use of com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException in project vespa by vespa-engine.
the class AthenzPrincipalFilterTest method invalid_token_is_unauthorized.
@Test
public void invalid_token_is_unauthorized() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
String errorMessage = "Invalid token";
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
when(request.getClientCertificateChain()).thenReturn(emptyList());
when(validator.validate(NTOKEN)).thenThrow(new InvalidTokenException(errorMessage));
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
filter.filter(request, responseHandler);
assertUnauthorized(responseHandler, errorMessage);
}
use of com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException in project vespa by vespa-engine.
the class NTokenValidatorTest method failing_to_find_key_should_throw_exception.
@Test
public void failing_to_find_key_should_throw_exception() throws InvalidTokenException {
ZmsKeystore keystore = (athensService, keyId) -> {
throw new RuntimeException();
};
NTokenValidator validator = new NTokenValidator(keystore);
NToken token = createNToken(IDENTITY, Instant.now(), TRUSTED_KEY.getPrivate(), "0");
exceptionRule.expect(InvalidTokenException.class);
exceptionRule.expectMessage("Failed to retrieve public key");
validator.validate(token);
}
use of com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException in project vespa by vespa-engine.
the class NTokenValidator method validate.
AthenzPrincipal validate(NToken token) throws InvalidTokenException {
PrincipalToken principalToken = new PrincipalToken(token.getRawToken());
PublicKey zmsPublicKey = getPublicKey(principalToken.getKeyId()).orElseThrow(() -> new InvalidTokenException("NToken has an unknown keyId"));
validateSignatureAndExpiration(principalToken, zmsPublicKey);
return new AthenzPrincipal(AthenzIdentities.from(new AthenzDomain(principalToken.getDomain()), principalToken.getName()), token);
}
Aggregations