
    assertNotNull(token);
    assertTrue(token.getToken().contains(";b=coretech.storage;"));
    token = zms.getUserToken(rsrcCtx1, userId, "coretech.storage,sports.hockey", false);
    assertNotNull(token);
    assertTrue(token.getToken().contains(";b=coretech.storage,sports.hockey;"));
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Example 40 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testGetUserTokenMismatchName.

@Test
public void testGetUserTokenMismatchName() {
    int code = 401;
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "user1";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    try {
        zms.getUserToken(rsrcCtx1, "user2", null, null);
        fail("unauthorizederror not thrown.");
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), code);
    }
    try {
        zms.getUserToken(rsrcCtx1, "_self", null, false);
        fail("unauthorizederror not thrown.");
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), code);
    }
    try {
        zms.getUserToken(rsrcCtx1, "self", null, false);
        fail("unauthorizederror not thrown.");
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), code);
    }
}
Also used : Authority(com.yahoo.athenz.auth.Authority) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)

Aggregations

SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)91 Test (org.testng.annotations.Test)73 PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)50 Path (java.nio.file.Path)45 SignedDomain (com.yahoo.athenz.zms.SignedDomain)37 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)37 DataStore (com.yahoo.athenz.zts.store.DataStore)37 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)37 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)37 CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)31 X509Certificate (java.security.cert.X509Certificate)30 X509CertRecord (com.yahoo.athenz.zts.cert.X509CertRecord)22 InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)19 Authority (com.yahoo.athenz.auth.Authority)18 HttpServletRequest (javax.servlet.http.HttpServletRequest)18 Principal (com.yahoo.athenz.auth.Principal)16 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)14 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)12 IOException (java.io.IOException)7 WebApplicationException (javax.ws.rs.WebApplicationException)7
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial