Examples with SSHCertRecord com.yahoo.athenz.common.server.ssh.SSHCertRecord used on opensource projects

Example 6 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class JDBCSSHRecordStoreConnectionTest method testGetSSHCertRecordNotFound.

@Test
public void testGetSSHCertRecordNotFound() throws Exception {
    Mockito.when(mockResultSet.next()).thenReturn(false);
    JDBCSSHRecordStoreConnection jdbcConn = new JDBCSSHRecordStoreConnection(mockConn);
    SSHCertRecord certRecord = jdbcConn.getSSHCertRecord("instance-id", "athenz.api");
    assertNull(certRecord);
    jdbcConn.close();
}

Example 7 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class JDBCSSHRecordStoreConnectionTest method testUpdateSSHRecordException.

@Test
public void testUpdateSSHRecordException() throws Exception {
    JDBCSSHRecordStoreConnection jdbcConn = new JDBCSSHRecordStoreConnection(mockConn);
    SSHCertRecord certRecord = new SSHCertRecord();
    certRecord.setInstanceId("id1");
    certRecord.setService("athenz.api");
    certRecord.setPrincipals("host1");
    Mockito.doThrow(new SQLException("error", "state", 503)).when(mockPrepStmt).executeUpdate();
    try {
        jdbcConn.updateSSHCertRecord(certRecord);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 500);
    }
    jdbcConn.close();
}

Example 8 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class ZTSImplTest method testGenerateSSHCertRecord.

@Test
public void testGenerateSSHCertRecord() {
    Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    SSHCertRecord sshRecord = zts.generateSSHCertRecord(context, "api", "id001", "127.0.0.1");
    assertEquals(sshRecord.getPrivateIP(), "127.0.0.1");
    assertEquals(sshRecord.getClientIP(), MOCKCLIENTADDR);
    assertEquals(sshRecord.getService(), "api");
    assertEquals(sshRecord.getInstanceId(), "id001");
    sshRecord = zts.generateSSHCertRecord(context, "api", "id001", "");
    assertEquals(sshRecord.getPrivateIP(), MOCKCLIENTADDR);
    assertEquals(sshRecord.getClientIP(), MOCKCLIENTADDR);
    sshRecord = zts.generateSSHCertRecord(context, "api", "id001", null);
    assertEquals(sshRecord.getPrivateIP(), MOCKCLIENTADDR);
    assertEquals(sshRecord.getClientIP(), MOCKCLIENTADDR);
}

Example 9 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class InstanceCertManagerTest method testValidPrincipalsHostnameAlone.

@Test
public void testValidPrincipalsHostnameAlone() {
    String hostname = "host1.athenz.cloud";
    SshHostCsr sshHostCsr = new SshHostCsr();
    sshHostCsr.setXPrincipals(new String[] { hostname });
    sshHostCsr.setPrincipals(new String[] { "service.domain.athenz.cloud", hostname });
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setService("athenz.examples.httpd");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    boolean result = instanceManager.validPrincipals(hostname, sshCertRecord, sshHostCsr);
    assertTrue(result);
    instanceManager.shutdown();
}

Example 10 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityValidPrincipals.

@Test
public void testGenerateSshIdentityValidPrincipals() throws IOException {
    Path path = Paths.get("src/test/resources/sshhost_valid_sample.csr");
    String sshCsr = new String(Files.readAllBytes(path));
    SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCsr(sshCsr);
    SSHCertificates certs = new SSHCertificates();
    SSHCertificate cert = new SSHCertificate();
    cert.setCertificate("ssh-cert");
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setPrincipals("127.0.0.1");
    sshCertRecord.setService("athenz.service");
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
    when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    List<String> cnames = new ArrayList<>();
    cnames.add("cname.athenz.info");
    cnames.add("vip.athenz.info");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(true);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    instanceManager.setSSHSigner(sshSigner);
    boolean result = instanceManager.generateSSHIdentity(null, identity, hostname, sshCsr, null, sshCertRecord, "host");
    assertTrue(result);
    assertEquals(identity.getSshCertificate(), "ssh-cert");
    assertEquals(identity.getSshCertificateSigner(), "ssh-host");
    instanceManager.shutdown();
}