use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method certificate_is_accepted.
@Test
public void certificate_is_accepted() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(null);
when(request.getClientCertificateChain()).thenReturn(singletonList(CERTIFICATE));
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
AthenzPrincipal expectedPrincipal = new AthenzPrincipal(IDENTITY);
verify(request).setUserPrincipal(expectedPrincipal);
}
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class FilterTester method toDiscFilterRequest.
private static DiscFilterRequest toDiscFilterRequest(Request request) {
DiscFilterRequest r = mock(DiscFilterRequest.class);
when(r.getMethod()).thenReturn(request.method().name());
when(r.getUri()).thenReturn(URI.create("http://localhost").resolve(request.path()));
when(r.getRemoteAddr()).thenReturn(request.remoteAddr());
when(r.getLocalAddr()).thenReturn(request.localAddr());
if (request.commonName().isPresent()) {
X509Certificate cert = certificateFor(request.commonName().get(), keyPair());
when(r.getClientCertificateChain()).thenReturn(Collections.singletonList(cert));
}
return r;
}
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method conflicting_ntoken_and_certificate_is_unauthorized.
@Test
public void conflicting_ntoken_and_certificate_is_unauthorized() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
AthenzUser conflictingIdentity = AthenzUser.fromUserId("mallory");
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
when(request.getClientCertificateChain()).thenReturn(singletonList(createSelfSignedCertificate(conflictingIdentity)));
when(validator.validate(NTOKEN)).thenReturn(new AthenzPrincipal(IDENTITY));
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
assertUnauthorized(responseHandler, "Identity in principal token does not match x509 CN");
}
use of com.yahoo.jdisc.http.filter.DiscFilterRequest in project vespa by vespa-engine.
the class AccessControlRequestFilterTest method newOptionsRequest.
private static DiscFilterRequest newOptionsRequest(String origin) {
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getHeader("Origin")).thenReturn(origin);
when(request.getMethod()).thenReturn(OPTIONS.name());
return request;
}
Aggregations