Examples with Timestamp - com.yahoo.rdl.Timestamp

Example 1 with Timestamp

use of com.yahoo.rdl.Timestamp in project athenz by yahoo.

the class ZMSImpl method getModTimestamp.

long getModTimestamp(String matchingTag) {
    long timestamp = 0;
    if (matchingTag == null) {
        return timestamp;
    }
    matchingTag = removeQuotes(matchingTag);
    if (LOG.isDebugEnabled()) {
        LOG.debug("getModTimestamp: matching tag (" + matchingTag + ")");
    }
    try {
        Timestamp tagStamp = Timestamp.fromString(matchingTag);
        if (tagStamp == null) {
            throw new IllegalArgumentException("Timestamp failed");
        }
        timestamp = tagStamp.millis();
    } catch (IllegalArgumentException exc) {
        if (LOG.isWarnEnabled()) {
            LOG.warn("getModTimestamp: matching tag(" + matchingTag + ") has bad format. Return -1L by default.");
        }
    }
    return timestamp;
}

Also used : Timestamp(com.yahoo.rdl.Timestamp)

Example 2 with Timestamp

use of com.yahoo.rdl.Timestamp in project athenz by yahoo.

the class JDBCConnectionTest method testInsertRoleMemberUpdate.

@Test
public void testInsertRoleMemberUpdate() throws Exception {
    JDBCConnection jdbcConn = new JDBCConnection(mockConn, true);
    Mockito.when(mockResultSet.getInt(1)).thenReturn(// domain id
    5).thenReturn(// role id
    7).thenReturn(// principal id
    9);
    Mockito.when(mockResultSet.next()).thenReturn(// this one is for domain id
    true).thenReturn(// this one is for role id
    true).thenReturn(// validate principle domain
    true).thenReturn(// principal id
    true).thenReturn(// member exists
    true);
    Mockito.doReturn(1).when(mockPrepStmt).executeUpdate();
    RoleMember roleMember = new RoleMember().setMemberName("user.user1");
    Timestamp expiration = Timestamp.fromCurrentTime();
    roleMember.setExpiration(expiration);
    java.sql.Timestamp javaExpiration = new java.sql.Timestamp(expiration.toDate().getTime());
    boolean requestSuccess = jdbcConn.insertRoleMember("my-domain", "role1", roleMember, "user.admin", "audit-ref");
    // this is combined for all operations above
    Mockito.verify(mockPrepStmt, times(1)).setString(1, "my-domain");
    Mockito.verify(mockPrepStmt, times(1)).setInt(1, 5);
    Mockito.verify(mockPrepStmt, times(1)).setString(2, "role1");
    Mockito.verify(mockPrepStmt, times(1)).setString(1, "user.user1");
    // we need additional operation for the audit log
    Mockito.verify(mockPrepStmt, times(2)).setInt(1, 7);
    Mockito.verify(mockPrepStmt, times(1)).setInt(2, 9);
    // update operation
    Mockito.verify(mockPrepStmt, times(1)).setTimestamp(1, javaExpiration);
    Mockito.verify(mockPrepStmt, times(1)).setInt(2, 7);
    Mockito.verify(mockPrepStmt, times(1)).setInt(3, 9);
    // the rest of the audit log details
    Mockito.verify(mockPrepStmt, times(1)).setString(2, "user.admin");
    Mockito.verify(mockPrepStmt, times(1)).setString(3, "user.user1");
    Mockito.verify(mockPrepStmt, times(1)).setString(4, "UPDATE");
    Mockito.verify(mockPrepStmt, times(1)).setString(5, "audit-ref");
    assertTrue(requestSuccess);
    jdbcConn.close();
}

Also used : Timestamp(com.yahoo.rdl.Timestamp) JDBCConnection(com.yahoo.athenz.zms.store.jdbc.JDBCConnection) RoleMember(com.yahoo.athenz.zms.RoleMember) Test(org.testng.annotations.Test)

Example 3 with Timestamp

use of com.yahoo.rdl.Timestamp in project athenz by yahoo.

the class PolicyUpdater method validateSignedPolicies.

static boolean validateSignedPolicies(ZTSClient zts, PolicyUpdaterConfiguration configuration, DomainSignedPolicyData domainSignedPolicyData, String domain) {
    if (domainSignedPolicyData == null || domain == null) {
        throw new IllegalArgumentException("null parameters are not valid arguments");
    }
    LOG.info("Checking expiration time for:" + domain);
    Timestamp expires = domainSignedPolicyData.getSignedPolicyData().getExpires();
    if (System.currentTimeMillis() > expires.millis()) {
        LOG.error("Signed policy for domain:" + domain + " was expired.");
        return false;
    }
    // first we're going to verify the ZTS signature for the data
    LOG.info("Verifying ZTS signature for: " + domain);
    SignedPolicyData signedPolicyData = domainSignedPolicyData.getSignedPolicyData();
    LOG.debug("Policies retrieved from the ZTS server: " + signedPolicyData);
    String signature = domainSignedPolicyData.getSignature();
    String keyId = domainSignedPolicyData.getKeyId();
    LOG.debug("validateSignedPolicies: domain=" + domain + " zts key id=" + keyId + " Digital ZTS signature=" + signature);
    PublicKey ztsPublicKey = configuration.getZtsPublicKey(zts, keyId);
    if (ztsPublicKey == null) {
        LOG.error("validateSignedPolicies: Missing ZTS Public key for id: " + keyId);
        return false;
    }
    boolean verified = Crypto.verify(SignUtils.asCanonicalString(signedPolicyData), ztsPublicKey, signature);
    if (verified == false) {
        LOG.error("Signed policy for domain:" + domain + " failed ZTS signature verification.");
        LOG.error("ZTS Signature: " + signature + ". Policies data returned from ZTS: " + signedPolicyData);
        return false;
    }
    // then we're going to verify the ZMS signature for the policy data
    LOG.info("Verifying ZMS signature for: " + domain);
    PolicyData policyData = signedPolicyData.getPolicyData();
    signature = signedPolicyData.getZmsSignature();
    LOG.debug("Digital ZMS signature: " + signature);
    keyId = signedPolicyData.getZmsKeyId();
    LOG.debug("Digital ZMS signature key Id: " + keyId);
    PublicKey zmsPublicKey = configuration.getZmsPublicKey(zts, keyId);
    if (zmsPublicKey == null) {
        LOG.error("Missing ZMS Public key with id: " + keyId);
        return false;
    }
    verified = Crypto.verify(SignUtils.asCanonicalString(policyData), zmsPublicKey, signature);
    if (verified == false) {
        LOG.error("Signed policy for domain:" + domain + " failed ZMS signature verification.");
        LOG.error("ZMS Signature: " + signature + ". Policies data returned from ZTS: " + policyData);
    }
    return verified;
}

Also used : PublicKey(java.security.PublicKey) SignedPolicyData(com.yahoo.athenz.zts.SignedPolicyData) PolicyData(com.yahoo.athenz.zts.PolicyData) DomainSignedPolicyData(com.yahoo.athenz.zts.DomainSignedPolicyData) SignedPolicyData(com.yahoo.athenz.zts.SignedPolicyData) DomainSignedPolicyData(com.yahoo.athenz.zts.DomainSignedPolicyData) Timestamp(com.yahoo.rdl.Timestamp)

Example 4 with Timestamp

use of com.yahoo.rdl.Timestamp in project athenz by yahoo.

the class ZTSClientTest method testGetAWSTemporaryCredentials.

@Test
public void testGetAWSTemporaryCredentials() {
    Timestamp currentTime = Timestamp.fromCurrentTime();
    ZTSRDLClientMock ztsClientMock = new ZTSRDLClientMock();
    ztsClientMock.setAwsCreds(currentTime, "coretech", "role", "sessionToken", "secretAccessKey", "accessKeyId");
    Principal principal = SimplePrincipal.create("user_domain", "user", "v=S1;d=user_domain;n=user;s=sig", PRINCIPAL_AUTHORITY);
    ZTSClient client = new ZTSClient("http://localhost:4080", principal);
    client.setZTSRDLGeneratedClient(ztsClientMock);
    AWSTemporaryCredentials awsCreds = client.getAWSTemporaryCredentials("coretech", "role");
    assertNotNull(awsCreds);
    assertEquals("accessKeyId", awsCreds.getAccessKeyId());
    assertEquals("secretAccessKey", awsCreds.getSecretAccessKey());
    assertTrue(awsCreds.getSessionToken().startsWith("sessionToken"));
    currentTime = awsCreds.getExpiration();
    AWSTemporaryCredentials awsCreds2 = client.getAWSTemporaryCredentials("coretech", "role");
    assertNotNull(awsCreds2);
    assertEquals("accessKeyId", awsCreds2.getAccessKeyId());
    assertEquals("secretAccessKey", awsCreds2.getSecretAccessKey());
    assertTrue(awsCreds2.getSessionToken().startsWith("sessionToken"));
    assertEquals(currentTime.millis() / 1000, awsCreds2.getExpiration().millis() / 1000);
    // now let's try with invalid domain/role values;
    assertNull(client.getAWSTemporaryCredentials("coretech", "role1"));
    assertNull(client.getAWSTemporaryCredentials("coretech1", "role"));
    client.close();
}

Also used : Timestamp(com.yahoo.rdl.Timestamp) SimplePrincipal(com.yahoo.athenz.auth.impl.SimplePrincipal) Principal(com.yahoo.athenz.auth.Principal) Test(org.testng.annotations.Test)

Example 5 with Timestamp

use of com.yahoo.rdl.Timestamp in project athenz by yahoo.

the class InstanceAWSProvider method validateInstanceBootTime.

boolean validateInstanceBootTime(Struct instanceDocument, StringBuilder errMsg) {
    if (bootTimeOffset <= 0) {
        return true;
    }
    Timestamp bootTime = Timestamp.fromString(instanceDocument.getString(ATTR_PENDING_TIME));
    if (bootTime.millis() < System.currentTimeMillis() - bootTimeOffset) {
        errMsg.append("Instance boot time is not recent enough: ");
        errMsg.append(bootTime.toString());
        return false;
    }
    return true;
}

Also used : Timestamp(com.yahoo.rdl.Timestamp)

Aggregations

Timestamp (com.yahoo.rdl.Timestamp)13 DomainSignedPolicyData (com.yahoo.athenz.zts.DomainSignedPolicyData)4 PolicyData (com.yahoo.athenz.zts.PolicyData)3 SignedPolicyData (com.yahoo.athenz.zts.SignedPolicyData)3 ArrayList (java.util.ArrayList)3 Principal (com.yahoo.athenz.auth.Principal)2 SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)2 File (java.io.File)2 IOException (java.io.IOException)2 PrivateKey (java.security.PrivateKey)2 EntityTag (javax.ws.rs.core.EntityTag)2 Test (org.testng.annotations.Test)2 DomainData (com.yahoo.athenz.zms.DomainData)1 RoleMember (com.yahoo.athenz.zms.RoleMember)1 AthenzObject (com.yahoo.athenz.zms.ZMSImpl.AthenzObject)1 AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)1 ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)1 JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)1 Assertion (com.yahoo.athenz.zts.Assertion)1 Policy (com.yahoo.athenz.zts.Policy)1