Example 6 with PrincipalToken
use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.
the class SimpleServiceIdentityProviderTest method testSimpleIdentityDefaultV1.
@Test
public void testSimpleIdentityDefaultV1() {
PrivateKey key = Crypto.loadPrivateKey(servicePrivateKeyStringK1);
SimpleServiceIdentityProvider provider = new SimpleServiceIdentityProvider("coretech", "athenz", key, "1");
Principal user = provider.getIdentity("coretech", "athenz");
assertNotNull(user);
assertTrue(user.getIssueTime() != 0);
String token = user.getCredentials();
PrincipalToken prToken = new PrincipalToken(token);
assertTrue(prToken.validate(servicePublicKeyStringK1, 0, false));
assertEquals(prToken.getKeyId(), "1");
}
Also used :
PrivateKey(java.security.PrivateKey)
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
Principal(com.yahoo.athenz.auth.Principal)
SimpleServiceIdentityProvider(com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 7 with PrincipalToken
use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.
the class PrincipalAuthorityTest method testValidateAuthorizedServiceSingle.
@Test
public void testValidateAuthorizedServiceSingle() throws IOException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
long issueTime = System.currentTimeMillis() / 1000;
// Create and sign token
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add("sports.fantasy");
PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
userTokenToSign.sign(servicePrivateKeyStringK0);
// now let's sign the token for an authorized service
userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
// Create a token for validation using the signed data
assertEquals(serviceAuthority.validateAuthorizeService(userTokenToSign, null), "sports.fantasy");
}
Also used :
ArrayList(java.util.ArrayList)
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
KeyStore(com.yahoo.athenz.auth.KeyStore)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 8 with PrincipalToken
use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.
the class PrincipalAuthorityTest method testValidateAuthorizedIlligalForAuthorizedService.
@Test
public void testValidateAuthorizedIlligalForAuthorizedService() throws IOException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = Mockito.mock(KeyStore.class);
serviceAuthority.setKeyStore(keyStore);
Mockito.when(keyStore.getPublicKey("sports", "fantasy", "1")).thenReturn(null);
long issueTime = System.currentTimeMillis() / 1000;
// Create and sign token
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add("sports.fantasy");
PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
userTokenToSign.sign(servicePrivateKeyStringK0);
// now let's sign the token for an authorized service
userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
// Create a token for validation using the signed data
StringBuilder errMsg = new StringBuilder();
assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}
Also used :
ArrayList(java.util.ArrayList)
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
KeyStore(com.yahoo.athenz.auth.KeyStore)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 9 with PrincipalToken
use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.
the class PrincipalAuthorityTest method testPrincipalAuthority_TamperedToken.
@Test
public void testPrincipalAuthority_TamperedToken() throws IOException, CryptoException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
// Create and sign token
PrincipalToken serviceToken = new PrincipalToken.Builder(svcVersion, svcDomain, svcName).host(host).salt(salt).expirationWindow(expirationTime).build();
serviceToken.sign(servicePrivateKeyStringK0);
String tokenToTamper = serviceToken.getSignedToken();
StringBuilder errMsg = new StringBuilder();
Principal principal = serviceAuthority.authenticate(tamperWithServiceToken(tokenToTamper), null, "GET", errMsg);
// Service Authority should return null when authenticate() fails
assertNull(principal);
assertTrue(!errMsg.toString().isEmpty());
assertTrue(errMsg.toString().contains("authenticate"));
principal = serviceAuthority.authenticate(tamperWithServiceToken(tokenToTamper), null, "GET", null);
assertNull(principal);
}
Also used :
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
KeyStore(com.yahoo.athenz.auth.KeyStore)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
Principal(com.yahoo.athenz.auth.Principal)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 10 with PrincipalToken
use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.
the class SimpleServiceIdentityProviderTest method testSimpleIdentityDefaultV0.
@Test
public void testSimpleIdentityDefaultV0() {
SimpleServiceIdentityProvider provider = new SimpleServiceIdentityProvider("coretech", "athenz", Crypto.loadPrivateKey(k0File), "0");
Principal user = provider.getIdentity("coretech", "athenz");
assertNotNull(user);
assertTrue(user.getIssueTime() != 0);
String token = user.getCredentials();
PrincipalToken prToken = new PrincipalToken(token);
assertTrue(prToken.validate(servicePublicKeyStringK0, 0, false));
assertEquals(prToken.getKeyId(), "0");
}
Also used :
PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)
Principal(com.yahoo.athenz.auth.Principal)
SimpleServiceIdentityProvider(com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Aggregations
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)24
BeforeTest (org.testng.annotations.BeforeTest)14
Test (org.testng.annotations.Test)14
PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)13
Principal (com.yahoo.athenz.auth.Principal)12
KeyStore (com.yahoo.athenz.auth.KeyStore)9
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)7
ArrayList (java.util.ArrayList)6
Authority (com.yahoo.athenz.auth.Authority)2
SimpleServiceIdentityProvider (com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)2
CryptoException (com.yahoo.athenz.auth.util.CryptoException)2
AuditLogMsgBuilder (com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)2
InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)2
InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)2
X509CertRequest (com.yahoo.athenz.zts.cert.X509CertRequest)2
X509Certificate (java.security.cert.X509Certificate)2
Date (java.util.Date)2
RoleToken (com.yahoo.athenz.auth.token.RoleToken)1
ZMSClient (com.yahoo.athenz.zms.ZMSClient)1
X509CertRecord (com.yahoo.athenz.zts.cert.X509CertRecord)1
