Search in sources :

Example 1 with X509ServiceCertRequest

use of com.yahoo.athenz.zts.cert.X509ServiceCertRequest in project athenz by yahoo.

the class ZTSImplTest method testGenerateInstanceConfirmObjectWithCtxCert.

@Test
public void testGenerateInstanceConfirmObjectWithCtxCert() throws IOException {
    ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
    DataStore store = new DataStore(structStore, null, ztsMetric);
    Mockito.when(mockCloudStore.getAzureSubscription("athenz")).thenReturn("12345");
    ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
    Path path = Paths.get("src/test/resources//athenz.instanceid.hostname.pem");
    X509Certificate cert = Crypto.loadX509Certificate(path.toFile());
    X509Certificate[] certs = new X509Certificate[] { cert };
    HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
    Mockito.when(servletRequest.getAttribute(Http.JAVAX_CERT_ATTR)).thenReturn(certs).thenReturn(null);
    ResourceContext context = createResourceContext(null, servletRequest);
    path = Paths.get("src/test/resources/athenz.instanceid.csr");
    String certCsr = new String(Files.readAllBytes(path));
    X509CertRequest certRequest = new X509ServiceCertRequest(certCsr);
    InstanceConfirmation confirmation = ztsImpl.newInstanceConfirmationForRegister(context, "secureboot.provider", "athenz", "production", "attestationData", "1001", "athenz-example1.host.com", certRequest, InstanceProvider.Scheme.CLASS);
    assertNotNull(confirmation);
    assertEquals(confirmation.getAttributes().get(InstanceProvider.ZTS_INSTANCE_CERT_ISSUER_DN), "CN=self.signer.root");
    assertEquals(confirmation.getAttributes().get(InstanceProvider.ZTS_INSTANCE_CERT_SUBJECT_DN), "CN=athenz.production,OU=Testing Domain,O=Athenz,L=LA,ST=CA,C=US");
    assertEquals(confirmation.getAttributes().get(InstanceProvider.ZTS_INSTANCE_CERT_RSA_MOD_HASH), "72332cafbe1f874b4d89f6277508d03494c0dd4258e32a6999a7b8328eaa0e07");
    // Ensure the cert issuer/key modulus/subject attributes are empty, when the context doesn't have certificates
    // Mocking is set up to return null for certs on a second call
    confirmation = ztsImpl.newInstanceConfirmationForRegister(context, "secureboot.provider", "athenz", "production", "attestationData", "1001", "athenz-example1.host.com", certRequest, InstanceProvider.Scheme.CLASS);
    assertNotNull(confirmation);
    assertNull(confirmation.getAttributes().get(InstanceProvider.ZTS_INSTANCE_CERT_ISSUER_DN));
    assertNull(confirmation.getAttributes().get(InstanceProvider.ZTS_INSTANCE_CERT_SUBJECT_DN));
    assertNull(confirmation.getAttributes().get(InstanceProvider.ZTS_INSTANCE_CERT_RSA_MOD_HASH));
}
Also used : Path(java.nio.file.Path) InstanceConfirmation(com.yahoo.athenz.instance.provider.InstanceConfirmation) X509Certificate(java.security.cert.X509Certificate) HttpServletRequest(javax.servlet.http.HttpServletRequest) X509CertRequest(com.yahoo.athenz.zts.cert.X509CertRequest) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) ChangeLogStore(com.yahoo.athenz.common.server.store.ChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) ZMSFileChangeLogStore(com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore) MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore) X509ServiceCertRequest(com.yahoo.athenz.zts.cert.X509ServiceCertRequest) DataStore(com.yahoo.athenz.zts.store.DataStore) Test(org.testng.annotations.Test)

Aggregations

ChangeLogStore (com.yahoo.athenz.common.server.store.ChangeLogStore)1 ZMSFileChangeLogStore (com.yahoo.athenz.common.server.store.impl.ZMSFileChangeLogStore)1 InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)1 X509CertRequest (com.yahoo.athenz.zts.cert.X509CertRequest)1 X509ServiceCertRequest (com.yahoo.athenz.zts.cert.X509ServiceCertRequest)1 DataStore (com.yahoo.athenz.zts.store.DataStore)1 MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.MockZMSFileChangeLogStore)1 Path (java.nio.file.Path)1 X509Certificate (java.security.cert.X509Certificate)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 Test (org.testng.annotations.Test)1