Examples with ChangeLogStore com.yahoo.athenz.common.server.store.ChangeLogStore used on opensource projects

Example 96 with ChangeLogStore

use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshInformationForbidden.

@Test
public void testPostInstanceRefreshInformationForbidden() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    SignedDomain providerDomain = signedAuthorizedProviderDomain();
    store.processSignedDomain(providerDomain, false);
    SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
    store.processSignedDomain(tenantDomain, false);
    Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
    String certCsr = new String(Files.readAllBytes(path));
    InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
    InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
    InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
    Mockito.when(instanceProviderManager.getProvider(eq("athenz.provider"), Mockito.any())).thenReturn(providerClient);
    Mockito.when(providerClient.refreshInstance(Mockito.any())).thenThrow(new com.yahoo.athenz.instance.provider.ResourceException(403, "Forbidden")).thenThrow(new com.yahoo.athenz.instance.provider.ResourceException(504, "Connect Timeout")).thenThrow(new ResourceException(403, "Forbidden"));
    X509CertRecord certRecord = new X509CertRecord();
    certRecord.setInstanceId("1001");
    certRecord.setProvider("athenz.provider");
    certRecord.setService("athenz.production");
    certRecord.setCurrentSerial("16503746516960996918");
    certRecord.setPrevSerial("16503746516960996918");
    Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001", "athenz.production")).thenReturn(certRecord);
    Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(true);
    path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.production").setX509Certificate(pem);
    Mockito.doReturn(identity).when(instanceManager).generateIdentity(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.anyInt(), Mockito.any());
    ztsImpl.instanceProviderManager = instanceProviderManager;
    ztsImpl.instanceCertManager = instanceManager;
    InstanceRefreshInformation info = new InstanceRefreshInformation().setCsr(certCsr).setToken(true);
    CertificateAuthority certAuthority = new CertificateAuthority();
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
    assertNotNull(principal);
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    principal.setX509Certificate(cert);
    ResourceContext context = createResourceContext(principal);
    try {
        ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz", "production", "1001", info);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 403, ex.getMessage());
        assertTrue(ex.getMessage().contains("unable to verify attestation data"), ex.getMessage());
    }
    try {
        ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz", "production", "1001", info);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 504, ex.getMessage());
        assertTrue(ex.getMessage().contains("Connect Timeout"));
    }
    try {
        ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz", "production", "1001", info);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 403, ex.getMessage());
    }
}

Example 97 with ChangeLogStore

use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testDeleteInstanceIdentityUnauthorized.

@Test
public void testDeleteInstanceIdentityUnauthorized() {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    InstanceCertManager instanceManager = Mockito.mock(InstanceCertManager.class);
    Mockito.when(instanceManager.deleteX509CertRecord("athenz.provider", "1001", "athenz.production")).thenReturn(true);
    Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(true);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
    ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
    Mockito.when(authorizer.access("delete", "athenz:instance.1001", principal, null)).thenReturn(false);
    ztsImpl.authorizer = authorizer;
    ztsImpl.instanceCertManager = instanceManager;
    ResourceContext context = createResourceContext(principal);
    try {
        ztsImpl.deleteInstanceIdentity(context, "athenz.provider", "athenz", "production", "1001");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), ResourceException.FORBIDDEN);
    }
}

Example 98 with ChangeLogStore

use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testPostSignedPolicyRequest.

@Test
public void testPostSignedPolicyRequest() throws ParseException, JOSEException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    ZTSImpl.serverHostName = "localhost";
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    SignedPolicyRequest signedPolicyRequest = new SignedPolicyRequest();
    signedPolicyRequest.setPolicyVersions(Collections.emptyMap());
    Response response = ztsImpl.postSignedPolicyRequest(context, "coretech", signedPolicyRequest, null);
    assertEquals(response.getStatus(), 200);
    JWSPolicyData jwsPolicyData = (JWSPolicyData) response.getEntity();
    JWSObject jwsObject = new JWSObject(Base64URL.from(jwsPolicyData.getProtectedHeader()), Base64URL.from(jwsPolicyData.getPayload()), Base64URL.from(jwsPolicyData.getSignature()));
    JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey) Crypto.extractPublicKey(zts.privateKey.getKey()));
    assertTrue(jwsObject.verify(verifier));
    // verify that with p1363 signature and rsa - it's the same key so validation is successful
    signedPolicyRequest.setSignatureP1363Format(true);
    response = ztsImpl.postSignedPolicyRequest(context, "coretech", signedPolicyRequest, null);
    assertEquals(response.getStatus(), 200);
    jwsPolicyData = (JWSPolicyData) response.getEntity();
    jwsObject = new JWSObject(Base64URL.from(jwsPolicyData.getProtectedHeader()), Base64URL.from(jwsPolicyData.getPayload()), Base64URL.from(jwsPolicyData.getSignature()));
    assertTrue(jwsObject.verify(verifier));
    try {
        ztsImpl.postSignedPolicyRequest(context, "unknowndomain", signedPolicyRequest, null);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 404);
    }
}

Example 99 with ChangeLogStore

use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testGetInstanceRegisterTokenInvalidDoamin.

@Test
public void testGetInstanceRegisterTokenInvalidDoamin() {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
    InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
    Mockito.when(providerClient.getProviderScheme()).thenReturn(InstanceProvider.Scheme.CLASS);
    // include the principal from the request object
    CertificateAuthority certAuthority = new CertificateAuthority();
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
    ResourceContext context = createResourceContext(principal);
    InstanceRegisterToken token = new InstanceRegisterToken().setProvider("athenz.provider").setDomain("athenz").setService("production").setAttestationData("jwt");
    InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
    Mockito.when(instanceProviderManager.getProvider(eq("athenz.provider"), Mockito.any())).thenReturn(providerClient);
    Mockito.when(providerClient.getInstanceRegisterToken(Mockito.any())).thenReturn(token);
    ztsImpl.instanceProviderManager = instanceProviderManager;
    ztsImpl.instanceCertManager = instanceManager;
    try {
        ztsImpl.getInstanceRegisterToken(context, "athenz.provider", "athenz", "production", "id001");
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), ResourceException.NOT_FOUND);
    }
}

Example 100 with ChangeLogStore

use of com.yahoo.athenz.common.server.store.ChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testGetSignedDomainPolicyDataNoChanges.

@Test
public void testGetSignedDomainPolicyDataNoChanges() {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    ZTSImpl.serverHostName = "localhost";
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    Timestamp modified = signedDomain.getDomain().getModified();
    EntityTag eTag = new EntityTag(modified.toString());
    Response response = ztsImpl.getDomainSignedPolicyData(context, "coretech", eTag.toString());
    assertEquals(response.getStatus(), ResourceException.NOT_MODIFIED);
}