Examples with SignedDomain com.yahoo.athenz.zms.SignedDomain used on opensource projects

Search in sources :

Example 96 with SignedDomain

use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.

the class ZTSImplTest method testGetRoleTokenCert.

@Test
public void testGetRoleTokenCert() throws Exception {
    // this csr is for sports:role.readers role
    RoleCertificateRequest req = new RoleCertificateRequest().setCsr(ROLE_CERT_CORETECH_REQUEST).setExpiryTime(Long.valueOf(3600));
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processDomain(signedDomain, false);
    File caCert = new File("src/test/resources/valid_cn_x509.cert");
    X509Certificate caCertificate = Crypto.loadX509Certificate(caCert);
    File caKey = new File("src/test/resources/private_encrypted.key");
    PrivateKey caPrivateKey = Crypto.loadPrivateKey(caKey, "athenz");
    CertSigner certSigner = new SelfCertSigner(caPrivateKey, caCertificate);
    CloudStore cloudStore = new MockCloudStore(certSigner);
    store.setCloudStore(cloudStore);
    zts.cloudStore = cloudStore;
    Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    RoleToken roleToken = zts.postRoleCertificateRequest(context, "coretech", "readers", req);
    assertNotNull(roleToken);
    assertEquals(roleToken.getExpiryTime(), TimeUnit.SECONDS.convert(30, TimeUnit.DAYS));
}
Also used : PrivateKey(java.security.PrivateKey) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) CloudStore(com.yahoo.athenz.zts.store.CloudStore) CertSigner(com.yahoo.athenz.common.server.cert.CertSigner) SelfCertSigner(com.yahoo.athenz.zts.cert.impl.SelfCertSigner) SignedDomain(com.yahoo.athenz.zms.SignedDomain) MockCloudStore(com.yahoo.athenz.zts.store.MockCloudStore) SelfCertSigner(com.yahoo.athenz.zts.cert.impl.SelfCertSigner) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 97 with SignedDomain

use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.

the class ZTSImplTest method testGetTenantDomainsSingleDomainWithUserDomain.

@Test
public void testGetTenantDomainsSingleDomainWithUserDomain() {
    SignedDomain signedDomain = createSignedDomain("athenz.product", "weather.frontpage", "storage", true);
    store.processDomain(signedDomain, false);
    signedDomain = createTenantSignedDomain("weather.frontpage", "athenz.product", "storage");
    store.processDomain(signedDomain, false);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    TenantDomains tenantDomains = zts.getTenantDomains(context, "athenz.product", "user_domain.user100", null, null);
    assertNotNull(tenantDomains);
    assertEquals(tenantDomains.getTenantDomainNames().size(), 1);
    assertEquals(tenantDomains.getTenantDomainNames().get(0), "weather.frontpage");
}
Also used : SignedDomain(com.yahoo.athenz.zms.SignedDomain) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test)

Example 98 with SignedDomain

use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.

the class ZTSImplTest method createMultipleSignedDomains.

private SignedDomain createMultipleSignedDomains(String domainName, String tenantDomain1, String tenantDomain2, String serviceName, boolean includeServices) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(generateRoleName(domainName, "admin"));
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.adminuser"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, serviceName + ".tenant." + tenantDomain1 + ".admin"));
    role.setTrust(tenantDomain1);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, serviceName + ".tenant." + tenantDomain2 + ".admin"));
    role.setTrust(tenantDomain2);
    roles.add(role);
    List<ServiceIdentity> services = new ArrayList<>();
    if (includeServices) {
        ServiceIdentity service = new ServiceIdentity();
        service.setName(generateServiceIdentityName(domainName, serviceName));
        setServicePublicKey(service, "0", ZTS_Y64_CERT0);
        List<String> hosts = new ArrayList<>();
        hosts.add("host1");
        hosts.add("host2");
        service.setHosts(hosts);
        services.add(service);
    }
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    // tenant admin domain
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + ":service." + serviceName + ".tenant." + tenantDomain1 + ".*");
    assertion.setAction("read");
    assertion.setRole(generateRoleName(domainName, serviceName + ".tenant." + tenantDomain1 + ".admin"));
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, serviceName + ".tenant." + tenantDomain1 + ".admin"));
    policies.add(policy);
    policy = new com.yahoo.athenz.zms.Policy();
    assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + ":service." + serviceName + ".tenant." + tenantDomain2 + ".*");
    assertion.setAction("read");
    assertion.setRole(generateRoleName(domainName, serviceName + ".tenant." + tenantDomain2 + ".admin"));
    assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, serviceName + ".tenant." + tenantDomain2 + ".admin"));
    policies.add(policy);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain(domainName);
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setRoles(roles);
    domain.setServices(services);
    domain.setPolicies(signedPolicies);
    domain.setModified(Timestamp.fromCurrentTime());
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
    signedDomain.setKeyId("0");
    return signedDomain;
}
Also used : Policy(com.yahoo.athenz.zms.Policy) ArrayList(java.util.ArrayList) DomainData(com.yahoo.athenz.zms.DomainData) Assertion(com.yahoo.athenz.zms.Assertion) SignedDomain(com.yahoo.athenz.zms.SignedDomain) Policy(com.yahoo.athenz.zms.Policy) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) Assertion(com.yahoo.athenz.zms.Assertion) Role(com.yahoo.athenz.zms.Role) RoleMember(com.yahoo.athenz.zms.RoleMember)

Example 99 with SignedDomain

use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.

the class ZTSImplTest method testGetTenantDomainsInvalidDomain.

@Test
public void testGetTenantDomainsInvalidDomain() {
    SignedDomain signedDomain = createSignedDomain("athenz.product", "weather.frontpage", "storage", true);
    store.processDomain(signedDomain, false);
    signedDomain = createTenantSignedDomain("weather.frontpage", "athenz.product", "storage");
    store.processDomain(signedDomain, false);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("hockey", "kings", "v=S1,d=hockey;n=kings;s=sig", 0, new PrincipalAuthority());
    ResourceContext context = createResourceContext(principal);
    try {
        zts.getTenantDomains(context, "athenz.non_product", "user100", null, null);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 404);
    }
}
Also used : SignedDomain(com.yahoo.athenz.zms.SignedDomain) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority) Test(org.testng.annotations.Test)

Example 100 with SignedDomain

use of com.yahoo.athenz.zms.SignedDomain in project athenz by yahoo.

the class ZTSImplTest method createSignedDomainWildCard.

private SignedDomain createSignedDomainWildCard(String domainName, String tenantDomain) {
    SignedDomain signedDomain = new SignedDomain();
    List<Role> roles = new ArrayList<>();
    Role role = new Role();
    role.setName(generateRoleName(domainName, "superusers"));
    List<RoleMember> members = new ArrayList<>();
    members.add(new RoleMember().setMemberName("user_domain.admin_user"));
    role.setRoleMembers(members);
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, "users"));
    roles.add(role);
    role = new Role();
    role.setName(generateRoleName(domainName, "netops_superusers"));
    role.setTrust(tenantDomain);
    roles.add(role);
    List<com.yahoo.athenz.zms.Policy> policies = new ArrayList<>();
    com.yahoo.athenz.zms.Policy policy = new com.yahoo.athenz.zms.Policy();
    com.yahoo.athenz.zms.Assertion assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + ":node.*");
    assertion.setAction("node_user");
    assertion.setRole(generateRoleName(domainName, "users"));
    List<com.yahoo.athenz.zms.Assertion> assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "users"));
    policies.add(policy);
    policy = new com.yahoo.athenz.zms.Policy();
    assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + ":node.*");
    assertion.setAction("node_sudo");
    assertion.setRole(generateRoleName(domainName, "netops_superusers"));
    assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "netops_superusers"));
    policies.add(policy);
    policy = new com.yahoo.athenz.zms.Policy();
    assertion = new com.yahoo.athenz.zms.Assertion();
    assertion.setResource(domainName + ":node.*");
    assertion.setAction("node_user");
    assertion.setRole(generateRoleName(domainName, "superusers"));
    assertions = new ArrayList<>();
    assertions.add(assertion);
    policy.setAssertions(assertions);
    policy.setName(generatePolicyName(domainName, "superusers"));
    policies.add(policy);
    com.yahoo.athenz.zms.DomainPolicies domainPolicies = new com.yahoo.athenz.zms.DomainPolicies();
    domainPolicies.setDomain(domainName);
    domainPolicies.setPolicies(policies);
    com.yahoo.athenz.zms.SignedPolicies signedPolicies = new com.yahoo.athenz.zms.SignedPolicies();
    signedPolicies.setContents(domainPolicies);
    signedPolicies.setSignature(Crypto.sign(SignUtils.asCanonicalString(domainPolicies), privateKey));
    signedPolicies.setKeyId("0");
    DomainData domain = new DomainData();
    domain.setName(domainName);
    domain.setRoles(roles);
    domain.setPolicies(signedPolicies);
    domain.setModified(Timestamp.fromCurrentTime());
    signedDomain.setDomain(domain);
    signedDomain.setSignature(Crypto.sign(SignUtils.asCanonicalString(domain), privateKey));
    signedDomain.setKeyId("0");
    return signedDomain;
}
Also used : Policy(com.yahoo.athenz.zms.Policy) Policy(com.yahoo.athenz.zms.Policy) ArrayList(java.util.ArrayList) Assertion(com.yahoo.athenz.zms.Assertion) DomainData(com.yahoo.athenz.zms.DomainData) Assertion(com.yahoo.athenz.zms.Assertion) Role(com.yahoo.athenz.zms.Role) SignedDomain(com.yahoo.athenz.zms.SignedDomain) RoleMember(com.yahoo.athenz.zms.RoleMember)

Aggregations

SignedDomain (com.yahoo.athenz.zms.SignedDomain)157 Test (org.testng.annotations.Test)137 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)72 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)71 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)70 ArrayList (java.util.ArrayList)44 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)38 DataStore (com.yahoo.athenz.zts.store.DataStore)38 Principal (com.yahoo.athenz.auth.Principal)33 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)31 Path (java.nio.file.Path)30 RoleMember (com.yahoo.athenz.zms.RoleMember)26 DomainData (com.yahoo.athenz.zms.DomainData)25 InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)25 Role (com.yahoo.athenz.zms.Role)22 CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)20 HashSet (java.util.HashSet)20 X509Certificate (java.security.cert.X509Certificate)19 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)18 X509CertRecord (com.yahoo.athenz.zts.cert.X509CertRecord)18
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial