Examples with PrincipalToken com.yahoo.athenz.auth.token.PrincipalToken used on opensource projects

Search in sources :

Example 26 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedServiceNoSignature.

@Test
public void testValidateAuthorizedServiceNoSignature() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("coretech.storage");
    authorizedServices.add("media.storage");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).authorizedServices(authorizedServices).expirationWindow(expirationTime).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}
Also used : ArrayList(java.util.ArrayList) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 27 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testRemoteIpCheckWrite.

@Test
public void testRemoteIpCheckWrite() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    serviceAuthority.ipCheckMode = IpCheckMode.OPS_WRITE;
    PrincipalToken serviceToken = new PrincipalToken("v=S1;d=user;n=user1;i=10.11.12.23;s=sig");
    // first let's verify read operation with and without matches
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
    // now let's try write operations without authorized service
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
    assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
    // finally mismatch operation with authorized service
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, "authz_service"));
}
Also used : PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 28 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testPrincipalAuthorityWithAuthorizedService.

@Test
public void testPrincipalAuthorityWithAuthorizedService() throws IOException, CryptoException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    // Create and sign token with key version 0
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("sports.fantasy");
    authorizedServices.add("sports.hockey");
    long issueTime = System.currentTimeMillis() / 1000;
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).ip("127.0.0.2").issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
    // we're going to pass a different IP so we get the authorized service checks
    StringBuilder errMsg = new StringBuilder();
    Principal principal = serviceAuthority.authenticate(userTokenToSign.getSignedToken(), "127.0.0.3", "POST", errMsg);
    assertNotNull(principal);
    assertEquals(principal.getAuthorizedService(), "sports.fantasy");
}
Also used : ArrayList(java.util.ArrayList) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 29 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testPrincipalTokenValidateForAuthorizedService.

// @Test
public void testPrincipalTokenValidateForAuthorizedService() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("test.fantasy");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService("test.fantasy", "1", servicePrivateKeyStringK1);
    // Create a token for validation using the signed data
    serviceAuthority.validateAuthorizeService(userTokenToSign, null);
}
Also used : ArrayList(java.util.ArrayList) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore)

Example 30 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testPrincipalAuthorityWithNullAuthorizedService.

@Test
public void testPrincipalAuthorityWithNullAuthorizedService() throws IOException {
    PrincipalAuthority authority = new PrincipalAuthority();
    PrincipalAuthority serviceAuthority = Mockito.spy(authority);
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    // Create and sign token with key version 0
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("sports.fantasy");
    authorizedServices.add("sports.hockey");
    long issueTime = System.currentTimeMillis() / 1000;
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).ip("127.0.0.2").issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
    // we're going to pass a different IP so we get the authorized service checks
    doReturn(null).when(serviceAuthority).validateAuthorizeService(any(), any());
    StringBuilder errMsg = new StringBuilder();
    Principal principal = serviceAuthority.authenticate(userTokenToSign.getSignedToken(), "127.0.0.3", "POST", errMsg);
    assertNull(principal);
}
Also used : ArrayList(java.util.ArrayList) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) KeyStore(com.yahoo.athenz.auth.KeyStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Aggregations

PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)47 Test (org.testng.annotations.Test)29 KeyStore (com.yahoo.athenz.auth.KeyStore)25 BeforeTest (org.testng.annotations.BeforeTest)17 Principal (com.yahoo.athenz.auth.Principal)15 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)14 InstanceZTSProvider (com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider)12 ArrayList (java.util.ArrayList)10 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)7 ResourceException (com.yahoo.athenz.instance.provider.ResourceException)6 CryptoException (com.yahoo.athenz.auth.util.CryptoException)4 HostnameResolver (com.yahoo.athenz.common.server.dns.HostnameResolver)4 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)4 X509Certificate (java.security.cert.X509Certificate)4 Priority (com.yahoo.athenz.common.server.cert.Priority)2 AuditLogMsgBuilder (com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)2 SSHCertRecord (com.yahoo.athenz.common.server.ssh.SSHCertRecord)2 StatusCheckException (com.yahoo.athenz.common.server.status.StatusCheckException)2 ZMSClient (com.yahoo.athenz.zms.ZMSClient)2 DataCache (com.yahoo.athenz.zts.cache.DataCache)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial