Example 6 with DiscFilterRequest
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method certificate_is_accepted.
@Test
public void certificate_is_accepted() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(null);
when(request.getClientCertificateChain()).thenReturn(singletonList(CERTIFICATE));
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
AthenzPrincipal expectedPrincipal = new AthenzPrincipal(IDENTITY);
verify(request).setUserPrincipal(expectedPrincipal);
}
Also used :
AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal)
DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest)
Test(org.junit.Test)
Example 7 with DiscFilterRequest
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class FilterTester method toDiscFilterRequest.
private static DiscFilterRequest toDiscFilterRequest(Request request) {
DiscFilterRequest r = mock(DiscFilterRequest.class);
when(r.getMethod()).thenReturn(request.method().name());
when(r.getUri()).thenReturn(URI.create("http://localhost").resolve(request.path()));
when(r.getRemoteAddr()).thenReturn(request.remoteAddr());
when(r.getLocalAddr()).thenReturn(request.localAddr());
if (request.commonName().isPresent()) {
X509Certificate cert = certificateFor(request.commonName().get(), keyPair());
when(r.getClientCertificateChain()).thenReturn(Collections.singletonList(cert));
}
return r;
}
Also used :
DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest)
X509Certificate(java.security.cert.X509Certificate)
Example 8 with DiscFilterRequest
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method conflicting_ntoken_and_certificate_is_unauthorized.
@Test
public void conflicting_ntoken_and_certificate_is_unauthorized() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
AthenzUser conflictingIdentity = AthenzUser.fromUserId("mallory");
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
when(request.getClientCertificateChain()).thenReturn(singletonList(createSelfSignedCertificate(conflictingIdentity)));
when(validator.validate(NTOKEN)).thenReturn(new AthenzPrincipal(IDENTITY));
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
assertUnauthorized(responseHandler, "Identity in principal token does not match x509 CN");
}
Also used :
AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal)
DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest)
AthenzUser(com.yahoo.vespa.athenz.api.AthenzUser)
Test(org.junit.Test)
Example 9 with DiscFilterRequest
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AccessControlRequestFilterTest method newOptionsRequest.
private static DiscFilterRequest newOptionsRequest(String origin) {
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getHeader("Origin")).thenReturn(origin);
when(request.getMethod()).thenReturn(OPTIONS.name());
return request;
}
Also used :
DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest)
Aggregations
DiscFilterRequest (com.yahoo.jdisc.http.filter.DiscFilterRequest)9
Test (org.junit.Test)6
AthenzPrincipal (com.yahoo.vespa.athenz.api.AthenzPrincipal)5
AthenzUser (com.yahoo.vespa.athenz.api.AthenzUser)1
InvalidTokenException (com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException)1
X509Certificate (java.security.cert.X509Certificate)1
Matchers.containsString (org.hamcrest.Matchers.containsString)1
