Search in sources :

Example 46 with ZMSFileChangeLogStore

use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testGetRoleTokenAddrLoopbackXFFMultipleValues.

@Test
public void testGetRoleTokenAddrLoopbackXFFMultipleValues() {
    HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
    Mockito.when(servletRequest.getRemoteAddr()).thenReturn("127.0.0.1");
    Mockito.when(servletRequest.getHeader("X-Forwarded-For")).thenReturn("10.10.10.11, 10.11.11.11, 10.12.12.12");
    Mockito.when(servletRequest.isSecure()).thenReturn(true);
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    ZTSImpl.serverHostName = "localhost";
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal, servletRequest);
    RoleToken roleToken = ztsImpl.getRoleToken(context, "coretech", null, 600, 1200, null);
    com.yahoo.athenz.auth.token.RoleToken token = new com.yahoo.athenz.auth.token.RoleToken(roleToken.getToken());
    assertNotNull(token);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 47 with ZMSFileChangeLogStore

use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testSignJWSPolicyDataECKey.

@Test
public void testSignJWSPolicyDataECKey() {
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY, "src/test/resources/unit_test_zts_private_ec.pem");
    System.clearProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY);
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    ZTSImpl.serverHostName = "localhost";
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    SignedPolicyRequest signedPolicyRequest = new SignedPolicyRequest();
    signedPolicyRequest.setPolicyVersions(Collections.emptyMap());
    signedPolicyRequest.setSignatureP1363Format(true);
    Response response = ztsImpl.postSignedPolicyRequest(context, "coretech", signedPolicyRequest, null);
    assertEquals(response.getStatus(), 200);
    JWSPolicyData jwsPolicyData = (JWSPolicyData) response.getEntity();
    // using standard DER format signature we're going to get failure
    Function<String, PublicKey> keyGetter = s -> Crypto.extractPublicKey(ztsImpl.privateKey.getKey());
    assertFalse(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), jwsPolicyData.getSignature(), keyGetter));
    // now we need to convert to DER format
    final String derSignature = ZTSTestUtils.getDERSignature(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getSignature());
    assertTrue(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), derSignature, keyGetter));
    // now we're going to request the jws policy data with DER signature
    signedPolicyRequest.setSignatureP1363Format(false);
    response = ztsImpl.postSignedPolicyRequest(context, "coretech", signedPolicyRequest, null);
    assertEquals(response.getStatus(), 200);
    jwsPolicyData = (JWSPolicyData) response.getEntity();
    // we should be able to validate without any conversion
    assertTrue(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), jwsPolicyData.getSignature(), keyGetter));
    // set back our private key setting
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
    System.clearProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY);
}
Also used : X509Certificate(java.security.cert.X509Certificate) Priority(com.yahoo.athenz.common.server.cert.Priority) Http(com.yahoo.athenz.common.server.rest.Http) ArgumentMatchers(org.mockito.ArgumentMatchers) AccessStatus(com.yahoo.athenz.zts.ZTSAuthorizer.AccessStatus) JOSEException(com.nimbusds.jose.JOSEException) Test(org.testng.annotations.Test) JWSObject(com.nimbusds.jose.JWSObject) Assertion(com.yahoo.athenz.zms.Assertion) AfterMethod(org.testng.annotations.AfterMethod) Matchers.hasItems(org.hamcrest.Matchers.hasItems) DataStore(com.yahoo.athenz.zts.store.DataStore) MockitoAnnotations(org.mockito.MockitoAnnotations) com.yahoo.athenz.auth.impl(com.yahoo.athenz.auth.impl) java.net(java.net) RSAPublicKey(java.security.interfaces.RSAPublicKey) RSASSAVerifier(com.nimbusds.jose.crypto.RSASSAVerifier) X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest) Base64URL(com.nimbusds.jose.util.Base64URL) SignUtils(com.yahoo.athenz.common.utils.SignUtils) X509CertRequest(com.yahoo.athenz.zts.cert.X509CertRequest) Struct(com.yahoo.rdl.Struct) ParseException(java.text.ParseException) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) Path(java.nio.file.Path) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) Crypto(com.yahoo.athenz.auth.util.Crypto) Policy(com.yahoo.athenz.zms.Policy) AccessTokenRequest(com.yahoo.athenz.zts.token.AccessTokenRequest) BeforeClass(org.testng.annotations.BeforeClass) BeforeMethod(org.testng.annotations.BeforeMethod) ZTSUtils(com.yahoo.athenz.zts.utils.ZTSUtils) InstanceConfirmation(com.yahoo.athenz.instance.provider.InstanceConfirmation) Jwts(io.jsonwebtoken.Jwts) DynamicConfigLong(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigLong) Response(javax.ws.rs.core.Response) AthenzObject(com.yahoo.athenz.zts.ZTSImpl.AthenzObject) PrivateKey(java.security.PrivateKey) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Metric(com.yahoo.athenz.common.metrics.Metric) ServiceX509RefreshRequestStatus(com.yahoo.athenz.zts.ZTSImpl.ServiceX509RefreshRequestStatus) Schema(com.yahoo.rdl.Schema) UnsupportedEncodingException(java.io.UnsupportedEncodingException) SignatureException(io.jsonwebtoken.security.SignatureException) java.util(java.util) DataCache(com.yahoo.athenz.zts.cache.DataCache) Mock(org.mockito.Mock) Function(java.util.function.Function) AssertionEffect(com.yahoo.athenz.zms.AssertionEffect) InstanceProvider(com.yahoo.athenz.instance.provider.InstanceProvider) AuthzDetailsEntity(com.yahoo.athenz.common.config.AuthzDetailsEntity) Claims(io.jsonwebtoken.Claims) Jws(io.jsonwebtoken.Jws) HttpServletRequest(javax.servlet.http.HttpServletRequest) ArgumentCaptor(org.mockito.ArgumentCaptor) Assert(org.testng.Assert) SSHCertRecord(com.yahoo.athenz.common.server.ssh.SSHCertRecord) DynamicConfigBoolean(com.yahoo.athenz.common.server.util.config.dynamic.DynamicConfigBoolean) ServerCommonConsts(com.yahoo.athenz.common.ServerCommonConsts) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) JWSVerifier(com.nimbusds.jose.JWSVerifier) InstanceCertManager(com.yahoo.athenz.zts.cert.InstanceCertManager) MockStatusCheckerThrowException(com.yahoo.athenz.zts.status.MockStatusCheckerThrowException) Files(java.nio.file.Files) ResourceUtils(com.yahoo.athenz.common.server.util.ResourceUtils) CloudStore(com.yahoo.athenz.zts.store.CloudStore) HttpServletResponse(javax.servlet.http.HttpServletResponse) MockStatusCheckerNoException(com.yahoo.athenz.zts.status.MockStatusCheckerNoException) FileOutputStream(java.io.FileOutputStream) IOException(java.io.IOException) PublicKey(java.security.PublicKey) Authority(com.yahoo.athenz.auth.Authority) HostnameResolver(com.yahoo.athenz.common.server.dns.HostnameResolver) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) WorkloadRecord(com.yahoo.athenz.common.server.workload.WorkloadRecord) EntityTag(javax.ws.rs.core.EntityTag) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) File(java.io.File) TimeUnit(java.util.concurrent.TimeUnit) Mockito(org.mockito.Mockito) X509ServiceCertRequest(com.yahoo.athenz.zts.cert.X509ServiceCertRequest) Timestamp(com.yahoo.rdl.Timestamp) Principal(com.yahoo.athenz.auth.Principal) Paths(java.nio.file.Paths) com.yahoo.athenz.zms(com.yahoo.athenz.zms) X509CertRecord(com.yahoo.athenz.common.server.cert.X509CertRecord) RSAPublicKey(java.security.interfaces.RSAPublicKey) PublicKey(java.security.PublicKey) Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 48 with ZMSFileChangeLogStore

use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testGetStatusWithStatusChecker.

@Test
public void testGetStatusWithStatusChecker() {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    // if the MockStatusCheckerNoException is set
    // the MockStatusCheckerNoException determines the server is healthy
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerNoException.class.getName());
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    Status status = ztsImpl.getStatus(context);
    assertEquals(ResourceException.OK, status.getCode());
    // if the MockStatusCheckerThrowException is set
    // the MockStatusCheckerThrowException determines that there is a problem with the server
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.NoArguments.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
        String msg = com.yahoo.athenz.common.server.rest.ResourceException.symbolForCode(com.yahoo.athenz.zms.ResourceException.INTERNAL_SERVER_ERROR);
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.NotFound.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.NOT_FOUND;
        String msg = com.yahoo.athenz.common.server.rest.ResourceException.symbolForCode(com.yahoo.athenz.zms.ResourceException.NOT_FOUND);
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.InternalServerErrorWithMessage.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
        String msg = "error message";
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.CauseRuntimeException.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
        String msg = "runtime exception";
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.clearProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS);
}
Also used : AccessStatus(com.yahoo.athenz.zts.ZTSAuthorizer.AccessStatus) ServiceX509RefreshRequestStatus(com.yahoo.athenz.zts.ZTSImpl.ServiceX509RefreshRequestStatus) MockStatusCheckerNoException(com.yahoo.athenz.zts.status.MockStatusCheckerNoException) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 49 with ZMSFileChangeLogStore

use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testLoadMockAuthority.

@Test
public void testLoadMockAuthority() {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    System.setProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES, "com.yahoo.athenz.zts.MockAuthority");
    System.setProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS, "com.yahoo.athenz.zts.MockAuthority");
    ztsImpl.loadAuthorities();
    ztsImpl.setAuthorityKeyStore();
    assertNotNull(ztsImpl.userAuthority);
    assertEquals(ztsImpl.userAuthority, ztsImpl.authorities.getAuthorities().get(0));
    System.clearProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES);
    System.clearProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS);
}
Also used : ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) Test(org.testng.annotations.Test)

Example 50 with ZMSFileChangeLogStore

use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testGetSignedDomainPolicyDataNoChanges.

@Test
public void testGetSignedDomainPolicyDataNoChanges() {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    ZTSImpl.serverHostName = "localhost";
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    Timestamp modified = signedDomain.getDomain().getModified();
    EntityTag eTag = new EntityTag(modified.toString());
    Response response = ztsImpl.getDomainSignedPolicyData(context, "coretech", eTag.toString());
    assertEquals(response.getStatus(), ResourceException.NOT_MODIFIED);
}
Also used : Response(javax.ws.rs.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) EntityTag(javax.ws.rs.core.EntityTag) Timestamp(com.yahoo.rdl.Timestamp) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Aggregations

ChangeLogStore (com.yahoo.athenz.common.server.store.ChangeLogStore)104 ZMSFileChangeLogStore (com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore)104 DataStore (com.yahoo.athenz.zts.store.DataStore)104 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore)104 Test (org.testng.annotations.Test)103 Path (java.nio.file.Path)69 InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)57 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)40 X509Certificate (java.security.cert.X509Certificate)35 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)34 X509CertRecord (com.yahoo.athenz.common.server.cert.X509CertRecord)23 HttpServletRequest (javax.servlet.http.HttpServletRequest)21 HttpServletResponse (javax.servlet.http.HttpServletResponse)17 Response (javax.ws.rs.core.Response)17 Principal (com.yahoo.athenz.auth.Principal)16 MockStatusCheckerNoException (com.yahoo.athenz.zts.status.MockStatusCheckerNoException)12 JOSEException (com.nimbusds.jose.JOSEException)11 MockStatusCheckerThrowException (com.yahoo.athenz.zts.status.MockStatusCheckerThrowException)11 SignatureException (io.jsonwebtoken.security.SignatureException)11 IOException (java.io.IOException)11