use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testValidateServiceX509RefreshRequestMismatchDns.
@Test
public void testValidateServiceX509RefreshRequestMismatchDns() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null, ztsMetric);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/athenz.mismatch.dns.csr");
String csr = new String(Files.readAllBytes(path));
X509CertRequest certReq = new X509CertRequest(csr);
assertNotNull(certReq);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "syncer", "v=S1,d=athenz;n=syncer;s=sig", 0, new CertificateAuthority());
assertNotNull(principal);
principal.setX509Certificate(cert);
assertSame(ztsImpl.validateServiceX509RefreshRequest(principal, certReq, "10.0.0.1"), ServiceX509RefreshRequestStatus.DNS_NAME_MISMATCH);
}
use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testSignJWSPolicyDataECKey.
@Test
public void testSignJWSPolicyDataECKey() {
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY, "src/test/resources/unit_test_zts_private_ec.pem");
System.clearProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY);
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null, ztsMetric);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
ZTSImpl.serverHostName = "localhost";
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processSignedDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
SignedPolicyRequest signedPolicyRequest = new SignedPolicyRequest();
signedPolicyRequest.setPolicyVersions(Collections.emptyMap());
signedPolicyRequest.setSignatureP1363Format(true);
Response response = ztsImpl.postSignedPolicyRequest(context, "coretech", signedPolicyRequest, null);
assertEquals(response.getStatus(), 200);
JWSPolicyData jwsPolicyData = (JWSPolicyData) response.getEntity();
// using standard DER format signature we're going to get failure
Function<String, PublicKey> keyGetter = s -> Crypto.extractPublicKey(ztsImpl.privateKey.getKey());
assertFalse(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), jwsPolicyData.getSignature(), keyGetter));
// now we need to convert to DER format
final String derSignature = ZTSTestUtils.getDERSignature(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getSignature());
assertTrue(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), derSignature, keyGetter));
// now we're going to request the jws policy data with DER signature
signedPolicyRequest.setSignatureP1363Format(false);
response = ztsImpl.postSignedPolicyRequest(context, "coretech", signedPolicyRequest, null);
assertEquals(response.getStatus(), 200);
jwsPolicyData = (JWSPolicyData) response.getEntity();
// we should be able to validate without any conversion
assertTrue(Crypto.validateJWSDocument(jwsPolicyData.getProtectedHeader(), jwsPolicyData.getPayload(), jwsPolicyData.getSignature(), keyGetter));
// set back our private key setting
System.setProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY, "src/test/resources/unit_test_zts_private.pem");
System.clearProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_EC_KEY);
}
use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testGetStatusWithStatusChecker.
@Test
public void testGetStatusWithStatusChecker() {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null, ztsMetric);
Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
// if the MockStatusCheckerNoException is set
// the MockStatusCheckerNoException determines the server is healthy
System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerNoException.class.getName());
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
ztsImpl.statusPort = 0;
Status status = ztsImpl.getStatus(context);
assertEquals(ResourceException.OK, status.getCode());
// if the MockStatusCheckerThrowException is set
// the MockStatusCheckerThrowException determines that there is a problem with the server
System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.NoArguments.class.getName());
ztsImpl = new ZTSImpl(mockCloudStore, store);
ztsImpl.statusPort = 0;
try {
ztsImpl.getStatus(context);
fail();
} catch (ResourceException ex) {
int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
String msg = com.yahoo.athenz.common.server.rest.ResourceException.symbolForCode(com.yahoo.athenz.zms.ResourceException.INTERNAL_SERVER_ERROR);
assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
}
System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.NotFound.class.getName());
ztsImpl = new ZTSImpl(mockCloudStore, store);
ztsImpl.statusPort = 0;
try {
ztsImpl.getStatus(context);
fail();
} catch (ResourceException ex) {
int code = com.yahoo.athenz.common.server.rest.ResourceException.NOT_FOUND;
String msg = com.yahoo.athenz.common.server.rest.ResourceException.symbolForCode(com.yahoo.athenz.zms.ResourceException.NOT_FOUND);
assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
}
System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.InternalServerErrorWithMessage.class.getName());
ztsImpl = new ZTSImpl(mockCloudStore, store);
ztsImpl.statusPort = 0;
try {
ztsImpl.getStatus(context);
fail();
} catch (ResourceException ex) {
int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
String msg = "error message";
assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
}
System.setProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS, MockStatusCheckerThrowException.CauseRuntimeException.class.getName());
ztsImpl = new ZTSImpl(mockCloudStore, store);
ztsImpl.statusPort = 0;
try {
ztsImpl.getStatus(context);
fail();
} catch (ResourceException ex) {
int code = com.yahoo.athenz.common.server.rest.ResourceException.INTERNAL_SERVER_ERROR;
String msg = "runtime exception";
assertEquals(new ResourceError().code(code).message(msg).toString(), ex.getData().toString());
}
System.clearProperty(ZTSConsts.ZTS_PROP_STATUS_CHECKER_FACTORY_CLASS);
}
use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testLoadMockAuthority.
@Test
public void testLoadMockAuthority() {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null, ztsMetric);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
System.setProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES, "com.yahoo.athenz.zts.MockAuthority");
System.setProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS, "com.yahoo.athenz.zts.MockAuthority");
ztsImpl.loadAuthorities();
ztsImpl.setAuthorityKeyStore();
assertNotNull(ztsImpl.userAuthority);
assertEquals(ztsImpl.userAuthority, ztsImpl.authorities.getAuthorities().get(0));
System.clearProperty(ZTSConsts.ZTS_PROP_AUTHORITY_CLASSES);
System.clearProperty(ZTSConsts.ZTS_PROP_USER_AUTHORITY_CLASS);
}
use of com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRegisterInformationWithHostnameInvalidCname.
@Test
public void testPostInstanceRegisterInformationWithHostnameInvalidCname() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null, ztsMetric);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processSignedDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processSignedDomain(tenantDomain, false);
Path path = Paths.get("src/test/resources/athenz.instanceid.hostname.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
Mockito.when(providerClient.getProviderScheme()).thenReturn(InstanceProvider.Scheme.CLASS);
Map<String, String> attrs = new HashMap<>();
attrs.put("certSSH", "true");
InstanceConfirmation confirmation = new InstanceConfirmation().setDomain("athenz").setService("production").setProvider("athenz.provider").setAttributes(attrs);
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
Mockito.when(instanceProviderManager.getProvider(eq("athenz.provider"), Mockito.any())).thenReturn(providerClient);
Mockito.when(providerClient.confirmInstance(Mockito.any())).thenReturn(confirmation);
Mockito.when(instanceManager.insertX509CertRecord(Mockito.any())).thenReturn(true);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
InstanceIdentity identity = new InstanceIdentity().setName("athenz.production").setX509Certificate(pem);
Mockito.doReturn(identity).when(instanceManager).generateIdentity(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any(), Mockito.anyInt(), Mockito.any());
ztsImpl.instanceProviderManager = instanceProviderManager;
ztsImpl.instanceCertManager = instanceManager;
InstanceRegisterInformation info = new InstanceRegisterInformation().setAttestationData("attestationData").setCsr(certCsr).setDomain("athenz").setService("production").setProvider("athenz.provider").setToken(true).setHostname("host1.athenz.cloud").setHostCnames(Collections.singletonList("cname1.athenz.cloud"));
ResourceContext context = createResourceContext(null);
try {
ztsImpl.postInstanceRegisterInformation(context, info);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), ResourceException.BAD_REQUEST);
}
}
Aggregations