Examples with PrincipalToken com.yahoo.athenz.auth.token.PrincipalToken used on opensource projects

Example 31 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedServiceMultiple.

@Test
public void testValidateAuthorizedServiceMultiple() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add("sports.fantasy");
    authorizedServices.add("sports.hockey");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService("sports.fantasy", "1", servicePrivateKeyStringK1);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertEquals(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg), "sports.fantasy");
}

Example 32 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedServiceNoServices.

@Test
public void testValidateAuthorizedServiceNoServices() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}

Example 33 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testRemoteIpCheckNone.

@Test
public void testRemoteIpCheckNone() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    serviceAuthority.ipCheckMode = IpCheckMode.OPS_NONE;
    PrincipalToken serviceToken = new PrincipalToken("v=S1;d=user;n=user1;i=10.11.12.23;s=sig");
    // all operations must return true
    // first let's verify read operation with and without matches
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
    // now let's try write operations without authorized service
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
    // finally mismatch operation with authorized service
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, "authz_service"));
}

Example 34 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testValidateAuthorizedIlligalServiceName.

@Test
public void testValidateAuthorizedIlligalServiceName() throws IOException {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    KeyStore keyStore = new KeyStoreMock();
    serviceAuthority.setKeyStore(keyStore);
    long issueTime = System.currentTimeMillis() / 1000;
    // Create and sign token
    List<String> authorizedServices = new ArrayList<>();
    authorizedServices.add(".fantasy");
    PrincipalToken userTokenToSign = new PrincipalToken.Builder(usrVersion, usrDomain, usrName).salt(salt).issueTime(issueTime).expirationWindow(expirationTime).authorizedServices(authorizedServices).build();
    userTokenToSign.sign(servicePrivateKeyStringK0);
    // now let's sign the token for an authorized service
    userTokenToSign.signForAuthorizedService(".fantasy", "1", servicePrivateKeyStringK1);
    // Create a token for validation using the signed data
    StringBuilder errMsg = new StringBuilder();
    assertNull(serviceAuthority.validateAuthorizeService(userTokenToSign, errMsg));
}

Example 35 with PrincipalToken

use of com.yahoo.athenz.auth.token.PrincipalToken in project athenz by yahoo.

the class PrincipalAuthorityTest method testRemoteIpCheckAll.

@Test
public void testRemoteIpCheckAll() {
    PrincipalAuthority serviceAuthority = new PrincipalAuthority();
    serviceAuthority.ipCheckMode = IpCheckMode.OPS_ALL;
    PrincipalToken serviceToken = new PrincipalToken("v=S1;d=domain;n=service;i=10.11.12.23;s=sig");
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", false, serviceToken, null));
    assertTrue(serviceAuthority.remoteIpCheck("10.11.12.23", true, serviceToken, null));
    assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", false, serviceToken, null));
    assertFalse(serviceAuthority.remoteIpCheck("10.11.12.22", true, serviceToken, null));
}