use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.
the class ZTSImplTest method testGetRoleTokenTrustDomainWildCardGivenRole.
@Test
public void testGetRoleTokenTrustDomainWildCardGivenRole() {
SignedDomain signedDomain = createSignedDomainWildCard("weather", "netops");
store.processDomain(signedDomain, false);
signedDomain = createTenantSignedDomainWildCard("netops", "weather");
store.processDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "siteops_user_1", "v=U1;d=user_domain;n=siteops_user_1;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
RoleToken roleToken = zts.getRoleToken(context, "weather", "netops_superusers", null, null, null);
com.yahoo.athenz.auth.token.RoleToken token = new com.yahoo.athenz.auth.token.RoleToken(roleToken.getToken());
assertEquals(token.getRoles().size(), 1);
assertTrue(token.getRoles().contains("netops_superusers"));
}
use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.
the class ZTSImplTest method testGetPublicKeyEntry.
@Test
public void testGetPublicKeyEntry() {
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processDomain(signedDomain, false);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
ResourceContext context = createResourceContext(principal);
PublicKeyEntry entry = zts.getPublicKeyEntry(context, "coretech", "storage", "0");
assertEquals(entry.getId(), "0");
assertEquals(entry.getKey(), ZTS_Y64_CERT0);
}
use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.
the class ZTSImplTest method testGetAccess.
@Test
public void testGetAccess() {
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "user", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
// user_domain.user only has access to writers
Access access = zts.getAccess(context, "coretech", "writers", "user_domain.user");
assertTrue(access.getGranted());
access = zts.getAccess(context, "coretech", "readers", "user_domain.user");
assertFalse(access.getGranted());
// user_domain.user1 had access to readers and writers
access = zts.getAccess(context, "coretech", "writers", "user_domain.user1");
assertTrue(access.getGranted());
access = zts.getAccess(context, "coretech", "readers", "user_domain.user1");
assertTrue(access.getGranted());
access = zts.getAccess(context, "coretech", "editors", "user_domain.user1");
assertFalse(access.getGranted());
// user_domain.user4 only has access to readers
access = zts.getAccess(context, "coretech", "readers", "user_domain.user4");
assertTrue(access.getGranted());
access = zts.getAccess(context, "coretech", "writers", "user_domain.user4");
assertFalse(access.getGranted());
}
use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.
the class ZTSImplTest method testGetRoleTokenCertMismatchDomain.
@Test
public void testGetRoleTokenCertMismatchDomain() throws Exception {
RoleCertificateRequest req = new RoleCertificateRequest().setCsr(ROLE_CERT_DB_REQUEST).setExpiryTime(Long.valueOf(3600));
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
try {
zts.postRoleCertificateRequest(context, "coretech", "readers", req);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 400);
}
}
use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshInformationSSHMismatchSerial.
@Test
public void testPostInstanceRefreshInformationSSHMismatchSerial() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setInstanceId("1001");
certRecord.setProvider("athenz.provider");
certRecord.setService("athenz.production");
certRecord.setCurrentSerial("123413");
certRecord.setPrevSerial("123413");
Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(true);
ztsImpl.instanceCertManager = instanceManager;
InstanceRefreshInformation info = new InstanceRefreshInformation().setSsh("ssh-csr");
CertificateAuthority certAuthority = new CertificateAuthority();
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
Path path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal);
try {
ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz", "production", "1001", info);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 403);
}
}
Aggregations