diff options
author | Harald Musum <musum@oath.com> | 2018-07-09 18:03:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-09 18:03:06 +0200 |
commit | 3a6cb611e4f1ec8a86f3699c8ddb742e7eac0bdb (patch) | |
tree | 30cf4aa444da5966d53a143d9f06a065673df96c /vespa-athenz/src/test | |
parent | 8cd3b8e9cfe6eb8bf16b2619ef63e1d0f59a1eb0 (diff) |
Revert "Move NTokenValidator to vespa-athenz + load pub keys from file"
Diffstat (limited to 'vespa-athenz/src/test')
-rw-r--r-- | vespa-athenz/src/test/java/com/yahoo/vespa/athenz/utils/ntoken/NTokenValidatorTest.java | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/utils/ntoken/NTokenValidatorTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/utils/ntoken/NTokenValidatorTest.java deleted file mode 100644 index 0e70993792f..00000000000 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/utils/ntoken/NTokenValidatorTest.java +++ /dev/null @@ -1,87 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.athenz.utils.ntoken; - -import com.yahoo.athenz.auth.token.PrincipalToken; -import com.yahoo.vespa.athenz.api.AthenzIdentity; -import com.yahoo.vespa.athenz.api.AthenzPrincipal; -import com.yahoo.vespa.athenz.api.AthenzUser; -import com.yahoo.vespa.athenz.api.NToken; -import com.yahoo.vespa.athenz.tls.KeyAlgorithm; -import com.yahoo.vespa.athenz.tls.KeyUtils; -import com.yahoo.vespa.athenz.utils.ntoken.NTokenValidator.InvalidTokenException; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.ExpectedException; - -import java.security.KeyPair; -import java.security.PrivateKey; -import java.time.Instant; -import java.util.Optional; - -import static org.junit.Assert.assertEquals; - -/** - * @author bjorncs - */ -public class NTokenValidatorTest { - - private static final KeyPair TRUSTED_KEY = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - private static final KeyPair UNKNOWN_KEY = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - private static final AthenzIdentity IDENTITY = AthenzUser.fromUserId("myuser"); - - @Rule - public ExpectedException exceptionRule = ExpectedException.none(); - - @Test - public void valid_token_is_accepted() throws InvalidTokenException { - NTokenValidator validator = new NTokenValidator(createTruststore()); - NToken token = createNToken(IDENTITY, Instant.now(), TRUSTED_KEY.getPrivate(), "0"); - AthenzPrincipal principal = validator.validate(token); - assertEquals("user.myuser", principal.getIdentity().getFullName()); - } - - @Test - public void invalid_signature_is_not_accepted() throws InvalidTokenException { - NTokenValidator validator = new NTokenValidator(createTruststore()); - NToken token = createNToken(IDENTITY, Instant.now(), UNKNOWN_KEY.getPrivate(), "0"); - exceptionRule.expect(InvalidTokenException.class); - exceptionRule.expectMessage("NToken is expired or has invalid signature"); - validator.validate(token); - } - - @Test - public void expired_token_is_not_accepted() throws InvalidTokenException { - NTokenValidator validator = new NTokenValidator(createTruststore()); - NToken token = createNToken(IDENTITY, Instant.ofEpochMilli(1234) /*long time ago*/, TRUSTED_KEY.getPrivate(), "0"); - exceptionRule.expect(InvalidTokenException.class); - exceptionRule.expectMessage("NToken is expired or has invalid signature"); - validator.validate(token); - } - - @Test - public void unknown_keyId_is_not_accepted() throws InvalidTokenException { - NTokenValidator validator = new NTokenValidator(createTruststore()); - NToken token = createNToken(IDENTITY, Instant.now(), TRUSTED_KEY.getPrivate(), "unknown-key-id"); - exceptionRule.expect(InvalidTokenException.class); - exceptionRule.expectMessage("NToken has an unknown keyId"); - validator.validate(token); - } - - private static AthenzTruststore createTruststore() { - return keyId -> keyId.equals("0") ? Optional.of(TRUSTED_KEY.getPublic()) : Optional.empty(); - } - - private static NToken createNToken(AthenzIdentity identity, Instant issueTime, PrivateKey privateKey, String keyId) { - PrincipalToken token = new PrincipalToken.Builder("U1", identity.getDomain().getName(), identity.getName()) - .keyId(keyId) - .salt("1234") - .host("host") - .ip("1.2.3.4") - .issueTime(issueTime.getEpochSecond()) - .expirationWindow(1000) - .build(); - token.sign(privateKey); - return new NToken(token.getSignedToken()); - } - -} |