Examples with InstanceIdentity com.yahoo.athenz.zts.InstanceIdentity used on opensource projects

Example 1 with InstanceIdentity

use of com.yahoo.athenz.zts.InstanceIdentity in project athenz by yahoo.

the class InstanceClientRegister method main.

public static void main(String[] args) throws MalformedURLException, IOException {
    // parse our command line to retrieve required input
    CommandLine cmd = parseCommandLine(args);
    String domainName = cmd.getOptionValue("domain").toLowerCase();
    String serviceName = cmd.getOptionValue("service").toLowerCase();
    String provider = cmd.getOptionValue("provider").toLowerCase();
    String instance = cmd.getOptionValue("instance");
    String dnsSuffix = cmd.getOptionValue("dnssuffix");
    String providerKeyPath = cmd.getOptionValue("providerkey");
    String providerKeyId = cmd.getOptionValue("providerkeyid");
    String instanceKeyPath = cmd.getOptionValue("instancekey");
    String ztsUrl = cmd.getOptionValue("ztsurl");
    // get our configured private key
    PrivateKey providerKey = Crypto.loadPrivateKey(new File(providerKeyPath));
    // first we are going to generate our attestation data
    // which we are going to use jwt. ZTS Server will send
    // this object to the specified provider for validation
    String compactJws = Jwts.builder().setSubject(domainName + "." + serviceName).setIssuer(provider).setAudience("zts").setId(instance).setExpiration(new Date(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(5, TimeUnit.MINUTES))).setHeaderParam("keyId", providerKeyId).signWith(SignatureAlgorithm.RS256, providerKey).compact();
    System.out.println("JWS: \n" + compactJws + "\n");
    // now we need to generate our CSR so we can get
    // a TLS certificate for our instance
    PrivateKey instanceKey = Crypto.loadPrivateKey(new File(instanceKeyPath));
    String csr = generateCSR(domainName, serviceName, instance, dnsSuffix, instanceKey);
    if (csr == null) {
        System.err.println("Unable to generate CSR for instance");
        System.exit(1);
    }
    System.out.println("CSR: \n" + csr + "\n");
    // now let's generate our instance register object that will be sent
    // to the ZTS Server
    InstanceRegisterInformation info = new InstanceRegisterInformation().setAttestationData(compactJws).setDomain(domainName).setService(serviceName).setProvider(provider).setToken(true).setCsr(csr);
    // now contact zts server to request identity for instance
    InstanceIdentity identity = null;
    Map<String, List<String>> responseHeaders = new HashMap<>();
    try (ZTSClient ztsClient = new ZTSClient(ztsUrl)) {
        identity = ztsClient.postInstanceRegisterInformation(info, responseHeaders);
    } catch (ZTSClientException ex) {
        System.out.println("Unable to register instance: " + ex.getMessage());
        System.exit(2);
    }
    System.out.println("Identity TLS Certificate: \n" + identity.getX509Certificate());
    Map<String, String> attrs = identity.getAttributes();
    if (attrs != null) {
        System.out.println("Provider Attributes:");
        for (String key : attrs.keySet()) {
            System.out.println("\t" + key + ": " + attrs.get(key));
        }
    }
}

Example 2 with InstanceIdentity

use of com.yahoo.athenz.zts.InstanceIdentity in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityEmptyCertError.

@Test
public void testGenerateSshIdentityEmptyCertError() {
    String sshCsr = "{\"csr\":\"csr\",\"certtype\":\"host\"}";
    CertSigner certSigner = Mockito.mock(com.yahoo.athenz.common.server.cert.CertSigner.class);
    Mockito.when(certSigner.generateSSHCertificate(sshCsr)).thenReturn("");
    Mockito.when(certSigner.getSSHCertificate(ZTSConsts.ZTS_SSH_HOST)).thenReturn("ssh-host");
    Mockito.when(certSigner.getSSHCertificate(ZTSConsts.ZTS_SSH_USER)).thenReturn("ssh-user");
    InstanceCertManager instanceManager = new InstanceCertManager(null, certSigner);
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    boolean result = instanceManager.generateSshIdentity(identity, sshCsr, "host");
    assertFalse(result);
}

Example 3 with InstanceIdentity

use of com.yahoo.athenz.zts.InstanceIdentity in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityNoSsh.

@Test
public void testGenerateSshIdentityNoSsh() {
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    InstanceCertManager instanceManager = new InstanceCertManager(null, null);
    boolean result = instanceManager.generateSshIdentity(identity, null, null);
    assertTrue(result);
    assertNull(identity.getSshCertificate());
    result = instanceManager.generateSshIdentity(identity, "", null);
    assertTrue(result);
    assertNull(identity.getSshCertificate());
}

Example 4 with InstanceIdentity

use of com.yahoo.athenz.zts.InstanceIdentity in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateIdentityEmptyCert.

@Test
public void testGenerateIdentityEmptyCert() {
    CertSigner certSigner = Mockito.mock(com.yahoo.athenz.common.server.cert.CertSigner.class);
    Mockito.when(certSigner.generateX509Certificate(Mockito.<String>any(), Mockito.any(), Mockito.anyInt())).thenReturn("");
    InstanceCertManager instanceManager = new InstanceCertManager(null, certSigner);
    InstanceIdentity identity = instanceManager.generateIdentity("csr", "cn", null, 0);
    assertNull(identity);
}

Example 5 with InstanceIdentity

use of com.yahoo.athenz.zts.InstanceIdentity in project athenz by yahoo.

the class InstanceCertManagerTest method testGenerateSshIdentityInvalidSsh.

@Test
public void testGenerateSshIdentityInvalidSsh() {
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.service");
    InstanceCertManager instanceManager = new InstanceCertManager(null, null);
    boolean result = instanceManager.generateSshIdentity(identity, "{\"csr\":\"csr\"}", null);
    assertFalse(result);
}