Search in sources :

Example 1 with AthenzService

use of com.yahoo.vespa.athenz.api.AthenzService in project vespa by vespa-engine.

the class SiaIdentityProviderTest method constructs_ssl_context_from_file.

@Test
public void constructs_ssl_context_from_file() throws IOException {
    File keyFile = tempDirectory.newFile();
    KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
    createPrivateKeyFile(keyFile, keypair);
    X509Certificate certificate = createCertificate(keypair);
    File certificateFile = tempDirectory.newFile();
    createCertificateFile(certificate, certificateFile);
    File trustStoreFile = tempDirectory.newFile();
    createTrustStoreFile(certificate, trustStoreFile);
    SiaIdentityProvider provider = new SiaIdentityProvider(new AthenzService("domain", "service-name"), keyFile, certificateFile, trustStoreFile, mock(ScheduledExecutorService.class));
    assertNotNull(provider.getIdentitySslContext());
}
Also used : AthenzService(com.yahoo.vespa.athenz.api.AthenzService) KeyPair(java.security.KeyPair) ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 2 with AthenzService

use of com.yahoo.vespa.athenz.api.AthenzService in project vespa by vespa-engine.

the class AthenzIdentityVerifierTest method verifies_certificate_with_athenz_service_as_common_name.

@Test
public void verifies_certificate_with_athenz_service_as_common_name() throws Exception {
    AthenzIdentity trustedIdentity = new AthenzService("mydomain", "alice");
    AthenzIdentity unknownIdentity = new AthenzService("mydomain", "mallory");
    KeyPair keyPair = createKeyPair();
    AthenzIdentityVerifier verifier = new AthenzIdentityVerifier(singleton(trustedIdentity));
    assertTrue(verifier.verify("hostname", createSslSessionMock(createSelfSignedCertificate(keyPair, trustedIdentity))));
    assertFalse(verifier.verify("hostname", createSslSessionMock(createSelfSignedCertificate(keyPair, unknownIdentity))));
}
Also used : AthenzService(com.yahoo.vespa.athenz.api.AthenzService) KeyPair(java.security.KeyPair) AthenzIdentity(com.yahoo.vespa.athenz.api.AthenzIdentity) AthenzIdentityVerifier(com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier) Test(org.junit.Test)

Example 3 with AthenzService

use of com.yahoo.vespa.athenz.api.AthenzService in project vespa by vespa-engine.

the class AthenzIdentitiesTest method athenz_identity_is_parsed_from_dot_separated_string.

@Test
public void athenz_identity_is_parsed_from_dot_separated_string() {
    AthenzIdentity expectedIdentity = new AthenzService(new AthenzDomain("my.subdomain"), "myservicename");
    String fullName = expectedIdentity.getFullName();
    AthenzIdentity actualIdentity = AthenzIdentities.from(fullName);
    assertEquals(expectedIdentity, actualIdentity);
}
Also used : AthenzService(com.yahoo.vespa.athenz.api.AthenzService) AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain) AthenzIdentity(com.yahoo.vespa.athenz.api.AthenzIdentity) Test(org.junit.Test)

Aggregations

AthenzService (com.yahoo.vespa.athenz.api.AthenzService)3 Test (org.junit.Test)3 AthenzIdentity (com.yahoo.vespa.athenz.api.AthenzIdentity)2 KeyPair (java.security.KeyPair)2 AthenzDomain (com.yahoo.vespa.athenz.api.AthenzDomain)1 AthenzIdentityVerifier (com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier)1 File (java.io.File)1 X509Certificate (java.security.cert.X509Certificate)1 ScheduledExecutorService (java.util.concurrent.ScheduledExecutorService)1