Example 6 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testAdminThrowAllowed.
@Test
public void testAdminThrowAllowed() {
String action = "THrow";
String angResource = "angler:stuff";
StringBuilder roleName = new StringBuilder();
AccessCheckStatus status = AuthZpeClient.allowAccess(rToken0AnglerAdmin, angResource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Example 7 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testAllowAccessMatchAllAccessToken.
@Test
public void testAllowAccessMatchAllAccessToken() throws IOException {
String action = "all";
String resource = "angler:stuff";
StringBuilder roleName = new StringBuilder();
Path path = Paths.get("src/test/resources/mtls_token_spec.cert");
String certStr = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(certStr);
AccessCheckStatus status = AuthZpeClient.allowAccess(accessToken0AnglerRegex, cert, null, resource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
Assert.assertEquals(roleName.toString(), "matchall");
// second time for the same token we should get from the cache
status = AuthZpeClient.allowAccess(accessToken0AnglerRegex, resource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
Assert.assertEquals(roleName.toString(), "matchall");
// now we're going to include the Bearer part
status = AuthZpeClient.allowAccess("Bearer " + accessToken0AnglerRegex, resource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
Assert.assertEquals(roleName.toString(), "matchall");
}
Also used :
Path(java.nio.file.Path)
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
X509Certificate(java.security.cert.X509Certificate)
Test(org.testng.annotations.Test)
Example 8 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testAllowAccessMatchAllAccessTokenNoRoleName.
@Test
public void testAllowAccessMatchAllAccessTokenNoRoleName() throws IOException {
String action = "all";
String resource = "angler:stuff";
Path path = Paths.get("src/test/resources/mtls_token_spec.cert");
String certStr = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(certStr);
AccessCheckStatus status = AuthZpeClient.allowAccess(accessToken0AnglerRegex, cert, null, resource, action);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
// second time for the same token we should get from the cache
status = AuthZpeClient.allowAccess(accessToken0AnglerRegex, resource, action);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
// now we're going to include the Bearer part
status = AuthZpeClient.allowAccess("Bearer " + accessToken0AnglerRegex, resource, action);
Assert.assertEquals(status, AccessCheckStatus.ALLOW);
}
Also used :
Path(java.nio.file.Path)
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
X509Certificate(java.security.cert.X509Certificate)
Test(org.testng.annotations.Test)
Example 9 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testAllowAccessCertHashMismatch.
@Test
public void testAllowAccessCertHashMismatch() throws IOException {
String action = "all";
String resource = "angler:stuff";
StringBuilder roleName = new StringBuilder();
Path path = Paths.get("src/test/resources/mtls_token_mismatch.cert");
String certStr = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(certStr);
AccessCheckStatus status = AuthZpeClient.allowAccess(accessToken0AnglerRegex, cert, null, resource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.DENY_CERT_HASH_MISMATCH);
}
Also used :
Path(java.nio.file.Path)
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
X509Certificate(java.security.cert.X509Certificate)
Test(org.testng.annotations.Test)
Example 10 with AccessCheckStatus
use of com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus in project athenz by yahoo.
the class TestAuthZpe method testPublicReadMismatchDomain.
@Test
public void testPublicReadMismatchDomain() {
String action = "read";
String angResource = "anglerTest:stuff";
AccessCheckStatus status = AuthZpeClient.allowAccess(rToken0AnglerPublic.getSignedToken(), angResource, action);
Assert.assertEquals(status, AccessCheckStatus.DENY_DOMAIN_MISMATCH);
// multi tokens test
List<String> tokenList = new ArrayList<>();
tokenList.add(rToken0AnglerPublic.getSignedToken());
tokenList.add(rToken0CoreTechPublic.getSignedToken());
StringBuilder roleName = new StringBuilder();
status = AuthZpeClient.allowAccess(tokenList, angResource, action, roleName);
Assert.assertEquals(status, AccessCheckStatus.DENY_DOMAIN_MISMATCH);
Assert.assertEquals(roleName.toString(), "");
}
Also used :
AccessCheckStatus(com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)
Test(org.testng.annotations.Test)
Aggregations
AccessCheckStatus (com.yahoo.athenz.zpe.AuthZpeClient.AccessCheckStatus)56
Test (org.testng.annotations.Test)55
RoleToken (com.yahoo.athenz.auth.token.RoleToken)11
X509Certificate (java.security.cert.X509Certificate)5
Path (java.nio.file.Path)4
IOException (java.io.IOException)3
AccessToken (com.yahoo.athenz.auth.token.AccessToken)1
PrintWriter (java.io.PrintWriter)1
ArrayList (java.util.ArrayList)1
X500Principal (javax.security.auth.x500.X500Principal)1
