use of com.yahoo.athenz.zts.cert.CertRecordStoreConnection in project athenz by yahoo.
the class ZTSImplTest method testPostOSTKInstanceRefreshRequestCertRecordCnMismatch.
@Test
public void testPostOSTKInstanceRefreshRequestCertRecordCnMismatch() throws IOException {
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
OSTKInstanceRefreshRequest req = new OSTKInstanceRefreshRequest().setCsr(certCsr);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1,d=athenz;n=production;s=sig", 0, new CertificateAuthority());
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal, servletRequest);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setService("athenz2.production");
certRecord.setProvider("ostk");
CertRecordStore certStore = Mockito.mock(CertRecordStore.class);
CertRecordStoreConnection certConnection = Mockito.mock(CertRecordStoreConnection.class);
Mockito.when(certStore.getConnection()).thenReturn(certConnection);
Mockito.when(certConnection.getX509CertRecord("ostk", "1001")).thenReturn(certRecord);
zts.instanceCertManager.setCertStore(certStore);
try {
zts.postOSTKInstanceRefreshRequest(context, "athenz", "production", req);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 400);
assertTrue(ex.getMessage().contains("cn mismatch"));
}
}
use of com.yahoo.athenz.zts.cert.CertRecordStoreConnection in project athenz by yahoo.
the class ZTSImplTest method testPostOSTKInstanceRefreshRequest.
@Test
public void testPostOSTKInstanceRefreshRequest() throws IOException {
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
OSTKInstanceRefreshRequest req = new OSTKInstanceRefreshRequest().setCsr(certCsr);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1,d=athenz;n=production;s=sig", 0, new CertificateAuthority());
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal, servletRequest);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setService("athenz.production");
certRecord.setInstanceId("1001");
certRecord.setCurrentSerial("16503746516960996918");
certRecord.setPrevSerial("16503746516960996918");
CertRecordStore certStore = Mockito.mock(CertRecordStore.class);
CertRecordStoreConnection certConnection = Mockito.mock(CertRecordStoreConnection.class);
Mockito.when(certStore.getConnection()).thenReturn(certConnection);
Mockito.when(certConnection.getX509CertRecord("ostk", "1001")).thenReturn(certRecord);
Mockito.when(certConnection.updateX509CertRecord(ArgumentMatchers.isA(X509CertRecord.class))).thenReturn(true);
zts.instanceCertManager.setCertStore(certStore);
Identity identity = zts.postOSTKInstanceRefreshRequest(context, "athenz", "production", req);
assertNotNull(identity);
X509Certificate x509Cert = Crypto.loadX509Certificate(identity.getCertificate());
assertNotNull(x509Cert);
}
use of com.yahoo.athenz.zts.cert.CertRecordStoreConnection in project athenz by yahoo.
the class ZTSImplTest method testPostOSTKInstanceRefreshRequestSerialMisMatch.
@Test
public void testPostOSTKInstanceRefreshRequestSerialMisMatch() throws IOException {
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
OSTKInstanceRefreshRequest req = new OSTKInstanceRefreshRequest().setCsr(certCsr);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1,d=athenz;n=production;s=sig", 0, new CertificateAuthority());
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal, servletRequest);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setService("athenz.production");
certRecord.setProvider("ostk");
certRecord.setInstanceId("1001");
certRecord.setCurrentSerial("12341324334");
certRecord.setPrevSerial("2342134323");
CertRecordStore certStore = Mockito.mock(CertRecordStore.class);
CertRecordStoreConnection certConnection = Mockito.mock(CertRecordStoreConnection.class);
Mockito.when(certStore.getConnection()).thenReturn(certConnection);
Mockito.when(certConnection.getX509CertRecord("ostk", "1001")).thenReturn(certRecord);
Mockito.when(certConnection.updateX509CertRecord(ArgumentMatchers.isA(X509CertRecord.class))).thenReturn(true);
zts.instanceCertManager.setCertStore(certStore);
try {
zts.postOSTKInstanceRefreshRequest(context, "athenz", "production", req);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 403);
assertTrue(ex.getMessage().contains("Certificate revoked"));
}
}
use of com.yahoo.athenz.zts.cert.CertRecordStoreConnection in project athenz by yahoo.
the class ZTSImplTest method testPostOSTKInstanceRefreshRequestPreviousSerialMatch.
@Test
public void testPostOSTKInstanceRefreshRequestPreviousSerialMatch() throws IOException {
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
OSTKInstanceRefreshRequest req = new OSTKInstanceRefreshRequest().setCsr(certCsr);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1,d=athenz;n=production;s=sig", 0, new CertificateAuthority());
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal, servletRequest);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setService("athenz.production");
certRecord.setProvider("ostk");
certRecord.setInstanceId("1001");
certRecord.setCurrentSerial("12341324334");
certRecord.setPrevSerial("16503746516960996918");
CertRecordStore certStore = Mockito.mock(CertRecordStore.class);
CertRecordStoreConnection certConnection = Mockito.mock(CertRecordStoreConnection.class);
Mockito.when(certStore.getConnection()).thenReturn(certConnection);
Mockito.when(certConnection.getX509CertRecord("ostk", "1001")).thenReturn(certRecord);
Mockito.when(certConnection.updateX509CertRecord(ArgumentMatchers.isA(X509CertRecord.class))).thenReturn(true);
zts.instanceCertManager.setCertStore(certStore);
Identity identity = zts.postOSTKInstanceRefreshRequest(context, "athenz", "production", req);
assertNotNull(identity);
X509Certificate x509Cert = Crypto.loadX509Certificate(identity.getCertificate());
assertNotNull(x509Cert);
}
Aggregations