Examples with ZMSFileChangeLogStore com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore used on opensource projects

Example 6 with ZMSFileChangeLogStore

use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testValidateServiceX509RefreshRequestMismatchDns.

@Test
public void testValidateServiceX509RefreshRequestMismatchDns() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    Path path = Paths.get("src/test/resources/athenz.mismatch.dns.csr");
    String csr = new String(Files.readAllBytes(path));
    X509CertRequest certReq = new X509CertRequest(csr);
    assertNotNull(certReq);
    path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "syncer", "v=S1,d=athenz;n=syncer;s=sig", 0, new CertificateAuthority());
    assertNotNull(principal);
    principal.setX509Certificate(cert);
    assertSame(ztsImpl.validateServiceX509RefreshRequest(principal, certReq, "10.0.0.1"), ServiceX509RefreshRequestStatus.DNS_NAME_MISMATCH);
}

Example 7 with ZMSFileChangeLogStore

use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testSignJWSPolicyDataECKey.

@Test
public void testSignJWSPolicyDataECKey() {
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY, "src/test/resources/unit_test_zts_private_ec.pem");
    System.clearProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY);
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    ZTSImpl.serverHostName = "localhost";
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    SignedPolicyRequest signedPolicyRequest = new SignedPolicyRequest();
    signedPolicyRequest.setPolicyVersions(Collections.emptyMap());
    signedPolicyRequest.setSignatureP1363Format(true);
    Response response = ztsImpl.postSignedPolicyRequest(context, "coretech", signedPolicyRequest, null);
    assertEquals(response.getStatus(), 200);
    JWSPolicyData jwsPolicyData = (JWSPolicyData) response.getEntity();
    // using standard DER format signature we're going to get failure
    Function<String, PublicKey> keyGetter = s -> Crypto.extractPublicKey(ztsImpl.privateKey.getKey());
    assertFalse(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), jwsPolicyData.getSignature(), keyGetter));
    // now we need to convert to DER format
    final String derSignature = ZTSTestUtils.getDERSignature(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getSignature());
    assertTrue(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), derSignature, keyGetter));
    // now we're going to request the jws policy data with DER signature
    signedPolicyRequest.setSignatureP1363Format(false);
    response = ztsImpl.postSignedPolicyRequest(context, "coretech", signedPolicyRequest, null);
    assertEquals(response.getStatus(), 200);
    jwsPolicyData = (JWSPolicyData) response.getEntity();
    // we should be able to validate without any conversion
    assertTrue(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), jwsPolicyData.getSignature(), keyGetter));
    // set back our private key setting
    System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
    System.clearProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY);
}

Example 8 with ZMSFileChangeLogStore

use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testGetStatusWithStatusChecker.

@Test
public void testGetStatusWithStatusChecker() {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    // if the MockStatusCheckerNoException is set
    // the MockStatusCheckerNoException determines the server is healthy
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerNoException.class.getName());
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    Status status = ztsImpl.getStatus(context);
    assertEquals(ResourceException.OK, status.getCode());
    // if the MockStatusCheckerThrowException is set
    // the MockStatusCheckerThrowException determines that there is a problem with the server
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.NoArguments.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
        String msg = com.yahoo.athenz.common.server.rest.ResourceException.symbolForCode(com.yahoo.athenz.zms.ResourceException.INTERNAL_SERVER_ERROR);
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.NotFound.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.NOT_FOUND;
        String msg = com.yahoo.athenz.common.server.rest.ResourceException.symbolForCode(com.yahoo.athenz.zms.ResourceException.NOT_FOUND);
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.InternalServerErrorWithMessage.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
        String msg = "error message";
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.CauseRuntimeException.class.getName());
    ztsImpl = new ZTSImpl(mockCloudStore, store);
    ztsImpl.statusPort = 0;
    try {
        ztsImpl.getStatus(context);
        fail();
    } catch (ResourceException ex) {
        int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
        String msg = "runtime exception";
        assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
    }
    System.clearProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS);
}

Example 9 with ZMSFileChangeLogStore

use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testLoadMockAuthority.

@Test
public void testLoadMockAuthority() {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    System.setProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES, "com.yahoo.athenz.zts.MockAuthority");
    System.setProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS, "com.yahoo.athenz.zts.MockAuthority");
    ztsImpl.loadAuthorities();
    ztsImpl.setAuthorityKeyStore();
    assertNotNull(ztsImpl.userAuthority);
    assertEquals(ztsImpl.userAuthority, ztsImpl.authorities.getAuthorities().get(0));
    System.clearProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES);
    System.clearProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS);
}

Example 10 with ZMSFileChangeLogStore

use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRegisterInformationWithHostnameInvalidCname.

@Test
public void testPostInstanceRegisterInformationWithHostnameInvalidCname() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    SignedDomain providerDomain = signedAuthorizedProviderDomain();
    store.processSignedDomain(providerDomain, false);
    SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
    store.processSignedDomain(tenantDomain, false);
    Path path = Paths.get("src/test/resources/athenz.instanceid.hostname.csr");
    String certCsr = new String(Files.readAllBytes(path));
    InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
    InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
    Mockito.when(providerClient.getProviderScheme()).thenReturn(InstanceProvider.Scheme.CLASS);
    Map<String, String> attrs = new HashMap<>();
    attrs.put("certSSH", "true");
    InstanceConfirmation confirmation = new InstanceConfirmation().setDomain("athenz").setService("production").setProvider("athenz.provider").setAttributes(attrs);
    InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
    Mockito.when(instanceProviderManager.getProvider(eq("athenz.provider"), Mockito.any())).thenReturn(providerClient);
    Mockito.when(providerClient.confirmInstance(Mockito.any())).thenReturn(confirmation);
    Mockito.when(instanceManager.insertX509CertRecord(Mockito.any())).thenReturn(true);
    path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.production").setX509Certificate(pem);
    Mockito.doReturn(identity).when(instanceManager).generateIdentity(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.anyInt(), Mockito.any());
    ztsImpl.instanceProviderManager = instanceProviderManager;
    ztsImpl.instanceCertManager = instanceManager;
    InstanceRegisterInformation info = new InstanceRegisterInformation().setAttestationData("attestationData").setCsr(certCsr).setDomain("athenz").setService("production").setProvider("athenz.provider").setToken(true).setHostname("host1.athenz.cloud").setHostCnames(Collections.singletonList("cname1.athenz.cloud"));
    ResourceContext context = createResourceContext(null);
    try {
        ztsImpl.postInstanceRegisterInformation(context, info);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
    }
}