Examples with PrincipalToken com.yahoo.athenz.auth.token.PrincipalToken used on opensource projects

Search in sources :

Example 21 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testRemoteIpCheckWrite.

@Test
public void testRemoteIpCheckWrite() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    serviceAuthority.ipCheckMode = IpCheckMode.OPS_WRITE;
    PrincipalToken serviceToken = new PrincipalToken("v=S1;d=user;n=user1;i=10.11.12.23;s=sig");
    // first let's verify read operation with and without matches
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
    // now let's try write operations without authorized service
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
    assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
    // finally mismatch operation with authorized service
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, "authz_service"));
}
Also used : PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 22 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testRemoteIpCheckAll.

@Test
public void testRemoteIpCheckAll() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    serviceAuthority.ipCheckMode = IpCheckMode.OPS_ALL;
    PrincipalToken serviceToken = new PrincipalToken("v=S1;d=domain;n=service;i=10.11.12.23;s=sig");
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
    assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
    assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
}
Also used : PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 23 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedServiceMultiple.

@Test
public void testValidateAuthorizedServiceMultiple() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("sports.fantasy");
    authorizedServices.add("sports.hockey");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertEquals(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg), "sports.fantasy");
}
Also used : ArrayList(java.util.ArrayList) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 24 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedIlligalServiceName.

@Test
public void testValidateAuthorizedIlligalServiceName() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add(".fantasy");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService(".fantasy", "1", servicePrivateKeyStringK1);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}
Also used : ArrayList(java.util.ArrayList) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Aggregations

PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)24 BeforeTest (org.testng.annotations.BeforeTest)14 Test (org.testng.annotations.Test)14 PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)13 Principal (com.yahoo.athenz.auth.Principal)12 KeyStore (com.yahoo.athenz.auth.KeyStore)9 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)7 ArrayList (java.util.ArrayList)6 Authority (com.yahoo.athenz.auth.Authority)2 SimpleServiceIdentityProvider (com.yahoo.athenz.auth.impl.SimpleServiceIdentityProvider)2 CryptoException (com.yahoo.athenz.auth.util.CryptoException)2 AuditLogMsgBuilder (com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)2 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)2 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)2 X509CertRequest (com.yahoo.athenz.zts.cert.X509CertRequest)2 X509Certificate (java.security.cert.X509Certificate)2 Date (java.util.Date)2 RoleToken (com.yahoo.athenz.auth.token.RoleToken)1 ZMSClient (com.yahoo.athenz.zms.ZMSClient)1 X509CertRecord (com.yahoo.athenz.zts.cert.X509CertRecord)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial