Example 11 with SSHCertRecord
use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.
the class InstanceCertManagerTest method testUpdateSSHHostPrincipalsNullValues.
@Test
public void testUpdateSSHHostPrincipalsNullValues() {
InstanceCertManager instance = new InstanceCertManager(null, null, null, true, null);
SshHostCsr csr = new SshHostCsr();
csr.setPrincipals(new String[0]);
csr.setPrincipals(new String[0]);
SSHCertRecord record = new SSHCertRecord();
instance.updateSSHHostPrincipals(csr, record);
assertEquals(record.getPrincipals(), "127.0.0.1");
String[] principals = new String[3];
principals[0] = "principal1";
principals[1] = "principal2";
principals[2] = "principal4";
csr.setPrincipals(principals);
csr.setXPrincipals(null);
record = new SSHCertRecord();
instance.updateSSHHostPrincipals(csr, record);
Set<String> result = new HashSet<>(Arrays.asList(record.getPrincipals().split(",")));
assertEquals(result.size(), 3);
assertTrue(result.contains("principal1"));
assertTrue(result.contains("principal2"));
assertTrue(result.contains("principal4"));
// now let's try with principals set to null
csr.setPrincipals(null);
csr.setXPrincipals(principals);
record = new SSHCertRecord();
instance.updateSSHHostPrincipals(csr, record);
result = new HashSet<>(Arrays.asList(record.getPrincipals().split(",")));
assertEquals(result.size(), 3);
assertTrue(result.contains("principal1"));
assertTrue(result.contains("principal2"));
assertTrue(result.contains("principal4"));
}
Also used :
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Example 12 with SSHCertRecord
use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityInalidPrincipals.
@Test
public void testGenerateSshIdentityInalidPrincipals() throws IOException {
Path path = Paths.get("src/test/resources/sshhost_valid_sample.csr");
String sshCsr = new String(Files.readAllBytes(path));
SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCsr(sshCsr);
SSHCertificates certs = new SSHCertificates();
SSHCertificate cert = new SSHCertificate();
cert.setCertificate("ssh-cert");
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
when(sshSigner.generateCertificate(null, sshRequest, null, "host")).thenReturn(sshCertificates);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
// setup the hostname resolver for our request
String hostname = "host1.athenz.cloud";
List<String> cnames = new ArrayList<>();
cnames.add("cname.athenz.info");
cnames.add("vip.athenz.info");
SSHCertRecord sshCertRecord = new SSHCertRecord();
sshCertRecord.setService("athenz.examples.httpd");
HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(false);
when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
instanceManager.setSSHSigner(sshSigner);
boolean result = instanceManager.generateSSHIdentity(null, identity, hostname, sshCsr, null, new SSHCertRecord(), "host");
assertFalse(result);
instanceManager.shutdown();
}
Also used :
Path(java.nio.file.Path)
HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver)
SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Example 13 with SSHCertRecord
use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.
the class InstanceCertManagerTest method testUpdateSSHCertRecord.
@Test
public void testUpdateSSHCertRecord() {
InstanceCertManager instance = new InstanceCertManager(null, null, null, true, null);
instance.setSSHSigner(null);
SSHRecordStore certStore = Mockito.mock(SSHRecordStore.class);
SSHRecordStoreConnection certConnection = Mockito.mock(SSHRecordStoreConnection.class);
when(certStore.getConnection()).thenReturn(certConnection);
instance.setSSHStore(certStore);
// when record is null, we get success all the time
assertTrue(instance.updateSSHCertRecord(null, true));
// now let's set our mock object to return success
// and pass a real object
when(certConnection.updateSSHCertRecord(ArgumentMatchers.isA(SSHCertRecord.class))).thenReturn(true);
SSHCertRecord sshCertRecord = new SSHCertRecord();
assertTrue(instance.updateSSHCertRecord(sshCertRecord, true));
instance.shutdown();
}
Also used :
SSHRecordStoreConnection(com.yahoo.athenz.common.server.ssh.SSHRecordStoreConnection)
SSHRecordStore(com.yahoo.athenz.common.server.ssh.SSHRecordStore)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Example 14 with SSHCertRecord
use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.
the class InstanceCertManagerTest method testValidPrincipalsSSHRequestNulls.
@Test
public void testValidPrincipalsSSHRequestNulls() {
final String hostname = "host1.athenz.cloud";
HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
SSHCertRecord sshCertRecord = new SSHCertRecord();
sshCertRecord.setService("athenz.examples.httpd");
SSHCertRequest sshCertRequest = new SSHCertRequest();
assertFalse(instanceManager.validPrincipals(hostname, sshCertRecord, sshCertRequest));
sshCertRequest.setCertRequestData(new SSHCertRequestData());
sshCertRequest.setCertRequestMeta(null);
assertFalse(instanceManager.validPrincipals(hostname, sshCertRecord, sshCertRequest));
sshCertRequest.setCertRequestData(null);
sshCertRequest.setCertRequestMeta(new SSHCertRequestMeta());
assertFalse(instanceManager.validPrincipals(hostname, sshCertRecord, sshCertRequest));
// null principals returns true
sshCertRequest.setCertRequestData(new SSHCertRequestData());
sshCertRequest.setCertRequestMeta(new SSHCertRequestMeta());
assertTrue(instanceManager.validPrincipals(hostname, sshCertRecord, sshCertRequest));
instanceManager.shutdown();
}
Also used :
HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Example 15 with SSHCertRecord
use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityEmptyCertError.
@Test
public void testGenerateSshIdentityEmptyCertError() {
String sshCsr = "{\"csr\":\"csr\",\"certtype\":\"host\"}";
SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCsr(sshCsr);
SSHCertificates certs = new SSHCertificates();
certs.setCertificates(Collections.emptyList());
when(sshSigner.generateCertificate(null, sshRequest, null, "host")).thenReturn(certs);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
instanceManager.setSSHSigner(sshSigner);
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
boolean result = instanceManager.generateSSHIdentity(null, identity, null, sshCsr, null, new SSHCertRecord(), "host");
assertFalse(result);
instanceManager.shutdown();
}
Also used :
SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Aggregations
SSHCertRecord (com.yahoo.athenz.common.server.ssh.SSHCertRecord)57
Test (org.testng.annotations.Test)51
SSHSigner (com.yahoo.athenz.common.server.ssh.SSHSigner)14
HostnameResolver (com.yahoo.athenz.common.server.dns.HostnameResolver)12
Path (java.nio.file.Path)5
File (java.io.File)4
AmazonDynamoDBException (com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException)3
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
SSHRecordStore (com.yahoo.athenz.common.server.ssh.SSHRecordStore)3
SSHRecordStoreConnection (com.yahoo.athenz.common.server.ssh.SSHRecordStoreConnection)3
IOException (java.io.IOException)3
UpdateItemSpec (com.amazonaws.services.dynamodbv2.document.spec.UpdateItemSpec)2
Principal (com.yahoo.athenz.auth.Principal)2
PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)2
CryptoException (com.yahoo.athenz.auth.util.CryptoException)2
Priority (com.yahoo.athenz.common.server.cert.Priority)2
StatusCheckException (com.yahoo.athenz.common.server.status.StatusCheckException)2
InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)2
InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)2
ResourceException (com.yahoo.athenz.zts.ResourceException)2
