use of com.yahoo.athenz.zts.cert.impl.TestHostnameResolver in project athenz by yahoo.
the class X509CertRequestTest method testValidateDnsNamesWithMultipleDomainValues.
@Test
public void testValidateDnsNamesWithMultipleDomainValues() throws IOException {
Path path = Paths.get("src/test/resources/multi_dns_domain.csr");
String csr = new String(Files.readAllBytes(path));
X509CertRequest certReq = new X509CertRequest(csr);
assertNotNull(certReq);
List<String> providerDnsSuffixList = new ArrayList<>();
// for the first test we're going to return null
// and the list for all subsequent tests
DataCache athenzSysDomainCache = Mockito.mock(DataCache.class);
Mockito.when(athenzSysDomainCache.getProviderDnsSuffixList("provider")).thenReturn(null).thenReturn(providerDnsSuffixList);
// only one domain will not match
assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "ostk.athenz.info", null, null, null));
// only provider suffix list will not match
providerDnsSuffixList.add("ostk.athenz.cloud");
assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, null, null, null, null));
// specifying both values match
assertTrue(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "ostk.athenz.info", null, null, null));
// tests with hostname field
assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", null, null, null));
assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "host1.athenz.info", null, null));
assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "athenz.ostk.athenz.info", null, null));
List<String> providerHostnameAllowedSuffixList = new ArrayList<>();
providerHostnameAllowedSuffixList.add(".ostk.athenz.info");
Mockito.when(athenzSysDomainCache.getProviderHostnameAllowedSuffixList("provider")).thenReturn(providerHostnameAllowedSuffixList);
assertTrue(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "api.athenz.ostk.athenz.info", null, null));
// now specify a resolver for the hostname check
TestHostnameResolver resolver = new TestHostnameResolver();
assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "api.athenz.ostk.athenz.info", null, resolver));
// include resolver with invalid hostname
resolver.addValidHostname("api1.athenz.ostk.athenz.info");
assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "api.athenz.ostk.athenz.info", null, resolver));
// now add the hostname to the list
resolver.addValidHostname("api.athenz.ostk.athenz.info");
assertTrue(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "api.athenz.ostk.athenz.info", null, resolver));
}
Aggregations