Example 21 with AccessToken
use of com.yahoo.athenz.auth.token.AccessToken in project athenz by yahoo.
the class TestAuthZpe method createInvalidAccessToken.
private String createInvalidAccessToken(String svcDomain, List<String> roles) {
AccessToken token = new AccessToken();
token.setVersion(1);
token.setAudience(svcDomain);
token.setScope(roles);
long now = System.currentTimeMillis();
token.setIssuer("athenz");
token.setIssueTime(now);
token.setExpiryTime(now + 120);
return token.getSignedToken(ztsPrivateKeyK0, "1", SignatureAlgorithm.RS256);
}
Also used :
AccessToken(com.yahoo.athenz.auth.token.AccessToken)
Example 22 with AccessToken
use of com.yahoo.athenz.auth.token.AccessToken in project athenz by yahoo.
the class TestAuthZpe method createAccessToken.
private String createAccessToken(String svcDomain, List<String> roles, String keyId, long expiry) {
AccessToken token = new AccessToken();
token.setVersion(1);
token.setAudience(svcDomain);
token.setScope(roles);
long now = System.currentTimeMillis();
token.setIssuer("athenz");
token.setIssueTime(now);
token.setExpiryTime(now + expiry);
try {
Path path = Paths.get("src/test/resources/mtls_token_spec.cert");
String certStr = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(certStr);
token.setConfirmX509CertHash(cert);
} catch (IOException ignored) {
fail();
}
PrivateKey key = null;
if ("1".equals(keyId)) {
key = ztsPrivateKeyK1;
} else if ("0".equals(keyId)) {
key = ztsPrivateKeyK0;
} else if ("17".equals(keyId)) {
key = ztsPrivateKeyK17;
} else if ("99".equals(keyId)) {
key = ztsPrivateKeyK99;
}
assertNotNull(key);
return token.getSignedToken(key, keyId, SignatureAlgorithm.RS256);
}
Also used :
Path(java.nio.file.Path)
PrivateKey(java.security.PrivateKey)
AccessToken(com.yahoo.athenz.auth.token.AccessToken)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
Example 23 with AccessToken
use of com.yahoo.athenz.auth.token.AccessToken in project athenz by yahoo.
the class TestAuthZpe method testAllowAccessExpiredAccessToken.
@Test
public void testAllowAccessExpiredAccessToken() {
String action = "all";
String resource = "angler:stuff";
StringBuilder roleName = new StringBuilder();
long now = System.currentTimeMillis() / 1000;
AccessToken accessToken = new AccessToken();
accessToken.setIssueTime(now - 3600);
accessToken.setExpiryTime(now - 3000);
accessToken.setAudience("angler");
accessToken.setScope(Collections.singletonList("matchall"));
AccessCheckStatus status = AuthZpeClient.allowAccess(accessToken, resource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.DENY_ROLETOKEN_EXPIRED);
}
Also used :
AccessToken(com.yahoo.athenz.auth.token.AccessToken)
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Aggregations
AccessToken (com.yahoo.athenz.auth.token.AccessToken)23
Test (org.testng.annotations.Test)12
PrivateKey (java.security.PrivateKey)10
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)8
Principal (com.yahoo.athenz.auth.Principal)7
IOException (java.io.IOException)5
X509Certificate (java.security.cert.X509Certificate)4
ArrayList (java.util.ArrayList)4
Path (java.nio.file.Path)3
CryptoException (com.yahoo.athenz.auth.util.CryptoException)2
InvalidNameException (javax.naming.InvalidNameException)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1
IdToken (com.yahoo.athenz.auth.token.IdToken)1
JwtsSigningKeyResolver (com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver)1
AccessCheckStatus (com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)1
DataCache (com.yahoo.athenz.zts.cache.DataCache)1
AccessTokenRequest (com.yahoo.athenz.zts.token.AccessTokenRequest)1
