Search in sources :

Example 1 with TestHostnameResolver

use of com.yahoo.athenz.zts.cert.impl.TestHostnameResolver in project athenz by yahoo.

the class X509CertRequestTest method testValidateDnsNamesWithMultipleDomainValues.

@Test
public void testValidateDnsNamesWithMultipleDomainValues() throws IOException {
    Path path = Paths.get("src/test/resources/multi_dns_domain.csr");
    String csr = new String(Files.readAllBytes(path));
    X509CertRequest certReq = new X509CertRequest(csr);
    assertNotNull(certReq);
    List<String> providerDnsSuffixList = new ArrayList<>();
    // for the first test we're going to return null
    // and the list for all subsequent tests
    DataCache athenzSysDomainCache = Mockito.mock(DataCache.class);
    Mockito.when(athenzSysDomainCache.getProviderDnsSuffixList("provider")).thenReturn(null).thenReturn(providerDnsSuffixList);
    // only one domain will not match
    assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "ostk.athenz.info", null, null, null));
    // only provider suffix list will not match
    providerDnsSuffixList.add("ostk.athenz.cloud");
    assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, null, null, null, null));
    // specifying both values match
    assertTrue(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "ostk.athenz.info", null, null, null));
    // tests with hostname field
    assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", null, null, null));
    assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "host1.athenz.info", null, null));
    assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "athenz.ostk.athenz.info", null, null));
    List<String> providerHostnameAllowedSuffixList = new ArrayList<>();
    providerHostnameAllowedSuffixList.add(".ostk.athenz.info");
    Mockito.when(athenzSysDomainCache.getProviderHostnameAllowedSuffixList("provider")).thenReturn(providerHostnameAllowedSuffixList);
    assertTrue(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "api.athenz.ostk.athenz.info", null, null));
    // now specify a resolver for the hostname check
    TestHostnameResolver resolver = new TestHostnameResolver();
    assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "api.athenz.ostk.athenz.info", null, resolver));
    // include resolver with invalid hostname
    resolver.addValidHostname("api1.athenz.ostk.athenz.info");
    assertFalse(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "api.athenz.ostk.athenz.info", null, resolver));
    // now add the hostname to the list
    resolver.addValidHostname("api.athenz.ostk.athenz.info");
    assertTrue(certReq.validateDnsNames("athenz", "api", "provider", athenzSysDomainCache, "zts.athenz.info", "api.athenz.ostk.athenz.info", null, resolver));
}
Also used : Path(java.nio.file.Path) TestHostnameResolver(com.yahoo.athenz.zts.cert.impl.TestHostnameResolver) DataCache(com.yahoo.athenz.zts.cache.DataCache) Test(org.testng.annotations.Test)

Aggregations

DataCache (com.yahoo.athenz.zts.cache.DataCache)1 TestHostnameResolver (com.yahoo.athenz.zts.cert.impl.TestHostnameResolver)1 Path (java.nio.file.Path)1 Test (org.testng.annotations.Test)1