Example 11 with DomainSignedPolicyData
use of com.yahoo.athenz.zts.DomainSignedPolicyData in project athenz by yahoo.
the class ZTSMock method getDomainSignedPolicyData.
@Override
public DomainSignedPolicyData getDomainSignedPolicyData(String domainName, String matchingTag, Map<String, List<String>> responseHeaders) {
DomainSignedPolicyData result = null;
if (!domainName.equals("sports") && !domainName.equals("sys.auth") && !domainName.equals("expiredDomain")) {
return result;
}
SignedPolicyData signedPolicyData = new SignedPolicyData();
Timestamp expires;
if (domainName.equals("expiredDomain")) {
expires = Timestamp.fromMillis(System.currentTimeMillis() - (1000L * 60));
} else {
expires = Timestamp.fromMillis(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 7));
}
signedPolicyData.setExpires(expires);
Timestamp modified = Timestamp.fromMillis(System.currentTimeMillis());
signedPolicyData.setModified(modified);
String policyName = domainName + ":policy." + "admin";
Policy policy = new Policy();
policy.setName(policyName);
Assertion assertion = new Assertion();
assertion.setAction("*");
assertion.setEffect(AssertionEffect.ALLOW);
assertion.setResource("*");
String roleName = domainName + ":role." + "admin";
assertion.setRole(roleName);
List<Assertion> assertList = new ArrayList<Assertion>();
assertList.add(assertion);
assertion = new Assertion();
assertion.setAction("*");
assertion.setEffect(AssertionEffect.DENY);
assertion.setResource("*");
roleName = domainName + ":role." + "non-admin";
assertion.setRole(roleName);
assertList.add(assertion);
policy.setAssertions(assertList);
List<Policy> listOfPolicies = new ArrayList<Policy>();
listOfPolicies.add(policy);
PolicyData policyData = new PolicyData();
policyData.setPolicies(listOfPolicies);
policyData.setDomain(domainName);
signedPolicyData.setPolicyData(policyData);
signedPolicyData.setZmsKeyId("0");
signedPolicyData.setZmsSignature(Crypto.sign(SignUtils.asCanonicalString(policyData), zmsPrivateKeyK0));
DomainSignedPolicyData domainSignedPolicyData = new DomainSignedPolicyData();
domainSignedPolicyData.setSignedPolicyData(signedPolicyData);
PrivateKey ztsKey = null;
if ("0".equals(keyId)) {
ztsKey = ztsPrivateKeyK0;
} else if ("1".equals(keyId)) {
ztsKey = ztsPrivateKeyK1;
}
String signature = Crypto.sign(SignUtils.asCanonicalString(signedPolicyData), ztsKey);
domainSignedPolicyData.setKeyId(keyId);
domainSignedPolicyData.setSignature(signature);
return domainSignedPolicyData;
}
Also used :
Policy(com.yahoo.athenz.zts.Policy)
PrivateKey(java.security.PrivateKey)
Assertion(com.yahoo.athenz.zts.Assertion)
ArrayList(java.util.ArrayList)
SignedPolicyData(com.yahoo.athenz.zts.SignedPolicyData)
PolicyData(com.yahoo.athenz.zts.PolicyData)
DomainSignedPolicyData(com.yahoo.athenz.zts.DomainSignedPolicyData)
DomainSignedPolicyData(com.yahoo.athenz.zts.DomainSignedPolicyData)
SignedPolicyData(com.yahoo.athenz.zts.SignedPolicyData)
DomainSignedPolicyData(com.yahoo.athenz.zts.DomainSignedPolicyData)
Timestamp(com.yahoo.rdl.Timestamp)
Aggregations
DomainSignedPolicyData (com.yahoo.athenz.zts.DomainSignedPolicyData)11
Path (java.nio.file.Path)6
SignedPolicyData (com.yahoo.athenz.zts.SignedPolicyData)5
PolicyData (com.yahoo.athenz.zts.PolicyData)4
Timestamp (com.yahoo.rdl.Timestamp)4
File (java.io.File)4
Test (org.testng.annotations.Test)4
IOException (java.io.IOException)3
ArrayList (java.util.ArrayList)3
Assertion (com.yahoo.athenz.zts.Assertion)2
Policy (com.yahoo.athenz.zts.Policy)2
ZTSClient (com.yahoo.athenz.zts.ZTSClient)2
ZTSClientException (com.yahoo.athenz.zts.ZTSClientException)2
PrivateKey (java.security.PrivateKey)2
PublicKey (java.security.PublicKey)2
List (java.util.List)2
ZpeMatch (com.yahoo.athenz.zpe.match.ZpeMatch)1
ZpeMatchEqual (com.yahoo.athenz.zpe.match.impl.ZpeMatchEqual)1
AssertionEffect (com.yahoo.athenz.zts.AssertionEffect)1
Struct (com.yahoo.rdl.Struct)1
