Examples with SSHCertRecord com.yahoo.athenz.common.server.ssh.SSHCertRecord used on opensource projects

Example 16 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityCertRequestInValidPrincipals.

@Test
public void testGenerateSshIdentityCertRequestInValidPrincipals() {
    SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCertRequestData(new SSHCertRequestData().setPrincipals(Arrays.asList("host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setPublicKey("sample public key"));
    sshRequest.setCertRequestMeta(new SSHCertRequestMeta().setKeyIdPrincipals(Arrays.asList("service.domain.athenz.cloud", "host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setCertType("host").setTransId("123456").setOrigin("10.1.2.3"));
    SSHCertificates certs = new SSHCertificates();
    SSHCertificate cert = new SSHCertificate();
    cert.setCertificate("ssh-cert");
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setPrincipals("127.0.0.1");
    sshCertRecord.setService("athenz.service");
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
    when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    List<String> cnames = new ArrayList<>();
    cnames.add("cname.athenz.info");
    cnames.add("vip.athenz.info");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(false);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    instanceManager.setSSHSigner(sshSigner);
    assertFalse(instanceManager.generateSSHIdentity(null, identity, hostname, null, sshRequest, sshCertRecord, "host"));
    instanceManager.shutdown();
}

Example 17 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class InstanceCertManagerTest method testUpdateSSHHostPrincipals.

@Test
public void testUpdateSSHHostPrincipals() {
    InstanceCertManager instance = new InstanceCertManager(null, null, null, true, null);
    SSHCertRecord record = new SSHCertRecord();
    instance.updateSSHHostPrincipals((SshHostCsr) null, record);
    assertEquals(record.getPrincipals(), "127.0.0.1");
    // reset and test csr with no principals
    record.setPrincipals(null);
    SshHostCsr csr = new SshHostCsr();
    instance.updateSSHHostPrincipals(csr, record);
    assertEquals(record.getPrincipals(), "127.0.0.1");
    // reset and test csr with principals and xprincipals
    record.setPrincipals(null);
    String[] principals = new String[1];
    principals[0] = "principal1";
    csr.setPrincipals(principals);
    String[] xprincipals = new String[2];
    xprincipals[0] = "xprincipal1";
    xprincipals[1] = "xprincipal2";
    csr.setXPrincipals(xprincipals);
    instance.updateSSHHostPrincipals(csr, record);
    Set<String> result = new HashSet<>(Arrays.asList(record.getPrincipals().split(",")));
    assertEquals(result.size(), 3);
    assertTrue(result.contains("principal1"));
    assertTrue(result.contains("xprincipal1"));
    assertTrue(result.contains("xprincipal2"));
}

Example 18 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityHost.

@Test
public void testGenerateSshIdentityHost() {
    String sshCsr = "{\"pubkey\":\"key\",\"certtype\":\"host\"}";
    SSHSigner sshSigner = Mockito.mock(SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCsr(sshCsr);
    SSHCertificates certs = new SSHCertificates();
    SSHCertificate cert = new SSHCertificate();
    cert.setCertificate("ssh-cert");
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setPrincipals("127.0.0.1");
    final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
    when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
    instanceManager.setSSHSigner(sshSigner);
    assertTrue(instanceManager.generateSSHIdentity(null, identity, null, sshCsr, null, sshCertRecord, "host"));
    assertEquals(identity.getSshCertificate(), "ssh-cert");
    assertEquals(identity.getSshCertificateSigner(), "ssh-host");
    instanceManager.shutdown();
}

Example 19 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class InstanceCertManagerTest method testValidPrincipalsIpAlone.

@Test
public void testValidPrincipalsIpAlone() {
    String hostname = "host1.athenz.cloud";
    SshHostCsr sshHostCsr = new SshHostCsr();
    sshHostCsr.setXPrincipals(new String[] { "10.1.2.3" });
    sshHostCsr.setPrincipals(new String[] { "service.domain.athenz.cloud", "10.1.2.3" });
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setService("athenz.examples.httpd");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    boolean result = instanceManager.validPrincipals(hostname, sshCertRecord, sshHostCsr);
    assertTrue(result);
    instanceManager.shutdown();
}

Example 20 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class InstanceCertManagerTest method testValidPrincipalsBadCsr.

@Test
public void testValidPrincipalsBadCsr() {
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    SSHSigner signer = Mockito.mock(SSHSigner.class);
    instanceManager.setSSHSigner(signer);
    String sshCsr = "{\"pubkey\":\"key\",\"certtype\":\"host\"";
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.test");
    boolean result = instanceManager.generateSSHIdentity(null, identity, hostname, sshCsr, null, new SSHCertRecord(), ZTSConsts.ZTS_SSH_HOST);
    assertFalse(result);
}