Examples with InstanceZTSProvider com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider used on opensource projects

Example 6 with InstanceZTSProvider

use of com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider in project athenz by yahoo.

the class InstanceZTSProviderTest method testValidateHostname.

@Test
public void testValidateHostname() {
    HostnameResolver hostnameResolver = Mockito.mock(HostnameResolver.class);
    Mockito.when(hostnameResolver.getAllByName("abc.athenz.com")).thenReturn(new HashSet<>(Arrays.asList("10.1.1.1", "2001:db8:a0b:12f0:0:0:0:1")));
    InstanceZTSProvider provider = new InstanceZTSProvider();
    provider.initialize("provider", "com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider", null, null);
    provider.setHostnameResolver(hostnameResolver);
    assertTrue(provider.validateHostname("abc.athenz.com", new String[] { "10.1.1.1" }));
    assertTrue(provider.validateHostname("abc.athenz.com", new String[] { "10.1.1.1", "2001:db8:a0b:12f0:0:0:0:1" }));
    assertFalse(provider.validateHostname("abc.athenz.com", new String[] { "10.1.1.2" }));
    assertFalse(provider.validateHostname("abc.athenz.com", new String[] { "10.1.1.1", "1:2:3:4:5:6:7:8" }));
    assertFalse(provider.validateHostname("abc.athenz.com", new String[] { "10.1.1.2", "1:2:3:4:5:6:7:8" }));
    // If hostname is passed, sanIp must be non empty
    assertFalse(provider.validateHostname("abc.athenz.com", null));
    assertFalse(provider.validateHostname("abc.athenz.com", new String[] {}));
    assertFalse(provider.validateHostname("abc.athenz.com", new String[] { "" }));
    // It's possible client didn't set Hostname payload. One sanIp be optionally set, and would have been matched with clientIp upstream
    assertTrue(provider.validateHostname("", new String[] { "10.1.1.1" }));
    assertTrue(provider.validateHostname(null, new String[] { "10.1.1.1" }));
    // If more than one sanIp is passed, hostname must be non empty
    assertFalse(provider.validateHostname(null, new String[] { "10.1.1.1", "2001:db8:a0b:12f0:0:0:0:1" }));
    assertFalse(provider.validateHostname("", new String[] { "10.1.1.1", "2001:db8:a0b:12f0:0:0:0:1" }));
    provider.close();
}

Example 7 with InstanceZTSProvider

use of com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider in project athenz by yahoo.

the class InstanceZTSProviderTest method testAuthenticate.

@Test
public void testAuthenticate() {
    InstanceZTSProvider provider = new InstanceZTSProvider();
    provider.initialize("provider", "com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider", null, null);
    StringBuilder errMsg = new StringBuilder(256);
    KeyStore keystore = Mockito.mock(KeyStore.class);
    Mockito.when(keystore.getPublicKey("sports", "api", "v0")).thenReturn(servicePublicKeyStringK0);
    String token = "invalidtoken";
    assertNull(provider.authenticate(token, null, servicePublicKeyStringK0, errMsg));
    assertTrue(errMsg.toString().contains("Invalid token"));
    errMsg.setLength(0);
    token = "v=S1;d=domain;n=service;t=1234;e=1235;k=0;h=host1;i=1.2.3.4;b=svc1,svc2;s=signature;bk=0;bn=svc1;bs=signature";
    assertNull(provider.authenticate(token, null, servicePublicKeyStringK0, errMsg));
    assertTrue(errMsg.toString().contains("authorized service token"));
    PrincipalToken tokenToSign = new PrincipalToken.Builder("S1", "sports", "api").keyId("v0").salt("salt").issueTime(System.currentTimeMillis() / 1000).expirationWindow(3600).build();
    tokenToSign.sign(servicePrivateKeyStringK0);
    errMsg.setLength(0);
    assertNotNull(provider.authenticate(tokenToSign.getSignedToken(), keystore, servicePublicKeyStringK0, errMsg));
    // test with mismatch public key
    assertNull(provider.authenticate(tokenToSign.getSignedToken(), keystore, "publicKey", errMsg));
    // create invalid signature
    errMsg.setLength(0);
    assertNull(provider.authenticate(tokenToSign.getSignedToken().replace(";s=", ";s=abc"), keystore, servicePublicKeyStringK0, errMsg));
    provider.close();
}

Example 8 with InstanceZTSProvider

use of com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider in project athenz by yahoo.

the class InstanceZTSProviderTest method testGetInstanceRegisterToken.

@Test
public void testGetInstanceRegisterToken() throws IOException {
    InstanceZTSProvider provider = new InstanceZTSProvider();
    provider.initialize("provider", "com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider", null, null);
    Path path = Paths.get("./src/test/resources/unit_test_ec_private.key");
    final String keyPem = new String(Files.readAllBytes(path));
    PrivateKey privateKey = Crypto.loadPrivateKey(keyPem);
    provider.setPrivateKey(privateKey, "k0", SignatureAlgorithm.ES256);
    InstanceConfirmation confirmation = new InstanceConfirmation();
    confirmation.setDomain("sports");
    confirmation.setService("api");
    confirmation.setProvider("sys.auth.zts");
    Map<String, String> attrs = new HashMap<>();
    attrs.put(InstanceProvider.ZTS_INSTANCE_ID, "id001");
    confirmation.setAttributes(attrs);
    InstanceRegisterToken token = provider.getInstanceRegisterToken(confirmation);
    assertNotNull(token.getAttestationData());
    provider.close();
}

Example 9 with InstanceZTSProvider

use of com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider in project athenz by yahoo.

the class InstanceZTSProviderTest method testInitialize.

@Test
public void testInitialize() {
    System.setProperty(InstanceZTSProvider.ZTS_PROP_PROVIDER_DNS_SUFFIX, "zts.cloud");
    System.setProperty(InstanceZTSProvider.ZTS_PROP_PRINCIPAL_LIST, "athenz.api,sports.backend");
    InstanceZTSProvider provider = new InstanceZTSProvider();
    provider.initialize("provider", "com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider", null, null);
    assertTrue(provider.dnsSuffixes.contains("zts.cloud"));
    assertNull(provider.keyStore);
    assertEquals(provider.principals.size(), 2);
    assertTrue(provider.principals.contains("athenz.api"));
    assertTrue(provider.principals.contains("sports.backend"));
    provider.close();
    System.setProperty(InstanceZTSProvider.ZTS_PROP_PROVIDER_DNS_SUFFIX, "");
    System.setProperty(InstanceZTSProvider.ZTS_PROP_PRINCIPAL_LIST, "");
    provider = new InstanceZTSProvider();
    provider.initialize("provider", "com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider", null, null);
    assertTrue(provider.dnsSuffixes.contains("zts.athenz.cloud"));
    assertNull(provider.keyStore);
    assertNull(provider.principals);
    provider.close();
    System.clearProperty(InstanceZTSProvider.ZTS_PROP_PROVIDER_DNS_SUFFIX);
}

Example 10 with InstanceZTSProvider

use of com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider in project athenz by yahoo.

the class InstanceZTSProviderTest method testValidateSanUri.

@Test
public void testValidateSanUri() {
    InstanceZTSProvider provider = new InstanceZTSProvider();
    provider.initialize("provider", "com.yahoo.athenz.instance.provider.impl.InstanceZTSProvider", null, null);
    assertTrue(provider.validateSanUri("athenz://hostname/abc.athenz.com", "abc.athenz.com"));
    assertTrue(provider.validateSanUri("spiffe://movies/sa/writer,athenz://hostname/abc.athenz.com", "abc.athenz.com"));
    assertTrue(provider.validateSanUri("spiffe://movies/sa/writer,athenz://hostname/abc.athenz.com,athenz://instanceid/zts/abc.athenz.com", "abc.athenz.com"));
    assertTrue(provider.validateSanUri("spiffe://movies/sa/writer,athenz://hostname/abc.athenz.com,athenz://hostname/abc.athenz.com", "abc.athenz.com"));
    assertTrue(provider.validateSanUri("", "abc.athenz.com"));
    assertTrue(provider.validateSanUri(null, "abc.athenz.com"));
    assertFalse(provider.validateSanUri("athenz://hostname/abc.athenz.cm", "def.athenz.com"));
    assertFalse(provider.validateSanUri("spiffe://movies/sa/writer,    athenz://hostname/abc.athenz.cm", "def.athenz.com"));
    assertFalse(provider.validateSanUri("spiffe://movies/sa/writer,athenz://hostname/abc.athenz.com,athenz://hostname/def.athenz.com", "abc.athenz.com"));
    provider.close();
}