use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.
the class ZTSImplTest method testValidateRoleCertificateRequestOUWithCert.
@Test
public void testValidateRoleCertificateRequestOUWithCert() throws IOException {
Path path = Paths.get("src/test/resources/valid_email.csr");
String csr = new String(Files.readAllBytes(path));
path = Paths.get("src/test/resources/valid_provider_refresh.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate validCert = Crypto.loadX509Certificate(pem);
path = Paths.get("src/test/resources/svc_single_ip.pem");
pem = new String(Files.readAllBytes(path));
X509Certificate invalidCert = Crypto.loadX509Certificate(pem);
X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
zts.validCertSubjectOrgValues = null;
Set<String> ouValues = new HashSet<>();
ouValues.add("Athenz");
zts.validCertSubjectOrgUnitValues = ouValues;
zts.verifyCertSubjectOU = true;
assertFalse(zts.validateRoleCertificateRequest(certReq, "sports.scores", null, invalidCert, "10.0.0.1"));
assertTrue(zts.validateRoleCertificateRequest(certReq, "sports.scores", null, validCert, "10.0.0.1"));
}
use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.
the class ZTSImplTest method testValidateRoleCertificateRequestMismatchEmail.
@Test
public void testValidateRoleCertificateRequestMismatchEmail() throws IOException {
Path path = Paths.get("src/test/resources/valid_email.csr");
String csr = new String(Files.readAllBytes(path));
X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
zts.validCertSubjectOrgValues = null;
assertFalse(zts.validateRoleCertificateRequest(certReq, "sports.standings", null, null, "10.0.0.1"));
}
use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.
the class ZTSImplTest method testValidateRoleCertificateRequestWithUriHostname.
@Test
public void testValidateRoleCertificateRequestWithUriHostname() throws IOException {
Path path = Paths.get("src/test/resources/athenz.examples.role-uri-hostname-only.csr");
String csr = new String(Files.readAllBytes(path));
path = Paths.get("src/test/resources/athenz.examples.no-uri.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
// if the CSR has hostname, but the cert doesn't have hostname, it should result in false
assertFalse(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
path = Paths.get("src/test/resources/athenz.examples.uri-hostname-only.pem");
pem = new String(Files.readAllBytes(path));
cert = Crypto.loadX509Certificate(pem);
assertTrue(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
path = Paths.get("src/test/resources/athenz.examples.role-uri-instanceid-hostname.csr");
csr = new String(Files.readAllBytes(path));
certReq = new X509RoleCertRequest(csr);
// if CSR has hostname+instanceid, and cert has only hostname, it should result in false
assertFalse(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
path = Paths.get("src/test/resources/athenz.examples.uri-instanceid-hostname.pem");
pem = new String(Files.readAllBytes(path));
cert = Crypto.loadX509Certificate(pem);
assertTrue(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
}
use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.
the class ZTSImplTest method testProcessRoleCertificateRequestFailedValidation.
@Test
public void testProcessRoleCertificateRequestFailedValidation() {
SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
store.processSignedDomain(signedDomain, false);
Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
RoleCertificateRequest req = new RoleCertificateRequest();
X509RoleCertRequest certReq = new X509RoleCertRequest(ROLE_CERT_CORETECH_REQUEST);
Set<String> origUnitValues = zts.validCertSubjectOrgUnitValues;
boolean verifyCertSubjectOU = zts.verifyCertSubjectOU;
zts.verifyCertSubjectOU = true;
zts.validCertSubjectOrgUnitValues = new HashSet<>();
try {
zts.processRoleCertificateRequest(context, principal, "user_domain", certReq, null, req);
fail();
} catch (ResourceException ex) {
assertEquals(400, ex.getCode());
}
zts.verifyCertSubjectOU = verifyCertSubjectOU;
zts.validCertSubjectOrgUnitValues = origUnitValues;
}
use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.
the class ZTSImplTest method testValidateRoleCertificateRequestNoEmail.
@Test
public void testValidateRoleCertificateRequestNoEmail() throws IOException {
Path path = Paths.get("src/test/resources/valid_noemail.csr");
String csr = new String(Files.readAllBytes(path));
X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
zts.validCertSubjectOrgValues = null;
assertFalse(zts.validateRoleCertificateRequest(certReq, "no-email", null, null, "10.0.0.1"));
}
Aggregations