Example 16 with SSHSigner
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityCertRequestNoHostname.
@Test
public void testGenerateSshIdentityCertRequestNoHostname() {
SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCertRequestData(new SSHCertRequestData().setPrincipals(Arrays.asList("host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setPublicKey("sample public key"));
sshRequest.setCertRequestMeta(new SSHCertRequestMeta().setKeyIdPrincipals(Arrays.asList("service.domain.athenz.cloud", "host1.athenz.cloud", "cname.athenz.info", "vip.athenz.info", "10.1.2.3")).setCertType("host").setTransId("123456").setOrigin("10.1.2.3"));
SSHCertificates certs = new SSHCertificates();
SSHCertificate cert = new SSHCertificate();
cert.setCertificate("ssh-cert");
SSHCertRecord sshCertRecord = new SSHCertRecord();
sshCertRecord.setPrincipals("127.0.0.1");
sshCertRecord.setService("athenz.service");
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "host")).thenReturn(sshCertificates);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
InstanceCertManager instanceManager = new InstanceCertManager(null, null, hostnameResolver, true, null);
instanceManager.setSSHSigner(sshSigner);
assertTrue(instanceManager.generateSSHIdentity(null, identity, null, null, sshRequest, sshCertRecord, "host"));
assertEquals(identity.getSshCertificate(), "ssh-cert");
assertEquals(identity.getSshCertificateSigner(), "ssh-host");
instanceManager.shutdown();
}
Also used :
HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver)
SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Example 17 with SSHSigner
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testUpdateSSHCertificateSigner.
@Test
public void testUpdateSSHCertificateSigner() {
SSHSigner sshSigner = Mockito.mock(com.yahoo.athenz.common.server.ssh.SSHSigner.class);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
instanceManager.setSSHSigner(sshSigner);
// first time we have nulls so we should get valid data
instanceManager.updateSSHHostCertificateSigner();
instanceManager.updateSSHUserCertificateSigner();
// second time we should have no-ops
instanceManager.updateSSHHostCertificateSigner();
instanceManager.updateSSHUserCertificateSigner();
assertEquals(instanceManager.getSSHCertificateSigner("host"), "ssh-host");
assertEquals(instanceManager.getSSHCertificateSigner("user"), "ssh-user");
instanceManager.shutdown();
}Example 18 with SSHSigner
use of com.yahoo.athenz.common.server.ssh.SSHSigner in project athenz by yahoo.
the class InstanceCertManagerTest method testGenerateSshIdentityUser.
@Test
public void testGenerateSshIdentityUser() {
String sshCsr = "{\"pubkey\":\"key\",\"certtype\":\"user\"}";
SSHSigner sshSigner = Mockito.mock(SSHSigner.class);
SSHCertRequest sshRequest = new SSHCertRequest();
sshRequest.setCsr(sshCsr);
SSHCertificates certs = new SSHCertificates();
SSHCertificate cert = new SSHCertificate();
cert.setCertificate("ssh-cert");
InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
SSHCertRecord sshCertRecord = new SSHCertRecord();
sshCertRecord.setPrincipals("127.0.0.1");
final SSHCertificates sshCertificates = certs.setCertificates(Collections.singletonList(cert));
when(sshSigner.generateCertificate(null, sshRequest, sshCertRecord, "user")).thenReturn(sshCertificates);
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
when(sshSigner.getSignerCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
InstanceCertManager instanceManager = new InstanceCertManager(null, null, null, true, null);
instanceManager.setSSHSigner(sshSigner);
assertTrue(instanceManager.generateSSHIdentity(null, identity, null, sshCsr, null, sshCertRecord, "user"));
assertEquals(identity.getSshCertificate(), "ssh-cert");
assertEquals(identity.getSshCertificateSigner(), "ssh-user");
instanceManager.shutdown();
}
Also used :
SSHSigner(com.yahoo.athenz.common.server.ssh.SSHSigner)
SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord)
Test(org.testng.annotations.Test)
Aggregations
SSHSigner (com.yahoo.athenz.common.server.ssh.SSHSigner)18
Test (org.testng.annotations.Test)18
SSHCertRecord (com.yahoo.athenz.common.server.ssh.SSHCertRecord)14
HostnameResolver (com.yahoo.athenz.common.server.dns.HostnameResolver)6
Principal (com.yahoo.athenz.auth.Principal)2
Path (java.nio.file.Path)2
