Examples with HostnameResolver com.yahoo.athenz.common.server.dns.HostnameResolver used on opensource projects

Search in sources :

Example 16 with HostnameResolver

use of com.yahoo.athenz.common.server.dns.HostnameResolver in project athenz by yahoo.

the class InstanceCertManagerTest method testValidPrincipalsSSHRequest.

@Test
public void testValidPrincipalsSSHRequest() {
    final String hostname = "host1.athenz.cloud";
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setService("athenz.examples.httpd");
    SSHCertRequest sshCertRequest = new SSHCertRequest();
    sshCertRequest.setCertRequestData(new SSHCertRequestData().setPrincipals(Collections.singletonList("host1.athenz.cloud")));
    sshCertRequest.setCertRequestMeta(new SSHCertRequestMeta());
    assertTrue(instanceManager.validPrincipals(hostname, sshCertRecord, sshCertRequest));
    instanceManager.shutdown();
}
Also used : HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 17 with HostnameResolver

use of com.yahoo.athenz.common.server.dns.HostnameResolver in project athenz by yahoo.

the class InstanceCertManagerTest method testValidPrincipalsInvalidHostname.

@Test
public void testValidPrincipalsInvalidHostname() throws IOException {
    Path path = Paths.get("src/test/resources/sshhost_valid_sample.csr");
    String sshCsr = new String(Files.readAllBytes(path));
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setService("athenz.examples.httpd");
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(false);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    ObjectMapper objectMapper = new ObjectMapper();
    boolean result = instanceManager.validPrincipals("host1.athenz.cloud", sshCertRecord, objectMapper.readValue(sshCsr, SshHostCsr.class));
    assertFalse(result);
    instanceManager.shutdown();
}
Also used : Path(java.nio.file.Path) HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 18 with HostnameResolver

use of com.yahoo.athenz.common.server.dns.HostnameResolver in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityCertRequestValidPrincipals.

@Test
public void testGenerateSshIdentityCertRequestValidPrincipals() {
    SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCertRequestData(new SSHCertRequestData().setPrincipals(Arrays.asList("host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setPublicKey("sample public key"));
    sshRequest.setCertRequestMeta(new SSHCertRequestMeta().setKeyIdPrincipals(Arrays.asList("service.domain.athenz.cloud", "host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setCertType("host").setTransId("123456").setOrigin("10.1.2.3"));
    SSHCertificates certs = new SSHCertificates();
    SSHCertificate cert = new SSHCertificate();
    cert.setCertificate("ssh-cert");
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setPrincipals("127.0.0.1");
    sshCertRecord.setService("athenz.service");
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
    when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    List<String> cnames = new ArrayList<>();
    cnames.add("cname.athenz.info");
    cnames.add("vip.athenz.info");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(true);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    instanceManager.setSSHSigner(sshSigner);
    assertTrue(instanceManager.generateSSHIdentity(null, identity, hostname, null, sshRequest, sshCertRecord, "host"));
    assertEquals(identity.getSshCertificate(), "ssh-cert");
    assertEquals(identity.getSshCertificateSigner(), "ssh-host");
    instanceManager.shutdown();
}
Also used : HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 19 with HostnameResolver

use of com.yahoo.athenz.common.server.dns.HostnameResolver in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityCertRequestNoHostname.

@Test
public void testGenerateSshIdentityCertRequestNoHostname() {
    SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCertRequestData(new SSHCertRequestData().setPrincipals(Arrays.asList("host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setPublicKey("sample public key"));
    sshRequest.setCertRequestMeta(new SSHCertRequestMeta().setKeyIdPrincipals(Arrays.asList("service.domain.athenz.cloud", "host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setCertType("host").setTransId("123456").setOrigin("10.1.2.3"));
    SSHCertificates certs = new SSHCertificates();
    SSHCertificate cert = new SSHCertificate();
    cert.setCertificate("ssh-cert");
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setPrincipals("127.0.0.1");
    sshCertRecord.setService("athenz.service");
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
    when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    instanceManager.setSSHSigner(sshSigner);
    assertTrue(instanceManager.generateSSHIdentity(null, identity, null, null, sshRequest, sshCertRecord, "host"));
    assertEquals(identity.getSshCertificate(), "ssh-cert");
    assertEquals(identity.getSshCertificateSigner(), "ssh-host");
    instanceManager.shutdown();
}
Also used : HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 20 with HostnameResolver

use of com.yahoo.athenz.common.server.dns.HostnameResolver in project athenz by yahoo.

the class X509CertRequestTest method testValidateInstanceCnames.

@Test
public void testValidateInstanceCnames() throws IOException {
    Path path = Paths.get("src/test/resources/athenz.instanceid.uri.csr");
    String csr = new String(Files.readAllBytes(path));
    String service = "athenz.api";
    X509CertRequest certReq = new X509CertRequest(csr);
    assertNotNull(certReq);
    // cnames null and empty is always true
    assertTrue(certReq.validateInstanceCnames(null, null, service, null, null, null));
    assertTrue(certReq.validateInstanceCnames(null, null, service, null, Collections.emptyList(), null));
    // if the name is empty or null, then it's failure
    assertFalse(certReq.validateInstanceCnames(null, null, service, null, Collections.singletonList("host1.athenz.cloud"), null));
    assertFalse(certReq.validateInstanceCnames(null, null, service, "", Collections.singletonList("host1.athenz.cloud"), null));
    DataCache athenzSysDomainCache = Mockito.mock(DataCache.class);
    List<String> providerHostnameAllowedSuffixList = Collections.singletonList("athenz.cloud");
    Mockito.when(athenzSysDomainCache.getProviderHostnameAllowedSuffixList("provider")).thenReturn(providerHostnameAllowedSuffixList);
    List<String> providerHostnameDeniedSuffixList = Collections.singletonList("athenz.info");
    Mockito.when(athenzSysDomainCache.getProviderHostnameDeniedSuffixList("provider")).thenReturn(providerHostnameDeniedSuffixList);
    // cname does not match allowed suffix list thus denied
    assertFalse(certReq.validateInstanceCnames("provider", athenzSysDomainCache, service, "hostname.athenz.cloud", Collections.singletonList("host1.athenz.data"), null));
    List<String> cnameList = new ArrayList<>();
    cnameList.add("host1.athenz.cloud");
    cnameList.add("host1.athenz.data");
    assertFalse(certReq.validateInstanceCnames("provider", athenzSysDomainCache, service, "hostname.athenz.cloud", cnameList, null));
    // cname is explicitly denied
    assertFalse(certReq.validateInstanceCnames("provider", athenzSysDomainCache, service, "hostname.athenz.cloud", Collections.singletonList("host1.athenz.info"), null));
    cnameList.add("host1.athenz.info");
    assertFalse(certReq.validateInstanceCnames("provider", athenzSysDomainCache, service, "hostname.athenz.cloud", cnameList, null));
    // no hostname resolver thus denied
    assertFalse(certReq.validateInstanceCnames("provider", athenzSysDomainCache, service, "hostname.athenz.cloud", Collections.singletonList("host1.athenz.cloud"), null));
    HostnameResolver resolver = Mockito.mock(HostnameResolver.class);
    Mockito.when(resolver.isValidHostCnameList(service, "hostname.athenz.cloud", Collections.singletonList("host1.athenz.cloud"), CertType.X509)).thenReturn(false);
    assertFalse(certReq.validateInstanceCnames("provider", athenzSysDomainCache, service, "hostname.athenz.cloud", Collections.singletonList("host1.athenz.cloud"), resolver));
    // set resolver to return true for host2
    Mockito.when(resolver.isValidHostCnameList(service, "hostname.athenz.cloud", Collections.singletonList("host2.athenz.cloud"), CertType.X509)).thenReturn(true);
    assertTrue(certReq.validateInstanceCnames("provider", athenzSysDomainCache, service, "hostname.athenz.cloud", Collections.singletonList("host2.athenz.cloud"), resolver));
}
Also used : Path(java.nio.file.Path) HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) TestHostnameResolver(com.yahoo.athenz.zts.cert.impl.TestHostnameResolver) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Aggregations

HostnameResolver (com.yahoo.athenz.common.server.dns.HostnameResolver)37 Test (org.testng.annotations.Test)36 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)14 SSHCertRecord (com.yahoo.athenz.common.server.ssh.SSHCertRecord)12 Path (java.nio.file.Path)12 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)9 InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)7 DataStore (com.yahoo.athenz.zts.store.DataStore)7 SSHSigner (com.yahoo.athenz.common.server.ssh.SSHSigner)6 ChangeLogStore (com.yahoo.athenz.common.server.store.ChangeLogStore)5 ZMSFileChangeLogStore (com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore)5 InstanceZTSProvider (com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider)5 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore)5 KeyStore (com.yahoo.athenz.auth.KeyStore)4 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)4 ResourceException (com.yahoo.athenz.instance.provider.ResourceException)4 X509CertRecord (com.yahoo.athenz.common.server.cert.X509CertRecord)3 SignedDomain (com.yahoo.athenz.zms.SignedDomain)3 DataCache (com.yahoo.athenz.zts.cache.DataCache)3 TestHostnameResolver (com.yahoo.athenz.zts.cert.impl.TestHostnameResolver)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial