Example 11 with Timestamp
use of com.yahoo.rdl.Timestamp in project athenz by yahoo.
the class ZTSImpl method getDomainSignedPolicyData.
public void getDomainSignedPolicyData(ResourceContext ctx, String domainName, String matchingTag, GetDomainSignedPolicyDataResult signedPoliciesResult) {
final String caller = "getdomainsignedpolicydata";
final String callerTiming = "getdomainsignedpolicydata_timing";
metric.increment(HTTP_GET);
logPrincipal(ctx);
validateRequest(ctx.request(), caller);
validate(domainName, TYPE_DOMAIN_NAME, caller);
// for consistent handling of all requests, we're going to convert
// all incoming object values into lower case since ZMS Server
// saves all of its object names in lower case
domainName = domainName.toLowerCase();
Object timerMetric = metric.startTiming(callerTiming, domainName);
DomainData domainData = dataStore.getDomainData(domainName);
if (domainData == null) {
metric.increment(HTTP_REQUEST, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
metric.increment(caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
throw notFoundError("Domain not found: '" + domainName + "'", caller, ZTSConsts.ZTS_UNKNOWN_DOMAIN);
}
// update our metric with dimension. we're moving the metric here
// after the domain name has been confirmed as valid since with
// dimensions we get stuck with persistent indexes so we only want
// to create them for valid domain names
metric.increment(HTTP_REQUEST, domainName);
metric.increment(caller, domainName);
Timestamp modified = domainData.getModified();
EntityTag eTag = new EntityTag(modified.toString());
String tag = eTag.toString();
if (matchingTag != null && matchingTag.equals(tag)) {
signedPoliciesResult.done(ResourceException.NOT_MODIFIED, matchingTag);
}
// first get our PolicyData object
PolicyData policyData = new PolicyData().setDomain(domainName).setPolicies(getPolicyList(domainData));
// then get the signed policy data
Timestamp expires = Timestamp.fromMillis(System.currentTimeMillis() + signedPolicyTimeout);
SignedPolicyData signedPolicyData = new SignedPolicyData().setPolicyData(policyData).setExpires(expires).setModified(modified).setZmsKeyId(domainData.getPolicies().getKeyId()).setZmsSignature(domainData.getPolicies().getSignature());
String signature = Crypto.sign(SignUtils.asCanonicalString(signedPolicyData), privateKey);
DomainSignedPolicyData result = new DomainSignedPolicyData().setSignedPolicyData(signedPolicyData).setSignature(signature).setKeyId(privateKeyId);
metric.stopTiming(timerMetric);
signedPoliciesResult.done(ResourceException.OK, result, tag);
}
Also used :
DomainData(com.yahoo.athenz.zms.DomainData)
EntityTag(javax.ws.rs.core.EntityTag)
Timestamp(com.yahoo.rdl.Timestamp)
Example 12 with Timestamp
use of com.yahoo.rdl.Timestamp in project athenz by yahoo.
the class PolicyUpdater method getEtagForExistingPolicy.
static String getEtagForExistingPolicy(ZTSClient zts, PolicyUpdaterConfiguration configuration, String domain) {
if (domain == null) {
throw new IllegalArgumentException("getEtagForExistingPolicy: null parameters are not valid arguments");
}
String policyDir = configuration.getPolicyFileDir();
if (policyDir == null) {
throw new IllegalArgumentException("getEtagForExistingPolicy: Invalid configuration: no policy directory path");
}
String policyDirPath;
if (policyDir.length() - 1 != policyDir.lastIndexOf(File.separator)) {
policyDirPath = policyDir + File.separator;
} else {
policyDirPath = policyDir;
}
String etag = null;
String policyFile = policyDirPath + domain + POLICY_FILE_EXTENSION;
LOG.info("Decoding " + policyFile + " to retrieve eTag from policy file.");
File file = new File(policyFile);
if (file.exists() == false) {
LOG.info("Policy file not found.");
return etag;
}
DomainSignedPolicyData domainSignedPolicyData = null;
try {
domainSignedPolicyData = JSON.fromBytes(Files.readAllBytes(file.toPath()), DomainSignedPolicyData.class);
} catch (Exception ex) {
LOG.info("Unable to parse domain signed policy file: " + policyFile);
return etag;
}
if (validateSignedPolicies(zts, configuration, domainSignedPolicyData, domain) == false) {
LOG.info("Unable to validate domain signed policy file: " + policyFile);
return etag;
}
// Check expiration of policies and if its less than the configured interval defined by user
// to get updated policy then return null so that the policies are updated
LOG.info("Checking expiration time for: " + domain);
long now = System.currentTimeMillis() / 1000;
Timestamp expires = domainSignedPolicyData.getSignedPolicyData().getExpires();
long startupDelayInterval = configuration.getStartupDelayIntervalInSecs();
LOG.info("Expiration time for " + domain + " is: " + (expires.millis() / 1000));
LOG.info("Startup delay: " + startupDelayInterval);
LOG.info("Current time: " + now);
if (((expires.millis() / 1000) - now) < (startupDelayInterval)) {
LOG.info("Signed policies for domain:" + domain + " are expired, returning null.");
return null;
}
if (domainSignedPolicyData.getSignedPolicyData().getModified() != null) {
// ETags are quoted-strings based on the HTTP RFC
// http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.11
// so we're going to quote our modified timestamp
etag = "\"" + domainSignedPolicyData.getSignedPolicyData().getModified().toString() + "\"";
LOG.info("ETag: " + etag);
} else {
LOG.info("No ETag found.");
}
return etag;
}
Also used :
DomainSignedPolicyData(com.yahoo.athenz.zts.DomainSignedPolicyData)
File(java.io.File)
Timestamp(com.yahoo.rdl.Timestamp)
IOException(java.io.IOException)
ZTSClientException(com.yahoo.athenz.zts.ZTSClientException)
Example 13 with Timestamp
use of com.yahoo.rdl.Timestamp in project athenz by yahoo.
the class ZTSMock method getDomainSignedPolicyData.
@Override
public DomainSignedPolicyData getDomainSignedPolicyData(String domainName, String matchingTag, Map<String, List<String>> responseHeaders) {
DomainSignedPolicyData result = null;
if (!domainName.equals("sports") && !domainName.equals("sys.auth") && !domainName.equals("expiredDomain")) {
return result;
}
SignedPolicyData signedPolicyData = new SignedPolicyData();
Timestamp expires;
if (domainName.equals("expiredDomain")) {
expires = Timestamp.fromMillis(System.currentTimeMillis() - (1000L * 60));
} else {
expires = Timestamp.fromMillis(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 7));
}
signedPolicyData.setExpires(expires);
Timestamp modified = Timestamp.fromMillis(System.currentTimeMillis());
signedPolicyData.setModified(modified);
String policyName = domainName + ":policy." + "admin";
Policy policy = new Policy();
policy.setName(policyName);
Assertion assertion = new Assertion();
assertion.setAction("*");
assertion.setEffect(AssertionEffect.ALLOW);
assertion.setResource("*");
String roleName = domainName + ":role." + "admin";
assertion.setRole(roleName);
List<Assertion> assertList = new ArrayList<Assertion>();
assertList.add(assertion);
assertion = new Assertion();
assertion.setAction("*");
assertion.setEffect(AssertionEffect.DENY);
assertion.setResource("*");
roleName = domainName + ":role." + "non-admin";
assertion.setRole(roleName);
assertList.add(assertion);
policy.setAssertions(assertList);
List<Policy> listOfPolicies = new ArrayList<Policy>();
listOfPolicies.add(policy);
PolicyData policyData = new PolicyData();
policyData.setPolicies(listOfPolicies);
policyData.setDomain(domainName);
signedPolicyData.setPolicyData(policyData);
signedPolicyData.setZmsKeyId("0");
signedPolicyData.setZmsSignature(Crypto.sign(SignUtils.asCanonicalString(policyData), zmsPrivateKeyK0));
DomainSignedPolicyData domainSignedPolicyData = new DomainSignedPolicyData();
domainSignedPolicyData.setSignedPolicyData(signedPolicyData);
PrivateKey ztsKey = null;
if ("0".equals(keyId)) {
ztsKey = ztsPrivateKeyK0;
} else if ("1".equals(keyId)) {
ztsKey = ztsPrivateKeyK1;
}
String signature = Crypto.sign(SignUtils.asCanonicalString(signedPolicyData), ztsKey);
domainSignedPolicyData.setKeyId(keyId);
domainSignedPolicyData.setSignature(signature);
return domainSignedPolicyData;
}
Also used :
Policy(com.yahoo.athenz.zts.Policy)
PrivateKey(java.security.PrivateKey)
Assertion(com.yahoo.athenz.zts.Assertion)
ArrayList(java.util.ArrayList)
SignedPolicyData(com.yahoo.athenz.zts.SignedPolicyData)
PolicyData(com.yahoo.athenz.zts.PolicyData)
DomainSignedPolicyData(com.yahoo.athenz.zts.DomainSignedPolicyData)
DomainSignedPolicyData(com.yahoo.athenz.zts.DomainSignedPolicyData)
SignedPolicyData(com.yahoo.athenz.zts.SignedPolicyData)
DomainSignedPolicyData(com.yahoo.athenz.zts.DomainSignedPolicyData)
Timestamp(com.yahoo.rdl.Timestamp)
Aggregations
Timestamp (com.yahoo.rdl.Timestamp)13
DomainSignedPolicyData (com.yahoo.athenz.zts.DomainSignedPolicyData)4
PolicyData (com.yahoo.athenz.zts.PolicyData)3
SignedPolicyData (com.yahoo.athenz.zts.SignedPolicyData)3
ArrayList (java.util.ArrayList)3
Principal (com.yahoo.athenz.auth.Principal)2
SimplePrincipal (com.yahoo.athenz.auth.impl.SimplePrincipal)2
File (java.io.File)2
IOException (java.io.IOException)2
PrivateKey (java.security.PrivateKey)2
EntityTag (javax.ws.rs.core.EntityTag)2
Test (org.testng.annotations.Test)2
DomainData (com.yahoo.athenz.zms.DomainData)1
RoleMember (com.yahoo.athenz.zms.RoleMember)1
AthenzObject (com.yahoo.athenz.zms.ZMSImpl.AthenzObject)1
AthenzDomain (com.yahoo.athenz.zms.store.AthenzDomain)1
ObjectStoreConnection (com.yahoo.athenz.zms.store.ObjectStoreConnection)1
JDBCConnection (com.yahoo.athenz.zms.store.jdbc.JDBCConnection)1
Assertion (com.yahoo.athenz.zts.Assertion)1
Policy (com.yahoo.athenz.zts.Policy)1
