Search in sources :

Example 1 with DiscFilterRequest

use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.

the class ControllerAuthorizationFilterTest method createRequest.

private static DiscFilterRequest createRequest(Method method, String path, AthenzIdentity identity) {
    DiscFilterRequest request = mock(DiscFilterRequest.class);
    when(request.getMethod()).thenReturn(method.name());
    when(request.getRequestURI()).thenReturn(path);
    when(request.getUserPrincipal()).thenReturn(new AthenzPrincipal(identity));
    return request;
}
Also used : AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal) DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest)

Example 2 with DiscFilterRequest

use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.

the class AthenzPrincipalFilterTest method valid_ntoken_is_accepted.

@Test
public void valid_ntoken_is_accepted() {
    DiscFilterRequest request = mock(DiscFilterRequest.class);
    AthenzPrincipal principal = new AthenzPrincipal(IDENTITY, NTOKEN);
    when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
    when(request.getClientCertificateChain()).thenReturn(emptyList());
    when(validator.validate(NTOKEN)).thenReturn(principal);
    AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
    filter.filter(request, new ResponseHandlerMock());
    verify(request).setUserPrincipal(principal);
}
Also used : AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal) DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest) Test(org.junit.Test)

Example 3 with DiscFilterRequest

use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.

the class AthenzPrincipalFilterTest method invalid_token_is_unauthorized.

@Test
public void invalid_token_is_unauthorized() {
    DiscFilterRequest request = mock(DiscFilterRequest.class);
    String errorMessage = "Invalid token";
    when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
    when(request.getClientCertificateChain()).thenReturn(emptyList());
    when(validator.validate(NTOKEN)).thenThrow(new InvalidTokenException(errorMessage));
    ResponseHandlerMock responseHandler = new ResponseHandlerMock();
    AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
    filter.filter(request, responseHandler);
    assertUnauthorized(responseHandler, errorMessage);
}
Also used : InvalidTokenException(com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException) DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest) Matchers.containsString(org.hamcrest.Matchers.containsString) Test(org.junit.Test)

Example 4 with DiscFilterRequest

use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.

the class AthenzPrincipalFilterTest method missing_token_and_certificate_is_unauthorized.

@Test
public void missing_token_and_certificate_is_unauthorized() {
    DiscFilterRequest request = mock(DiscFilterRequest.class);
    when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(null);
    when(request.getClientCertificateChain()).thenReturn(emptyList());
    ResponseHandlerMock responseHandler = new ResponseHandlerMock();
    AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
    filter.filter(request, responseHandler);
    assertUnauthorized(responseHandler, "Unable to authenticate Athenz identity");
}
Also used : DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest) Test(org.junit.Test)

Example 5 with DiscFilterRequest

use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.

the class AthenzPrincipalFilterTest method both_ntoken_and_certificate_is_accepted.

@Test
public void both_ntoken_and_certificate_is_accepted() {
    DiscFilterRequest request = mock(DiscFilterRequest.class);
    AthenzPrincipal principalWithToken = new AthenzPrincipal(IDENTITY, NTOKEN);
    when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
    when(request.getClientCertificateChain()).thenReturn(singletonList(CERTIFICATE));
    when(validator.validate(NTOKEN)).thenReturn(principalWithToken);
    ResponseHandlerMock responseHandler = new ResponseHandlerMock();
    AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
    filter.filter(request, responseHandler);
    verify(request).setUserPrincipal(principalWithToken);
}
Also used : AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal) DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest) Test(org.junit.Test)

Aggregations

DiscFilterRequest (com.yahoo.jdisc.http.filter.DiscFilterRequest)9 Test (org.junit.Test)6 AthenzPrincipal (com.yahoo.vespa.athenz.api.AthenzPrincipal)5 AthenzUser (com.yahoo.vespa.athenz.api.AthenzUser)1 InvalidTokenException (com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException)1 X509Certificate (java.security.cert.X509Certificate)1 Matchers.containsString (org.hamcrest.Matchers.containsString)1