Example 51 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testAllowAccessMatchStartsWithAllowed.
@Test
public void testAllowAccessMatchStartsWithAllowed() {
String action = "startswith";
String resource = "angler:startswithgreat";
StringBuilder roleName = new StringBuilder();
AccessCheckStatus status = AuthZpeClient.allowAccess(rToken0AnglerRegex, resource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
Assert.assertEquals(roleName.toString(), "matchstarts");
// multi tokens test
List<String> tokenList = new ArrayList<>();
tokenList.add(rToken0AnglerExpirePublic.getSignedToken());
tokenList.add(rToken0AnglerRegex.getSignedToken());
tokenList.add(rToken0AnglerPublic.getSignedToken());
roleName = new StringBuilder();
status = AuthZpeClient.allowAccess(tokenList, resource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
Assert.assertEquals(roleName.toString(), "matchstarts");
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Example 52 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testPublicReadInvalidRoleToken.
@Test
public void testPublicReadInvalidRoleToken() {
String action = "read";
String angResource = "angler:stuff";
// make the token invalid by adding chars to the signature
String roleToken = rToken0AnglerPublic.getSignedToken();
roleToken = roleToken.replace(";s=", ";s=ab");
AccessCheckStatus status = AuthZpeClient.allowAccess(roleToken, angResource, action);
Assert.assertEquals(status, AccessCheckStatus.DENY_ROLETOKEN_INVALID);
// multi tokens test
List<String> tokenList = new ArrayList<>();
tokenList.add(rToken0AnglerPublic.getSignedToken());
// add the bad one in
tokenList.add(roleToken);
StringBuilder roleName = new StringBuilder();
status = AuthZpeClient.allowAccess(tokenList, angResource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
Assert.assertEquals(roleName.toString(), "public");
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Example 53 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testPublicReadInvalidParameters.
@Test
public void testPublicReadInvalidParameters() {
String action = "read";
String angResource = "anglerTest:stuff";
AccessCheckStatus status = AuthZpeClient.allowAccess(rToken0AnglerPublic.getSignedToken(), "", action);
Assert.assertEquals(status, AccessCheckStatus.DENY_INVALID_PARAMETERS);
status = AuthZpeClient.allowAccess(rToken0AnglerPublic.getSignedToken(), angResource, "");
Assert.assertEquals(status, AccessCheckStatus.DENY_INVALID_PARAMETERS);
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Example 54 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testAllowAccessExpiredAccessToken.
@Test
public void testAllowAccessExpiredAccessToken() {
String action = "all";
String resource = "angler:stuff";
StringBuilder roleName = new StringBuilder();
long now = System.currentTimeMillis() / 1000;
AccessToken accessToken = new AccessToken();
accessToken.setIssueTime(now - 3600);
accessToken.setExpiryTime(now - 3000);
accessToken.setAudience("angler");
accessToken.setScope(Collections.singletonList("matchall"));
AccessCheckStatus status = AuthZpeClient.allowAccess(accessToken, resource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.DENY_ROLETOKEN_EXPIRED);
}
Also used :
AccessToken(com.yahoo.athenz.auth.token.AccessToken)
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Example 55 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testPublicWriteAllowed.
@Test
public void testPublicWriteAllowed() {
String action = "write";
String angResource = "angler:stuff";
StringBuilder roleName = new StringBuilder();
AccessCheckStatus status = AuthZpeClient.allowAccess(rToken0AnglerPublic, angResource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
Assert.assertEquals(roleName.toString(), "public");
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Aggregations
AccessCheckStatus (com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)56
Test (org.testng.annotations.Test)55
RoleToken (com.yahoo.athenz.auth.token.RoleToken)11
X509Certificate (java.security.cert.X509Certificate)5
Path (java.nio.file.Path)4
IOException (java.io.IOException)3
AccessToken (com.yahoo.athenz.auth.token.AccessToken)1
PrintWriter (java.io.PrintWriter)1
ArrayList (java.util.ArrayList)1
X500Principal (javax.security.auth.x500.X500Principal)1
