use of com.yahoo.athenz.zts.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testGetStatus.
@Test
public void testGetStatus() {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
ztsImpl.statusPort = 0;
Principal principal = SimplePrincipal.create("user_domain", "user1", "v=U1;d=user_domain;n=user;s=signature", 0, null);
ResourceContext context = createResourceContext(principal);
Status status = ztsImpl.getStatus(context);
assertEquals(status.getCode(), ResourceException.OK);
}
use of com.yahoo.athenz.zts.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestByUserIdentityFailure.
@Test
public void testPostInstanceRefreshRequestByUserIdentityFailure() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("0");
String publicKeyName = "athenz.syncer_v0";
final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
ztsImpl.authorizer = authorizer;
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
CertSigner certSigner = Mockito.mock(CertSigner.class);
Mockito.when(certSigner.generateX509Certificate(Mockito.anyString(), Mockito.anyString(), Mockito.anyInt())).thenReturn(null);
ztsImpl.certSigner = certSigner;
try {
ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
fail();
} catch (Exception ex) {
assertTrue(ex.getMessage().contains("Unable to generate identity"), ex.getMessage());
}
}
use of com.yahoo.athenz.zts.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRegisterInformationNoAuthorizedProvider.
@Test
public void testPostInstanceRegisterInformationNoAuthorizedProvider() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRegisterInformation info = new InstanceRegisterInformation().setAttestationData("attestationData").setCsr(certCsr).setDomain("athenz").setService("production").setProvider("athenz.nonprovider");
ResourceContext context = createResourceContext(null);
PostInstanceRegisterInformationResult result = new PostInstanceRegisterInformationResult(context);
try {
ztsImpl.postInstanceRegisterInformation(context, info, result);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 403);
assertTrue(ex.getMessage().contains("not authorized to launch instances in Athenz"));
}
}
use of com.yahoo.athenz.zts.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshInformationCSRValidateFailure.
@Test
public void testPostInstanceRefreshInformationCSRValidateFailure() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
Path path = Paths.get("src/test/resources/athenz.mismatch.cn.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
InstanceConfirmation confirmation = new InstanceConfirmation().setDomain("athenz").setService("production").setProvider("athenz.provider");
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setInstanceId("1001");
certRecord.setProvider("athenz.provider");
certRecord.setService("athenz.production");
certRecord.setCurrentSerial("16503746516960996918");
certRecord.setPrevSerial("16503746516960996918");
Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
Mockito.when(instanceProviderManager.getProvider("athenz.provider")).thenReturn(providerClient);
Mockito.when(providerClient.refreshInstance(Mockito.any())).thenReturn(confirmation);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
InstanceIdentity identity = new InstanceIdentity().setName("athenz.production").setX509Certificate(pem);
Mockito.doReturn(identity).when(instanceManager).generateIdentity(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.anyInt());
ztsImpl.instanceProviderManager = instanceProviderManager;
ztsImpl.instanceCertManager = instanceManager;
InstanceRefreshInformation info = new InstanceRefreshInformation().setCsr(certCsr);
CertificateAuthority certAuthority = new CertificateAuthority();
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production", "v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal);
try {
ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz", "production", "1001", info);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 400);
assertTrue(ex.getMessage().contains("CSR validation failed"));
}
}
use of com.yahoo.athenz.zts.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRegisterInformationServiceNotAuthorizedProvider.
@Test
public void testPostInstanceRegisterInformationServiceNotAuthorizedProvider() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRegisterInformation info = new InstanceRegisterInformation().setAttestationData("attestationData").setCsr(certCsr).setDomain("athenz").setService("production2").setProvider("athenz.provider");
ResourceContext context = createResourceContext(null);
PostInstanceRegisterInformationResult result = new PostInstanceRegisterInformationResult(context);
try {
ztsImpl.postInstanceRegisterInformation(context, info, result);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 403);
assertTrue(ex.getMessage().contains("not authorized to launch athenz.production2 instances"));
}
}
Aggregations