Example 6 with SSHSigner
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityHost.
@Test
public void testGenerateSshIdentityHost() {
String sshCsr = "{\"pubkey\":\"key\",\"certtype\":\"host\"}";
SSHSigner sshSigner = Mockito.mock(SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCsr(sshCsr);
SSHCertificates certs = new SSHCertificates();
SSHCertificate cert = new SSHCertificate();
cert.setCertificate("ssh-cert");
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
SSHCertRecord sshCertRecord = new SSHCertRecord();
sshCertRecord.setPrincipals("127.0.0.1");
final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
instanceManager.setSSHSigner(sshSigner);
assertTrue(instanceManager.generateSSHIdentity(null, identity, null, sshCsr, null, sshCertRecord, "host"));
assertEquals(identity.getSshCertificate(), "ssh-cert");
assertEquals(identity.getSshCertificateSigner(), "ssh-host");
instanceManager.shutdown();
}
Also used :
SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Example 7 with SSHSigner
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testValidPrincipalsBadCsr.
@Test
public void testValidPrincipalsBadCsr() {
// setup the hostname resolver for our request
String hostname = "host1.athenz.cloud";
HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
when(hostnameResolver.isValidHostname(hostname)).thenReturn(true);
InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
SSHSigner signer = Mockito.mock(SSHSigner.class);
instanceManager.setSSHSigner(signer);
String sshCsr = "{\"pubkey\":\"key\",\"certtype\":\"host\"";
InstanceIdentity identity = new InstanceIdentity().setName("athenz.test");
boolean result = instanceManager.generateSSHIdentity(null, identity, hostname, sshCsr, null, new SSHCertRecord(), ZTSConsts.ZTS_SSH_HOST);
assertFalse(result);
}
Also used :
HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver)
SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Example 8 with SSHSigner
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method getGenerateSSHCertificate.
@Test
public void getGenerateSSHCertificate() {
SSHSigner sshSigner = Mockito.mock(SSHSigner.class);
Principal principal = Mockito.mock(Principal.class);
SSHCertRequest certRequest = new SSHCertRequest();
SSHCertRequestMeta meta = new SSHCertRequestMeta();
meta.setInstanceId("id");
meta.setAthenzService("athenz.api");
meta.setCertType("host");
certRequest.setCertRequestMeta(meta);
SSHCertificates sshCertificates = new SSHCertificates();
InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, false, null);
// let's insert our ssh record first
SSHCertRecord certRecord = new SSHCertRecord();
certRecord.setInstanceId("id");
certRecord.setService("athenz.api");
certRecord.setPrincipals("127.0.0.1");
instanceManager.updateSSHCertRecord(certRecord, false);
// during the function call we'll add the principals
// field so for mock we're going to remove that
when(sshSigner.generateCertificate(any(), any(), any(), any())).thenReturn(sshCertificates);
instanceManager.setSSHSigner(sshSigner);
assertEquals(instanceManager.generateSSHCertificates(principal, certRequest), sshCertificates);
instanceManager.shutdown();
}
Also used :
SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner)
Principal(com.yahoo.athenz.auth.Principal)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Example 9 with SSHSigner
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityHostException.
@Test
public void testGenerateSshIdentityHostException() {
String sshCsr = "{\"pubkey\":\"key\",\"certtype\":\"host\"}";
SSHSigner sshSigner = Mockito.mock(SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCsr(sshCsr);
SSHCertificate cert = new SSHCertificate();
cert.setCertificate("ssh-cert");
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
SSHCertRecord sshCertRecord = new SSHCertRecord();
sshCertRecord.setPrincipals("127.0.0.1");
when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenThrow(new ResourceException(400, "invalid request"));
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
instanceManager.setSSHSigner(sshSigner);
assertFalse(instanceManager.generateSSHIdentity(null, identity, null, sshCsr, null, sshCertRecord, "host"));
instanceManager.shutdown();
}
Also used :
SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Example 10 with SSHSigner
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityExceptions.
@Test
public void testGenerateSshIdentityExceptions() {
String sshCsr = "{\"csr\":\"csr\",\"certtype\":\"host\"}";
SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCsr(sshCsr);
when(sshSigner.generateCertificate(null, sshRequest, null, "host")).thenThrow(new com.yahoo.athenz.common.server.rest.ResourceException(403, "Forbidden")).thenThrow(new RuntimeException("IO error"));
InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
instanceManager.setSSHSigner(sshSigner);
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
// first we should get the resource exception
boolean result = instanceManager.generateSSHIdentity(null, identity, "", sshCsr, null, new SSHCertRecord(), "host");
assertFalse(result);
// next we should get the io exception
result = instanceManager.generateSSHIdentity(null, identity, "", sshCsr, null, new SSHCertRecord(), "host");
assertFalse(result);
instanceManager.shutdown();
}
Also used :
SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Aggregations
SSHSigner (com.yahoo.athenz.common.server.ssh.SSHSigner)18
Test (org.testng.annotations.Test)18
SSHCertRecord (com.yahoo.athenz.common.server.ssh.SSHCertRecord)14
HostnameResolver (com.yahoo.athenz.common.server.dns.HostnameResolver)6
Principal (com.yahoo.athenz.auth.Principal)2
Path (java.nio.file.Path)2
