use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.
the class PrincipalAuthorityTest method testValidateAuthorizedServiceMultiple.
@Test
public void testValidateAuthorizedServiceMultiple() throws IOException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
long issueTime = System.currentTimeMillis() / 1000;
// Create and sign token
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add("sports.fantasy");
authorizedServices.add("sports.hockey");
PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
userTokenToSign.sign(servicePrivateKeyStringK0);
// now let's sign the token for an authorized service
userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
// Create a token for validation using the signed data
StringBuilder errMsg = new StringBuilder();
assertEquals(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg), "sports.fantasy");
}
use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.
the class PrincipalAuthorityTest method testValidateAuthorizedServiceNoServices.
@Test
public void testValidateAuthorizedServiceNoServices() throws IOException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
long issueTime = System.currentTimeMillis() / 1000;
// Create and sign token
PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).build();
userTokenToSign.sign(servicePrivateKeyStringK0);
// Create a token for validation using the signed data
StringBuilder errMsg = new StringBuilder();
assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}
use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.
the class PrincipalAuthorityTest method testRemoteIpCheckNone.
@Test
public void testRemoteIpCheckNone() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
serviceAuthority.ipCheckMode = IpCheckMode.OPS_NONE;
PrincipalToken serviceToken = new PrincipalToken("v=S1;d=user;n=user1;i=10.11.12.23;s=sig");
// all operations must return true
// first let's verify read operation with and without matches
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
// now let's try write operations without authorized service
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
// finally mismatch operation with authorized service
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, "authz_service"));
}
use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.
the class PrincipalAuthorityTest method testValidateAuthorizedIlligalServiceName.
@Test
public void testValidateAuthorizedIlligalServiceName() throws IOException {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
KeyStore keyStore = new KeyStoreMock();
serviceAuthority.setKeyStore(keyStore);
long issueTime = System.currentTimeMillis() / 1000;
// Create and sign token
List<String> authorizedServices = new ArrayList<>();
authorizedServices.add(".fantasy");
PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
userTokenToSign.sign(servicePrivateKeyStringK0);
// now let's sign the token for an authorized service
userTokenToSign.signForAuthorizedService(".fantasy", "1", servicePrivateKeyStringK1);
// Create a token for validation using the signed data
StringBuilder errMsg = new StringBuilder();
assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}
use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.
the class PrincipalAuthorityTest method testRemoteIpCheckAll.
@Test
public void testRemoteIpCheckAll() {
PrincipalAuthority serviceAuthority = new PrincipalAuthority();
serviceAuthority.ipCheckMode = IpCheckMode.OPS_ALL;
PrincipalToken serviceToken = new PrincipalToken("v=S1;d=domain;n=service;i=10.11.12.23;s=sig");
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
}
Aggregations