Examples with AccessToken com.yahoo.athenz.auth.token.AccessToken used on opensource projects

Search in sources :

Example 1 with AccessToken

use of com.yahoo.athenz.auth.token.AccessToken in project athenz by yahoo.

the class ZTSAccessTokenFileLoaderTest method testFileUtil.

@Test
public void testFileUtil() {
    String domain = "test.domain";
    List<String> roles = new ArrayList<>();
    ZTSAccessTokenFileLoader ztsAccessTokenFileLoader = new ZTSAccessTokenFileLoader(resolver);
    ztsAccessTokenFileLoader.preload();
    AccessTokenResponse accessTokenResponse = null;
    try {
        accessTokenResponse = ztsAccessTokenFileLoader.lookupAccessTokenFromDisk(domain, roles);
    } catch (IOException e) {
        fail();
    }
    assertNull(accessTokenResponse);
    roles.add("admin");
    try {
        accessTokenResponse = ztsAccessTokenFileLoader.lookupAccessTokenFromDisk(domain, roles);
    } catch (IOException e) {
        fail();
    }
    assertNotNull(accessTokenResponse);
    assertEquals(accessTokenResponse.getScope(), "admin");
    assertEquals(accessTokenResponse.getToken_type(), "Bearer");
    AccessToken accessToken = new AccessToken(accessTokenResponse.getAccess_token(), resolver);
    assertEquals(accessToken.getScope(), Collections.singleton("admin"));
    assertEquals(accessToken.getIssuer(), "athenz");
}
Also used : AccessToken(com.yahoo.athenz.auth.token.AccessToken) ArrayList(java.util.ArrayList) IOException(java.io.IOException) Test(org.testng.annotations.Test)

Example 2 with AccessToken

use of com.yahoo.athenz.auth.token.AccessToken in project athenz by yahoo.

the class ZTSClientTokenCacherTest method testZTSClientAccessTokenCacherWithInvalidIDToken.

@Test
public void testZTSClientAccessTokenCacherWithInvalidIDToken() {
    Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
    ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
    ZTSClient client = new ZTSClient("http://localhost:4080", principal);
    client.setZTSRDLGeneratedClient(ztsClientMock);
    ZTSClient.ACCESS_TOKEN_CACHE.clear();
    AccessToken accessToken = createAccessToken("coretech", "athenz.prod", null, null, null);
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
    String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
    assertNotNull(accessJws);
    AccessTokenResponse tokenResponse = new AccessTokenResponse();
    tokenResponse.setAccess_token(accessJws);
    tokenResponse.setId_token("invalid-id-token");
    tokenResponse.setExpires_in(3600);
    ZTSClientTokenCacher.setAccessToken(tokenResponse, null);
    assertEquals(ZTSClient.ACCESS_TOKEN_CACHE.size(), 1);
    // our key should be without id service name
    String cacheKey = ZTSClient.ACCESS_TOKEN_CACHE.keys().nextElement();
    String clientKey = ZTSClient.getAccessTokenCacheKey("athenz", "prod", "coretech", null, null, null, null, null);
    assertEquals(cacheKey, clientKey);
    ZTSClient.ACCESS_TOKEN_CACHE.clear();
    // id token without audience
    AccessToken idToken = createAccessToken(null, "athenz.prod", null, null, null);
    String idJws = idToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
    assertNotNull(idJws);
    tokenResponse.setId_token(idJws);
    ZTSClientTokenCacher.setAccessToken(tokenResponse, null);
    assertEquals(ZTSClient.ACCESS_TOKEN_CACHE.size(), 1);
    cacheKey = ZTSClient.ACCESS_TOKEN_CACHE.keys().nextElement();
    assertEquals(cacheKey, clientKey);
    // id token with invalid audience - no service name
    idToken = createAccessToken("coretech", "athenz.prod", null, null, null);
    idJws = idToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
    assertNotNull(idJws);
    tokenResponse.setId_token(idJws);
    ZTSClientTokenCacher.setAccessToken(tokenResponse, null);
    assertEquals(ZTSClient.ACCESS_TOKEN_CACHE.size(), 1);
    cacheKey = ZTSClient.ACCESS_TOKEN_CACHE.keys().nextElement();
    assertEquals(cacheKey, clientKey);
    client.close();
}
Also used : PrivateKey(java.security.PrivateKey) AccessToken(com.yahoo.athenz.auth.token.AccessToken) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 3 with AccessToken

use of com.yahoo.athenz.auth.token.AccessToken in project athenz by yahoo.

the class ZTSClientTokenCacherTest method testZTSClientAccessTokenCacherSimpleEntry.

@Test
public void testZTSClientAccessTokenCacherSimpleEntry() {
    Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
    ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
    ZTSClient client = new ZTSClient("http://localhost:4080", principal);
    client.setZTSRDLGeneratedClient(ztsClientMock);
    ZTSClient.ACCESS_TOKEN_CACHE.clear();
    AccessToken accessToken = createAccessToken("coretech", "athenz.prod", null, null, null);
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
    String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
    assertNotNull(accessJws);
    AccessTokenResponse tokenResponse = new AccessTokenResponse();
    tokenResponse.setAccess_token(accessJws);
    tokenResponse.setExpires_in(3600);
    ZTSClientTokenCacher.setAccessToken(tokenResponse, null);
    assertEquals(ZTSClient.ACCESS_TOKEN_CACHE.size(), 1);
    final String cacheKey = ZTSClient.ACCESS_TOKEN_CACHE.keys().nextElement();
    final String clientKey = ZTSClient.getAccessTokenCacheKey("athenz", "prod", "coretech", null, null, null, null, null);
    assertEquals(cacheKey, clientKey);
    client.close();
}
Also used : PrivateKey(java.security.PrivateKey) AccessToken(com.yahoo.athenz.auth.token.AccessToken) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 4 with AccessToken

use of com.yahoo.athenz.auth.token.AccessToken in project athenz by yahoo.

the class ZTSClientTokenCacherTest method testZTSClientAccessTokenCacherWithRoleNames.

@Test
public void testZTSClientAccessTokenCacherWithRoleNames() {
    Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
    ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
    ZTSClient client = new ZTSClient("http://localhost:4080", principal);
    client.setZTSRDLGeneratedClient(ztsClientMock);
    ZTSClient.ACCESS_TOKEN_CACHE.clear();
    AccessToken accessToken = createAccessToken("coretech", "athenz.prod", null, null, null);
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
    String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
    assertNotNull(accessJws);
    AccessTokenResponse tokenResponse = new AccessTokenResponse();
    tokenResponse.setAccess_token(accessJws);
    tokenResponse.setExpires_in(3600);
    List<String> roleNames = new ArrayList<>();
    roleNames.add("role1");
    roleNames.add("role2");
    ZTSClientTokenCacher.setAccessToken(tokenResponse, roleNames);
    assertEquals(ZTSClient.ACCESS_TOKEN_CACHE.size(), 1);
    final String cacheKey = ZTSClient.ACCESS_TOKEN_CACHE.keys().nextElement();
    final String clientKey = ZTSClient.getAccessTokenCacheKey("athenz", "prod", "coretech", roleNames, null, null, null, null);
    assertEquals(cacheKey, clientKey);
    client.close();
}
Also used : PrivateKey(java.security.PrivateKey) AccessToken(com.yahoo.athenz.auth.token.AccessToken) ArrayList(java.util.ArrayList) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 5 with AccessToken

use of com.yahoo.athenz.auth.token.AccessToken in project athenz by yahoo.

the class ZTSClientTokenCacherTest method testZTSClientAccessTokenCacherWithOptionalComponents.

@Test
public void testZTSClientAccessTokenCacherWithOptionalComponents() {
    Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
    ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
    ZTSClient client = new ZTSClient("http://localhost:4080", principal);
    client.setZTSRDLGeneratedClient(ztsClientMock);
    ZTSClient.ACCESS_TOKEN_CACHE.clear();
    final String authzDetails = "[{\"type\":\"message_access\",\"data\":\"resource\"}]";
    AccessToken accessToken = createAccessToken("coretech", "weather.prod", "sports.proxy", authzDetails, null);
    PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
    String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
    assertNotNull(accessJws);
    AccessTokenResponse tokenResponse = new AccessTokenResponse();
    tokenResponse.setAccess_token(accessJws);
    tokenResponse.setExpires_in(3600);
    List<String> roleNames = new ArrayList<>();
    roleNames.add("role1");
    roleNames.add("role2");
    ZTSClientTokenCacher.setAccessToken(tokenResponse, roleNames);
    assertEquals(ZTSClient.ACCESS_TOKEN_CACHE.size(), 1);
    final String cacheKey = ZTSClient.ACCESS_TOKEN_CACHE.keys().nextElement();
    final String clientKey = ZTSClient.getAccessTokenCacheKey("weather", "prod", "coretech", roleNames, null, "sports.proxy", authzDetails, null);
    assertEquals(cacheKey, clientKey);
    client.close();
}
Also used : PrivateKey(java.security.PrivateKey) AccessToken(com.yahoo.athenz.auth.token.AccessToken) ArrayList(java.util.ArrayList) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Aggregations

AccessToken (com.yahoo.athenz.auth.token.AccessToken)23 Test (org.testng.annotations.Test)12 PrivateKey (java.security.PrivateKey)10 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)8 Principal (com.yahoo.athenz.auth.Principal)7 IOException (java.io.IOException)5 X509Certificate (java.security.cert.X509Certificate)4 ArrayList (java.util.ArrayList)4 Path (java.nio.file.Path)3 CryptoException (com.yahoo.athenz.auth.util.CryptoException)2 InvalidNameException (javax.naming.InvalidNameException)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 IdToken (com.yahoo.athenz.auth.token.IdToken)1 JwtsSigningKeyResolver (com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver)1 AccessCheckStatus (com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)1 DataCache (com.yahoo.athenz.zts.cache.DataCache)1 AccessTokenRequest (com.yahoo.athenz.zts.token.AccessTokenRequest)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial