Search in sources :

Example 1 with SSHSigner

use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityValidPrincipals.

@Test
public void testGenerateSshIdentityValidPrincipals() throws IOException {
    Path path = Paths.get("src/test/resources/sshhost_valid_sample.csr");
    String sshCsr = new String(Files.readAllBytes(path));
    SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCsr(sshCsr);
    SSHCertificates certs = new SSHCertificates();
    SSHCertificate cert = new SSHCertificate();
    cert.setCertificate("ssh-cert");
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setPrincipals("127.0.0.1");
    sshCertRecord.setService("athenz.service");
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
    when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    List<String> cnames = new ArrayList<>();
    cnames.add("cname.athenz.info");
    cnames.add("vip.athenz.info");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(true);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    instanceManager.setSSHSigner(sshSigner);
    boolean result = instanceManager.generateSSHIdentity(null, identity, hostname, sshCsr, null, sshCertRecord, "host");
    assertTrue(result);
    assertEquals(identity.getSshCertificate(), "ssh-cert");
    assertEquals(identity.getSshCertificateSigner(), "ssh-host");
    instanceManager.shutdown();
}
Also used : Path(java.nio.file.Path) HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 2 with SSHSigner

use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityInalidPrincipals.

@Test
public void testGenerateSshIdentityInalidPrincipals() throws IOException {
    Path path = Paths.get("src/test/resources/sshhost_valid_sample.csr");
    String sshCsr = new String(Files.readAllBytes(path));
    SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCsr(sshCsr);
    SSHCertificates certs = new SSHCertificates();
    SSHCertificate cert = new SSHCertificate();
    cert.setCertificate("ssh-cert");
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
    when(sshSigner.generateCertificate(null, sshRequest, null, "host")).thenReturn(sshCertificates);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    List<String> cnames = new ArrayList<>();
    cnames.add("cname.athenz.info");
    cnames.add("vip.athenz.info");
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setService("athenz.examples.httpd");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(false);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    instanceManager.setSSHSigner(sshSigner);
    boolean result = instanceManager.generateSSHIdentity(null, identity, hostname, sshCsr, null, new SSHCertRecord(), "host");
    assertFalse(result);
    instanceManager.shutdown();
}
Also used : Path(java.nio.file.Path) HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 3 with SSHSigner

use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityEmptyCertError.

@Test
public void testGenerateSshIdentityEmptyCertError() {
    String sshCsr = "{\"csr\":\"csr\",\"certtype\":\"host\"}";
    SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCsr(sshCsr);
    SSHCertificates certs = new SSHCertificates();
    certs.setCertificates(Collections.emptyList());
    when(sshSigner.generateCertificate(null, sshRequest, null, "host")).thenReturn(certs);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
    instanceManager.setSSHSigner(sshSigner);
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    boolean result = instanceManager.generateSSHIdentity(null, identity, null, sshCsr, null, new SSHCertRecord(), "host");
    assertFalse(result);
    instanceManager.shutdown();
}
Also used : SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 4 with SSHSigner

use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityCertRequestInValidPrincipals.

@Test
public void testGenerateSshIdentityCertRequestInValidPrincipals() {
    SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
    SSHCertRequest sshRequest = new SSHCertRequest();
    sshRequest.setCertRequestData(new SSHCertRequestData().setPrincipals(Arrays.asList("host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setPublicKey("sample public key"));
    sshRequest.setCertRequestMeta(new SSHCertRequestMeta().setKeyIdPrincipals(Arrays.asList("service.domain.athenz.cloud", "host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setCertType("host").setTransId("123456").setOrigin("10.1.2.3"));
    SSHCertificates certs = new SSHCertificates();
    SSHCertificate cert = new SSHCertificate();
    cert.setCertificate("ssh-cert");
    SSHCertRecord sshCertRecord = new SSHCertRecord();
    sshCertRecord.setPrincipals("127.0.0.1");
    sshCertRecord.setService("athenz.service");
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
    when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    // setup the hostname resolver for our request
    String hostname = "host1.athenz.cloud";
    List<String> cnames = new ArrayList<>();
    cnames.add("cname.athenz.info");
    cnames.add("vip.athenz.info");
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(false);
    when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
    instanceManager.setSSHSigner(sshSigner);
    assertFalse(instanceManager.generateSSHIdentity(null, identity, hostname, null, sshRequest, sshCertRecord, "host"));
    instanceManager.shutdown();
}
Also used : HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) Test(org.testng.annotations.Test)

Example 5 with SSHSigner

use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.

the class InstanceCertManagerTest method testGetSSHCertificateSignerWhenDisabled.

@Test
public void testGetSSHCertificateSignerWhenDisabled() {
    SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
    System.setProperty(ZTSConsts.ZTS_PROP_RESP_SSH_SIGNER_CERTS, "false");
    InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
    instanceManager.setSSHSigner(sshSigner);
    assertNull(instanceManager.getSSHCertificateSigner("host"));
    assertNull(instanceManager.getSSHCertificateSigner("user"));
    System.clearProperty(ZTSConsts.ZTS_PROP_RESP_SSH_SIGNER_CERTS);
    instanceManager.shutdown();
}
Also used : SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner) Test(org.testng.annotations.Test)

Aggregations

SSHSigner (com.yahoo.athenz.common.server.ssh.SSHSigner)18 Test (org.testng.annotations.Test)18 SSHCertRecord (com.yahoo.athenz.common.server.ssh.SSHCertRecord)14 HostnameResolver (com.yahoo.athenz.common.server.dns.HostnameResolver)6 Principal (com.yahoo.athenz.auth.Principal)2 Path (java.nio.file.Path)2