Examples with X509CertRecord com.yahoo.athenz.zts.cert.X509CertRecord used on opensource projects

Search in sources :

Example 26 with X509CertRecord

use of com.yahoo.athenz.zts.cert.X509CertRecord in project athenz by yahoo.

the class ZTSImplTest method testPostOSTKInstanceRefreshRequestSerialMisMatch.

@Test
public void testPostOSTKInstanceRefreshRequestSerialMisMatch() throws IOException {
    Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
    String certCsr = new String(Files.readAllBytes(path));
    OSTKInstanceRefreshRequest req = new OSTKInstanceRefreshRequest().setCsr(certCsr);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1,d=athenz;n=production;s=sig", 0, new CertificateAuthority());
    HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
    Mockito.when(servletRequest.isSecure()).thenReturn(true);
    path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    principal.setX509Certificate(cert);
    ResourceContext context = createResourceContext(principal, servletRequest);
    X509CertRecord certRecord = new X509CertRecord();
    certRecord.setService("athenz.production");
    certRecord.setProvider("ostk");
    certRecord.setInstanceId("1001");
    certRecord.setCurrentSerial("12341324334");
    certRecord.setPrevSerial("2342134323");
    CertRecordStore certStore = Mockito.mock(CertRecordStore.class);
    CertRecordStoreConnection certConnection = Mockito.mock(CertRecordStoreConnection.class);
    Mockito.when(certStore.getConnection()).thenReturn(certConnection);
    Mockito.when(certConnection.getX509CertRecord("ostk", "1001")).thenReturn(certRecord);
    Mockito.when(certConnection.updateX509CertRecord(ArgumentMatchers.isA(X509CertRecord.class))).thenReturn(true);
    zts.instanceCertManager.setCertStore(certStore);
    try {
        zts.postOSTKInstanceRefreshRequest(context, "athenz", "production", req);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 403);
        assertTrue(ex.getMessage().contains("Certificate revoked"));
    }
}
Also used : Path(java.nio.file.Path) HttpServletRequest(javax.servlet.http.HttpServletRequest) CertRecordStore(com.yahoo.athenz.zts.cert.CertRecordStore) CertRecordStoreConnection(com.yahoo.athenz.zts.cert.CertRecordStoreConnection) CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) X509Certificate(java.security.cert.X509Certificate) X509CertRecord(com.yahoo.athenz.zts.cert.X509CertRecord) Test(org.testng.annotations.Test)

Example 27 with X509CertRecord

use of com.yahoo.athenz.zts.cert.X509CertRecord in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshInformationSSHMatchPrevSerial.

@Test
public void testPostInstanceRefreshInformationSSHMatchPrevSerial() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    SignedDomain providerDomain = signedAuthorizedProviderDomain();
    store.processDomain(providerDomain, false);
    SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
    store.processDomain(tenantDomain, false);
    InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
    X509CertRecord certRecord = new X509CertRecord();
    certRecord.setInstanceId("1001");
    certRecord.setProvider("athenz.provider");
    certRecord.setService("athenz.production");
    certRecord.setCurrentSerial("123413");
    certRecord.setPrevSerial("16503746516960996918");
    Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
    Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(true);
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.production");
    Mockito.when(instanceManager.generateSshIdentity(identity, "ssh-csr", null)).thenReturn(true);
    ztsImpl.instanceCertManager = instanceManager;
    InstanceRefreshInformation info = new InstanceRefreshInformation().setSsh("ssh-csr");
    CertificateAuthority certAuthority = new CertificateAuthority();
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
    Path path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    principal.setX509Certificate(cert);
    ResourceContext context = createResourceContext(principal);
    InstanceIdentity instanceIdentity = ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz", "production", "1001", info);
    assertNotNull(instanceIdentity);
}
Also used : Path(java.nio.file.Path) InstanceCertManager(com.yahoo.athenz.zts.cert.InstanceCertManager) X509CertRecord(com.yahoo.athenz.zts.cert.X509CertRecord) X509Certificate(java.security.cert.X509Certificate) ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) SignedDomain(com.yahoo.athenz.zms.SignedDomain) CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Test(org.testng.annotations.Test)

Example 28 with X509CertRecord

use of com.yahoo.athenz.zts.cert.X509CertRecord in project athenz by yahoo.

the class ZTSImplTest method testPostOSTKInstanceRefreshRequestPreviousSerialMatch.

@Test
public void testPostOSTKInstanceRefreshRequestPreviousSerialMatch() throws IOException {
    Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
    String certCsr = new String(Files.readAllBytes(path));
    OSTKInstanceRefreshRequest req = new OSTKInstanceRefreshRequest().setCsr(certCsr);
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1,d=athenz;n=production;s=sig", 0, new CertificateAuthority());
    HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
    Mockito.when(servletRequest.isSecure()).thenReturn(true);
    path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    principal.setX509Certificate(cert);
    ResourceContext context = createResourceContext(principal, servletRequest);
    X509CertRecord certRecord = new X509CertRecord();
    certRecord.setService("athenz.production");
    certRecord.setProvider("ostk");
    certRecord.setInstanceId("1001");
    certRecord.setCurrentSerial("12341324334");
    certRecord.setPrevSerial("16503746516960996918");
    CertRecordStore certStore = Mockito.mock(CertRecordStore.class);
    CertRecordStoreConnection certConnection = Mockito.mock(CertRecordStoreConnection.class);
    Mockito.when(certStore.getConnection()).thenReturn(certConnection);
    Mockito.when(certConnection.getX509CertRecord("ostk", "1001")).thenReturn(certRecord);
    Mockito.when(certConnection.updateX509CertRecord(ArgumentMatchers.isA(X509CertRecord.class))).thenReturn(true);
    zts.instanceCertManager.setCertStore(certStore);
    Identity identity = zts.postOSTKInstanceRefreshRequest(context, "athenz", "production", req);
    assertNotNull(identity);
    X509Certificate x509Cert = Crypto.loadX509Certificate(identity.getCertificate());
    assertNotNull(x509Cert);
}
Also used : Path(java.nio.file.Path) HttpServletRequest(javax.servlet.http.HttpServletRequest) CertRecordStore(com.yahoo.athenz.zts.cert.CertRecordStore) CertRecordStoreConnection(com.yahoo.athenz.zts.cert.CertRecordStoreConnection) CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) X509Certificate(java.security.cert.X509Certificate) X509CertRecord(com.yahoo.athenz.zts.cert.X509CertRecord) Test(org.testng.annotations.Test)

Example 29 with X509CertRecord

use of com.yahoo.athenz.zts.cert.X509CertRecord in project athenz by yahoo.

the class ZTSImplTest method testPostInstanceRefreshInformationSSHIdentityFailure.

@Test
public void testPostInstanceRefreshInformationSSHIdentityFailure() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null);
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    SignedDomain providerDomain = signedAuthorizedProviderDomain();
    store.processDomain(providerDomain, false);
    SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
    store.processDomain(tenantDomain, false);
    InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
    X509CertRecord certRecord = new X509CertRecord();
    certRecord.setInstanceId("1001");
    certRecord.setProvider("athenz.provider");
    certRecord.setService("athenz.production");
    certRecord.setCurrentSerial("16503746516960996918");
    certRecord.setPrevSerial("16503746516960996918");
    Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
    Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(true);
    InstanceIdentity identity = new InstanceIdentity().setName("athenz.production");
    Mockito.when(instanceManager.generateSshIdentity(identity, "ssh-csr", "user")).thenReturn(false);
    ztsImpl.instanceCertManager = instanceManager;
    InstanceRefreshInformation info = new InstanceRefreshInformation().setSsh("ssh-csr");
    CertificateAuthority certAuthority = new CertificateAuthority();
    SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
    Path path = Paths.get("src/test/resources/athenz.instanceid.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    principal.setX509Certificate(cert);
    ResourceContext context = createResourceContext(principal);
    try {
        ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz", "production", "1001", info);
        fail();
    } catch (ResourceException ex) {
        assertEquals(ex.getCode(), 500);
    }
}
Also used : Path(java.nio.file.Path) InstanceCertManager(com.yahoo.athenz.zts.cert.InstanceCertManager) X509CertRecord(com.yahoo.athenz.zts.cert.X509CertRecord) X509Certificate(java.security.cert.X509Certificate) ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore) DataStore(com.yahoo.athenz.zts.store.DataStore) SignedDomain(com.yahoo.athenz.zms.SignedDomain) CertificateAuthority(com.yahoo.athenz.auth.impl.CertificateAuthority) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Test(org.testng.annotations.Test)

Example 30 with X509CertRecord

use of com.yahoo.athenz.zts.cert.X509CertRecord in project athenz by yahoo.

the class JDBCCertRecordStoreConnectionTest method testInsertX509Record.

@Test
public void testInsertX509Record() throws Exception {
    JDBCCertRecordStoreConnection jdbcConn = new JDBCCertRecordStoreConnection(mockConn);
    X509CertRecord certRecord = new X509CertRecord();
    Date now = new Date();
    certRecord.setService("cn");
    certRecord.setProvider("ostk");
    certRecord.setInstanceId("instance-id");
    certRecord.setCurrentIP("current-ip");
    certRecord.setCurrentSerial("current-serial");
    certRecord.setCurrentTime(now);
    certRecord.setPrevIP("prev-ip");
    certRecord.setPrevSerial("prev-serial");
    certRecord.setPrevTime(now);
    Mockito.doReturn(1).when(mockPrepStmt).executeUpdate();
    boolean requestSuccess = jdbcConn.insertX509CertRecord(certRecord);
    assertTrue(requestSuccess);
    Mockito.verify(mockPrepStmt, times(1)).setString(1, "ostk");
    Mockito.verify(mockPrepStmt, times(1)).setString(2, "instance-id");
    Mockito.verify(mockPrepStmt, times(1)).setString(3, "cn");
    Mockito.verify(mockPrepStmt, times(1)).setString(4, "current-serial");
    Mockito.verify(mockPrepStmt, times(1)).setTimestamp(5, new java.sql.Timestamp(now.getTime()));
    Mockito.verify(mockPrepStmt, times(1)).setString(6, "current-ip");
    Mockito.verify(mockPrepStmt, times(1)).setString(7, "prev-serial");
    Mockito.verify(mockPrepStmt, times(1)).setTimestamp(8, new java.sql.Timestamp(now.getTime()));
    Mockito.verify(mockPrepStmt, times(1)).setString(9, "prev-ip");
    jdbcConn.close();
}
Also used : Timestamp(java.sql.Timestamp) X509CertRecord(com.yahoo.athenz.zts.cert.X509CertRecord) Date(java.util.Date) Test(org.testng.annotations.Test)

Aggregations

X509CertRecord (com.yahoo.athenz.zts.cert.X509CertRecord)35 Test (org.testng.annotations.Test)29 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)25 CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)24 X509Certificate (java.security.cert.X509Certificate)24 Path (java.nio.file.Path)23 SignedDomain (com.yahoo.athenz.zms.SignedDomain)18 InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)18 ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)18 DataStore (com.yahoo.athenz.zts.store.DataStore)18 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)18 ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)18 InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)14 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)12 Date (java.util.Date)9 CertRecordStore (com.yahoo.athenz.zts.cert.CertRecordStore)4 CertRecordStoreConnection (com.yahoo.athenz.zts.cert.CertRecordStoreConnection)4 Timestamp (java.sql.Timestamp)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 Principal (com.yahoo.athenz.auth.Principal)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial