use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostSSHRequestException.
@Test
public void testPostSSHRequestException() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null, ztsMetric);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processSignedDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processSignedDomain(tenantDomain, false);
SSHCertRequestData data = new SSHCertRequestData();
data.setDestinations(Arrays.asList("dest1", "dest2"));
data.setPrincipals(Arrays.asList("user1", "user2"));
data.setSources(Collections.singletonList("src"));
data.setTouchPublicKey("publickey");
SSHCertRequestMeta meta = new SSHCertRequestMeta();
meta.setRequestor("req");
meta.setOrigin("origin");
meta.setClientInfo("info");
meta.setSshClientVersion("1.2");
meta.setCertType("user");
SSHCertRequest certRequest = new SSHCertRequest();
certRequest.setCertRequestData(data);
certRequest.setCertRequestMeta(meta);
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
Mockito.when(instanceManager.generateSSHCertificates(Mockito.any(), eq(certRequest))).thenThrow(new com.yahoo.athenz.common.server.rest.ResourceException(400, "Failed to get ssh certs"));
ztsImpl.instanceCertManager = instanceManager;
Path path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
CertificateAuthority certAuthority = new CertificateAuthority();
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
assertNotNull(principal);
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal);
try {
ztsImpl.postSSHCertRequest(context, certRequest);
fail();
} catch (ResourceException ex) {
assertEquals(400, ex.getCode());
assertTrue(ex.getMessage().contains("Failed to get ssh certs"));
}
}
use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testGetSignedDomainPolicyData.
@Test
public void testGetSignedDomainPolicyData() {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null, ztsMetric);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
ZTSImpl.serverHostName = "localhost";
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processSignedDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
Response response = ztsImpl.getDomainSignedPolicyData(context, "coretech", null);
assertEquals(response.getStatus(), 200);
try {
ztsImpl.getDomainSignedPolicyData(context, "unknowndomain", null);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 404);
}
}
use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRegisterInformationCSRValidateFailure.
@Test
public void testPostInstanceRegisterInformationCSRValidateFailure() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null, ztsMetric);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processSignedDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processSignedDomain(tenantDomain, false);
Path path = Paths.get("src/test/resources/athenz.mismatch.cn.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
InstanceConfirmation confirmation = new InstanceConfirmation().setDomain("athenz").setService("production").setProvider("athenz.provider");
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
Mockito.when(instanceProviderManager.getProvider(eq("athenz.provider"), Mockito.any())).thenReturn(providerClient);
Mockito.when(providerClient.confirmInstance(Mockito.any())).thenReturn(confirmation);
Mockito.when(instanceManager.insertX509CertRecord(Mockito.any())).thenReturn(true);
ztsImpl.instanceProviderManager = instanceProviderManager;
ztsImpl.instanceCertManager = instanceManager;
InstanceRegisterInformation info = new InstanceRegisterInformation().setAttestationData("attestationData").setCsr(certCsr).setDomain("athenz").setService("production").setProvider("athenz.provider");
ResourceContext context = createResourceContext(null);
try {
ztsImpl.postInstanceRegisterInformation(context, info);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 400);
assertTrue(ex.getMessage().contains("CSR validation failed"));
}
}
use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshInformationInvalidIP.
@Test
public void testPostInstanceRefreshInformationInvalidIP() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null, ztsMetric);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceCertManager instanceManager = Mockito.mock(InstanceCertManager.class);
Mockito.when(instanceManager.verifyCertRefreshIPAddress(Mockito.any())).thenReturn(false);
ztsImpl.instanceCertManager = instanceManager;
InstanceRefreshInformation info = new InstanceRefreshInformation().setCsr(certCsr).setToken(true);
CertificateAuthority certAuthority = new CertificateAuthority();
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
ResourceContext context = createResourceContext(principal);
try {
ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz", "production", "1001", info);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 403, ex.getMessage());
assertTrue(ex.getMessage().contains("Unknown IP"), ex.getMessage());
}
}
use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testValidateServiceX509RefreshRequestMismatchDns.
@Test
public void testValidateServiceX509RefreshRequestMismatchDns() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null, ztsMetric);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/athenz.mismatch.dns.csr");
String csr = new String(Files.readAllBytes(path));
X509CertRequest certReq = new X509CertRequest(csr);
assertNotNull(certReq);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "syncer", "v=S1,d=athenz;n=syncer;s=sig", 0, new CertificateAuthority());
assertNotNull(principal);
principal.setX509Certificate(cert);
assertSame(ztsImpl.validateServiceX509RefreshRequest(principal, certReq, "10.0.0.1"), ServiceX509RefreshRequestStatus.DNS_NAME_MISMATCH);
}
Aggregations