Search in sources :

Example 21 with GatewayConfig

use of org.apache.knox.gateway.config.GatewayConfig in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreationAudience.

@Test
public void testTokenCreationAudience() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    JWT token = ta.issueToken(principal, "https://login.example.com", "RS256");
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertEquals("https://login.example.com", token.getAudience());
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Example 22 with GatewayConfig

use of org.apache.knox.gateway.config.GatewayConfig in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreation.

@Test
public void testTokenCreation() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    JWT token = ta.issueToken(principal, "RS256");
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Example 23 with GatewayConfig

use of org.apache.knox.gateway.config.GatewayConfig in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreationNullAudience.

@Test
public void testTokenCreationNullAudience() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    JWT token = ta.issueToken(principal, null, "RS256");
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Example 24 with GatewayConfig

use of org.apache.knox.gateway.config.GatewayConfig in project knox by apache.

the class DefaultTopologyServiceTest method testGetTopologies.

@Test
public void testGetTopologies() throws Exception {
    File dir = createDir();
    File topologyDir = new File(dir, "topologies");
    File descriptorsDir = new File(dir, "descriptors");
    descriptorsDir.mkdirs();
    File sharedProvidersDir = new File(dir, "shared-providers");
    sharedProvidersDir.mkdirs();
    long time = topologyDir.lastModified();
    try {
        createFile(topologyDir, "one.xml", "org/apache/knox/gateway/topology/file/topology-one.xml", time);
        TestTopologyListener topoListener = new TestTopologyListener();
        FileAlterationMonitor monitor = new FileAlterationMonitor(Long.MAX_VALUE);
        TopologyService provider = new DefaultTopologyService();
        Map<String, String> c = new HashMap<>();
        GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
        EasyMock.expect(config.getGatewayTopologyDir()).andReturn(topologyDir.getAbsolutePath()).anyTimes();
        EasyMock.expect(config.getGatewayConfDir()).andReturn(descriptorsDir.getParentFile().getAbsolutePath()).anyTimes();
        EasyMock.expect(config.getGatewayProvidersConfigDir()).andReturn(sharedProvidersDir.getAbsolutePath()).anyTimes();
        EasyMock.expect(config.getGatewayDescriptorsDir()).andReturn(descriptorsDir.getAbsolutePath()).anyTimes();
        EasyMock.replay(config);
        provider.init(config, c);
        provider.addTopologyChangeListener(topoListener);
        provider.reloadTopologies();
        Collection<Topology> topologies = provider.getTopologies();
        assertThat(topologies, notNullValue());
        assertThat(topologies.size(), is(1));
        Topology topology = topologies.iterator().next();
        assertThat(topology.getName(), is("one"));
        assertThat(topology.getTimestamp(), is(time));
        assertThat(topoListener.events.size(), is(1));
        topoListener.events.clear();
        // Add a file to the directory.
        File two = createFile(topologyDir, "two.xml", "org/apache/knox/gateway/topology/file/topology-two.xml", 1L);
        provider.reloadTopologies();
        topologies = provider.getTopologies();
        assertThat(topologies.size(), is(2));
        Set<String> names = new HashSet<>(Arrays.asList("one", "two"));
        Iterator<Topology> iterator = topologies.iterator();
        topology = iterator.next();
        assertThat(names, hasItem(topology.getName()));
        names.remove(topology.getName());
        topology = iterator.next();
        assertThat(names, hasItem(topology.getName()));
        names.remove(topology.getName());
        assertThat(names.size(), is(0));
        assertThat(topoListener.events.size(), is(1));
        List<TopologyEvent> events = topoListener.events.get(0);
        assertThat(events.size(), is(1));
        TopologyEvent event = events.get(0);
        assertThat(event.getType(), is(TopologyEvent.Type.CREATED));
        assertThat(event.getTopology(), notNullValue());
        // Update a file in the directory.
        two = createFile(topologyDir, "two.xml", "org/apache/knox/gateway/topology/file/topology-three.xml", 2L);
        provider.reloadTopologies();
        topologies = provider.getTopologies();
        assertThat(topologies.size(), is(2));
        names = new HashSet<>(Arrays.asList("one", "two"));
        iterator = topologies.iterator();
        topology = iterator.next();
        assertThat(names, hasItem(topology.getName()));
        names.remove(topology.getName());
        topology = iterator.next();
        assertThat(names, hasItem(topology.getName()));
        names.remove(topology.getName());
        assertThat(names.size(), is(0));
        // Remove a file from the directory.
        two.delete();
        provider.reloadTopologies();
        topologies = provider.getTopologies();
        assertThat(topologies.size(), is(1));
        topology = topologies.iterator().next();
        assertThat(topology.getName(), is("one"));
        assertThat(topology.getTimestamp(), is(time));
    } finally {
        FileUtils.deleteQuietly(dir);
    }
}
Also used : FileAlterationMonitor(org.apache.commons.io.monitor.FileAlterationMonitor) DefaultTopologyService(org.apache.knox.gateway.services.topology.impl.DefaultTopologyService) HashMap(java.util.HashMap) TopologyEvent(org.apache.knox.gateway.topology.TopologyEvent) Topology(org.apache.knox.gateway.topology.Topology) DefaultTopologyService(org.apache.knox.gateway.services.topology.impl.DefaultTopologyService) File(java.io.File) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 25 with GatewayConfig

use of org.apache.knox.gateway.config.GatewayConfig in project knox by apache.

the class DefaultTopologyServiceTest method testSimpleDescriptorsTopologyGeneration.

/**
 * KNOX-1014
 *
 * Test the lifecycle relationship between simple descriptors and topology files.
 *
 * N.B. This test depends on the DummyServiceDiscovery extension being configured:
 *        org.apache.knox.gateway.topology.discovery.test.extension.DummyServiceDiscovery
 */
@Test
public void testSimpleDescriptorsTopologyGeneration() throws Exception {
    File dir = createDir();
    File topologyDir = new File(dir, "topologies");
    topologyDir.mkdirs();
    File descriptorsDir = new File(dir, "descriptors");
    descriptorsDir.mkdirs();
    File sharedProvidersDir = new File(dir, "shared-providers");
    sharedProvidersDir.mkdirs();
    try {
        TestTopologyListener topoListener = new TestTopologyListener();
        FileAlterationMonitor monitor = new FileAlterationMonitor(Long.MAX_VALUE);
        TopologyService provider = new DefaultTopologyService();
        Map<String, String> c = new HashMap<>();
        GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
        EasyMock.expect(config.getGatewayTopologyDir()).andReturn(topologyDir.getAbsolutePath()).anyTimes();
        EasyMock.expect(config.getGatewayConfDir()).andReturn(descriptorsDir.getParentFile().getAbsolutePath()).anyTimes();
        EasyMock.replay(config);
        provider.init(config, c);
        provider.addTopologyChangeListener(topoListener);
        provider.reloadTopologies();
        // Add a simple descriptor to the descriptors dir to verify topology generation and loading (KNOX-1006)
        AliasService aliasService = EasyMock.createNiceMock(AliasService.class);
        EasyMock.expect(aliasService.getPasswordFromAliasForGateway(anyObject(String.class))).andReturn(null).anyTimes();
        EasyMock.replay(aliasService);
        DefaultTopologyService.DescriptorsMonitor dm = new DefaultTopologyService.DescriptorsMonitor(config, topologyDir, aliasService);
        // Listener to simulate the topologies directory monitor, to notice when a topology has been deleted
        provider.addTopologyChangeListener(new TestTopologyDeleteListener((DefaultTopologyService) provider));
        // Write out the referenced provider config first
        File provCfgFile = createFile(sharedProvidersDir, "ambari-cluster-policy.xml", "org/apache/knox/gateway/topology/file/ambari-cluster-policy.xml", System.currentTimeMillis());
        try {
            // Create the simple descriptor in the descriptors dir
            File simpleDesc = createFile(descriptorsDir, "four.json", "org/apache/knox/gateway/topology/file/simple-topology-four.json", System.currentTimeMillis());
            // Trigger the topology generation by noticing the simple descriptor
            dm.onFileChange(simpleDesc);
            // Load the generated topology
            provider.reloadTopologies();
            Collection<Topology> topologies = provider.getTopologies();
            assertThat(topologies.size(), is(1));
            Iterator<Topology> iterator = topologies.iterator();
            Topology topology = iterator.next();
            assertThat("four", is(topology.getName()));
            int serviceCount = topology.getServices().size();
            assertEquals("Expected the same number of services as are declared in the simple dscriptor.", 10, serviceCount);
            // Overwrite the simple descriptor with a different set of services, and check that the changes are
            // propagated to the associated topology
            simpleDesc = createFile(descriptorsDir, "four.json", "org/apache/knox/gateway/topology/file/simple-descriptor-five.json", System.currentTimeMillis());
            dm.onFileChange(simpleDesc);
            provider.reloadTopologies();
            topologies = provider.getTopologies();
            topology = topologies.iterator().next();
            assertNotEquals(serviceCount, topology.getServices().size());
            assertEquals(6, topology.getServices().size());
            // Delete the simple descriptor, and make sure that the associated topology file is deleted
            simpleDesc.delete();
            dm.onFileDelete(simpleDesc);
            provider.reloadTopologies();
            topologies = provider.getTopologies();
            assertTrue(topologies.isEmpty());
            // Delete a topology file, and make sure that the associated simple descriptor is deleted
            // Overwrite the simple descriptor with a different set of services, and check that the changes are
            // propagated to the associated topology
            simpleDesc = createFile(descriptorsDir, "deleteme.json", "org/apache/knox/gateway/topology/file/simple-descriptor-five.json", System.currentTimeMillis());
            dm.onFileChange(simpleDesc);
            provider.reloadTopologies();
            topologies = provider.getTopologies();
            assertFalse(topologies.isEmpty());
            topology = topologies.iterator().next();
            assertEquals("deleteme", topology.getName());
            File topologyFile = new File(topologyDir, topology.getName() + ".xml");
            assertTrue(topologyFile.exists());
            topologyFile.delete();
            provider.reloadTopologies();
            assertFalse("Simple descriptor should have been deleted because the associated topology was.", simpleDesc.exists());
        } finally {
            provCfgFile.delete();
        }
    } finally {
        FileUtils.deleteQuietly(dir);
    }
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) FileAlterationMonitor(org.apache.commons.io.monitor.FileAlterationMonitor) DefaultTopologyService(org.apache.knox.gateway.services.topology.impl.DefaultTopologyService) HashMap(java.util.HashMap) Topology(org.apache.knox.gateway.topology.Topology) DefaultTopologyService(org.apache.knox.gateway.services.topology.impl.DefaultTopologyService) File(java.io.File) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Aggregations

GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)90 Test (org.junit.Test)67 File (java.io.File)31 HashMap (java.util.HashMap)24 GatewayConfigImpl (org.apache.knox.gateway.config.impl.GatewayConfigImpl)19 Topology (org.apache.knox.gateway.topology.Topology)17 ServiceLifecycleException (org.apache.knox.gateway.services.ServiceLifecycleException)13 HttpServletRequest (javax.servlet.http.HttpServletRequest)12 AliasService (org.apache.knox.gateway.services.security.AliasService)12 DefaultGatewayServices (org.apache.knox.gateway.services.DefaultGatewayServices)11 IOException (java.io.IOException)9 Service (org.apache.knox.gateway.topology.Service)9 Document (org.w3c.dom.Document)9 ArrayList (java.util.ArrayList)8 GatewayTestConfig (org.apache.knox.gateway.GatewayTestConfig)8 MasterService (org.apache.knox.gateway.services.security.MasterService)8 TopologyService (org.apache.knox.gateway.services.topology.TopologyService)8 KeystoreService (org.apache.knox.gateway.services.security.KeystoreService)7 EnterpriseArchive (org.jboss.shrinkwrap.api.spec.EnterpriseArchive)7 List (java.util.List)6