From 00c7e655dfb56f00e8451b2aaaee44189077b433 Mon Sep 17 00:00:00 2001 From: Martin Polden Date: Fri, 20 Sep 2019 15:04:32 +0200 Subject: Test registration with ZTS client --- .../ca/restapi/CertificateAuthorityApiTest.java | 20 ++++++++++++++++---- .../vespa/hosted/ca/restapi/ContainerTester.java | 5 ++++- 2 files changed, 20 insertions(+), 5 deletions(-) (limited to 'athenz-identity-provider-service/src/test') diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java index 1598f69a5f4..4393c3a25b9 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiTest.java @@ -7,11 +7,15 @@ import com.yahoo.security.KeyUtils; import com.yahoo.security.Pkcs10Csr; import com.yahoo.security.Pkcs10CsrUtils; import com.yahoo.security.X509CertificateUtils; +import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.vespa.athenz.client.zts.DefaultZtsClient; import com.yahoo.vespa.config.SlimeUtils; import com.yahoo.vespa.hosted.ca.CertificateTester; import org.junit.Before; import org.junit.Test; +import javax.net.ssl.SSLContext; +import java.net.URI; import java.nio.charset.StandardCharsets; import static org.junit.Assert.assertEquals; @@ -28,25 +32,33 @@ public class CertificateAuthorityApiTest extends ContainerTester { } @Test - public void register_instance() { + public void register_instance() throws Exception { // POST instance registration var csr = CertificateTester.createCsr("node1.example.com"); - assertRegistration(new Request("http://localhost:8080/ca/v1/instance/", + assertRegistration(new Request("http://localhost:12345/ca/v1/instance/", instanceRegistrationJson(csr), Request.Method.POST)); + + // POST instance registration with ZTS client + var ztsClient = new DefaultZtsClient(URI.create("http://localhost:12345/ca/v1/"), SSLContext.getDefault()); + var instanceIdentity = ztsClient.registerInstance(new AthenzService("vespa.external", "provider_prod_us-north-1"), + new AthenzService("vespa.external", "tenant"), + "identity document generated by config server", + csr); + assertEquals("CN=Vespa CA", instanceIdentity.certificate().getIssuerX500Principal().getName()); } @Test public void invalid_register_instance() { // POST instance registration with missing fields assertResponse(400, "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Missing required field 'provider'\"}", - new Request("http://localhost:8080/ca/v1/instance/", + new Request("http://localhost:12345/ca/v1/instance/", new byte[0], Request.Method.POST)); // POST instance registration without DNS name in CSR var csr = CertificateTester.createCsr(); - var request = new Request("http://localhost:8080/ca/v1/instance/", + var request = new Request("http://localhost:12345/ca/v1/instance/", instanceRegistrationJson(csr), Request.Method.POST); assertResponse(400, "{\"error-code\":\"BAD_REQUEST\",\"message\":\"DNS name not found in CSR\"}", request); diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java index 6cc86839290..2ca45cf7e56 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/restapi/ContainerTester.java @@ -25,7 +25,7 @@ public class ContainerTester { @Before public void startContainer() { - container = JDisc.fromServicesXml(servicesXml(), Networking.disable); + container = JDisc.fromServicesXml(servicesXml(), Networking.enable); } @After @@ -63,6 +63,9 @@ public class ContainerTester { " \n" + " http://*/ca/v1/*\n" + " \n" + + " \n" + + " \n" + + " \n" + ""; } -- cgit v1.2.3