diff options
author | Martin Polden <mpolden@mpolden.no> | 2019-09-20 15:04:32 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2019-09-20 15:32:52 +0200 |
commit | 00c7e655dfb56f00e8451b2aaaee44189077b433 (patch) | |
tree | 92147546c67f74f82869f299f5ea20b3264dc73c /athenz-identity-provider-service | |
parent | 3b0db309add7a123dcd2e1efc0952048bc6b2d72 (diff) |
Test registration with ZTS client
Diffstat (limited to 'athenz-identity-provider-service')
2 files changed, 20 insertions, 5 deletions
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java index 1598f69a5f4..4393c3a25b9 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java @@ -7,11 +7,15 @@ import com.yahoo.security.KeyUtils; import com.yahoo.security.Pkcs10Csr; import com.yahoo.security.Pkcs10CsrUtils; import com.yahoo.security.X509CertificateUtils; +import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.vespa.athenz.client.zts.DefaultZtsClient; import com.yahoo.vespa.config.SlimeUtils; import com.yahoo.vespa.hosted.ca.CertificateTester; import org.junit.Before; import org.junit.Test; +import javax.net.ssl.SSLContext; +import java.net.URI; import java.nio.charset.StandardCharsets; import static org.junit.Assert.assertEquals; @@ -28,25 +32,33 @@ public class CertificateAuthorityApiTest extends ContainerTester { } @Test - public void register_instance() { + public void register_instance() throws Exception { // POST instance registration var csr = CertificateTester.createCsr("node1.example.com"); - assertRegistration(new Request("http://localhost:8080/ca/v1/instance/", + assertRegistration(new Request("http://localhost:12345/ca/v1/instance/", instanceRegistrationJson(csr), Request.Method.POST)); + + // POST instance registration with ZTS client + var ztsClient = new DefaultZtsClient(URI.create("http://localhost:12345/ca/v1/"), SSLContext.getDefault()); + var instanceIdentity = ztsClient.registerInstance(new AthenzService("vespa.external", "provider_prod_us-north-1"), + new AthenzService("vespa.external", "tenant"), + "identity document generated by config server", + csr); + assertEquals("CN=Vespa CA", instanceIdentity.certificate().getIssuerX500Principal().getName()); } @Test public void invalid_register_instance() { // POST instance registration with missing fields assertResponse(400, "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Missing required field 'provider'\"}", - new Request("http://localhost:8080/ca/v1/instance/", + new Request("http://localhost:12345/ca/v1/instance/", new byte[0], Request.Method.POST)); // POST instance registration without DNS name in CSR var csr = CertificateTester.createCsr(); - var request = new Request("http://localhost:8080/ca/v1/instance/", + var request = new Request("http://localhost:12345/ca/v1/instance/", instanceRegistrationJson(csr), Request.Method.POST); assertResponse(400, "{\"error-code\":\"BAD_REQUEST\",\"message\":\"DNS name not found in CSR\"}", request); diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java index 6cc86839290..2ca45cf7e56 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java @@ -25,7 +25,7 @@ public class ContainerTester { @Before public void startContainer() { - container = JDisc.fromServicesXml(servicesXml(), Networking.disable); + container = JDisc.fromServicesXml(servicesXml(), Networking.enable); } @After @@ -63,6 +63,9 @@ public class ContainerTester { " <handler id='com.yahoo.vespa.hosted.ca.restapi.CertificateAuthorityApiHandler'>\n" + " <binding>http://*/ca/v1/*</binding>\n" + " </handler>\n" + + " <http>\n" + + " <server id='default' port='12345'/>\n" + + " </http>\n" + "</container>"; } |