本文整理汇总了Java中com.yahoo.athenz.auth.util.Crypto.loadX509Certificate方法的典型用法代码示例。如果您正苦于以下问题:Java Crypto.loadX509Certificate方法的具体用法?Java Crypto.loadX509Certificate怎么用?Java Crypto.loadX509Certificate使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类com.yahoo.athenz.auth.util.Crypto的用法示例。
在下文中一共展示了Crypto.loadX509Certificate方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: testGenerateX509CertificateReqPrivateKey
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testGenerateX509CertificateReqPrivateKey() throws IOException {
Path path = Paths.get("src/test/resources/valid.csr");
String certStr = new String(Files.readAllBytes(path));
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(certStr);
X509Certificate caCertificate = Crypto.loadX509Certificate(ecPublicX509Cert);
PrivateKey caPrivateKey = Crypto.loadPrivateKey(rsaPrivateKey);
X509Certificate cert = Crypto.generateX509Certificate(certReq, caPrivateKey,
caCertificate, 600, false);
assertNotNull(cert);
assertEquals(cert.getIssuerX500Principal().getName(),
"CN=athenz.syncer,O=My Test Company,L=Sunnyvale,ST=CA,C=US");
}
示例2: updateCertificate
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
public X509Certificate updateCertificate(PrivateKey privateKey, TemporalAmount expiryTime) {
SimpleServiceIdentityProvider identityProvider = new SimpleServiceIdentityProvider(
authority, zoneConfig.domain(), zoneConfig.serviceName(),
privateKey, Integer.toString(zoneConfig.secretVersion()), TimeUnit.MINUTES.toSeconds(10));
ZTSClient ztsClient = new ZTSClient(
config.ztsUrl(), zoneConfig.domain(), zoneConfig.serviceName(), identityProvider);
InstanceRefreshRequest req =
ZTSClient.generateInstanceRefreshRequest(
zoneConfig.domain(), zoneConfig.serviceName(), privateKey,
config.certDnsSuffix(), (int)expiryTime.get(ChronoUnit.SECONDS));
String pemEncoded = ztsClient.postInstanceRefreshRequest(zoneConfig.domain(), zoneConfig.serviceName(), req)
.getCertificate();
return Crypto.loadX509Certificate(pemEncoded);
}
示例3: testCompareDnsNamesMismatchValues
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testCompareDnsNamesMismatchValues() throws IOException {
Path path = Paths.get("src/test/resources/athenz.mismatch.dns.csr");
String csr = new String(Files.readAllBytes(path));
X509CertRequest certReq = new X509CertRequest(csr);
assertNotNull(certReq);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
assertFalse(certReq.compareDnsNames(cert));
}
示例4: testLoadX509CertificateFile
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testLoadX509CertificateFile() {
X509Certificate cert = Crypto.loadX509Certificate(ecPublicX509Cert);
assertNotNull(cert);
assertEquals(cert.getSubjectX500Principal().getName(),
"CN=athenz.syncer,O=My Test Company,L=Sunnyvale,ST=CA,C=US");
}
示例5: testLoadX509CertificateInvalid
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testLoadX509CertificateInvalid() throws IOException {
Path path = Paths.get("src/test/resources/invalid_x509.cert");
String certStr = new String(Files.readAllBytes(path));
try {
Crypto.loadX509Certificate(certStr);
fail();
} catch (CryptoException ex) {
assertTrue(true, "Caught expected CryptoException");
}
}
示例6: testValidateServiceX509RefreshRequestMismatchPublicKeys
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testValidateServiceX509RefreshRequestMismatchPublicKeys() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root",
privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
IPBlock ipBlock = new IPBlock("10.0.0.1/255.255.255.255");
ztsImpl.certRefreshIPBlocks.add(ipBlock);
Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
String csr = new String(Files.readAllBytes(path));
X509CertRequest certReq = new X509CertRequest(csr);
assertNotNull(certReq);
certReq.setNormCsrPublicKey("mismatch-public-key");
path = Paths.get("src/test/resources/valid_provider_refresh.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz",
"syncer", "v=S1,d=athenz;n=syncer;s=sig", 0, new CertificateAuthority());
principal.setX509Certificate(cert);
assertTrue(ztsImpl.validateServiceX509RefreshRequest(principal, certReq, "10.0.0.1") == ServiceX509RefreshRequestStatus.PUBLIC_KEY_MISMATCH);
}
示例7: testPostInstanceRefreshRequest
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testPostInstanceRefreshRequest() throws IOException {
Path path = Paths.get("src/test/resources/valid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceRefreshRequest req = new InstanceRefreshRequest().setCsr(certCsr);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz",
"syncer", "v=S1,d=athenz;n=syncer;s=sig", 0, new PrincipalAuthority());
principal.setKeyId("0");
String publicKeyName = "athenz.syncer_0";
final String ztsPublicKey = "-----BEGIN PUBLIC KEY-----\n"
+ "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKrvfvBgXWqWAorw5hYJu3dpOJe0gp3n\n"
+ "TgiiPGT7+jzm6BRcssOBTPFIMkePT2a8Tq+FYSmFnHfbQjwmYw2uMK8CAwEAAQ==\n"
+ "-----END PUBLIC KEY-----";
zts.dataStore.getPublicKeyCache().put(publicKeyName, ztsPublicKey);
HttpServletRequest servletRequest = Mockito.mock(HttpServletRequest.class);
Mockito.when(servletRequest.isSecure()).thenReturn(true);
ResourceContext context = createResourceContext(principal, servletRequest);
Identity identity = zts.postInstanceRefreshRequest(context, "athenz", "syncer", req);
assertNotNull(identity);
X509Certificate cert = Crypto.loadX509Certificate(identity.getCertificate());
assertNotNull(cert);
}
示例8: testValidateServiceX509RefreshRequest
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testValidateServiceX509RefreshRequest() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root",
privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
IPBlock ipBlock = new IPBlock("10.0.0.1/255.255.255.255");
ztsImpl.certRefreshIPBlocks.add(ipBlock);
Path path = Paths.get("src/test/resources/valid_provider_refresh.csr");
String csr = new String(Files.readAllBytes(path));
X509CertRequest certReq = new X509CertRequest(csr);
assertNotNull(certReq);
path = Paths.get("src/test/resources/valid_provider_refresh.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz",
"syncer", "v=S1,d=athenz;n=syncer;s=sig", 0, new CertificateAuthority());
principal.setX509Certificate(cert);
assertTrue(ztsImpl.validateServiceX509RefreshRequest(principal, certReq, "10.0.0.1") == ServiceX509RefreshRequestStatus.SUCCESS);
}
示例9: testPostInstanceRefreshInformationSSHFailure
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testPostInstanceRefreshInformationSSHFailure() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root",
privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
InstanceConfirmation confirmation = new InstanceConfirmation()
.setDomain("athenz").setService("production").setProvider("athenz.provider");
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
Mockito.when(instanceProviderManager.getProvider("athenz.provider")).thenReturn(providerClient);
Mockito.when(providerClient.refreshInstance(Mockito.any())).thenReturn(confirmation);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setInstanceId("1001");
certRecord.setProvider("athenz.provider");
certRecord.setService("athenz.production");
certRecord.setCurrentSerial("16503746516960996918");
certRecord.setPrevSerial("16503746516960996918");
Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(true);
Mockito.when(instanceManager.generateSshIdentity(Mockito.any(), Mockito.eq("ssh-csr"),
Mockito.eq("user"))).thenReturn(false);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
InstanceIdentity identity = new InstanceIdentity().setName("athenz.production")
.setX509Certificate(pem);
Mockito.doReturn(identity).when(instanceManager).generateIdentity(Mockito.any(),
Mockito.any(), Mockito.any(), Mockito.anyInt());
ztsImpl.instanceProviderManager = instanceProviderManager;
ztsImpl.instanceCertManager = instanceManager;
InstanceRefreshInformation info = new InstanceRefreshInformation()
.setCsr(certCsr).setSsh("ssh-csr").setToken(true);
CertificateAuthority certAuthority = new CertificateAuthority();
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production",
"v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal);
try {
ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz",
"production", "1001", info);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 500);
}
}
示例10: testPostInstanceRefreshInformationSSHMatchPrevSerial
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testPostInstanceRefreshInformationSSHMatchPrevSerial() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root",
privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setInstanceId("1001");
certRecord.setProvider("athenz.provider");
certRecord.setService("athenz.production");
certRecord.setCurrentSerial("123413");
certRecord.setPrevSerial("16503746516960996918");
Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(true);
InstanceIdentity identity = new InstanceIdentity().setName("athenz.production");
Mockito.when(instanceManager.generateSshIdentity(identity, "ssh-csr", null)).thenReturn(true);
ztsImpl.instanceCertManager = instanceManager;
InstanceRefreshInformation info = new InstanceRefreshInformation().setSsh("ssh-csr");
CertificateAuthority certAuthority = new CertificateAuthority();
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production",
"v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
Path path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal);
InstanceIdentity instanceIdentity = ztsImpl.postInstanceRefreshInformation(context,
"athenz.provider", "athenz", "production", "1001", info);
assertNotNull(instanceIdentity);
}
示例11: testPostInstanceRefreshInformationNoProviderClient
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testPostInstanceRefreshInformationNoProviderClient() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root",
privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
InstanceConfirmation confirmation = new InstanceConfirmation()
.setDomain("athenz").setService("production").setProvider("athenz.provider");
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
Mockito.when(instanceProviderManager.getProvider("athenz.provider")).thenReturn(null);
Mockito.when(providerClient.refreshInstance(Mockito.any())).thenReturn(confirmation);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setInstanceId("1001");
certRecord.setProvider("athenz.provider");
certRecord.setService("athenz.production");
certRecord.setCurrentSerial("16503746516960996918");
certRecord.setPrevSerial("16503746516960996918");
Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(false);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
InstanceIdentity identity = new InstanceIdentity().setName("athenz.production")
.setX509Certificate(pem);
Mockito.doReturn(identity).when(instanceManager).generateIdentity(Mockito.any(),
Mockito.any(), Mockito.any(), Mockito.anyInt());
ztsImpl.instanceProviderManager = instanceProviderManager;
ztsImpl.instanceCertManager = instanceManager;
InstanceRefreshInformation info = new InstanceRefreshInformation()
.setCsr(certCsr);
CertificateAuthority certAuthority = new CertificateAuthority();
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production",
"v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal);
try {
ztsImpl.postInstanceRefreshInformation(context, "athenz.provider",
"athenz", "production", "1001", info);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 400, ex.getMessage());
assertTrue(ex.getMessage().contains("unable to get instance for provider"));
}
}
示例12: testPostInstanceRefreshInformationNotFound
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testPostInstanceRefreshInformationNotFound() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root",
privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
Mockito.when(instanceProviderManager.getProvider("athenz.provider")).thenReturn(providerClient);
Mockito.when(providerClient.refreshInstance(Mockito.any())).thenThrow(new com.yahoo.athenz.instance.provider.ResourceException(404));
X509CertRecord certRecord = new X509CertRecord();
certRecord.setInstanceId("1001");
certRecord.setProvider("athenz.provider");
certRecord.setService("athenz.production");
certRecord.setCurrentSerial("16503746516960996918");
certRecord.setPrevSerial("16503746516960996918");
Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(true);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
InstanceIdentity identity = new InstanceIdentity().setName("athenz.production")
.setX509Certificate(pem);
Mockito.doReturn(identity).when(instanceManager).generateIdentity(Mockito.any(),
Mockito.any(), Mockito.any(), Mockito.anyInt());
ztsImpl.instanceProviderManager = instanceProviderManager;
ztsImpl.instanceCertManager = instanceManager;
InstanceRefreshInformation info = new InstanceRefreshInformation()
.setCsr(certCsr).setToken(true);
CertificateAuthority certAuthority = new CertificateAuthority();
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production",
"v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal);
InstanceIdentity instanceIdentity = ztsImpl.postInstanceRefreshInformation(context,
"athenz.provider", "athenz", "production", "1001", info);
assertNotNull(instanceIdentity);
assertNotNull(instanceIdentity.getServiceToken());
}
示例13: testPostInstanceRefreshInformationCertRecordFailure
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testPostInstanceRefreshInformationCertRecordFailure() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root",
privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
Path path = Paths.get("src/test/resources/athenz.instanceid.csr");
String certCsr = new String(Files.readAllBytes(path));
InstanceProviderManager instanceProviderManager = Mockito.mock(InstanceProviderManager.class);
InstanceProvider providerClient = Mockito.mock(InstanceProvider.class);
InstanceConfirmation confirmation = new InstanceConfirmation()
.setDomain("athenz").setService("production").setProvider("athenz.provider");
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
Mockito.when(instanceProviderManager.getProvider("athenz.provider")).thenReturn(providerClient);
Mockito.when(providerClient.refreshInstance(Mockito.any())).thenReturn(confirmation);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setInstanceId("1001");
certRecord.setProvider("athenz.provider");
certRecord.setService("athenz.production");
certRecord.setCurrentSerial("16503746516960996918");
certRecord.setPrevSerial("16503746516960996918");
Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(false);
path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
InstanceIdentity identity = new InstanceIdentity().setName("athenz.production")
.setX509Certificate(pem);
Mockito.doReturn(identity).when(instanceManager).generateIdentity(Mockito.any(),
Mockito.any(), Mockito.any(), Mockito.anyInt());
ztsImpl.instanceProviderManager = instanceProviderManager;
ztsImpl.instanceCertManager = instanceManager;
InstanceRefreshInformation info = new InstanceRefreshInformation()
.setCsr(certCsr);
CertificateAuthority certAuthority = new CertificateAuthority();
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production",
"v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal);
try {
ztsImpl.postInstanceRefreshInformation(context, "athenz.provider",
"athenz", "production", "1001", info);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 500);
assertTrue(ex.getMessage().contains("unable to update cert db"));
}
}
示例14: CloudStore
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
public CloudStore(CertSigner certSigner) {
// save our cert signer and generate the PEM output of the certificate
this.certSigner = certSigner;
if (certSigner != null) {
x509CACertificate = certSigner.getCACertificate();
sshHostCertificate = certSigner.getSSHCertificate(ZTSConsts.ZTS_SSH_HOST);
sshUserCertificate = certSigner.getSSHCertificate(ZTSConsts.ZTS_SSH_USER);
}
// initialize our account cache
cloudAccountCache = new HashMap<String, String>();
// Instantiate and start our HttpClient
httpClient = new HttpClient();
httpClient.setFollowRedirects(false);
try {
httpClient.start();
} catch (Exception ex) {
LOGGER.error("CloudStore: unable to start http client: " + ex.getMessage());
throw new ResourceException(ResourceException.INTERNAL_SERVER_ERROR,
"Http client not available");
}
// let's retrieve our AWS public certificate which is posted here:
// http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html
String awsCertFileName = System.getProperty(ZTSConsts.ZTS_PROP_AWS_PUBLIC_CERT);
if (awsCertFileName != null && !awsCertFileName.isEmpty()) {
File awsCertFile = new File(awsCertFileName);
X509Certificate awsCert = Crypto.loadX509Certificate(awsCertFile);
awsPublicKey = awsCert.getPublicKey();
}
// check to see if we are given region name
awsRegion = System.getProperty(ZTSConsts.ZTS_PROP_AWS_REGION_NAME);
// how long the instance must be booted in the past before we
// stop validating the instance requests
long timeout = TimeUnit.SECONDS.convert(5, TimeUnit.MINUTES);
bootTimeOffset = 1000 * Long.parseLong(
System.getProperty(ZTSConsts.ZTS_PROP_AWS_BOOT_TIME_OFFSET, Long.toString(timeout)));
// initialize aws support
awsEnabled = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_AWS_ENABLED, "false"));
initializeAwsSupport();
}
示例15: testPostInstanceRefreshInformationSSHMismatchSerial
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testPostInstanceRefreshInformationSSHMismatchSerial() throws IOException {
ChangeLogStore structStore = new ZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root",
privateKey, "0");
DataStore store = new DataStore(structStore, null);
ZTSImpl ztsImpl = new ZTSImpl(mockCloudStore, store);
SignedDomain providerDomain = signedAuthorizedProviderDomain();
store.processDomain(providerDomain, false);
SignedDomain tenantDomain = signedBootstrapTenantDomain("athenz.provider", "athenz", "production");
store.processDomain(tenantDomain, false);
InstanceCertManager instanceManager = Mockito.spy(ztsImpl.instanceCertManager);
X509CertRecord certRecord = new X509CertRecord();
certRecord.setInstanceId("1001");
certRecord.setProvider("athenz.provider");
certRecord.setService("athenz.production");
certRecord.setCurrentSerial("123413");
certRecord.setPrevSerial("123413");
Mockito.when(instanceManager.getX509CertRecord("athenz.provider", "1001")).thenReturn(certRecord);
Mockito.when(instanceManager.updateX509CertRecord(Mockito.any())).thenReturn(true);
ztsImpl.instanceCertManager = instanceManager;
InstanceRefreshInformation info = new InstanceRefreshInformation().setSsh("ssh-csr");
CertificateAuthority certAuthority = new CertificateAuthority();
SimplePrincipal principal = (SimplePrincipal) SimplePrincipal.create("athenz", "production",
"v=S1;d=athenz;n=production;s=signature", 0, certAuthority);
Path path = Paths.get("src/test/resources/athenz.instanceid.pem");
String pem = new String(Files.readAllBytes(path));
X509Certificate cert = Crypto.loadX509Certificate(pem);
principal.setX509Certificate(cert);
ResourceContext context = createResourceContext(principal);
try {
ztsImpl.postInstanceRefreshInformation(context, "athenz.provider", "athenz",
"production", "1001", info);
fail();
} catch (ResourceException ex) {
assertEquals(ex.getCode(), 403);
}
}