Search in sources :

Example 1 with AutoGeneratedKeyProvider

use of com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider in project vespa by vespa-engine.

the class InstanceValidatorTest method invalid_signature.

@Test
public void invalid_signature() throws Exception {
    KeyProvider keyProvider = new AutoGeneratedKeyProvider();
    InstanceValidator instanceValidator = new InstanceValidator(keyProvider, null);
    KeyProvider fakeKeyProvider = new AutoGeneratedKeyProvider();
    InstanceConfirmation instanceConfirmation = createInstanceConfirmation(fakeKeyProvider.getPrivateKey(0), applicationId, domain, service);
    assertFalse(instanceValidator.isInstanceSignatureValid(instanceConfirmation));
}
Also used : KeyProvider(com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider) AutoGeneratedKeyProvider(com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider) AutoGeneratedKeyProvider(com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider) Test(org.junit.Test)

Example 2 with AutoGeneratedKeyProvider

use of com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider in project vespa by vespa-engine.

the class InstanceValidatorTest method valid_signature.

@Test
public void valid_signature() throws Exception {
    KeyProvider keyProvider = new AutoGeneratedKeyProvider();
    InstanceValidator instanceValidator = new InstanceValidator(keyProvider, null);
    InstanceConfirmation instanceConfirmation = createInstanceConfirmation(keyProvider.getPrivateKey(0), applicationId, domain, service);
    assertTrue(instanceValidator.isInstanceSignatureValid(instanceConfirmation));
}
Also used : KeyProvider(com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider) AutoGeneratedKeyProvider(com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider) AutoGeneratedKeyProvider(com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider) Test(org.junit.Test)

Example 3 with AutoGeneratedKeyProvider

use of com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider in project vespa by vespa-engine.

the class IdentityDocumentGeneratorTest method generates_valid_identity_document.

@Test
public void generates_valid_identity_document() throws Exception {
    String hostname = "x.y.com";
    ApplicationId appid = ApplicationId.from(TenantName.from("tenant"), ApplicationName.from("application"), InstanceName.from("default"));
    Allocation allocation = new Allocation(appid, ClusterMembership.from("container/default/0/0", Version.fromString("1.2.3")), Generation.inital(), false);
    Node n = Node.create("ostkid", ImmutableSet.of("127.0.0.1"), new HashSet<>(), hostname, Optional.empty(), new MockNodeFlavors().getFlavorOrThrow("default"), NodeType.tenant).with(allocation);
    NodeRepository nodeRepository = mock(NodeRepository.class);
    when(nodeRepository.getNode(eq(hostname))).thenReturn(Optional.of(n));
    AutoGeneratedKeyProvider keyProvider = new AutoGeneratedKeyProvider();
    String dnsSuffix = "vespa.dns.suffix";
    AthenzProviderServiceConfig config = getAthenzProviderConfig("domain", "service", dnsSuffix, ZONE);
    IdentityDocumentGenerator identityDocumentGenerator = new IdentityDocumentGenerator(config, nodeRepository, ZONE, keyProvider);
    SignedIdentityDocument signedIdentityDocument = identityDocumentGenerator.generateSignedIdentityDocument(hostname);
    // Verify attributes
    assertEquals(hostname, signedIdentityDocument.identityDocument.instanceHostname);
    String environment = "dev";
    String region = "us-north-1";
    String expectedZoneDnsSuffix = environment + "-" + region + "." + dnsSuffix;
    assertEquals(expectedZoneDnsSuffix, signedIdentityDocument.dnsSuffix);
    ProviderUniqueId expectedProviderUniqueId = new ProviderUniqueId("tenant", "application", environment, region, "default", "default", 0);
    assertEquals(expectedProviderUniqueId, signedIdentityDocument.identityDocument.providerUniqueId);
    // Validate signature
    assertTrue("Message", InstanceValidator.isSignatureValid(keyProvider.getPublicKey(0), signedIdentityDocument.rawIdentityDocument, signedIdentityDocument.signature));
}
Also used : MockNodeFlavors(com.yahoo.vespa.hosted.provision.testutils.MockNodeFlavors) Allocation(com.yahoo.vespa.hosted.provision.node.Allocation) Node(com.yahoo.vespa.hosted.provision.Node) NodeRepository(com.yahoo.vespa.hosted.provision.NodeRepository) AutoGeneratedKeyProvider(com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider) AthenzProviderServiceConfig(com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig) ApplicationId(com.yahoo.config.provision.ApplicationId) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

AutoGeneratedKeyProvider (com.yahoo.vespa.hosted.athenz.instanceproviderservice.AutoGeneratedKeyProvider)3 Test (org.junit.Test)3 KeyProvider (com.yahoo.vespa.hosted.athenz.instanceproviderservice.KeyProvider)2 ApplicationId (com.yahoo.config.provision.ApplicationId)1 AthenzProviderServiceConfig (com.yahoo.vespa.hosted.athenz.instanceproviderservice.config.AthenzProviderServiceConfig)1 Node (com.yahoo.vespa.hosted.provision.Node)1 NodeRepository (com.yahoo.vespa.hosted.provision.NodeRepository)1 Allocation (com.yahoo.vespa.hosted.provision.node.Allocation)1 MockNodeFlavors (com.yahoo.vespa.hosted.provision.testutils.MockNodeFlavors)1 HashSet (java.util.HashSet)1