Examples with SSHCertRecord com.yahoo.athenz.common.server.ssh.SSHCertRecord used on opensource projects

Example 41 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class InstanceCertManagerTest method testUpdateSSHHostPrincipalsDuplicateValues.

@Test
public void testUpdateSSHHostPrincipalsDuplicateValues() {
    InstanceCertManager instance = new InstanceCertManager(null, null, null, true, null);
    SshHostCsr csr = new SshHostCsr();
    String[] principals = new String[3];
    principals[0] = "principal1";
    principals[1] = "principal2";
    principals[2] = "principal4";
    csr.setPrincipals(principals);
    String[] xprincipals = new String[3];
    xprincipals[0] = "principal1";
    xprincipals[1] = "principal2";
    xprincipals[2] = "principal5";
    csr.setXPrincipals(xprincipals);
    SSHCertRecord record = new SSHCertRecord();
    instance.updateSSHHostPrincipals(csr, record);
    Set<String> result = new HashSet<>(Arrays.asList(record.getPrincipals().split(",")));
    assertEquals(result.size(), 4);
    assertTrue(result.contains("principal1"));
    assertTrue(result.contains("principal2"));
    assertTrue(result.contains("principal4"));
    assertTrue(result.contains("principal5"));
}

Example 42 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class FileSSHRecordStoreConnectionTest method testDeleteExpiredSSHCertRecords.

@Test
public void testDeleteExpiredSSHCertRecords() throws Exception {
    // make sure the directory does not exist
    ZTSTestUtils.deleteDirectory(new File("/tmp/zts-ssh-tests"));
    FileSSHRecordStore store = new FileSSHRecordStore(new File("/tmp/zts-ssh-tests"));
    FileSSHRecordStoreConnection con = (FileSSHRecordStoreConnection) store.getConnection();
    assertNotNull(con);
    SSHCertRecord certRecord = new SSHCertRecord();
    certRecord.setInstanceId("instance-id");
    certRecord.setService("cn");
    certRecord.setPrincipals("host1,host2");
    certRecord.setClientIP("10.10.10.11");
    certRecord.setPrivateIP("10.10.10.12");
    assertTrue(con.insertSSHCertRecord(certRecord));
    SSHCertRecord certRecordCheck = con.getSSHCertRecord("instance-id", "cn");
    assertNotNull(certRecordCheck);
    Thread.sleep(1000);
    con.deleteExpiredSSHCertRecords(0);
    certRecordCheck = con.getSSHCertRecord("instance-id", "cn");
    assertNull(certRecordCheck);
    con.close();
}

Example 43 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class FileSSHRecordStoreConnectionTest method testDeleteExpiredSSHCertRecordsDelete.

@Test
public void testDeleteExpiredSSHCertRecordsDelete() throws Exception {
    // make sure the directory does not exist
    File rootDir = new File("/tmp/zts-ssh-tests");
    ZTSTestUtils.deleteDirectory(rootDir);
    rootDir.mkdirs();
    FileSSHRecordStoreConnectionTest.FileSSHRecordStoreConnectionExt store = new FileSSHRecordStoreConnectionTest.FileSSHRecordStoreConnectionExt(rootDir);
    SSHCertRecord certRecord = new SSHCertRecord();
    certRecord.setInstanceId("instance-id");
    certRecord.setService("cn");
    certRecord.setPrincipals("host1,host2");
    certRecord.setClientIP("10.10.10.11");
    certRecord.setPrivateIP("10.10.10.12");
    assertTrue(store.insertSSHCertRecord(certRecord));
    SSHCertRecord certRecordCheck = store.getSSHCertRecord("instance-id", "cn");
    assertNotNull(certRecordCheck);
    Thread.sleep(1000);
    store.deleteExpiredSSHCertRecords(0);
    certRecordCheck = store.getSSHCertRecord("instance-id", "cn");
    assertNotNull(certRecordCheck);
}

Example 44 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityUser.

@Test
public void testGenerateSshIdentityUser() {
    String sshCsr = "{\"pubkey\":\"key\",\"certtype\":\"user\"}";
    SSHSigner sshSigner = Mockito.mock(SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCsr(sshCsr);
    SSHCertificates certs = new SSHCertificates();
    SSHCertificate cert = new SSHCertificate();
    cert.setCertificate("ssh-cert");
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setPrincipals("127.0.0.1");
    final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
    when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "user")).thenReturn(sshCertificates);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
    instanceManager.setSSHSigner(sshSigner);
    assertTrue(instanceManager.generateSSHIdentity(null, identity, null, sshCsr, null, sshCertRecord, "user"));
    assertEquals(identity.getSshCertificate(), "ssh-cert");
    assertEquals(identity.getSshCertificateSigner(), "ssh-user");
    instanceManager.shutdown();
}

Example 45 with SSHCertRecord

use of com.yahoo.athenz.common.server.ssh.SSHCertRecord in project athenz by yahoo.

the class InstanceCertManagerTest method testUpdateSSHCertRecordNullStore.

@Test
public void testUpdateSSHCertRecordNullStore() {
    // without a store we're going to get false
    InstanceCertManager instance = new InstanceCertManager(null, null, null, true, null);
    instance.setSSHSigner(null);
    instance.setSSHStore(null);
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    assertFalse(instance.updateSSHCertRecord(sshCertRecord, true));
    assertFalse(instance.updateSSHCertRecord(null, true));
    instance.shutdown();
}