use of com.yahoo.vespa.athenz.api.NToken in project vespa by vespa-engine.
the class NTokenValidatorTest method createNToken.
private static NToken createNToken(AthenzIdentity identity, Instant issueTime, PrivateKey privateKey, String keyId) {
PrincipalToken token = new PrincipalToken.Builder("U1", identity.getDomain().getName(), identity.getName()).keyId(keyId).salt("1234").host("host").ip("1.2.3.4").issueTime(issueTime.getEpochSecond()).expirationWindow(1000).build();
token.sign(privateKey);
return new NToken(token.getSignedToken());
}
use of com.yahoo.vespa.athenz.api.NToken in project vespa by vespa-engine.
the class NTokenValidatorTest method valid_token_is_accepted.
@Test
public void valid_token_is_accepted() throws NoSuchAlgorithmException, InvalidTokenException {
NTokenValidator validator = new NTokenValidator(createKeystore());
NToken token = createNToken(IDENTITY, Instant.now(), TRUSTED_KEY.getPrivate(), "0");
AthenzPrincipal principal = validator.validate(token);
assertEquals("user.myuser", principal.getIdentity().getFullName());
}
use of com.yahoo.vespa.athenz.api.NToken in project vespa by vespa-engine.
the class NTokenValidatorTest method invalid_signature_is_not_accepted.
@Test
public void invalid_signature_is_not_accepted() throws InvalidTokenException {
NTokenValidator validator = new NTokenValidator(createKeystore());
NToken token = createNToken(IDENTITY, Instant.now(), UNKNOWN_KEY.getPrivate(), "0");
exceptionRule.expect(InvalidTokenException.class);
exceptionRule.expectMessage("NToken is expired or has invalid signature");
validator.validate(token);
}
use of com.yahoo.vespa.athenz.api.NToken in project vespa by vespa-engine.
the class NTokenValidatorTest method expired_token_is_not_accepted.
@Test
public void expired_token_is_not_accepted() throws InvalidTokenException {
NTokenValidator validator = new NTokenValidator(createKeystore());
NToken token = createNToken(IDENTITY, Instant.ofEpochMilli(1234), /*long time ago*/
TRUSTED_KEY.getPrivate(), "0");
exceptionRule.expect(InvalidTokenException.class);
exceptionRule.expectMessage("NToken is expired or has invalid signature");
validator.validate(token);
}
use of com.yahoo.vespa.athenz.api.NToken in project vespa by vespa-engine.
the class NTokenValidatorTest method unknown_keyId_is_not_accepted.
@Test
public void unknown_keyId_is_not_accepted() throws InvalidTokenException {
NTokenValidator validator = new NTokenValidator(createKeystore());
NToken token = createNToken(IDENTITY, Instant.now(), TRUSTED_KEY.getPrivate(), "unknown-key-id");
exceptionRule.expect(InvalidTokenException.class);
exceptionRule.expectMessage("NToken has an unknown keyId");
validator.validate(token);
}
Aggregations