Example 1 with DiscFilterRequest
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class ControllerAuthorizationFilterTest method createRequest.
private static DiscFilterRequest createRequest(Method method, String path, AthenzIdentity identity) {
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getMethod()).thenReturn(method.name());
when(request.getRequestURI()).thenReturn(path);
when(request.getUserPrincipal()).thenReturn(new AthenzPrincipal(identity));
return request;
}
Also used :
AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal)
DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest)
Example 2 with DiscFilterRequest
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method valid_ntoken_is_accepted.
@Test
public void valid_ntoken_is_accepted() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
AthenzPrincipal principal = new AthenzPrincipal(IDENTITY, NTOKEN);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
when(request.getClientCertificateChain()).thenReturn(emptyList());
when(validator.validate(NTOKEN)).thenReturn(principal);
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, new ResponseHandlerMock());
verify(request).setUserPrincipal(principal);
}
Also used :
AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal)
DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest)
Test(org.junit.Test)
Example 3 with DiscFilterRequest
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method invalid_token_is_unauthorized.
@Test
public void invalid_token_is_unauthorized() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
String errorMessage = "Invalid token";
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
when(request.getClientCertificateChain()).thenReturn(emptyList());
when(validator.validate(NTOKEN)).thenThrow(new InvalidTokenException(errorMessage));
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
assertUnauthorized(responseHandler, errorMessage);
}
Also used :
InvalidTokenException(com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException)
DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Test(org.junit.Test)
Example 4 with DiscFilterRequest
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method missing_token_and_certificate_is_unauthorized.
@Test
public void missing_token_and_certificate_is_unauthorized() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(null);
when(request.getClientCertificateChain()).thenReturn(emptyList());
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
assertUnauthorized(responseHandler, "Unable to authenticate Athenz identity");
}
Also used :
DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest)
Test(org.junit.Test)
Example 5 with DiscFilterRequest
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method both_ntoken_and_certificate_is_accepted.
@Test
public void both_ntoken_and_certificate_is_accepted() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
AthenzPrincipal principalWithToken = new AthenzPrincipal(IDENTITY, NTOKEN);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
when(request.getClientCertificateChain()).thenReturn(singletonList(CERTIFICATE));
when(validator.validate(NTOKEN)).thenReturn(principalWithToken);
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
verify(request).setUserPrincipal(principalWithToken);
}
Also used :
AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal)
DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest)
Test(org.junit.Test)
Aggregations
DiscFilterRequest (com.yahoo.jdisc.http.filter.DiscFilterRequest)9
Test (org.junit.Test)6
AthenzPrincipal (com.yahoo.vespa.athenz.api.AthenzPrincipal)5
AthenzUser (com.yahoo.vespa.athenz.api.AthenzUser)1
InvalidTokenException (com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException)1
X509Certificate (java.security.cert.X509Certificate)1
Matchers.containsString (org.hamcrest.Matchers.containsString)1
