Example 61 with ChangeLogStore
use of com.yahoo.athenz.zts.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRegisterInformationAttestationFailure.
@Test
public void testPostInstanceRegisterInformationAttestationFailure() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
Mockito.when(instanceProviderManager.getProvider("athenz.provider")).thenReturn(providerClient);
Mockito.when(providerClient.confirmInstance(Mockito.any())).thenThrow(new ResourceException(400));
ztsImpl.instanceProviderManager = instanceProviderManager;
InstanceRegisterInformation info = new InstanceRegisterInformation().setAttestationData("attestationData").setCsr(certCsr).setDomain("athenz").setService("production").setProvider("athenz.provider");
ResourceContext context = createResourceContext(null);
PostInstanceRegisterInformationResult result = new PostInstanceRegisterInformationResult(context);
try {
ztsImpl.postInstanceRegisterInformation(context, info, result);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 403);
assertTrue(ex.getMessage().contains("unable to verify attestation data"));
}
}
Also used :
Path(java.nio.file.Path)
ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
DataStore(com.yahoo.athenz.zts.store.DataStore)
SignedDomain(com.yahoo.athenz.zms.SignedDomain)
InstanceProvider(com.yahoo.athenz.instance.provider.InstanceProvider)
Test(org.testng.annotations.Test)
Example 62 with ChangeLogStore
use of com.yahoo.athenz.zts.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestByUserCert.
@Test
public void testPostInstanceRefreshRequestByUserCert() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("0");
String publicKeyName = "athenz.syncer_v0";
final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
ztsImpl.authorizer = authorizer;
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
try {
ztsImpl.postInstanceRefreshRequest(context, "user", "doe", req);
fail();
} catch (Exception ex) {
assertTrue(ex.getMessage().contains("TLS Certificates require ServiceTokens"), ex.getMessage());
}
}
Also used :
Path(java.nio.file.Path)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
DataStore(com.yahoo.athenz.zts.store.DataStore)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Test(org.testng.annotations.Test)
Example 63 with ChangeLogStore
use of com.yahoo.athenz.zts.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestByUserPublicKeyMismatch.
@Test
public void testPostInstanceRefreshRequestByUserPublicKeyMismatch() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/valid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("1");
String publicKeyName = "athenz.syncer_v0";
final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "ABCwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
ztsImpl.authorizer = authorizer;
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
try {
ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
fail();
} catch (Exception ex) {
assertTrue(ex.getMessage().contains("Invalid CSR - public key mismatch"), ex.getMessage());
}
}
Also used :
Path(java.nio.file.Path)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
WebApplicationException(javax.ws.rs.WebApplicationException)
IOException(java.io.IOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
DataStore(com.yahoo.athenz.zts.store.DataStore)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Test(org.testng.annotations.Test)
Example 64 with ChangeLogStore
use of com.yahoo.athenz.zts.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testPostInstanceRefreshRequestByUser.
@Test
public void testPostInstanceRefreshRequestByUser() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr).setKeyId("v0");
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("user", "doe", "v=U1,d=user;n=doe;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("0");
String publicKeyName = "athenz.syncer_v0";
final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMp9ZHVDK2s/FyinpKpD7lSsU+d6TSRE\n" + "NVo6sdLrEpOaCJETsh+0Qc0knhALxBD1+B9gS5F2rAFgtug0R6savvMCAwEAAQ==\n" + "-----END PUBLIC KEY-----";
ztsImpl.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
ZTSAuthorizer authorizer = Mockito.mock(ZTSAuthorizer.class);
Mockito.when(authorizer.access("update", "athenz:service", principal, null)).thenReturn(true);
ztsImpl.authorizer = authorizer;
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
Identity identity = ztsImpl.postInstanceRefreshRequest(context, "athenz", "syncer", req);
assertNotNull(identity);
assertNotNull(identity.getCertificate());
}
Also used :
Path(java.nio.file.Path)
PrincipalAuthority(com.yahoo.athenz.auth.impl.PrincipalAuthority)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
DataStore(com.yahoo.athenz.zts.store.DataStore)
ServiceIdentity(com.yahoo.athenz.zms.ServiceIdentity)
SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal)
Test(org.testng.annotations.Test)
Example 65 with ChangeLogStore
use of com.yahoo.athenz.zts.store.ChangeLogStore in project athenz by yahoo.
the class ZTSImplTest method testValidateRequestStatusRequestPort.
@Test
public void testValidateRequestStatusRequestPort() {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
ztsImpl.secureRequestsOnly = true;
ztsImpl.statusPort = 8443;
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.isSecure()).thenReturn(true);
Mockito.when(request.getLocalPort()).thenReturn(4443);
// non-status requests are allowed on port 4443
ztsImpl.validateRequest(request, "test");
ztsImpl.validateRequest(request, "test", false);
try {
ztsImpl.validateRequest(request, "test", true);
fail();
} catch (ResourceException ex) {
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ChangeLogStore(com.yahoo.athenz.zts.store.ChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
MockZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)
ZMSFileChangeLogStore(com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)
DataStore(com.yahoo.athenz.zts.store.DataStore)
Test(org.testng.annotations.Test)
Aggregations
ChangeLogStore (com.yahoo.athenz.zts.store.ChangeLogStore)66
MockZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.MockZMSFileChangeLogStore)64
ZMSFileChangeLogStore (com.yahoo.athenz.zts.store.impl.ZMSFileChangeLogStore)64
Test (org.testng.annotations.Test)64
DataStore (com.yahoo.athenz.zts.store.DataStore)63
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)45
Path (java.nio.file.Path)44
SignedDomain (com.yahoo.athenz.zms.SignedDomain)38
CertificateAuthority (com.yahoo.athenz.auth.impl.CertificateAuthority)26
InstanceCertManager (com.yahoo.athenz.zts.cert.InstanceCertManager)26
X509Certificate (java.security.cert.X509Certificate)24
InstanceProvider (com.yahoo.athenz.instance.provider.InstanceProvider)21
HttpServletRequest (javax.servlet.http.HttpServletRequest)20
InstanceConfirmation (com.yahoo.athenz.instance.provider.InstanceConfirmation)18
X509CertRecord (com.yahoo.athenz.zts.cert.X509CertRecord)18
WebApplicationException (javax.ws.rs.WebApplicationException)12
PrincipalAuthority (com.yahoo.athenz.auth.impl.PrincipalAuthority)11
Principal (com.yahoo.athenz.auth.Principal)8
IOException (java.io.IOException)8
AuditLogMsgBuilder (com.yahoo.athenz.common.server.log.AuditLogMsgBuilder)6
