1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.athenz.identityprovider.api;
import org.junit.jupiter.api.Test;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertInstanceOf;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
/**
* @author bjorncs
*/
class EntityBindingsMapperTest {
@Test
public void legacy_persists_unknown_json_members() throws IOException {
var originalJson =
"""
{
"signature": "sig",
"signing-key-version": 0,
"provider-unique-id": "0.cluster.instance.app.tenant.us-west-1.test.node",
"provider-service": "domain.service",
"document-version": 2,
"configserver-hostname": "cfg",
"instance-hostname": "host",
"created-at": 12345.0,
"ip-addresses": [],
"identity-type": "node",
"cluster-type": "admin",
"zts-url": "https://zts.url/",
"unknown-string": "string-value",
"unknown-object": { "member-in-unknown-object": 123 }
}
""";
var entity = EntityBindingsMapper.fromString(originalJson);
assertInstanceOf(LegacySignedIdentityDocument.class, entity);
assertEquals(2, entity.identityDocument().unknownAttributes().size(), entity.identityDocument().unknownAttributes().toString());
var json = EntityBindingsMapper.toAttestationData(entity);
var expectedMemberInJson = "member-in-unknown-object";
assertTrue(json.contains(expectedMemberInJson),
() -> "Expected JSON to contain '%s', but got \n'%s'".formatted(expectedMemberInJson, json));
assertEquals(EntityBindingsMapper.mapper.readTree(originalJson), EntityBindingsMapper.mapper.readTree(json));
}
@Test
public void reads_unknown_json_members() throws IOException {
var iddoc = """
{
"provider-unique-id": "0.cluster.instance.app.tenant.us-west-1.test.node",
"provider-service": "domain.service",
"configserver-hostname": "cfg",
"instance-hostname": "host",
"created-at": 12345.0,
"ip-addresses": [],
"identity-type": "node",
"cluster-type": "admin",
"zts-url": "https://zts.url/",
"unknown-string": "string-value",
"unknown-object": { "member-in-unknown-object": 123 }
}
""";
var originalJson =
"""
{
"signature": "sig",
"signing-key-version": 0,
"document-version": 4,
"data": "%s"
}
""".formatted(Base64.getEncoder().encodeToString(iddoc.getBytes(StandardCharsets.UTF_8)));
var entity = EntityBindingsMapper.fromString(originalJson);
assertEquals(2, entity.identityDocument().unknownAttributes().size(), entity.identityDocument().unknownAttributes().toString());
var json = EntityBindingsMapper.toAttestationData(entity);
// For the new iddoc format the identity document should be unchanged during serialization/deserialization,
// i.e the signed identity document should be unchanged
assertEquals(EntityBindingsMapper.mapper.readTree(originalJson), EntityBindingsMapper.mapper.readTree(json));
}
}
|
