Examples with HostnameResolver com.yahoo.athenz.common.server.dns.HostnameResolver used on opensource projects

Search in sources :

Example 11 with HostnameResolver

use of com.yahoo.athenz.common.server.dns.HostnameResolver in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityCertRequestInValidPrincipals.

@Test
public void testGenerateSshIdentityCertRequestInValidPrincipals() {
    SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCertRequestData(new SSHCertRequestData().setPrincipals(Arrays.asList("host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setPublicKey("sample public key"));
    sshRequest.setCertRequestMeta(new SSHCertRequestMeta().setKeyIdPrincipals(Arrays.asList("service.domain.athenz.cloud", "host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setCertType("host").setTransId("123456").setOrigin("10.1.2.3"));
    SSHCertificates certs = new SSHCertificates();
    SSHCertificate cert = new SSHCertificate();
    cert.setCertificate("ssh-cert");
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setPrincipals("127.0.0.1");
    sshCertRecord.setService("athenz.service");
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
    when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    List<String> cnames = new ArrayList<>();
    cnames.add("cname.athenz.info");
    cnames.add("vip.athenz.info");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(false);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    instanceManager.setSSHSigner(sshSigner);
    assertFalse(instanceManager.generateSSHIdentity(null, identity, hostname, null, sshRequest, sshCertRecord, "host"));
    instanceManager.shutdown();
}
Also used : HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 12 with HostnameResolver

use of com.yahoo.athenz.common.server.dns.HostnameResolver in project athenz by yahoo.

the class InstanceCertManagerTest method testValidPrincipalsIpAlone.

@Test
public void testValidPrincipalsIpAlone() {
    String hostname = "host1.athenz.cloud";
    SshHostCsr sshHostCsr = new SshHostCsr();
    sshHostCsr.setXPrincipals(new String[] { "10.1.2.3" });
    sshHostCsr.setPrincipals(new String[] { "service.domain.athenz.cloud", "10.1.2.3" });
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setService("athenz.examples.httpd");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    boolean result = instanceManager.validPrincipals(hostname, sshCertRecord, sshHostCsr);
    assertTrue(result);
    instanceManager.shutdown();
}
Also used : HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 13 with HostnameResolver

use of com.yahoo.athenz.common.server.dns.HostnameResolver in project athenz by yahoo.

the class InstanceCertManagerTest method testValidPrincipalsBadCsr.

@Test
public void testValidPrincipalsBadCsr() {
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    SSHSigner signer = Mockito.mock(SSHSigner.class);
    instanceManager.setSSHSigner(signer);
    String sshCsr = "{\"pubkey\":\"key\",\"certtype\":\"host\"";
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.test");
    boolean result = instanceManager.generateSSHIdentity(null, identity, hostname, sshCsr, null, new SSHCertRecord(), ZTSConsts.ZTS_SSH_HOST);
    assertFalse(result);
}
Also used : HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 14 with HostnameResolver

use of com.yahoo.athenz.common.server.dns.HostnameResolver in project athenz by yahoo.

the class X509CertRequestTest method testValidateDnsNamesWithCnameValues.

@Test
public void testValidateDnsNamesWithCnameValues() throws IOException {
    Path path = Paths.get("src/test/resources/athenz.instanceid.cname.csr");
    String csr = new String(Files.readAllBytes(path));
    String service = "athenz.production";
    X509CertRequest certReq = new X509CertRequest(csr);
    assertNotNull(certReq);
    DataCache athenzSysDomainCache = Mockito.mock(DataCache.class);
    Mockito.when(athenzSysDomainCache.getProviderDnsSuffixList("provider")).thenReturn(Collections.singletonList("ostk.athenz.cloud"));
    List<String> allowedSuffixList = new ArrayList<>();
    allowedSuffixList.add("athenz.info");
    allowedSuffixList.add("athenz.cloud");
    Mockito.when(athenzSysDomainCache.getProviderHostnameAllowedSuffixList("provider")).thenReturn(allowedSuffixList);
    Mockito.when(athenzSysDomainCache.getProviderHostnameDeniedSuffixList("provider")).thenReturn(null);
    List<String> cnameList = new ArrayList<>();
    cnameList.add("cname1.athenz.info");
    cnameList.add("cname2.athenz.info");
    HostnameResolver resolver = Mockito.mock(HostnameResolver.class);
    Mockito.when(resolver.isValidHostCnameList(service, "host1.athenz.cloud", cnameList, CertType.X509)).thenReturn(false).thenReturn(true);
    Mockito.when(resolver.isValidHostname("host1.athenz.cloud")).thenReturn(true);
    // first call we're going to get failure
    assertFalse(certReq.validateDnsNames("athenz", "production", "provider", athenzSysDomainCache, "ostk.athenz.cloud", "host1.athenz.cloud", cnameList, resolver));
    // second call is success
    assertTrue(certReq.validateDnsNames("athenz", "production", "provider", athenzSysDomainCache, "ostk.athenz.cloud", "host1.athenz.cloud", cnameList, resolver));
}
Also used : Path(java.nio.file.Path) HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) TestHostnameResolver(com.yahoo.athenz.zts.cert.impl.TestHostnameResolver) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Example 15 with HostnameResolver

use of com.yahoo.athenz.common.server.dns.HostnameResolver in project athenz by yahoo.

the class InstanceCertManagerTest method testValidPrincipalsNoCnames.

@Test
public void testValidPrincipalsNoCnames() throws IOException {
    Path path = Paths.get("src/test/resources/sshhost_nocnames.csr");
    String sshCsr = new String(Files.readAllBytes(path));
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setService("athenz.examples.httpd");
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    ObjectMapper objectMapper = new ObjectMapper();
    boolean result = instanceManager.validPrincipals("host1.athenz.cloud", sshCertRecord, objectMapper.readValue(sshCsr, SshHostCsr.class));
    assertTrue(result);
    instanceManager.shutdown();
}
Also used : Path(java.nio.file.Path) HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Aggregations

HostnameResolver (com.yahoo.athenz.common.server.dns.HostnameResolver)37 Test (org.testng.annotations.Test)36 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)14 SSHCertRecord (com.yahoo.athenz.common.server.ssh.SSHCertRecord)12 Path (java.nio.file.Path)12 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)9 InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)7 DataStore (com.yahoo.athenz.zts.store.DataStore)7 SSHSigner (com.yahoo.athenz.common.server.ssh.SSHSigner)6 ChangeLogStore (com.yahoo.athenz.common.server.store.ChangeLogStore)5 ZMSFileChangeLogStore (com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore)5 InstanceZTSProvider (com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider)5 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore)5 KeyStore (com.yahoo.athenz.auth.KeyStore)4 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)4 ResourceException (com.yahoo.athenz.instance.provider.ResourceException)4 X509CertRecord (com.yahoo.athenz.common.server.cert.X509CertRecord)3 SignedDomain (com.yahoo.athenz.zms.SignedDomain)3 DataCache (com.yahoo.athenz.zts.cache.DataCache)3 TestHostnameResolver (com.yahoo.athenz.zts.cert.impl.TestHostnameResolver)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial