use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class ZTSClientTest method testGetAccessTokenFromFile.
@Test
public void testGetAccessTokenFromFile() {
File ecPublicKey = new File("./src/test/resources/ec_public.key");
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
PublicKey publicKey = Crypto.loadPublicKey(ecPublicKey);
resolver.addPublicKey("eckey1", publicKey);
Path path = Paths.get("./src/test/resources/");
System.setProperty(ZTSAccessTokenFileLoader.ACCESS_TOKEN_PATH_PROPERTY, path.toString());
setupTokenFile();
setupInvalidTokenFile();
Principal principal = SimplePrincipal.create("user_domain", "user", "auth_creds", PRINCIPAL_AUTHORITY);
ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
ZTSClient client = new ZTSClient("http://localhost:4080", principal);
client.setZTSRDLGeneratedClient(ztsClientMock);
ZTSClient.setAccessTokenSignKeyResolver(resolver);
ZTSClient.initZTSAccessTokenFileLoader();
AccessTokenResponse accessTokenResponse = client.getAccessToken("test.domain", Collections.singletonList("admin"), 3600);
assertNotNull(accessTokenResponse);
assertEquals(accessTokenResponse.getScope(), "admin");
assertEquals((int) accessTokenResponse.getExpires_in(), 28800);
}
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class AccessTokenTest method testConfirmX509CertInvalidProxyPrincipal.
@Test
public void testConfirmX509CertInvalidProxyPrincipal() throws IOException {
long now = System.currentTimeMillis() / 1000;
AccessToken accessToken = createAccessToken(now);
accessToken.setConfirmProxyPrincipalSpiffeUris(Collections.singletonList("spiffe://athenz/sports/service1"));
// now get the signed token
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
assertNotNull(accessJws);
// now verify our signed token
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
Path path = Paths.get("src/test/resources/x509_altnames_singleuri.cert");
String certStr = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(certStr);
try {
new AccessToken(accessJws, resolver, cert);
fail();
} catch (CryptoException ex) {
assertTrue(ex.getMessage().contains("Confirmation failure"));
}
}
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class AccessTokenTest method testConfirmX509CertProxyPrincipal.
@Test
public void testConfirmX509CertProxyPrincipal() throws IOException {
long now = System.currentTimeMillis() / 1000;
AccessToken accessToken = createAccessToken(now);
accessToken.setConfirmProxyPrincipalSpiffeUris(Collections.singletonList("spiffe://athenz/domain1/service1"));
// now get the signed token
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
assertNotNull(accessJws);
// now verify our signed token
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
Path path = Paths.get("src/test/resources/x509_altnames_singleuri.cert");
String certStr = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(certStr);
AccessToken checkToken = new AccessToken(accessJws, resolver, cert);
assertNotNull(checkToken);
List<String> spiffeUris = checkToken.getConfirmProxyPrincpalSpiffeUris();
assertEquals(spiffeUris.size(), 1);
assertEquals(spiffeUris.get(0), "spiffe://athenz/domain1/service1");
}
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class AccessTokenTest method testConfirmX509CertMultipleProxyPrincipal.
@Test
public void testConfirmX509CertMultipleProxyPrincipal() throws IOException {
long now = System.currentTimeMillis() / 1000;
AccessToken accessToken = createAccessToken(now);
List<String> proxyPrincipalUris = new ArrayList<>();
proxyPrincipalUris.add("spiffe://athenz/domain1/service2");
proxyPrincipalUris.add("spiffe://athenz/domain1/service1");
accessToken.setConfirmProxyPrincipalSpiffeUris(proxyPrincipalUris);
// now get the signed token
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
assertNotNull(accessJws);
// now verify our signed token
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
Path path = Paths.get("src/test/resources/x509_altnames_singleuri.cert");
String certStr = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(certStr);
AccessToken checkToken = new AccessToken(accessJws, resolver, cert);
assertNotNull(checkToken);
}
use of com.yahoo.athenz.auth.token.jwts.JwtsSigningKeyResolver in project athenz by yahoo.
the class AccessTokenTest method testAccessTokenSignedToken.
@Test
public void testAccessTokenSignedToken() {
long now = System.currentTimeMillis() / 1000;
AccessToken accessToken = createAccessToken(now);
// now get the signed token
PrivateKey privateKey = Crypto.loadPrivateKey(ecPrivateKey);
String accessJws = accessToken.getSignedToken(privateKey, "eckey1", SignatureAlgorithm.ES256);
assertNotNull(accessJws);
// now verify our signed token
JwtsSigningKeyResolver resolver = new JwtsSigningKeyResolver(null, null);
resolver.addPublicKey("eckey1", Crypto.loadPublicKey(ecPublicKey));
AccessToken checkToken = new AccessToken(accessJws, resolver);
validateAccessToken(checkToken, now);
}
Aggregations