diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-01-16 16:14:26 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-01-17 12:35:44 +0100 |
commit | 96f5cb0fe8b72b5c322f6d8b022a51ec4ef8788d (patch) | |
tree | b4b46d136f92b9832788ac414de5cc38317dea85 /controller-api/src/test | |
parent | ac0e0340fd7989ae4410aaf7e33eb2e1e848a88b (diff) |
Move Athenz types from controller-api to vespa-athenz
Diffstat (limited to 'controller-api/src/test')
3 files changed, 0 insertions, 158 deletions
diff --git a/controller-api/src/test/java/com/yahoo/vespa/athenz/api/AthenzDomainTest.java b/controller-api/src/test/java/com/yahoo/vespa/athenz/api/AthenzDomainTest.java deleted file mode 100644 index 637a643cf63..00000000000 --- a/controller-api/src/test/java/com/yahoo/vespa/athenz/api/AthenzDomainTest.java +++ /dev/null @@ -1,55 +0,0 @@ -package com.yahoo.vespa.athenz.api; - -import org.hamcrest.CoreMatchers; -import org.junit.Test; - -import java.util.concurrent.Callable; -import java.util.function.Supplier; - -import static org.hamcrest.CoreMatchers.containsString; -import static org.hamcrest.CoreMatchers.startsWith; -import static org.junit.Assert.*; - -/** - * @author bjorncs - */ -public class AthenzDomainTest { - - @Test - public void domain_can_be_constructed_from_valid_string() { - new AthenzDomain("home.john.my-app"); - } - - @Test - public void invalid_domain_throws_exception() { - assertInvalid(() -> new AthenzDomain("endswithdot.")); - assertInvalid(() -> new AthenzDomain(".startswithdot")); - } - - @Test - public void parent_domain_is_without_name_suffix() { - assertEquals(new AthenzDomain("home.john"), new AthenzDomain("home.john.myapp").getParent()); - } - - @Test - public void domain_name_suffix_is_the_suffix_after_last_dot() { - assertEquals("myapp", new AthenzDomain("home.john.myapp").getNameSuffix()); - } - - @Test - public void domain_without_dot_is_toplevel() { - assertTrue(new AthenzDomain("toplevel").isTopLevelDomain()); - assertFalse(new AthenzDomain("not.toplevel").isTopLevelDomain()); - } - - private static void assertInvalid(Supplier<AthenzDomain> domainCreator) { - try { - AthenzDomain domain = domainCreator.get(); - fail("Expected IllegalArgumentException for domain: " + domain.getName()); - } catch (IllegalArgumentException e) { - assertThat(e.getMessage(), startsWith("Not a valid domain name")); - } - } - - -}
\ No newline at end of file diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifierTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifierTest.java deleted file mode 100644 index 88da28fb273..00000000000 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifierTest.java +++ /dev/null @@ -1,82 +0,0 @@ -package com.yahoo.vespa.hosted.controller.api.integration.athenz; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.cert.CertIOException; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.junit.Test; - -import javax.net.ssl.SSLPeerUnverifiedException; -import javax.net.ssl.SSLSession; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.time.Duration; -import java.time.Instant; -import java.util.Date; - -import static java.util.Collections.singleton; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - -/** - * @author bjorncs - */ -public class AthenzIdentityVerifierTest { - - @Test - public void verifies_certificate_with_athenz_service_as_common_name() throws Exception { - AthenzIdentity trustedIdentity = new AthenzService("mydomain", "alice"); - AthenzIdentity unknownIdentity = new AthenzService("mydomain", "mallory"); - KeyPair keyPair = createKeyPair(); - AthenzIdentityVerifier verifier = new AthenzIdentityVerifier(singleton(trustedIdentity)); - assertTrue(verifier.verify("hostname", createSslSessionMock(createSelfSignedCertificate(keyPair, trustedIdentity)))); - assertFalse(verifier.verify("hostname", createSslSessionMock(createSelfSignedCertificate(keyPair, unknownIdentity)))); - } - - private static KeyPair createKeyPair() throws NoSuchAlgorithmException { - KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); - keyGen.initialize(512); - return keyGen.generateKeyPair(); - } - - private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity) - throws OperatorCreationException, CertIOException, CertificateException { - ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate()); - X500Name x500Name = new X500Name("CN="+ identity.getFullName()); - Instant now = Instant.now(); - Date notBefore = Date.from(now); - Date notAfter = Date.from(now.plus(Duration.ofDays(30))); - - X509v3CertificateBuilder certificateBuilder = - new JcaX509v3CertificateBuilder( - x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic() - ) - .addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); - - return new JcaX509CertificateConverter() - .setProvider(new BouncyCastleProvider()) - .getCertificate(certificateBuilder.build(contentSigner)); - - } - - private static SSLSession createSslSessionMock(X509Certificate certificate) throws SSLPeerUnverifiedException { - SSLSession sslSession = mock(SSLSession.class); - when(sslSession.getPeerCertificates()).thenReturn(new Certificate[]{certificate}); - return sslSession; - } - -}
\ No newline at end of file diff --git a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtilsTest.java b/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtilsTest.java deleted file mode 100644 index f257255a07e..00000000000 --- a/controller-api/src/test/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtilsTest.java +++ /dev/null @@ -1,21 +0,0 @@ -package com.yahoo.vespa.hosted.controller.api.integration.athenz; - -import com.yahoo.vespa.athenz.api.AthenzDomain; -import org.junit.Test; - -import static org.junit.Assert.assertEquals; - -/** - * @author bjorncs - */ -public class AthenzUtilsTest { - - @Test - public void athenz_identity_is_parsed_from_dot_separated_string() { - AthenzIdentity expectedIdentity = new AthenzService(new AthenzDomain("my.subdomain"), "myservicename"); - String fullName = expectedIdentity.getFullName(); - AthenzIdentity actualIdentity = AthenzUtils.createAthenzIdentity(fullName); - assertEquals(expectedIdentity, actualIdentity); - } - -}
\ No newline at end of file |