Search in sources :

Example 1 with InvalidTokenException

use of com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException in project vespa by vespa-engine.

the class AthenzPrincipalFilterTest method invalid_token_is_unauthorized.

@Test
public void invalid_token_is_unauthorized() {
    DiscFilterRequest request = mock(DiscFilterRequest.class);
    String errorMessage = "Invalid token";
    when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
    when(request.getClientCertificateChain()).thenReturn(emptyList());
    when(validator.validate(NTOKEN)).thenThrow(new InvalidTokenException(errorMessage));
    ResponseHandlerMock responseHandler = new ResponseHandlerMock();
    AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
    filter.filter(request, responseHandler);
    assertUnauthorized(responseHandler, errorMessage);
}
Also used : InvalidTokenException(com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException) DiscFilterRequest(com.yahoo.jdisc.http.filter.DiscFilterRequest) Matchers.containsString(org.hamcrest.Matchers.containsString) Test(org.junit.Test)

Example 2 with InvalidTokenException

use of com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException in project vespa by vespa-engine.

the class NTokenValidatorTest method failing_to_find_key_should_throw_exception.

@Test
public void failing_to_find_key_should_throw_exception() throws InvalidTokenException {
    ZmsKeystore keystore = (athensService, keyId) -> {
        throw new RuntimeException();
    };
    NTokenValidator validator = new NTokenValidator(keystore);
    NToken token = createNToken(IDENTITY, Instant.now(), TRUSTED_KEY.getPrivate(), "0");
    exceptionRule.expect(InvalidTokenException.class);
    exceptionRule.expectMessage("Failed to retrieve public key");
    validator.validate(token);
}
Also used : KeyPair(java.security.KeyPair) InvalidTokenException(com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException) AthenzUser(com.yahoo.vespa.athenz.api.AthenzUser) AthenzIdentity(com.yahoo.vespa.athenz.api.AthenzIdentity) Test(org.junit.Test) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken) Instant(java.time.Instant) NToken(com.yahoo.vespa.athenz.api.NToken) ZmsKeystore(com.yahoo.vespa.hosted.controller.api.integration.athenz.ZmsKeystore) ZMS_ATHENZ_SERVICE(com.yahoo.vespa.athenz.utils.AthenzIdentities.ZMS_ATHENZ_SERVICE) Rule(org.junit.Rule) AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal) PrivateKey(java.security.PrivateKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Optional(java.util.Optional) ExpectedException(org.junit.rules.ExpectedException) Assert.assertEquals(org.junit.Assert.assertEquals) NToken(com.yahoo.vespa.athenz.api.NToken) ZmsKeystore(com.yahoo.vespa.hosted.controller.api.integration.athenz.ZmsKeystore) Test(org.junit.Test)

Example 3 with InvalidTokenException

use of com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException in project vespa by vespa-engine.

the class NTokenValidator method validate.

AthenzPrincipal validate(NToken token) throws InvalidTokenException {
    PrincipalToken principalToken = new PrincipalToken(token.getRawToken());
    PublicKey zmsPublicKey = getPublicKey(principalToken.getKeyId()).orElseThrow(() -> new InvalidTokenException("NToken has an unknown keyId"));
    validateSignatureAndExpiration(principalToken, zmsPublicKey);
    return new AthenzPrincipal(AthenzIdentities.from(new AthenzDomain(principalToken.getDomain()), principalToken.getName()), token);
}
Also used : InvalidTokenException(com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException) AthenzDomain(com.yahoo.vespa.athenz.api.AthenzDomain) PublicKey(java.security.PublicKey) AthenzPrincipal(com.yahoo.vespa.athenz.api.AthenzPrincipal) PrincipalToken(com.yahoo.athenz.auth.token.PrincipalToken)

Aggregations

InvalidTokenException (com.yahoo.vespa.hosted.controller.api.integration.athenz.InvalidTokenException)3 PrincipalToken (com.yahoo.athenz.auth.token.PrincipalToken)2 AthenzPrincipal (com.yahoo.vespa.athenz.api.AthenzPrincipal)2 Test (org.junit.Test)2 DiscFilterRequest (com.yahoo.jdisc.http.filter.DiscFilterRequest)1 AthenzDomain (com.yahoo.vespa.athenz.api.AthenzDomain)1 AthenzIdentity (com.yahoo.vespa.athenz.api.AthenzIdentity)1 AthenzUser (com.yahoo.vespa.athenz.api.AthenzUser)1 NToken (com.yahoo.vespa.athenz.api.NToken)1 ZMS_ATHENZ_SERVICE (com.yahoo.vespa.athenz.utils.AthenzIdentities.ZMS_ATHENZ_SERVICE)1 ZmsKeystore (com.yahoo.vespa.hosted.controller.api.integration.athenz.ZmsKeystore)1 KeyPair (java.security.KeyPair)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PrivateKey (java.security.PrivateKey)1 PublicKey (java.security.PublicKey)1 Instant (java.time.Instant)1 Optional (java.util.Optional)1 Matchers.containsString (org.hamcrest.Matchers.containsString)1 Assert.assertEquals (org.junit.Assert.assertEquals)1 Rule (org.junit.Rule)1