Search in sources :

Example 81 with ChangeLogStore

use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testGetChangeLogStore.

@Test
public void testGetChangeLogStore() {
    ChangeLogStore store = zts.getChangeLogStore(ZTS_DATA_STORE_PATH);
    assertNotNull(store);
}
Also used : ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) Test(org.testng.annotations.Test)

Example 82 with ChangeLogStore

use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testSignJWSPolicyDataECKey.

@Test
public void testSignJWSPolicyDataECKey() {
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY, "src/test/resources/unit_test_zts_private_ec.pem");
    System.clearProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY);
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    ZTSImpl.serverHostName = "localhost";
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    SignedPolicyRequest signedPolicyRequest = new SignedPolicyRequest();
    signedPolicyRequest.setPolicyVersions(Collections.emptyMap());
    signedPolicyRequest.setSignatureP1363Format(true);
    Response response = ztsImpl.postSignedPolicyRequest(context, "coretech", signedPolicyRequest, null);
    assertEquals(response.getStatus(), 200);
    JWSPolicyData jwsPolicyData = (JWSPolicyData) response.getEntity();
    // using standard DER format signature we're going to get failure
    Function<String, PublicKey> keyGetter = s -> Crypto.extractPublicKey(ztsImpl.privateKey.getKey());
    assertFalse(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), jwsPolicyData.getSignature(), keyGetter));
    // now we need to convert to DER format
    final String derSignature = ZTSTestUtils.getDERSignature(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getSignature());
    assertTrue(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), derSignature, keyGetter));
    // now we're going to request the jws policy data with DER signature
    signedPolicyRequest.setSignatureP1363Format(false);
    response = ztsImpl.postSignedPolicyRequest(context, "coretech", signedPolicyRequest, null);
    assertEquals(response.getStatus(), 200);
    jwsPolicyData = (JWSPolicyData) response.getEntity();
    // we should be able to validate without any conversion
    assertTrue(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), jwsPolicyData.getSignature(), keyGetter));
    // set back our private key setting
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
    System.clearProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY);
}
Also used : X509Certificate(java.security.cert.X509Certificate) Priority(com.yahoo.athenz.common.server.cert.Priority) Http(com.yahoo.athenz.common.server.rest.Http) ArgumentMatchers(org.mockito.ArgumentMatchers) AccessStatus(com.yahoo.athenz.zts.ZTSAuthorizer.AccessStatus) JOSEException(com.nimbusds.jose.JOSEException) Test(org.testng.annotations.Test) JWSObject(com.nimbusds.jose.JWSObject) Assertion(com.yahoo.athenz.zms.Assertion) AfterMethod(org.testng.annotations.AfterMethod) Matchers.hasItems(org.hamcrest.Matchers.hasItems) DataStore(com.yahoo.athenz.zts.store.DataStore) MockitoAnnotations(org.mockito.MockitoAnnotations) com.yahoo.athenz.auth.impl(com.yahoo.athenz.auth.impl) java.net(java.net) RSAPublicKey(java.security.interfaces.RSAPublicKey) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest) Base64URL(com.nimbusds.jose.util.Base64URL) SignUtils(com.yahoo.athenz.common.utils.SignUtils) X509CertRequest(com.yahoo.athenz.zts.cert.X509CertRequest) Struct(com.yahoo.rdl.Struct) ParseException(java.text.ParseException) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) Path(java.nio.file.Path) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) Crypto(com.yahoo.athenz.auth.util.Crypto) Policy(com.yahoo.athenz.zms.Policy) AccessTokenRequest(com.yahoo.athenz.zts.token.AccessTokenRequest) BeforeClass(org.testng.annotations.BeforeClass) BeforeMethod(org.testng.annotations.BeforeMethod) ZTSUtils(com.yahoo.athenz.zts.utils.ZTSUtils) InstanceConfirmation(com.yahoo.athenz.instance.provider.InstanceConfirmation) Jwts(io.jsonwebtoken.Jwts) DynamicConfigLong(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong) Response(javax.ws.rs.core.Response) AthenzObject(com.yahoo.athenz.zts.ZTSImpl.AthenzObject) PrivateKey(java.security.PrivateKey) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Metric(com.yahoo.athenz.common.metrics.Metric) ServiceX509RefreshRequestStatus(com.yahoo.athenz.zts.ZTSImpl.ServiceX509RefreshRequestStatus) Schema(com.yahoo.rdl.Schema) UnsupportedEncodingException(java.io.UnsupportedEncodingException) SignatureException(io.jsonwebtoken.security.SignatureException) java.util(java.util) DataCache(com.yahoo.athenz.zts.cache.DataCache) Mock(org.mockito.Mock) Function(java.util.function.Function) AssertionEffect(com.yahoo.athenz.zms.AssertionEffect) InstanceProvider(com.yahoo.athenz.instance.provider.InstanceProvider) AuthzDetailsEntity(com.yahoo.athenz.common.config.AuthzDetailsEntity) Claims(io.jsonwebtoken.Claims) Jws(io.jsonwebtoken.Jws) HttpServletRequest(javax.servlet.http.HttpServletRequest) ArgumentCaptor(org.mockito.ArgumentCaptor) Assert(org.testng.Assert) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) DynamicConfigBoolean(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean) ServerCommonConsts(com.yahoo.athenz.common.ServerCommonConsts) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) JWSVerifier(com.nimbusds.jose.JWSVerifier) InstanceCertManager(com.yahoo.athenz.zts.cert.InstanceCertManager) MockStatusCheckerThrowException(com.yahoo.athenz.zts.status.MockStatusCheckerThrowException) Files(java.nio.file.Files) ResourceUtils(com.yahoo.athenz.common.server.util.ResourceUtils) CloudStore(com.yahoo.athenz.zts.store.CloudStore) HttpServletResponse(javax.servlet.http.HttpServletResponse) MockStatusCheckerNoException(com.yahoo.athenz.zts.status.MockStatusCheckerNoException) FileOutputStream(java.io.FileOutputStream) IOException(java.io.IOException) PublicKey(java.security.PublicKey) Authority(com.yahoo.athenz.auth.Authority) HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) WorkloadRecord(com.yahoo.athenz.common.server.workload.WorkloadRecord) EntityTag(javax.ws.rs.core.EntityTag) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) File(java.io.File) TimeUnit(java.util.concurrent.TimeUnit) Mockito(org.mockito.Mockito) X509ServiceCertRequest(com.yahoo.athenz.zts.cert.X509ServiceCertRequest) Timestamp(com.yahoo.rdl.Timestamp) Principal(com.yahoo.athenz.auth.Principal) Paths(java.nio.file.Paths) com.yahoo.athenz.zms(com.yahoo.athenz.zms) X509CertRecord(com.yahoo.athenz.common.server.cert.X509CertRecord) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 83 with ChangeLogStore

use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testGetStatusWithStatusChecker.

@Test
public void testGetStatusWithStatusChecker() {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    // if the MockStatusCheckerNoException is set
    // the MockStatusCheckerNoException determines the server is healthy
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerNoException.class.getName());
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    Status status = ztsImpl.getStatus(context);
    assertEquals(ResourceException.OK, status.getCode());
    // if the MockStatusCheckerThrowException is set
    // the MockStatusCheckerThrowException determines that there is a problem with the server
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.NoArguments.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
        String msg = com.yahoo.athenz.common.server.rest.ResourceException.symbolForCode(com.yahoo.athenz.zms.ResourceException.INTERNAL_SERVER_ERROR);
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.NotFound.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.NOT_FOUND;
        String msg = com.yahoo.athenz.common.server.rest.ResourceException.symbolForCode(com.yahoo.athenz.zms.ResourceException.NOT_FOUND);
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.InternalServerErrorWithMessage.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
        String msg = "error message";
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.CauseRuntimeException.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
        String msg = "runtime exception";
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.clearProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS);
}
Also used : AccessStatus(com.yahoo.athenz.zts.ZTSAuthorizer.AccessStatus) ServiceX509RefreshRequestStatus(com.yahoo.athenz.zts.ZTSImpl.ServiceX509RefreshRequestStatus) MockStatusCheckerNoException(com.yahoo.athenz.zts.status.MockStatusCheckerNoException) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 84 with ChangeLogStore

use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testLoadMockAuthority.

@Test
public void testLoadMockAuthority() {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    System.setProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES, "com.yahoo.athenz.zts.MockAuthority");
    System.setProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS, "com.yahoo.athenz.zts.MockAuthority");
    ztsImpl.loadAuthorities();
    ztsImpl.setAuthorityKeyStore();
    assertNotNull(ztsImpl.userAuthority);
    assertEquals(ztsImpl.userAuthority, ztsImpl.authorities.getAuthorities().get(0));
    System.clearProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES);
    System.clearProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS);
}
Also used : ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) Test(org.testng.annotations.Test)

Example 85 with ChangeLogStore

use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRegisterInformationWithHostnameInvalidCname.

@Test
public void testPostInstanceRegisterInformationWithHostnameInvalidCname() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    SignedDomain providerDomain = signedAuthorizedProviderDomain();
    store.processSignedDomain(providerDomain, false);
    SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
    store.processSignedDomain(tenantDomain, false);
    Path path = Paths.get("src/test/resources/athenz.instanceid.hostname.csr");
    String certCsr = new String(Files.readAllBytes(path));
    InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
    InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
    Mockito.when(providerClient.getProviderScheme()).thenReturn(InstanceProvider.Scheme.CLASS);
    Map<String, String> attrs = new HashMap<>();
    attrs.put("certSSH", "true");
    InstanceConfirmation confirmation = new InstanceConfirmation().setDomain("athenz").setService("production").setProvider("athenz.provider").setAttributes(attrs);
    InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
    Mockito.when(instanceProviderManager.getProvider(eq("athenz.provider"), Mockito.any())).thenReturn(providerClient);
    Mockito.when(providerClient.confirmInstance(Mockito.any())).thenReturn(confirmation);
    Mockito.when(instanceManager.insertX509CertRecord(Mockito.any())).thenReturn(true);
    path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.production").setX509Certificate(pem);
    Mockito.doReturn(identity).when(instanceManager).generateIdentity(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.anyInt(), Mockito.any());
    ztsImpl.instanceProviderManager = instanceProviderManager;
    ztsImpl.instanceCertManager = instanceManager;
    InstanceRegisterInformation info = new InstanceRegisterInformation().setAttestationData("attestationData").setCsr(certCsr).setDomain("athenz").setService("production").setProvider("athenz.provider").setToken(true).setHostname("host1.athenz.cloud").setHostCnames(Collections.singletonList("cname1.athenz.cloud"));
    ResourceContext context = createResourceContext(null);
    try {
        ztsImpl.postInstanceRegisterInformation(context, info);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
    }
}
Also used : Path(java.nio.file.Path) InstanceConfirmation(com.yahoo.athenz.instance.provider.InstanceConfirmation) InstanceCertManager(com.yahoo.athenz.zts.cert.InstanceCertManager) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) InstanceProvider(com.yahoo.athenz.instance.provider.InstanceProvider) Test(org.testng.annotations.Test)

Aggregations

ChangeLogStore (com.yahoo.athenz.common.server.store.ChangeLogStore)262 Test (org.testng.annotations.Test)258 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore)107 ZMSFileChangeLogStore (com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore)106 DataStore (com.yahoo.athenz.zts.store.DataStore)106 Path (java.nio.file.Path)71 InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)57 DataCache (com.yahoo.athenz.zts.cache.DataCache)41 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)40 X509Certificate (java.security.cert.X509Certificate)35 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)34 MemberRole (com.yahoo.athenz.zts.cache.MemberRole)27 X509CertRecord (com.yahoo.athenz.common.server.cert.X509CertRecord)23 HttpServletRequest (javax.servlet.http.HttpServletRequest)21 HttpServletResponse (javax.servlet.http.HttpServletResponse)17 Response (javax.ws.rs.core.Response)17 Principal (com.yahoo.athenz.auth.Principal)16 MockStatusCheckerNoException (com.yahoo.athenz.zts.status.MockStatusCheckerNoException)12 File (java.io.File)12 IOException (java.io.IOException)12