Example 6 with CertificatePrincipal
use of keywhiz.auth.mutualssl.CertificatePrincipal in project keywhiz by square.
the class ClientAuthenticatorTest method ignoresMultipleSpiffeIds.
@Test
public void ignoresMultipleSpiffeIds() throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate multipleSpiffeClientCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(multipleSpiffePem.getBytes(UTF_8)));
Principal multipleSpiffePrincipal = new CertificatePrincipal(multipleSpiffeClientCert.getSubjectDN().toString(), new X509Certificate[] { multipleSpiffeClientCert });
// Use only the (malformatted) SPIFFE IDs to retrieve a client (which should fail)
when(clientAuthTypeConfig.useCommonName()).thenReturn(false);
when(clientAuthTypeConfig.useSpiffeId()).thenReturn(true);
assertThat(authenticator.authenticate(multipleSpiffePrincipal, false)).isEmpty();
verifyNoInteractions(clientDAO);
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
CertificatePrincipal(keywhiz.auth.mutualssl.CertificatePrincipal)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
SpiffePrincipal(keywhiz.auth.mutualssl.SpiffePrincipal)
SimplePrincipal(keywhiz.auth.mutualssl.SimplePrincipal)
CertificatePrincipal(keywhiz.auth.mutualssl.CertificatePrincipal)
Principal(java.security.Principal)
Test(org.junit.Test)
Example 7 with CertificatePrincipal
use of keywhiz.auth.mutualssl.CertificatePrincipal in project keywhiz by square.
the class ClientAuthenticatorTest method setUp.
@Before
public void setUp() throws Exception {
clientSpiffe = new URI(clientSpiffeStr);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate clientCert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(clientPem.getBytes(UTF_8)));
certPrincipal = new CertificatePrincipal(clientCert.getSubjectDN().toString(), new X509Certificate[] { clientCert });
spiffePrincipal = new SpiffePrincipal(new URI(clientSpiffeStr));
authenticator = new ClientAuthenticator(clientDAO, clientDAO, clientAuthConfig);
when(clientDAO.getClientByName(clientName)).thenReturn(Optional.of(client));
when(clientDAO.getClientBySpiffeId(clientSpiffe)).thenReturn(Optional.of(client));
when(clientAuthConfig.typeConfig()).thenReturn(clientAuthTypeConfig);
when(clientAuthTypeConfig.useCommonName()).thenReturn(true);
when(clientAuthTypeConfig.useSpiffeId()).thenReturn(true);
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
CertificatePrincipal(keywhiz.auth.mutualssl.CertificatePrincipal)
URI(java.net.URI)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
SpiffePrincipal(keywhiz.auth.mutualssl.SpiffePrincipal)
Before(org.junit.Before)
Aggregations
CertificatePrincipal (keywhiz.auth.mutualssl.CertificatePrincipal)7
X509Certificate (java.security.cert.X509Certificate)5
ByteArrayInputStream (java.io.ByteArrayInputStream)4
CertificateFactory (java.security.cert.CertificateFactory)4
URI (java.net.URI)3
Principal (java.security.Principal)3
SpiffePrincipal (keywhiz.auth.mutualssl.SpiffePrincipal)3
Test (org.junit.Test)3
Instant (java.time.Instant)2
Client (keywhiz.api.model.Client)2
SimplePrincipal (keywhiz.auth.mutualssl.SimplePrincipal)2
Before (org.junit.Before)2
Preconditions.checkNotNull (com.google.common.base.Preconditions.checkNotNull)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
Duration (java.time.Duration)1
EPOCH (java.time.Instant.EPOCH)1
OffsetDateTime (java.time.OffsetDateTime)1
List (java.util.List)1
Optional (java.util.Optional)1
Nullable (javax.annotation.Nullable)1
