Search in sources :

Example 1 with DefaultKeystoreService

use of org.apache.knox.gateway.services.security.impl.DefaultKeystoreService in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreationAudience.

@Test
public void testTokenCreationAudience() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    JWT token = ta.issueToken(principal, "https://login.example.com", "RS256");
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertEquals("https://login.example.com", token.getAudience());
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Example 2 with DefaultKeystoreService

use of org.apache.knox.gateway.services.security.impl.DefaultKeystoreService in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreation.

@Test
public void testTokenCreation() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    JWT token = ta.issueToken(principal, "RS256");
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Example 3 with DefaultKeystoreService

use of org.apache.knox.gateway.services.security.impl.DefaultKeystoreService in project knox by apache.

the class DefaultTokenAuthorityServiceTest method testTokenCreationNullAudience.

@Test
public void testTokenCreationNullAudience() throws Exception {
    Principal principal = EasyMock.createNiceMock(Principal.class);
    EasyMock.expect(principal.getName()).andReturn("john.doe@example.com");
    GatewayConfig config = EasyMock.createNiceMock(GatewayConfig.class);
    String basedir = System.getProperty("basedir");
    if (basedir == null) {
        basedir = new File(".").getCanonicalPath();
    }
    EasyMock.expect(config.getGatewaySecurityDir()).andReturn(basedir + "/target/test-classes");
    EasyMock.expect(config.getSigningKeystoreName()).andReturn("server-keystore.jks");
    EasyMock.expect(config.getSigningKeyAlias()).andReturn("server").anyTimes();
    MasterService ms = EasyMock.createNiceMock(MasterService.class);
    EasyMock.expect(ms.getMasterSecret()).andReturn("horton".toCharArray());
    AliasService as = EasyMock.createNiceMock(AliasService.class);
    EasyMock.expect(as.getGatewayIdentityPassphrase()).andReturn("horton".toCharArray());
    EasyMock.replay(principal, config, ms, as);
    KeystoreService ks = new DefaultKeystoreService();
    ((DefaultKeystoreService) ks).setMasterService(ms);
    ((DefaultKeystoreService) ks).init(config, new HashMap<String, String>());
    JWTokenAuthority ta = new DefaultTokenAuthorityService();
    ((DefaultTokenAuthorityService) ta).setAliasService(as);
    ((DefaultTokenAuthorityService) ta).setKeystoreService(ks);
    ((DefaultTokenAuthorityService) ta).init(config, new HashMap<String, String>());
    JWT token = ta.issueToken(principal, null, "RS256");
    assertEquals("KNOXSSO", token.getIssuer());
    assertEquals("john.doe@example.com", token.getSubject());
    assertTrue(ta.verifyToken(token));
}
Also used : AliasService(org.apache.knox.gateway.services.security.AliasService) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) JWT(org.apache.knox.gateway.services.security.token.impl.JWT) JWTokenAuthority(org.apache.knox.gateway.services.security.token.JWTokenAuthority) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) KeystoreService(org.apache.knox.gateway.services.security.KeystoreService) File(java.io.File) MasterService(org.apache.knox.gateway.services.security.MasterService) Principal(java.security.Principal) GatewayConfig(org.apache.knox.gateway.config.GatewayConfig) Test(org.junit.Test)

Example 4 with DefaultKeystoreService

use of org.apache.knox.gateway.services.security.impl.DefaultKeystoreService in project knox by apache.

the class CLIGatewayServices method init.

public void init(GatewayConfig config, Map<String, String> options) throws ServiceLifecycleException {
    ms = new CLIMasterService();
    ms.init(config, options);
    services.put("MasterService", ms);
    ks = new DefaultKeystoreService();
    ks.setMasterService(ms);
    ks.init(config, options);
    services.put(KEYSTORE_SERVICE, ks);
    DefaultAliasService alias = new DefaultAliasService();
    alias.setKeystoreService(ks);
    alias.init(config, options);
    services.put(ALIAS_SERVICE, alias);
    DefaultCryptoService crypto = new DefaultCryptoService();
    crypto.setKeystoreService(ks);
    crypto.setAliasService(alias);
    crypto.init(config, options);
    services.put(CRYPTO_SERVICE, crypto);
    DefaultTopologyService tops = new DefaultTopologyService();
    tops.init(config, options);
    services.put(TOPOLOGY_SERVICE, tops);
    RemoteConfigurationRegistryClientService registryClientService = RemoteConfigurationRegistryClientServiceFactory.newInstance(config);
    registryClientService.setAliasService(alias);
    registryClientService.init(config, options);
    services.put(REMOTE_REGISTRY_CLIENT_SERVICE, registryClientService);
}
Also used : DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) DefaultAliasService(org.apache.knox.gateway.services.security.impl.DefaultAliasService) DefaultTopologyService(org.apache.knox.gateway.services.topology.impl.DefaultTopologyService) RemoteConfigurationRegistryClientService(org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) CLIMasterService(org.apache.knox.gateway.services.security.impl.CLIMasterService)

Example 5 with DefaultKeystoreService

use of org.apache.knox.gateway.services.security.impl.DefaultKeystoreService in project knox by apache.

the class DefaultGatewayServices method init.

public void init(GatewayConfig config, Map<String, String> options) throws ServiceLifecycleException {
    ms = new DefaultMasterService();
    ms.init(config, options);
    services.put("MasterService", ms);
    ks = new DefaultKeystoreService();
    ks.setMasterService(ms);
    ks.init(config, options);
    services.put(KEYSTORE_SERVICE, ks);
    DefaultAliasService alias = new DefaultAliasService();
    alias.setKeystoreService(ks);
    alias.setMasterService(ms);
    alias.init(config, options);
    services.put(ALIAS_SERVICE, alias);
    DefaultCryptoService crypto = new DefaultCryptoService();
    crypto.setKeystoreService(ks);
    crypto.setAliasService(alias);
    crypto.init(config, options);
    services.put(CRYPTO_SERVICE, crypto);
    DefaultTokenAuthorityService ts = new DefaultTokenAuthorityService();
    ts.setAliasService(alias);
    ts.setKeystoreService(ks);
    ts.init(config, options);
    // prolly should not allow the token service to be looked up?
    services.put(TOKEN_SERVICE, ts);
    JettySSLService ssl = new JettySSLService();
    ssl.setAliasService(alias);
    ssl.setKeystoreService(ks);
    ssl.setMasterService(ms);
    ssl.init(config, options);
    services.put(SSL_SERVICE, ssl);
    DefaultServiceRegistryService sr = new DefaultServiceRegistryService();
    sr.setCryptoService(crypto);
    sr.init(config, options);
    services.put(SERVICE_REGISTRY_SERVICE, sr);
    DefaultHostMapperService hm = new DefaultHostMapperService();
    hm.init(config, options);
    services.put(HOST_MAPPING_SERVICE, hm);
    DefaultServerInfoService sis = new DefaultServerInfoService();
    sis.init(config, options);
    services.put(SERVER_INFO_SERVICE, sis);
    RemoteConfigurationRegistryClientService registryClientService = RemoteConfigurationRegistryClientServiceFactory.newInstance(config);
    registryClientService.setAliasService(alias);
    registryClientService.init(config, options);
    services.put(REMOTE_REGISTRY_CLIENT_SERVICE, registryClientService);
    DefaultClusterConfigurationMonitorService ccs = new DefaultClusterConfigurationMonitorService();
    ccs.setAliasService(alias);
    ccs.init(config, options);
    services.put(CLUSTER_CONFIGURATION_MONITOR_SERVICE, ccs);
    DefaultTopologyService tops = new DefaultTopologyService();
    tops.setAliasService(alias);
    tops.init(config, options);
    services.put(TOPOLOGY_SERVICE, tops);
    DefaultServiceDefinitionRegistry sdr = new DefaultServiceDefinitionRegistry();
    sdr.init(config, options);
    services.put(SERVICE_DEFINITION_REGISTRY, sdr);
    DefaultMetricsService metricsService = new DefaultMetricsService();
    metricsService.init(config, options);
    services.put(METRICS_SERVICE, metricsService);
}
Also used : DefaultHostMapperService(org.apache.knox.gateway.services.hostmap.impl.DefaultHostMapperService) DefaultClusterConfigurationMonitorService(org.apache.knox.gateway.services.topology.impl.DefaultClusterConfigurationMonitorService) DefaultAliasService(org.apache.knox.gateway.services.security.impl.DefaultAliasService) DefaultTopologyService(org.apache.knox.gateway.services.topology.impl.DefaultTopologyService) DefaultMetricsService(org.apache.knox.gateway.services.metrics.impl.DefaultMetricsService) RemoteConfigurationRegistryClientService(org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService) DefaultServiceDefinitionRegistry(org.apache.knox.gateway.services.registry.impl.DefaultServiceDefinitionRegistry) DefaultKeystoreService(org.apache.knox.gateway.services.security.impl.DefaultKeystoreService) DefaultServiceRegistryService(org.apache.knox.gateway.services.registry.impl.DefaultServiceRegistryService) DefaultMasterService(org.apache.knox.gateway.services.security.impl.DefaultMasterService) DefaultCryptoService(org.apache.knox.gateway.services.security.impl.DefaultCryptoService) DefaultTokenAuthorityService(org.apache.knox.gateway.services.token.impl.DefaultTokenAuthorityService) JettySSLService(org.apache.knox.gateway.services.security.impl.JettySSLService)

Aggregations

DefaultKeystoreService (org.apache.knox.gateway.services.security.impl.DefaultKeystoreService)7 File (java.io.File)5 Principal (java.security.Principal)5 GatewayConfig (org.apache.knox.gateway.config.GatewayConfig)5 AliasService (org.apache.knox.gateway.services.security.AliasService)5 KeystoreService (org.apache.knox.gateway.services.security.KeystoreService)5 MasterService (org.apache.knox.gateway.services.security.MasterService)5 JWTokenAuthority (org.apache.knox.gateway.services.security.token.JWTokenAuthority)5 Test (org.junit.Test)5 JWT (org.apache.knox.gateway.services.security.token.impl.JWT)4 RemoteConfigurationRegistryClientService (org.apache.knox.gateway.services.config.client.RemoteConfigurationRegistryClientService)2 DefaultAliasService (org.apache.knox.gateway.services.security.impl.DefaultAliasService)2 DefaultCryptoService (org.apache.knox.gateway.services.security.impl.DefaultCryptoService)2 DefaultTopologyService (org.apache.knox.gateway.services.topology.impl.DefaultTopologyService)2 DefaultHostMapperService (org.apache.knox.gateway.services.hostmap.impl.DefaultHostMapperService)1 DefaultMetricsService (org.apache.knox.gateway.services.metrics.impl.DefaultMetricsService)1 DefaultServiceDefinitionRegistry (org.apache.knox.gateway.services.registry.impl.DefaultServiceDefinitionRegistry)1 DefaultServiceRegistryService (org.apache.knox.gateway.services.registry.impl.DefaultServiceRegistryService)1 CLIMasterService (org.apache.knox.gateway.services.security.impl.CLIMasterService)1 DefaultMasterService (org.apache.knox.gateway.services.security.impl.DefaultMasterService)1