use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityValidPrincipals.
@Test
public void testGenerateSshIdentityValidPrincipals() throws IOException {
Path path = Paths.get("src/test/resources/sshhost_valid_sample.csr");
String sshCsr = new String(Files.readAllBytes(path));
SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCsr(sshCsr);
SSHCertificates certs = new SSHCertificates();
SSHCertificate cert = new SSHCertificate();
cert.setCertificate("ssh-cert");
SSHCertRecord sshCertRecord = new SSHCertRecord();
sshCertRecord.setPrincipals("127.0.0.1");
sshCertRecord.setService("athenz.service");
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
// setup the hostname resolver for our request
String hostname = "host1.athenz.cloud";
List<String> cnames = new ArrayList<>();
cnames.add("cname.athenz.info");
cnames.add("vip.athenz.info");
HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(true);
when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
instanceManager.setSSHSigner(sshSigner);
boolean result = instanceManager.generateSSHIdentity(null, identity, hostname, sshCsr, null, sshCertRecord, "host");
assertTrue(result);
assertEquals(identity.getSshCertificate(), "ssh-cert");
assertEquals(identity.getSshCertificateSigner(), "ssh-host");
instanceManager.shutdown();
}
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityInalidPrincipals.
@Test
public void testGenerateSshIdentityInalidPrincipals() throws IOException {
Path path = Paths.get("src/test/resources/sshhost_valid_sample.csr");
String sshCsr = new String(Files.readAllBytes(path));
SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCsr(sshCsr);
SSHCertificates certs = new SSHCertificates();
SSHCertificate cert = new SSHCertificate();
cert.setCertificate("ssh-cert");
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
when(sshSigner.generateCertificate(null, sshRequest, null, "host")).thenReturn(sshCertificates);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
// setup the hostname resolver for our request
String hostname = "host1.athenz.cloud";
List<String> cnames = new ArrayList<>();
cnames.add("cname.athenz.info");
cnames.add("vip.athenz.info");
SSHCertRecord sshCertRecord = new SSHCertRecord();
sshCertRecord.setService("athenz.examples.httpd");
HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(false);
when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
instanceManager.setSSHSigner(sshSigner);
boolean result = instanceManager.generateSSHIdentity(null, identity, hostname, sshCsr, null, new SSHCertRecord(), "host");
assertFalse(result);
instanceManager.shutdown();
}
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityEmptyCertError.
@Test
public void testGenerateSshIdentityEmptyCertError() {
String sshCsr = "{\"csr\":\"csr\",\"certtype\":\"host\"}";
SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCsr(sshCsr);
SSHCertificates certs = new SSHCertificates();
certs.setCertificates(Collections.emptyList());
when(sshSigner.generateCertificate(null, sshRequest, null, "host")).thenReturn(certs);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
instanceManager.setSSHSigner(sshSigner);
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
boolean result = instanceManager.generateSSHIdentity(null, identity, null, sshCsr, null, new SSHCertRecord(), "host");
assertFalse(result);
instanceManager.shutdown();
}
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityCertRequestInValidPrincipals.
@Test
public void testGenerateSshIdentityCertRequestInValidPrincipals() {
SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCertRequestData(new SSHCertRequestData().setPrincipals(Arrays.asList("host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setPublicKey("sample public key"));
sshRequest.setCertRequestMeta(new SSHCertRequestMeta().setKeyIdPrincipals(Arrays.asList("service.domain.athenz.cloud", "host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setCertType("host").setTransId("123456").setOrigin("10.1.2.3"));
SSHCertificates certs = new SSHCertificates();
SSHCertificate cert = new SSHCertificate();
cert.setCertificate("ssh-cert");
SSHCertRecord sshCertRecord = new SSHCertRecord();
sshCertRecord.setPrincipals("127.0.0.1");
sshCertRecord.setService("athenz.service");
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
// setup the hostname resolver for our request
String hostname = "host1.athenz.cloud";
List<String> cnames = new ArrayList<>();
cnames.add("cname.athenz.info");
cnames.add("vip.athenz.info");
HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
when(hostnameResolver.isValidHostCnameList(sshCertRecord.getService(), hostname, cnames, CertType.SSH_HOST)).thenReturn(false);
when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
instanceManager.setSSHSigner(sshSigner);
assertFalse(instanceManager.generateSSHIdentity(null, identity, hostname, null, sshRequest, sshCertRecord, "host"));
instanceManager.shutdown();
}
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGetSSHCertificateSignerWhenDisabled.
@Test
public void testGetSSHCertificateSignerWhenDisabled() {
SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
System.setProperty(ZTSConsts.ZTS_PROP_RESP_SSH_SIGNER_CERTS, "false");
InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
instanceManager.setSSHSigner(sshSigner);
assertNull(instanceManager.getSSHCertificateSigner("host"));
assertNull(instanceManager.getSSHCertificateSigner("user"));
System.clearProperty(ZTSConsts.ZTS_PROP_RESP_SSH_SIGNER_CERTS);
instanceManager.shutdown();
}
Aggregations