Search in sources :

Example 1 with X509RoleCertRequest

use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.

the class ZTSImplTest method testValidateRoleCertificateRequestOUWithCert.

@Test
public void testValidateRoleCertificateRequestOUWithCert() throws IOException {
    Path path = Paths.get("src/test/resources/valid_email.csr");
    String csr = new String(Files.readAllBytes(path));
    path = Paths.get("src/test/resources/valid_provider_refresh.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate validCert = Crypto.loadX509Certificate(pem);
    path = Paths.get("src/test/resources/svc_single_ip.pem");
    pem = new String(Files.readAllBytes(path));
    X509Certificate invalidCert = Crypto.loadX509Certificate(pem);
    X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
    zts.validCertSubjectOrgValues = null;
    Set<String> ouValues = new HashSet<>();
    ouValues.add("Athenz");
    zts.validCertSubjectOrgUnitValues = ouValues;
    zts.verifyCertSubjectOU = true;
    assertFalse(zts.validateRoleCertificateRequest(certReq, "sports.scores", null, invalidCert, "10.0.0.1"));
    assertTrue(zts.validateRoleCertificateRequest(certReq, "sports.scores", null, validCert, "10.0.0.1"));
}
Also used : Path(java.nio.file.Path) X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest) X509Certificate(java.security.cert.X509Certificate) Test(org.testng.annotations.Test)

Example 2 with X509RoleCertRequest

use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.

the class ZTSImplTest method testValidateRoleCertificateRequestMismatchEmail.

@Test
public void testValidateRoleCertificateRequestMismatchEmail() throws IOException {
    Path path = Paths.get("src/test/resources/valid_email.csr");
    String csr = new String(Files.readAllBytes(path));
    X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
    zts.validCertSubjectOrgValues = null;
    assertFalse(zts.validateRoleCertificateRequest(certReq, "sports.standings", null, null, "10.0.0.1"));
}
Also used : Path(java.nio.file.Path) X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest) Test(org.testng.annotations.Test)

Example 3 with X509RoleCertRequest

use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.

the class ZTSImplTest method testValidateRoleCertificateRequestWithUriHostname.

@Test
public void testValidateRoleCertificateRequestWithUriHostname() throws IOException {
    Path path = Paths.get("src/test/resources/athenz.examples.role-uri-hostname-only.csr");
    String csr = new String(Files.readAllBytes(path));
    path = Paths.get("src/test/resources/athenz.examples.no-uri.pem");
    String pem = new String(Files.readAllBytes(path));
    X509Certificate cert = Crypto.loadX509Certificate(pem);
    X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
    // if the CSR has hostname, but the cert doesn't have hostname, it should result in false
    assertFalse(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
    path = Paths.get("src/test/resources/athenz.examples.uri-hostname-only.pem");
    pem = new String(Files.readAllBytes(path));
    cert = Crypto.loadX509Certificate(pem);
    assertTrue(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
    path = Paths.get("src/test/resources/athenz.examples.role-uri-instanceid-hostname.csr");
    csr = new String(Files.readAllBytes(path));
    certReq = new X509RoleCertRequest(csr);
    // if CSR has hostname+instanceid, and cert has only hostname, it should result in false
    assertFalse(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
    path = Paths.get("src/test/resources/athenz.examples.uri-instanceid-hostname.pem");
    pem = new String(Files.readAllBytes(path));
    cert = Crypto.loadX509Certificate(pem);
    assertTrue(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
}
Also used : Path(java.nio.file.Path) X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest) X509Certificate(java.security.cert.X509Certificate) Test(org.testng.annotations.Test)

Example 4 with X509RoleCertRequest

use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.

the class ZTSImplTest method testProcessRoleCertificateRequestFailedValidation.

@Test
public void testProcessRoleCertificateRequestFailedValidation() {
    SignedDomain signedDomain = createSignedDomain("coretech", "weather", "storage", true);
    store.processSignedDomain(signedDomain, false);
    Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
    ResourceContext context = createResourceContext(principal);
    RoleCertificateRequest req = new RoleCertificateRequest();
    X509RoleCertRequest certReq = new X509RoleCertRequest(ROLE_CERT_CORETECH_REQUEST);
    Set<String> origUnitValues = zts.validCertSubjectOrgUnitValues;
    boolean verifyCertSubjectOU = zts.verifyCertSubjectOU;
    zts.verifyCertSubjectOU = true;
    zts.validCertSubjectOrgUnitValues = new HashSet<>();
    try {
        zts.processRoleCertificateRequest(context, principal, "user_domain", certReq, null, req);
        fail();
    } catch (ResourceException ex) {
        assertEquals(400, ex.getCode());
    }
    zts.verifyCertSubjectOU = verifyCertSubjectOU;
    zts.validCertSubjectOrgUnitValues = origUnitValues;
}
Also used : X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 5 with X509RoleCertRequest

use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.

the class ZTSImplTest method testValidateRoleCertificateRequestNoEmail.

@Test
public void testValidateRoleCertificateRequestNoEmail() throws IOException {
    Path path = Paths.get("src/test/resources/valid_noemail.csr");
    String csr = new String(Files.readAllBytes(path));
    X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
    zts.validCertSubjectOrgValues = null;
    assertFalse(zts.validateRoleCertificateRequest(certReq, "no-email", null, null, "10.0.0.1"));
}
Also used : Path(java.nio.file.Path) X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest) Test(org.testng.annotations.Test)

Aggregations

X509RoleCertRequest (com.yahoo.athenz.zts.cert.X509RoleCertRequest)9 Test (org.testng.annotations.Test)9 Path (java.nio.file.Path)8 X509Certificate (java.security.cert.X509Certificate)3 Principal (com.yahoo.athenz.auth.Principal)1