Example 6 with CertSigner
use of com.yahoo.athenz.common.server.cert.CertSigner in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestByUserIdentityFailure.
@Test
public void testPostInstanceRefreshRequestByUserIdentityFailure() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("0");
String publicKeyName = "athenz.syncer_v0";
final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
ztsImpl.authorizer = authorizer;
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
CertSigner certSigner = Mockito.mock(CertSigner.class);
Mockito.when(certSigner.generateX509Certificate(Mockito.anyString(), Mockito.anyString(), Mockito.anyInt())).thenReturn(null);
ztsImpl.certSigner = certSigner;
try {
ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
fail();
} catch (Exception ex) {
assertTrue(ex.getMessage().contains("Unable to generate identity"), ex.getMessage());
}
}
Also used :
Path(java.nio.file.Path)
CertSigner(com.yahoo.athenz.common.server.cert.CertSigner)
SelfCertSigner(com.yahoo.athenz.zts.cert.impl.SelfCertSigner)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
DataStore(com.yahoo.athenz.zts.store.DataStore)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Test(org.testng.annotations.Test)
Example 7 with CertSigner
use of com.yahoo.athenz.common.server.cert.CertSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateIdentity.
@Test
public void testGenerateIdentity() {
final String cert = "cert";
final String caCert = "caCert";
CertSigner certSigner = Mockito.mock(com.yahoo.athenz.common.server.cert.CertSigner.class);
Mockito.when(certSigner.generateX509Certificate(Mockito.<String>any(), Mockito.any(), Mockito.anyInt())).thenReturn(cert);
Mockito.when(certSigner.getCACertificate()).thenReturn(caCert);
InstanceCertManager instanceManager = new InstanceCertManager(null, certSigner);
InstanceIdentity identity = instanceManager.generateIdentity("csr", "cn", null, 0);
assertNotNull(identity);
assertEquals(identity.getName(), "cn");
assertEquals(identity.getX509Certificate(), cert);
assertEquals(identity.getX509CertificateSigner(), caCert);
}
Also used :
CertSigner(com.yahoo.athenz.common.server.cert.CertSigner)
InstanceIdentity(com.yahoo.athenz.zts.InstanceIdentity)
Test(org.testng.annotations.Test)
Example 8 with CertSigner
use of com.yahoo.athenz.common.server.cert.CertSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentity.
@Test
public void testGenerateSshIdentity() {
String sshCsr = "{\"csr\":\"csr\",\"certtype\":\"host\"}";
CertSigner certSigner = Mockito.mock(com.yahoo.athenz.common.server.cert.CertSigner.class);
Mockito.when(certSigner.generateSSHCertificate(sshCsr)).thenReturn("ssh-cert");
Mockito.when(certSigner.getSSHCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
Mockito.when(certSigner.getSSHCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
InstanceCertManager instanceManager = new InstanceCertManager(null, certSigner);
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
boolean result = instanceManager.generateSshIdentity(identity, sshCsr, "host");
assertTrue(result);
assertEquals(identity.getSshCertificate(), "ssh-cert");
assertEquals(identity.getSshCertificateSigner(), "ssh-host");
}
Also used :
CertSigner(com.yahoo.athenz.common.server.cert.CertSigner)
InstanceIdentity(com.yahoo.athenz.zts.InstanceIdentity)
Test(org.testng.annotations.Test)
Example 9 with CertSigner
use of com.yahoo.athenz.common.server.cert.CertSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityNullCertError.
@Test
public void testGenerateSshIdentityNullCertError() {
String sshCsr = "{\"csr\":\"csr\",\"certtype\":\"host\"}";
CertSigner certSigner = Mockito.mock(com.yahoo.athenz.common.server.cert.CertSigner.class);
Mockito.when(certSigner.generateSSHCertificate(sshCsr)).thenReturn(null);
Mockito.when(certSigner.getSSHCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
Mockito.when(certSigner.getSSHCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
InstanceCertManager instanceManager = new InstanceCertManager(null, certSigner);
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
boolean result = instanceManager.generateSshIdentity(identity, sshCsr, "host");
assertFalse(result);
}
Also used :
CertSigner(com.yahoo.athenz.common.server.cert.CertSigner)
InstanceIdentity(com.yahoo.athenz.zts.InstanceIdentity)
Test(org.testng.annotations.Test)
Example 10 with CertSigner
use of com.yahoo.athenz.common.server.cert.CertSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateIdentityEmptyCert.
@Test
public void testGenerateIdentityEmptyCert() {
CertSigner certSigner = Mockito.mock(com.yahoo.athenz.common.server.cert.CertSigner.class);
Mockito.when(certSigner.generateX509Certificate(Mockito.<String>any(), Mockito.any(), Mockito.anyInt())).thenReturn("");
InstanceCertManager instanceManager = new InstanceCertManager(null, certSigner);
InstanceIdentity identity = instanceManager.generateIdentity("csr", "cn", null, 0);
assertNull(identity);
}
Also used :
CertSigner(com.yahoo.athenz.common.server.cert.CertSigner)
InstanceIdentity(com.yahoo.athenz.zts.InstanceIdentity)
Test(org.testng.annotations.Test)
Aggregations
CertSigner (com.yahoo.athenz.common.server.cert.CertSigner)11
Test (org.testng.annotations.Test)11
InstanceIdentity (com.yahoo.athenz.zts.InstanceIdentity)6
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)2
SelfCertSigner (com.yahoo.athenz.zts.cert.impl.SelfCertSigner)2
Path (java.nio.file.Path)2
Principal (com.yahoo.athenz.auth.Principal)1
PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)1
SignedDomain (com.yahoo.athenz.zms.SignedDomain)1
Identity (com.yahoo.athenz.zts.Identity)1
HttpCertSigner (com.yahoo.athenz.zts.cert.impl.HttpCertSigner)1
HttpCertSignerFactory (com.yahoo.athenz.zts.cert.impl.HttpCertSignerFactory)1
ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)1
CloudStore (com.yahoo.athenz.zts.store.CloudStore)1
DataStore (com.yahoo.athenz.zts.store.DataStore)1
MockCloudStore (com.yahoo.athenz.zts.store.MockCloudStore)1
MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)1
ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)1
File (java.io.File)1
IOException (java.io.IOException)1
