Example 6 with X509RoleCertRequest
use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.
the class ZTSImplTest method testValidateRoleCertificateRequestWithUriHostname.
@Test
public void testValidateRoleCertificateRequestWithUriHostname() throws IOException {
Path path = Paths.get("src/test/resources/athenz.examples.role-uri-hostname-only.csr");
String csr = new String(Files.readAllBytes(path));
path = Paths.get("src/test/resources/athenz.examples.no-uri.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
// if the CSR has hostname, but the cert doesn't have hostname, it should result in false
assertFalse(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
path = Paths.get("src/test/resources/athenz.examples.uri-hostname-only.pem");
pem = new String(Files.readAllBytes(path));
cert = Crypto.loadX509Certificate(pem);
assertTrue(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
path = Paths.get("src/test/resources/athenz.examples.role-uri-instanceid-hostname.csr");
csr = new String(Files.readAllBytes(path));
certReq = new X509RoleCertRequest(csr);
// if CSR has hostname+instanceid, and cert has only hostname, it should result in false
assertFalse(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
path = Paths.get("src/test/resources/athenz.examples.uri-instanceid-hostname.pem");
pem = new String(Files.readAllBytes(path));
cert = Crypto.loadX509Certificate(pem);
assertTrue(zts.validateRoleCertificateRequest(certReq, "athenz.examples.httpd", null, cert, "10.0.0.1"));
}
Also used :
Path(java.nio.file.Path)
X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest)
X509Certificate(java.security.cert.X509Certificate)
Test(org.testng.annotations.Test)
Example 7 with X509RoleCertRequest
use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.
the class ZTSImplTest method testValidateRoleCertificateRequestOU.
@Test
public void testValidateRoleCertificateRequestOU() throws IOException {
Path path = Paths.get("src/test/resources/valid_email.csr");
String csr = new String(Files.readAllBytes(path));
zts.validCertSubjectOrgValues = null;
Set<String> ouValues = new HashSet<>();
ouValues.add("Testing Domain1");
zts.validCertSubjectOrgUnitValues = ouValues;
zts.verifyCertSubjectOU = true;
X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
assertFalse(zts.validateRoleCertificateRequest(certReq, "sports.scores", null, null, "10.0.0.1"));
ouValues.add("Testing Domain");
assertTrue(zts.validateRoleCertificateRequest(certReq, "sports.scores", null, null, "10.0.0.1"));
}
Also used :
Path(java.nio.file.Path)
X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest)
Test(org.testng.annotations.Test)
Example 8 with X509RoleCertRequest
use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.
the class ZTSImplTest method testValidateRoleCertificateRequestMismatchIP.
@Test
public void testValidateRoleCertificateRequestMismatchIP() throws IOException {
Path path = Paths.get("src/test/resources/role_single_ip.csr");
String csr = new String(Files.readAllBytes(path));
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
// disable IP validation and we should get success
zts.verifyCertRequestIP = false;
zts.validCertSubjectOrgValues = null;
assertTrue(zts.validateRoleCertificateRequest(certReq, "athenz.production", null, cert, "10.11.12.13"));
assertTrue(zts.validateRoleCertificateRequest(certReq, "athenz.production", null, cert, "10.11.12.14"));
// enable validation and the mismatch one should fail
zts.verifyCertRequestIP = true;
assertTrue(zts.validateRoleCertificateRequest(certReq, "athenz.production", null, cert, "10.11.12.13"));
assertFalse(zts.validateRoleCertificateRequest(certReq, "athenz.production", null, cert, "10.11.12.14"));
}
Also used :
Path(java.nio.file.Path)
X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest)
X509Certificate(java.security.cert.X509Certificate)
Test(org.testng.annotations.Test)
Example 9 with X509RoleCertRequest
use of com.yahoo.athenz.zts.cert.X509RoleCertRequest in project athenz by yahoo.
the class ZTSImplTest method testValidateRoleCertificateRequest.
@Test
public void testValidateRoleCertificateRequest() throws IOException {
Path path = Paths.get("src/test/resources/valid_email.csr");
String csr = new String(Files.readAllBytes(path));
X509RoleCertRequest certReq = new X509RoleCertRequest(csr);
zts.validCertSubjectOrgValues = null;
assertTrue(zts.validateRoleCertificateRequest(certReq, "sports.scores", null, null, "10.0.0.1"));
Set<String> validOValues = new HashSet<>();
validOValues.add("Athenz");
zts.validCertSubjectOrgValues = validOValues;
assertTrue(zts.validateRoleCertificateRequest(certReq, "sports.scores", null, null, "10.0.0.1"));
}
Also used :
Path(java.nio.file.Path)
X509RoleCertRequest(com.yahoo.athenz.zts.cert.X509RoleCertRequest)
Test(org.testng.annotations.Test)
Aggregations
X509RoleCertRequest (com.yahoo.athenz.zts.cert.X509RoleCertRequest)9
Test (org.testng.annotations.Test)9
Path (java.nio.file.Path)8
X509Certificate (java.security.cert.X509Certificate)3
Principal (com.yahoo.athenz.auth.Principal)1
