diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-12 18:19:28 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-06-12 18:19:28 +0200 |
commit | a2989608d5ddee1ce6ad870ce2aeab14495d96e9 (patch) | |
tree | 03f15ceedb5afc42092e6dd1b60fbb795cdebab3 /vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java | |
parent | d8d316de3028e101140bff177ffa6ce66c17524e (diff) |
Separate generating and validating signature to separate class
- Move signature logic to IdentityDocumentSigner
- Stop using fields from deprecated IdentityDocument to generate signature
Diffstat (limited to 'vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java')
-rw-r--r-- | vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java new file mode 100644 index 00000000000..9cc500ee241 --- /dev/null +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java @@ -0,0 +1,50 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.athenz.identityprovider.client; + +import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.vespa.athenz.identityprovider.api.IdentityType; +import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument; +import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; +import com.yahoo.vespa.athenz.tls.KeyAlgorithm; +import com.yahoo.vespa.athenz.tls.KeyUtils; +import org.junit.Test; + +import java.net.URI; +import java.security.KeyPair; +import java.time.Instant; +import java.util.Arrays; +import java.util.HashSet; + +import static com.yahoo.vespa.athenz.identityprovider.api.IdentityType.TENANT; +import static com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument.DEFAULT_DOCUMENT_VERSION; +import static com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument.DEFAULT_KEY_VERSION; +import static org.junit.Assert.*; + +/** + * @author bjorncs + */ +public class IdentityDocumentSignerTest { + + @Test + public void generates_and_validates_signature() { + IdentityDocumentSigner signer = new IdentityDocumentSigner(); + IdentityType identityType = TENANT; + VespaUniqueInstanceId id = + new VespaUniqueInstanceId(1, "cluster-id", "instance", "application", "tenant", "region", "environment", identityType); + AthenzService providerService = new AthenzService("vespa", "service"); + KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); + String configserverHostname = "configserverhostname"; + String instanceHostname = "instancehostname"; + Instant createdAt = Instant.EPOCH; + HashSet<String> ipAddresses = new HashSet<>(Arrays.asList("1.2.3.4", "::1")); + String signature = + signer.generateSignature(id, providerService, configserverHostname, instanceHostname, createdAt, ipAddresses, identityType, keyPair.getPrivate()); + + SignedIdentityDocument signedIdentityDocument = new SignedIdentityDocument( + null, signature, DEFAULT_KEY_VERSION, id, "dns-suffix", providerService, URI.create("https://zts"), + DEFAULT_DOCUMENT_VERSION, configserverHostname, instanceHostname, createdAt, ipAddresses, identityType); + + assertTrue(signer.hasValidSignature(signedIdentityDocument, keyPair.getPublic())); + } + +}
\ No newline at end of file |