Examples with SimplePrincipal com.yahoo.athenz.auth.impl.SimplePrincipal used on opensource projects

Example 41 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testGetUserTokenInvalidAuthorizedService.

@Test
public void testGetUserTokenInvalidAuthorizedService() {
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "george";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    try {
        zms.getUserToken(rsrcCtx1, userId, "coretech.storage,sports", null);
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 401);
        assertTrue(ex.getMessage().contains("getUserToken: Service sports is not authorized in ZMS"));
    }
    try {
        zms.getUserToken(rsrcCtx1, userId, "baseball", false);
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 401);
        assertTrue(ex.getMessage().contains("getUserToken: Service baseball is not authorized in ZMS"));
    }
    try {
        zms.getUserToken(rsrcCtx1, userId, "hat trick", false);
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 401);
        assertTrue(ex.getMessage().contains("getUserToken: Service hat trick is not authorized in ZMS"));
    }
}

Example 42 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testPutTenancyWithAuthorizedService.

@Test
public void testPutTenancyWithAuthorizedService() {
    String tenantDomain = "puttenancyauthorizedservice";
    String providerService = "storage";
    String providerDomain = "coretech";
    String provider = providerDomain + "." + providerService;
    setupTenantDomainProviderService(tenantDomain, providerDomain, providerService, null);
    // tenant is setup so let's setup up policy to authorize access to tenants
    // without this role/policy we won't be authorized to add tenant roles
    // to the provider domain even with authorized service details
    Role role = createRoleObject(providerDomain, "self_serve", null, providerDomain + "." + providerService, null);
    zms.putRole(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, role);
    Policy policy = createPolicyObject(providerDomain, "self_serve", "self_serve", "update", providerDomain + ":tenant.*", AssertionEffect.ALLOW);
    zms.putPolicy(mockDomRsrcCtx, providerDomain, "self_serve", auditRef, policy);
    // we are going to create a principal object with authorized service
    // set to coretech.storage
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String userId = "user1";
    String unsignedCreds = "v=U1;d=user;u=" + userId;
    Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=signature", 0, principalAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    ((SimplePrincipal) principal).setAuthorizedService(provider);
    ResourceContext ctx = createResourceContext(principal);
    // after this call we should have admin roles set for both provider and tenant
    Tenancy tenant = createTenantObject(tenantDomain, provider);
    zms.putTenancy(ctx, tenantDomain, provider, auditRef, tenant);
    // make sure our policy has been created
    policy = zms.getPolicy(mockDomRsrcCtx, tenantDomain, "tenancy." + provider + ".admin");
    assertNotNull(policy);
    String tenantRoleInProviderDomain = providerService + ".tenant." + tenantDomain + ".admin";
    List<Assertion> assertList = policy.getAssertions();
    assertEquals(3, assertList.size());
    boolean domainAdminRoleCheck = false;
    boolean tenantAdminRoleCheck = false;
    boolean tenantUpdateCheck = false;
    for (Assertion obj : assertList) {
        assertEquals(AssertionEffect.ALLOW, obj.getEffect());
        if (obj.getRole().equals(tenantDomain + ":role.admin")) {
            assertEquals("assume_role", obj.getAction());
            assertEquals("coretech:role.storage.tenant.puttenancyauthorizedservice.admin", obj.getResource());
            domainAdminRoleCheck = true;
        } else if (obj.getRole().equals(tenantDomain + ":role.tenancy." + provider + ".admin")) {
            if (obj.getAction().equals("assume_role")) {
                assertEquals("coretech:role.storage.tenant.puttenancyauthorizedservice.admin", obj.getResource());
                tenantAdminRoleCheck = true;
            } else if (obj.getAction().equals("update")) {
                assertEquals(tenantDomain + ":tenancy." + provider, obj.getResource());
                tenantUpdateCheck = true;
            }
        }
    }
    assertTrue(domainAdminRoleCheck);
    assertTrue(tenantAdminRoleCheck);
    assertTrue(tenantUpdateCheck);
    // now let's verify the provider side by using the get tenant roles call
    TenantRoles tRoles = zms.getTenantRoles(mockDomRsrcCtx, providerDomain, providerService, tenantDomain);
    assertNotNull(tRoles);
    assertEquals(1, tRoles.getRoles().size());
    TenantRoleAction roleAction = tRoles.getRoles().get(0);
    assertEquals("*", roleAction.getAction());
    assertEquals("admin", roleAction.getRole());
    role = zms.getRole(mockDomRsrcCtx, providerDomain, tenantRoleInProviderDomain, false, false);
    assertNotNull(role);
    // now let's call delete tenancy support with the same authorized service token
    zms.deleteTenancy(ctx, tenantDomain, provider, auditRef);
    try {
        zms.getPolicy(mockDomRsrcCtx, tenantDomain, "tenancy." + provider + ".admin");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 404);
    }
    try {
        zms.getRole(mockDomRsrcCtx, providerDomain, tenantRoleInProviderDomain, false, false);
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 404);
    }
    // get tenant roles now returns an empty set
    tRoles = zms.getTenantRoles(mockDomRsrcCtx, providerDomain, providerService, tenantDomain);
    assertNotNull(tRoles);
    assertEquals(0, tRoles.getRoles().size());
    // clean up our domains
    zms.deleteTopLevelDomain(mockDomRsrcCtx, tenantDomain, auditRef);
    zms.deleteTopLevelDomain(mockDomRsrcCtx, providerDomain, auditRef);
}

Example 43 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testGetUserToken.

@Test
public void testGetUserToken() {
    // Use real Principal Authority to verify signatures
    PrincipalAuthority principalAuthority = new com.yahoo.athenz.auth.impl.PrincipalAuthority();
    principalAuthority.setKeyStore(zms);
    Authority userAuthority = new com.yahoo.athenz.common.server.debug.DebugUserAuthority();
    String userId = "george";
    Principal principal = SimplePrincipal.create("user", userId, userId + ":password", 0, userAuthority);
    ((SimplePrincipal) principal).setUnsignedCreds(userId);
    ResourceContext rsrcCtx1 = createResourceContext(principal);
    zms.privateKeyId = "0";
    zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey));
    UserToken token = zms.getUserToken(rsrcCtx1, userId, null, null);
    assertNotNull(token);
    assertTrue(token.getToken().startsWith("v=U1;d=user;n=" + userId + ";"));
    assertTrue(token.getToken().contains(";h=localhost"));
    assertTrue(token.getToken().contains(";i=10.11.12.13"));
    assertTrue(token.getToken().contains(";k=0"));
    // Verify signature
    Principal principalToVerify = principalAuthority.authenticate(token.getToken(), "10.11.12.13", "GET", null);
    assertNotNull(principalToVerify);
    zms.privateKeyId = "1";
    zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKeyK1));
    token = zms.getUserToken(rsrcCtx1, userId, null, false);
    assertNotNull(token);
    assertTrue(token.getToken().contains("k=1"));
    // Verify signature
    principalToVerify = principalAuthority.authenticate(token.getToken(), "10.11.12.13", "GET", null);
    assertNotNull(principalToVerify);
    zms.privateKeyId = "2";
    zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKeyK2));
    token = zms.getUserToken(rsrcCtx1, userId, null, null);
    assertNotNull(token);
    assertTrue(token.getToken().contains("k=2"));
    // Verify signature
    principalToVerify = principalAuthority.authenticate(token.getToken(), "10.11.12.13", "GET", null);
    assertNotNull(principalToVerify);
}

Example 44 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method testGetAuditLogMsgBuilderTokenWithSig.

@Test
public void testGetAuditLogMsgBuilderTokenWithSig() {
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String userId = "user1";
    String signature = "ABRACADABRA";
    String unsignedCreds = "v=U1;d=user;n=user1";
    Principal principal = SimplePrincipal.create("user", userId, unsignedCreds + ";s=" + signature, 0, principalAuthority);
    // set unsigned creds
    ((SimplePrincipal) principal).setUnsignedCreds(unsignedCreds);
    ResourceContext ctx = createResourceContext(principal);
    AuditLogMsgBuilder msgBldr = ZMSUtils.getAuditLogMsgBuilder(ctx, auditLogger, "mydomain", auditRef, "myapi", "PUT");
    assertNotNull(msgBldr);
    String who = msgBldr.who();
    assertNotNull(who);
    assertTrue(who.contains(userId));
    assertTrue(!who.contains(signature), "Should not contain the signature: " + who);
}

Example 45 with SimplePrincipal

use of com.yahoo.athenz.auth.impl.SimplePrincipal in project athenz by yahoo.

the class ZMSImplTest method zmsInit.

private ZMSImpl zmsInit() {
    // we want to make sure we start we clean dir structure
    FileConnection.deleteDirectory(new File(ZMS_DATA_STORE_PATH));
    Authority principalAuthority = new com.yahoo.athenz.common.server.debug.DebugPrincipalAuthority();
    String unsignedCreds = "v=U1;d=user;n=user1";
    rsrcPrince = SimplePrincipal.create("user", "user1", unsignedCreds + ";s=signature", 0, principalAuthority);
    ((SimplePrincipal) rsrcPrince).setUnsignedCreds(unsignedCreds);
    Mockito.when(mockDomRestRsrcCtx.request()).thenReturn(mockServletRequest);
    Mockito.when(mockDomRestRsrcCtx.principal()).thenReturn(rsrcPrince);
    Mockito.when(mockDomRsrcCtx.context()).thenReturn(mockDomRestRsrcCtx);
    Mockito.when(mockDomRsrcCtx.request()).thenReturn(mockServletRequest);
    Mockito.when(mockDomRsrcCtx.principal()).thenReturn(rsrcPrince);
    String pubKeyName = System.getProperty(ZMS_PROP_PUBLIC_KEY);
    File pubKeyFile = new File(pubKeyName);
    pubKey = Crypto.encodedFile(pubKeyFile);
    String privKeyName = System.getProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY);
    File privKeyFile = new File(privKeyName);
    privKey = Crypto.encodedFile(privKeyFile);
    adminUser = System.getProperty(ZMSConsts.ZMS_PROP_DOMAIN_ADMIN);
    System.setProperty(ZMSConsts.ZMS_PROP_FILE_STORE_PATH, "/tmp/zms_core_unit_tests/");
    System.clearProperty(ZMSConsts.ZMS_PROP_JDBC_RW_STORE);
    System.clearProperty(ZMSConsts.ZMS_PROP_JDBC_RO_STORE);
    ZMSImpl zmsObj = new ZMSImpl();
    zmsObj.serverPublicKeyMap.put("1", pubKeyK1);
    zmsObj.serverPublicKeyMap.put("2", pubKeyK2);
    ZMSImpl.serverHostName = "localhost";
    return zmsObj;
}