Revert "change to new identity document format"

author: Morten Tokle <morten.tokle@gmail.com> 2023-04-25 10:47:05 +0200
committer: GitHub <noreply@github.com> 2023-04-25 10:47:05 +0200
commit: 9a7001e4b546eb25f5355ebe3aead644bbf658ca (patch)
tree: 3c08335306c6b0cc63276b2d4e7d74a7956a6157 /vespa-athenz/src/test/java/com/yahoo
parent: f3ac0e360e47778eb51e3619825f09e52d3b6082 (diff)
2 files changed, 24 insertions, 87 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java
index 513fb4cdbd3..2a68f6fd231 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/api/EntityBindingsMapperTest.java
@@ -5,11 +5,8 @@ package com.yahoo.vespa.athenz.identityprovider.api;
 import org.junit.jupiter.api.Test;
 
 import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.util.Base64;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertInstanceOf;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 /**
@@ -18,7 +15,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
 class EntityBindingsMapperTest {
 
     @Test
-    public void legacy_persists_unknown_json_members() throws IOException {
+    public void persists_unknown_json_members() throws IOException {
         var originalJson =
                 """
                 {
@@ -39,8 +36,7 @@ class EntityBindingsMapperTest {
                 }
                 """;
         var entity = EntityBindingsMapper.fromString(originalJson);
-        assertInstanceOf(LegacySignedIdentityDocument.class, entity);
-        assertEquals(2, entity.identityDocument().unknownAttributes().size(), entity.identityDocument().unknownAttributes().toString());
+        assertEquals(2, entity.unknownAttributes().size(), entity.unknownAttributes().toString());
         var json = EntityBindingsMapper.toAttestationData(entity);
 
         var expectedMemberInJson = "member-in-unknown-object";
@@ -49,39 +45,4 @@ class EntityBindingsMapperTest {
         assertEquals(EntityBindingsMapper.mapper.readTree(originalJson), EntityBindingsMapper.mapper.readTree(json));
     }
 
-    @Test
-    public void reads_unknown_json_members() throws IOException {
-        var iddoc = """
-                {
-                  "provider-unique-id": "0.cluster.instance.app.tenant.us-west-1.test.node",
-                  "provider-service": "domain.service",
-                  "configserver-hostname": "cfg",
-                  "instance-hostname": "host",
-                  "created-at": 12345.0,
-                  "ip-addresses": [],
-                  "identity-type": "node",
-                  "cluster-type": "admin",
-                  "zts-url": "https://zts.url/",
-                  "unknown-string": "string-value",
-                  "unknown-object": { "member-in-unknown-object": 123 }
-                }
-                """;
-        var originalJson =
-                """
-                {
-                  "signature": "sig",
-                  "signing-key-version": 0,
-                  "document-version": 4,
-                  "data": "%s"
-                }
-                """.formatted(Base64.getEncoder().encodeToString(iddoc.getBytes(StandardCharsets.UTF_8)));
-        var entity = EntityBindingsMapper.fromString(originalJson);
-        assertEquals(2, entity.identityDocument().unknownAttributes().size(), entity.identityDocument().unknownAttributes().toString());
-        var json = EntityBindingsMapper.toAttestationData(entity);
-
-        // For the new iddoc format the identity document should be unchanged during serialization/deserialization,
-        // i.e the signed identity document should be unchanged
-        assertEquals(EntityBindingsMapper.mapper.readTree(originalJson), EntityBindingsMapper.mapper.readTree(json));
-    }
-
 }
 \ No newline at end of file
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java
index acb0905700f..ff85cb79f02 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/IdentityDocumentSignerTest.java
@@ -6,13 +6,10 @@ import com.yahoo.security.KeyUtils;
 import com.yahoo.vespa.athenz.api.AthenzIdentity;
 import com.yahoo.vespa.athenz.api.AthenzService;
 import com.yahoo.vespa.athenz.identityprovider.api.ClusterType;
-import com.yahoo.vespa.athenz.identityprovider.api.DefaultSignedIdentityDocument;
-import com.yahoo.vespa.athenz.identityprovider.api.EntityBindingsMapper;
-import com.yahoo.vespa.athenz.identityprovider.api.IdentityDocument;
 import com.yahoo.vespa.athenz.identityprovider.api.IdentityType;
-import com.yahoo.vespa.athenz.identityprovider.api.LegacySignedIdentityDocument;
 import com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument;
 import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId;
+import com.yahoo.vespa.athenz.utils.AthenzIdentities;
 import org.junit.jupiter.api.Test;
 
 import java.security.KeyPair;
@@ -21,7 +18,6 @@ import java.util.Arrays;
 import java.util.HashSet;
 
 import static com.yahoo.vespa.athenz.identityprovider.api.IdentityType.TENANT;
-import static com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument.LEGACY_DEFAULT_DOCUMENT_VERSION;
 import static com.yahoo.vespa.athenz.identityprovider.api.SignedIdentityDocument.DEFAULT_DOCUMENT_VERSION;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -46,53 +42,32 @@ public class IdentityDocumentSignerTest {
     private static final AthenzIdentity serviceIdentity = new AthenzService("vespa", "node");
 
     @Test
-    void legacy_generates_and_validates_signature() {
-        IdentityDocumentSigner signer = new IdentityDocumentSigner();
-        IdentityDocument identityDocument = new IdentityDocument(
-                id, providerService, configserverHostname,
-                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
-        String signature =
-                signer.generateLegacySignature(identityDocument, keyPair.getPrivate());
-
-        SignedIdentityDocument signedIdentityDocument = new LegacySignedIdentityDocument(
-                signature, KEY_VERSION, LEGACY_DEFAULT_DOCUMENT_VERSION, identityDocument);
-
-        assertTrue(signer.hasValidSignature(signedIdentityDocument, keyPair.getPublic()));
-    }
-
-    @Test
     void generates_and_validates_signature() {
         IdentityDocumentSigner signer = new IdentityDocumentSigner();
-        IdentityDocument identityDocument = new IdentityDocument(
-                id, providerService, configserverHostname,
-                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
-        String data = EntityBindingsMapper.toIdentityDocmentData(identityDocument);
         String signature =
-        signer.generateSignature(data, keyPair.getPrivate());
+                signer.generateSignature(id, providerService, configserverHostname, instanceHostname, createdAt,
+                                         ipAddresses, identityType, keyPair.getPrivate(), serviceIdentity);
 
-        SignedIdentityDocument signedIdentityDocument = new DefaultSignedIdentityDocument(
-                signature, KEY_VERSION, DEFAULT_DOCUMENT_VERSION, data);
+        SignedIdentityDocument signedIdentityDocument = new SignedIdentityDocument(
+                signature, KEY_VERSION, id, providerService, DEFAULT_DOCUMENT_VERSION, configserverHostname,
+                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
 
         assertTrue(signer.hasValidSignature(signedIdentityDocument, keyPair.getPublic()));
     }
 
     @Test
-    void legacy_ignores_cluster_type_and_zts_url() {
+    void ignores_cluster_type_and_zts_url() {
         IdentityDocumentSigner signer = new IdentityDocumentSigner();
-        IdentityDocument identityDocument = new IdentityDocument(
-                id, providerService, configserverHostname,
-                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
-        IdentityDocument withoutIgnoredFields = new IdentityDocument(
-                id, providerService, configserverHostname,
-                instanceHostname, createdAt, ipAddresses, identityType, null, null, serviceIdentity);
-
         String signature =
-                signer.generateLegacySignature(identityDocument, keyPair.getPrivate());
+                signer.generateSignature(id, providerService, configserverHostname, instanceHostname, createdAt,
+                                         ipAddresses, identityType, keyPair.getPrivate(), serviceIdentity);
 
-        var docWithoutIgnoredFields = new LegacySignedIdentityDocument(
-                signature, KEY_VERSION, LEGACY_DEFAULT_DOCUMENT_VERSION, withoutIgnoredFields);
-        var docWithIgnoredFields = new LegacySignedIdentityDocument(
-                signature, KEY_VERSION, LEGACY_DEFAULT_DOCUMENT_VERSION, identityDocument);
+        var docWithoutIgnoredFields = new SignedIdentityDocument(
+                signature, KEY_VERSION, id, providerService, DEFAULT_DOCUMENT_VERSION, configserverHostname,
+                instanceHostname, createdAt, ipAddresses, identityType, null, null, serviceIdentity);
+        var docWithIgnoredFields = new SignedIdentityDocument(
+                signature, KEY_VERSION, id, providerService, DEFAULT_DOCUMENT_VERSION, configserverHostname,
+                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
 
         assertTrue(signer.hasValidSignature(docWithoutIgnoredFields, keyPair.getPublic()));
         assertEquals(docWithIgnoredFields.signature(), docWithoutIgnoredFields.signature());
@@ -101,15 +76,16 @@ public class IdentityDocumentSignerTest {
     @Test
     void validates_signature_for_new_and_old_versions() {
         IdentityDocumentSigner signer = new IdentityDocumentSigner();
-        IdentityDocument identityDocument = new IdentityDocument(
-                id, providerService, configserverHostname,
-                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
         String signature =
-                signer.generateLegacySignature(identityDocument, keyPair.getPrivate());
+                signer.generateSignature(id, providerService, configserverHostname, instanceHostname, createdAt,
+                                         ipAddresses, identityType, keyPair.getPrivate(), serviceIdentity);
 
-        SignedIdentityDocument signedIdentityDocument = new LegacySignedIdentityDocument(
-                signature, KEY_VERSION, LEGACY_DEFAULT_DOCUMENT_VERSION, identityDocument);
+        SignedIdentityDocument signedIdentityDocument = new SignedIdentityDocument(
+                signature, KEY_VERSION, id, providerService, DEFAULT_DOCUMENT_VERSION, configserverHostname,
+                instanceHostname, createdAt, ipAddresses, identityType, clusterType, ztsUrl, serviceIdentity);
 
         assertTrue(signer.hasValidSignature(signedIdentityDocument, keyPair.getPublic()));
+
     }
+
 }
 \ No newline at end of file
author	Morten Tokle <morten.tokle@gmail.com>	2023-04-25 10:47:05 +0200
committer	GitHub <noreply@github.com>	2023-04-25 10:47:05 +0200
commit	9a7001e4b546eb25f5355ebe3aead644bbf658ca (patch)
tree	3c08335306c6b0cc63276b2d4e7d74a7956a6157 /vespa-athenz/src/test/java/com/yahoo
parent	f3ac0e360e47778eb51e3619825f09e52d3b6082 (diff)