From 7bb6792567b09f3bd42951d341c925e7f63f92be Mon Sep 17 00:00:00 2001 From: Henry Avetisyan Date: Wed, 1 Feb 2017 13:13:01 -0800 Subject: [PATCH] Move PrivateKeyStore interface to auth_core to be common for both servers --- docs/setup_zms.md | 7 +- .../yahoo/athenz/auth}/PrivateKeyStore.java | 18 ++--- .../athenz/auth}/PrivateKeyStoreFactory.java | 5 +- .../com/yahoo/athenz/auth/util/Crypto.java | 10 ++- .../auth/impl}/PrivateKeyStoreTest.java | 12 ++-- .../yahoo/athenz/auth/util/CryptoTest.java | 4 +- .../main/java/com/yahoo/athenz/zms/ZMS.java | 2 +- .../java/com/yahoo/athenz/zms/ZMSImpl.java | 16 ++--- .../com/yahoo/athenz/zms/ZMSServerImpl.java | 11 ++- .../zms/pkey/file/FilePrivateKeyStore.java | 28 +------- .../pkey/file/FilePrivateKeyStoreFactory.java | 6 +- .../com/yahoo/athenz/zms/DBServiceTest.java | 4 +- .../com/yahoo/athenz/zms/ZMSImplTest.java | 16 +---- .../yahoo/athenz/zms/ZMSServerImplTest.java | 2 +- .../pkey/file/FilePrivateKeyStoreTest.java | 50 +++---------- .../main/java/com/yahoo/athenz/zts/ZTS.java | 12 ++-- .../athenz/zts/cert/impl/SelfCertSigner.java | 4 +- .../athenz/zts/pkey/PrivateKeyStore.java | 41 ----------- .../zts/pkey/PrivateKeyStoreFactory.java | 26 ------- .../zts/pkey/file/FilePrivateKeyStore.java | 66 +---------------- .../pkey/file/FilePrivateKeyStoreFactory.java | 6 +- .../zts/pkey/hsm/HSMPrivateKeyStore.java | 5 +- .../pkey/hsm/HSMPrivateKeyStoreFactory.java | 6 +- .../com/yahoo/athenz/zts/ZTSDaemonTest.java | 2 +- .../pkey/file/FilePrivateKeyStoreTest.java | 71 +++---------------- .../zts/pkey/hsm/HSMPrivateKeyStoreTest.java | 6 +- 26 files changed, 87 insertions(+), 349 deletions(-) rename {servers/zms/src/main/java/com/yahoo/athenz/zms/pkey => libs/java/auth_core/src/main/java/com/yahoo/athenz/auth}/PrivateKeyStore.java (64%) rename {servers/zms/src/main/java/com/yahoo/athenz/zms/pkey => libs/java/auth_core/src/main/java/com/yahoo/athenz/auth}/PrivateKeyStoreFactory.java (82%) rename {servers/zms/src/test/java/com/yahoo/athenz/zms/pkey => libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl}/PrivateKeyStoreTest.java (78%) delete mode 100644 servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/PrivateKeyStore.java delete mode 100644 servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/PrivateKeyStoreFactory.java diff --git a/docs/setup_zms.md b/docs/setup_zms.md index a4406e6809a..ce4d02904eb 100644 --- a/docs/setup_zms.md +++ b/docs/setup_zms.md @@ -5,7 +5,7 @@ * [JDK 8](#jdk-8) * [Getting Software](#getting-software) * [Configuration](#configuration) - * [Private/Public Key Pair](#privatepublic-key-pair) + * [Private Key](#private-key) * [Self Signed X509 Certificate](#self-signed-x509-certificate) * [User Authentication](#user-authentication) * [System Administrators](#system-administrators) @@ -48,17 +48,16 @@ $ cd athenz-zms-X.Y To run ZMS Server, the system administrator must generate the keys and make necessary changes to the configuration settings. -### Private/Public Key Pair +### Private Key --------------------------- -Generate a unique private/public key pair that ZMS Server will use +Generate a unique private key that ZMS Server will use to sign any NTokens it issues. From the `athenz-zms-X.Y` directory execute the following commands: ```shell $ cd var/zms_server/keys $ openssl genrsa -out zms_private.pem 2048 -$ openssl rsa -in zms_private.pem -pubout > zms_public.pem ``` ### Self Signed X509 Certificate diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/PrivateKeyStore.java b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/PrivateKeyStore.java similarity index 64% rename from servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/PrivateKeyStore.java rename to libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/PrivateKeyStore.java index 0845c8d4dfc..a46b5eebc29 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/PrivateKeyStore.java +++ b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/PrivateKeyStore.java @@ -13,29 +13,21 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.yahoo.athenz.zms.pkey; +package com.yahoo.athenz.auth; import java.security.PrivateKey; public interface PrivateKeyStore { /** - * Retrieve private key for this ZMS Server instance to sign its tokens + * Retrieve private key for this Athenz Server instance to sign its tokens * The private key identifier must be updated in the privateKeyId out - * StringBuilder field. The Private Key Store Factory has the knowledge - * which hostname we're processing this request for. + * StringBuilder field. + * @param serverHostName hostname of the Athenz Server instance * @param privateKeyId - out argument - must be updated to include key id * @return private key for this ZMS Server instance. */ - default PrivateKey getPrivateKey(StringBuilder privateKeyId) { - return null; - } - - /** - * Retrieve server's corresponding public key in PEM format. - * @return public key in PEM format - */ - default String getPEMPublicKey() { + default PrivateKey getPrivateKey(String serverHostName, StringBuilder privateKeyId) { return null; } } diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/PrivateKeyStoreFactory.java b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/PrivateKeyStoreFactory.java similarity index 82% rename from servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/PrivateKeyStoreFactory.java rename to libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/PrivateKeyStoreFactory.java index 9812795cb9e..2f7c72d5c09 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/PrivateKeyStoreFactory.java +++ b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/PrivateKeyStoreFactory.java @@ -13,14 +13,13 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.yahoo.athenz.zms.pkey; +package com.yahoo.athenz.auth; public interface PrivateKeyStoreFactory { /** * Create and return a new PrivateKeyStore instance - * @param serverHostName hostname of the ZMS Server instance * @return PrivateKeyStore instance */ - public PrivateKeyStore create(String serverHostName); + public PrivateKeyStore create(); } diff --git a/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/util/Crypto.java b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/util/Crypto.java index 85902b91279..72ca0b434c7 100644 --- a/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/util/Crypto.java +++ b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/util/Crypto.java @@ -416,6 +416,10 @@ public static String ybase64DecodeString(String b64) { return utf8String(ybase64Decode(b64)); } + public static String ybase64EncodeString(String str) { + return utf8String(YBase64.encode(utf8Bytes(str))); + } + public static X509Certificate loadX509Certificate(File certFile) throws CryptoException { try (FileReader fileReader = new FileReader(certFile)) { return loadX509Certificate(fileReader); @@ -1016,16 +1020,16 @@ public static boolean validatePKCS7Signature(String data, String signature, Publ return false; } - public static String x509CertificateToPem(X509Certificate cert) { + public static String convertToPEMFormat(Object obj) { StringWriter writer = new StringWriter(); try { try (JcaPEMWriter pemWriter = new JcaPEMWriter(writer)) { - pemWriter.writeObject(cert); + pemWriter.writeObject(obj); pemWriter.flush(); pemWriter.close(); } } catch (IOException ex) { - LOG.error("x509CertificateToPem: unable to convert X509 cert to PEM: " + ex.getMessage()); + LOG.error("convertToPEMFormat: unable to convert object to PEM: " + ex.getMessage()); return null; } diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/PrivateKeyStoreTest.java b/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/PrivateKeyStoreTest.java similarity index 78% rename from servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/PrivateKeyStoreTest.java rename to libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/PrivateKeyStoreTest.java index 25d75025205..230b0a63c69 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/PrivateKeyStoreTest.java +++ b/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/PrivateKeyStoreTest.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.yahoo.athenz.zms.pkey; +package com.yahoo.athenz.auth.impl; import static org.testng.Assert.*; @@ -21,6 +21,8 @@ import org.testng.annotations.Test; +import com.yahoo.athenz.auth.PrivateKeyStore; + public class PrivateKeyStoreTest { public class PrivateKeyStoreInstance implements PrivateKeyStore { @@ -29,14 +31,8 @@ public class PrivateKeyStoreInstance implements PrivateKeyStore { public void testGetPrivateKeyMulti() { PrivateKeyStoreInstance keystore = new PrivateKeyStoreInstance(); StringBuilder sb = new StringBuilder(); - PrivateKey key = keystore.getPrivateKey(sb); + PrivateKey key = keystore.getPrivateKey("hostname", sb); assertNull(key); } - - @Test - public void testGetPEMPublicKey() { - PrivateKeyStoreInstance keystore = new PrivateKeyStoreInstance(); - assertNull(keystore.getPEMPublicKey()); - } } } diff --git a/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/util/CryptoTest.java b/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/util/CryptoTest.java index 0e207b9c096..2441ba2b846 100644 --- a/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/util/CryptoTest.java +++ b/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/util/CryptoTest.java @@ -417,7 +417,7 @@ public void testGenerateX509CertificateAltNames() throws IOException { System.out.println("****** Generated Certificate With Alternative Names *********"); System.out.println(cert.toString()); System.out.println("PEM format:"); - System.out.println(Crypto.x509CertificateToPem(cert)); + System.out.println(Crypto.convertToPEMFormat(cert)); } @Test @@ -457,7 +457,7 @@ public void testGenerateX509CertificateInvalid() throws IOException { @Test public void testX509CertificateToPem() { X509Certificate cert = Crypto.loadX509Certificate(ecPublicX509Cert); - String pem = Crypto.x509CertificateToPem(cert); + String pem = Crypto.convertToPEMFormat(cert); assertNotNull(pem); assertTrue(pem.contains("BEGIN CERTIFICATE"), pem); assertTrue(pem.contains("END CERTIFICATE"), pem); diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMS.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMS.java index 479e76672d7..3ebba20d4c7 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMS.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMS.java @@ -21,12 +21,12 @@ import org.eclipse.jetty.server.HttpConfiguration; import com.yahoo.athenz.auth.Authority; +import com.yahoo.athenz.auth.PrivateKeyStoreFactory; import com.yahoo.athenz.common.metrics.MetricFactory; import com.yahoo.athenz.common.server.log.AuditLogFactory; import com.yahoo.athenz.common.server.log.AuditLogMsgBuilder; import com.yahoo.athenz.common.server.log.AuditLogger; import com.yahoo.athenz.common.server.rest.Http.AuthorityList; -import com.yahoo.athenz.zms.pkey.PrivateKeyStoreFactory; import java.net.InetAddress; diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java index 024195ca08b..4ee8903f83d 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java @@ -129,7 +129,6 @@ public class ZMSImpl implements Authorizer, KeyStore, ZMSHandler { protected DBService dbService = null; protected Class providerClass = null; protected Schema schema = null; - protected String publicKey = null; protected PrivateKey privateKey = null; protected String privateKeyId = "0"; protected int userTokenTimeout = 3600; @@ -354,13 +353,12 @@ void convertToLowerCase(Object obj) { static String auditLoggerMsgBldrClass = null; public ZMSImpl(String serverHostName, ObjectStore dbStore, Metric metric, - PrivateKey privateKey, String privateKeyId, String publicKey, - AuditLogger auditLog, String auditLogMsgBldrClass) { + PrivateKey privateKey, String privateKeyId, AuditLogger auditLog, + String auditLogMsgBldrClass) { auditLogger = auditLog; auditLoggerMsgBldrClass = auditLogMsgBldrClass; - this.publicKey = publicKey; this.privateKey = privateKey; this.privateKeyId = privateKeyId; this.schema = ZMSSchema.instance(); @@ -465,8 +463,9 @@ void loadServerPublicKeys() { // this should never happen but just in case we'll just // use the public key we retrieved ourselves to the map - if (serverPublicKeyMap.isEmpty()) { - serverPublicKeyMap.put(privateKeyId, publicKey); + if (serverPublicKeyMap.isEmpty() && privateKey != null) { + final String publicKey = Crypto.convertToPEMFormat(Crypto.extractPublicKey(privateKey)); + serverPublicKeyMap.put(privateKeyId, Crypto.ybase64EncodeString(publicKey)); } } @@ -559,9 +558,10 @@ void initObjectStore() { createSubDomain(null, "sys", "auth", "The AuthNG domain", null, null, adminUsers, null, 0, null, null, caller); - if (publicKey != null) { + if (privateKey != null) { List pubKeys = new ArrayList<>(); - pubKeys.add(new PublicKeyEntry().setId(privateKeyId).setKey(publicKey)); + final String publicKey = Crypto.convertToPEMFormat(Crypto.extractPublicKey(privateKey)); + pubKeys.add(new PublicKeyEntry().setId(privateKeyId).setKey(Crypto.ybase64EncodeString(publicKey))); ServiceIdentity id = new ServiceIdentity().setName("sys.auth.zms").setPublicKeys(pubKeys); dbService.executePutServiceIdentity(null, SYS_AUTH, ZMS_SERVICE, id, null, caller); } else { diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSServerImpl.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSServerImpl.java index b71a5e9338c..912c6ab00c0 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSServerImpl.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSServerImpl.java @@ -18,14 +18,14 @@ import com.yahoo.athenz.auth.Authority; import com.yahoo.athenz.auth.AuthorityKeyStore; import com.yahoo.athenz.auth.Authorizer; +import com.yahoo.athenz.auth.PrivateKeyStore; +import com.yahoo.athenz.auth.PrivateKeyStoreFactory; import com.yahoo.athenz.common.metrics.Metric; import com.yahoo.athenz.common.metrics.MetricFactory; import com.yahoo.athenz.common.server.db.DataSourceFactory; import com.yahoo.athenz.common.server.db.PoolableDataSource; import com.yahoo.athenz.common.server.log.AuditLogger; import com.yahoo.athenz.common.server.rest.Http.AuthorityList; -import com.yahoo.athenz.zms.pkey.PrivateKeyStore; -import com.yahoo.athenz.zms.pkey.PrivateKeyStoreFactory; import com.yahoo.athenz.zms.store.ObjectStore; import com.yahoo.athenz.zms.store.file.FileObjectStore; import com.yahoo.athenz.zms.store.jdbc.JDBCObjectStore; @@ -50,9 +50,8 @@ public ZMSServerImpl(String serverHostName, PrivateKeyStoreFactory pkeyStoreFact // extract the private key and public keys for our service StringBuilder privKeyId = new StringBuilder(256); - PrivateKeyStore keyStore = pkeyStoreFactory.create(serverHostName); - PrivateKey pkey = keyStore.getPrivateKey(privKeyId); - String publicKey = keyStore.getPEMPublicKey(); + PrivateKeyStore keyStore = pkeyStoreFactory.create(); + PrivateKey pkey = keyStore.getPrivateKey(serverHostName, privKeyId); // create our metric and increment our startup count @@ -76,7 +75,7 @@ public ZMSServerImpl(String serverHostName, PrivateKeyStoreFactory pkeyStoreFact try { instance = new ZMSImpl(serverHostName, store, metric, pkey, privKeyId.toString(), - publicKey, auditLogger, auditLoggerMsgBldrClass); + auditLogger, auditLoggerMsgBldrClass); instance.putAuthorityList(authList); } catch (Exception ex) { metric.increment("zms_startup_fail_sum"); diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStore.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStore.java index 57396d5e248..c8b5364b824 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStore.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStore.java @@ -23,11 +23,11 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.yahoo.athenz.auth.PrivateKeyStore; import com.yahoo.athenz.auth.util.Crypto; import com.yahoo.athenz.zms.ResourceException; import com.yahoo.athenz.zms.ZMS; import com.yahoo.athenz.zms.ZMSConsts; -import com.yahoo.athenz.zms.pkey.PrivateKeyStore; public class FilePrivateKeyStore implements PrivateKeyStore { @@ -37,7 +37,7 @@ public FilePrivateKeyStore() { } @Override - public PrivateKey getPrivateKey(StringBuilder privateKeyId) { + public PrivateKey getPrivateKey(String serverHostName, StringBuilder privateKeyId) { String privKeyName = System.getProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY, ZMS.getRootDir() + "/share/athenz/sys.auth/zms.key"); @@ -67,30 +67,6 @@ public PrivateKey getPrivateKey(StringBuilder privateKeyId) { return pkey; } - @Override - public String getPEMPublicKey() { - - String pubKeyName = System.getProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY, - ZMSConsts.STR_DEF_ROOT + "/share/athenz/pubkeys/zms.key"); - - if (LOG.isDebugEnabled()) { - LOG.debug("FilePrivateKeyStore: public key file=" + pubKeyName); - } - - // check to see if this is running in dev mode and thus it's - // a resource in our jar file - - String pubKey = null; - if (pubKeyName.startsWith(ZMSConsts.STR_JAR_RESOURCE)) { - pubKey = retrieveKeyFromResource(pubKeyName.substring(ZMSConsts.STR_JAR_RESOURCE.length())); - } else { - File pubKeyFile = new File(pubKeyName); - pubKey = Crypto.encodedFile(pubKeyFile); - } - - return pubKey; - } - String retrieveKeyFromResource(String resourceName) { String key = null; diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreFactory.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreFactory.java index e1f67458dbb..60c23927f8a 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreFactory.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreFactory.java @@ -15,13 +15,13 @@ */ package com.yahoo.athenz.zms.pkey.file; -import com.yahoo.athenz.zms.pkey.PrivateKeyStore; -import com.yahoo.athenz.zms.pkey.PrivateKeyStoreFactory; +import com.yahoo.athenz.auth.PrivateKeyStore; +import com.yahoo.athenz.auth.PrivateKeyStoreFactory; public class FilePrivateKeyStoreFactory implements PrivateKeyStoreFactory { @Override - public PrivateKeyStore create(String serverHostName) { + public PrivateKeyStore create() { return new FilePrivateKeyStore(); } } diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java index d49abcce0b8..b5e56e2c027 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/DBServiceTest.java @@ -177,7 +177,7 @@ private ZMSImpl zmsInit() { Metric debugMetric = new com.yahoo.athenz.common.metrics.impl.NoOpMetric(); ZMSImpl zmsObj = new ZMSImpl("localhost", store, debugMetric, privateKey, - privKeyId, pubKey, AuditLogFactory.getLogger(), null); + privKeyId, AuditLogFactory.getLogger(), null); ServiceIdentity service = createServiceObject("sys.auth", "zms", "http://localhost", "/usr/bin/java", "root", @@ -305,7 +305,7 @@ ZMSImpl getZmsImpl(String storeDir, AuditLogger alogger) { Metric debugMetric = new com.yahoo.athenz.common.metrics.impl.NoOpMetric(); ZMSImpl zmsObj = new ZMSImpl("localhost", store, debugMetric, privateKey, - privKeyId, pubKey, alogger, null); + privKeyId, alogger, null); zmsObj.putServiceIdentity(mockDomRsrcCtx, "sys.auth", "zms", auditRef, service); zmsObj.setProviderClientClass(ProviderMockClient.class); return zmsObj; diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java index 24d9eb9daed..21f89ed1c7b 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java @@ -217,7 +217,7 @@ private ZMSImpl zmsInit() { Metric metric = createMetric(); ZMSImpl zmsObj = new ZMSImpl("localhost", store, metric, privateKey, - privKeyId, pubKey, AuditLogFactory.getLogger(), null); + privKeyId, AuditLogFactory.getLogger(), null); ServiceIdentity service = createServiceObject("sys.auth", "zms", "http://localhost", "/usr/bin/java", "root", @@ -244,7 +244,7 @@ ZMSImpl getZmsImpl(String storeDir, AuditLogger alogger) { Metric metric = createMetric(); ZMSImpl zmsObj = new ZMSImpl("localhost", store, metric, privateKey, - privKeyId, pubKey, alogger, null); + privKeyId, alogger, null); zmsObj.putServiceIdentity(mockDomRsrcCtx, "sys.auth", "zms", auditRef, service); zmsObj.setProviderClientClass(ProviderMockClient.class); return zmsObj; @@ -4657,7 +4657,6 @@ public void testGetUserToken() { zms.privateKeyId = "0"; zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey)); - zms.publicKey = pubKey; UserToken token = zms.getUserToken(rsrcCtx1, userId, null); assertNotNull(token); @@ -4671,7 +4670,6 @@ public void testGetUserToken() { zms.privateKeyId = "1"; zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKeyK1)); - zms.publicKey = pubKeyK1; token = zms.getUserToken(rsrcCtx1, userId, null); assertNotNull(token); assertTrue(token.getToken().contains("k=1")); @@ -4681,7 +4679,6 @@ public void testGetUserToken() { zms.privateKeyId = "2"; zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKeyK2)); - zms.publicKey = pubKeyK2; token = zms.getUserToken(rsrcCtx1, userId, null); assertNotNull(token); @@ -4704,7 +4701,6 @@ public void testGetUserTokenAuthorizedService() { zms.privateKeyId = "0"; zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey)); - zms.publicKey = pubKey; UserToken token = zms.getUserToken(rsrcCtx1, userId, "coretech.storage"); assertNotNull(token); @@ -4769,7 +4765,6 @@ public void testGetUserTokenExpiredIssueTime() { zms.privateKeyId = "0"; zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey)); - zms.publicKey = pubKey; UserToken token = zms.getUserToken(rsrcCtx1, userId, null); assertNotNull(token); @@ -4838,7 +4833,6 @@ public void testGetUserTokenDefaultSelfName() { zms.privateKeyId = "0"; zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey)); - zms.publicKey = pubKey; UserToken token = zms.getUserToken(rsrcCtx1, "_self_", null); assertNotNull(token); @@ -5544,7 +5538,6 @@ public void testGetSignedDomains() { zms.privateKeyId = "0"; zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey)); - zms.publicKey = pubKey; GetSignedDomainsResult result = new GetSignedDomainsResult(mockDomRsrcCtx); SignedDomains sdoms = null; @@ -5581,7 +5574,6 @@ public void testGetSignedDomains() { zms.privateKeyId = "1"; zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKeyK1)); - zms.publicKey = pubKeyK1; result = new GetSignedDomainsResult(mockDomRsrcCtx); sdoms = null; @@ -5614,7 +5606,6 @@ public void testGetSignedDomains() { zms.privateKeyId = "2"; zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKeyK2)); - zms.publicKey = pubKeyK2; result = new GetSignedDomainsResult(mockDomRsrcCtx); sdoms = null; @@ -5812,7 +5803,6 @@ public void testGetSignedDomainsFiltered() { zms.privateKeyId = "0"; zms.privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey)); - zms.publicKey = pubKey; GetSignedDomainsResult result = new GetSignedDomainsResult(mockDomRsrcCtx); SignedDomains sdoms = null; @@ -12588,7 +12578,7 @@ public void testReadOnlyMode() throws Exception { Metric metric = createMetric(); zmsTest = new ZMSImpl("localhost", store, metric, privateKey, - privKeyId, pubKey, AuditLogFactory.getLogger(), null); + privKeyId, AuditLogFactory.getLogger(), null); TopLevelDomain dom1 = createTopLevelDomainObject("ReadOnlyDom1", "Test Domain1", "testOrg", adminUser); diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSServerImplTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSServerImplTest.java index f8823a56070..f334657d44b 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSServerImplTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSServerImplTest.java @@ -16,10 +16,10 @@ package com.yahoo.athenz.zms; import com.yahoo.athenz.auth.Authority; +import com.yahoo.athenz.auth.PrivateKeyStoreFactory; import com.yahoo.athenz.common.metrics.MetricFactory; import com.yahoo.athenz.common.server.log.AuditLogFactory; import com.yahoo.athenz.zms.ZMSServerImpl; -import com.yahoo.athenz.zms.pkey.PrivateKeyStoreFactory; import com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory; import static org.testng.Assert.*; diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreTest.java index 0cdf34204ee..8120edf640a 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/pkey/file/FilePrivateKeyStoreTest.java @@ -25,8 +25,8 @@ import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; +import com.yahoo.athenz.auth.PrivateKeyStore; import com.yahoo.athenz.zms.ZMSConsts; -import com.yahoo.athenz.zms.pkey.PrivateKeyStore; import com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStore; import com.yahoo.athenz.zms.pkey.file.FilePrivateKeyStoreFactory; @@ -42,55 +42,21 @@ public void setUp() throws Exception { @Test public void testCreateStore() { FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); + PrivateKeyStore store = factory.create(); assertNotNull(store); } - @Test - public void testRetrievePublicKeyValid() { - - FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); - - String saveProp = System.getProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY); - System.setProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY, "src/test/resources/zms_public.pem"); - - String pubKey = store.getPEMPublicKey(); - assertNotNull(pubKey); - - System.setProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY, saveProp); - } - - @Test - public void testRetrievePublicKeyInValid() { - - FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); - - String saveProp = System.getProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY); - System.setProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY, "src/test/resources/invalid_zms_public.pem"); - - try { - store.getPEMPublicKey(); - fail(); - } catch (Exception ex) { - assertTrue(true); - } - - System.setProperty(ZMSConsts.ZMS_PROP_PUBLIC_KEY, saveProp); - } - @Test public void testRetrievePrivateKeyValid() { FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); + PrivateKeyStore store = factory.create(); String saveProp = System.getProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY); System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY, "src/test/resources/zms_private.pem"); StringBuilder keyId = new StringBuilder(256); - PrivateKey privKey = store.getPrivateKey(keyId); + PrivateKey privKey = store.getPrivateKey("localhost", keyId); assertNotNull(privKey); System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY, saveProp); @@ -100,14 +66,14 @@ public void testRetrievePrivateKeyValid() { public void testRetrievePrivateKeyInValid() { FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); + PrivateKeyStore store = factory.create(); String saveProp = System.getProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY); System.setProperty(ZMSConsts.ZMS_PROP_PRIVATE_KEY, "src/test/resources/invalid_zms_private.pem"); try { StringBuilder keyId = new StringBuilder(256); - store.getPrivateKey(keyId); + store.getPrivateKey("localhost", keyId); fail(); } catch (Exception ex) { assertTrue(true); @@ -120,7 +86,7 @@ public void testRetrievePrivateKeyInValid() { public void testGetStringNullStream() throws IOException { FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - FilePrivateKeyStore store = (FilePrivateKeyStore) factory.create("localhost"); + FilePrivateKeyStore store = (FilePrivateKeyStore) factory.create(); assertNull(store.getString(null)); } @@ -129,7 +95,7 @@ public void testGetString() throws IOException { String str = "This is a Unit Test String"; FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - FilePrivateKeyStore store = (FilePrivateKeyStore) factory.create("localhost"); + FilePrivateKeyStore store = (FilePrivateKeyStore) factory.create(); try (InputStream is = new ByteArrayInputStream(str.getBytes("UTF-8"))) { String getStr = store.getString(is); assertEquals(getStr, str); diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTS.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTS.java index d0fada28bed..e5d2f514db8 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTS.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTS.java @@ -25,6 +25,8 @@ import com.yahoo.athenz.auth.Authority; import com.yahoo.athenz.auth.AuthorityKeyStore; +import com.yahoo.athenz.auth.PrivateKeyStore; +import com.yahoo.athenz.auth.PrivateKeyStoreFactory; import com.yahoo.athenz.common.metrics.Metric; import com.yahoo.athenz.common.metrics.MetricFactory; import com.yahoo.athenz.common.server.log.AuditLogFactory; @@ -35,8 +37,6 @@ import com.yahoo.athenz.zts.cert.CertSignerFactory; import com.yahoo.athenz.zts.cert.InstanceIdentityStore; import com.yahoo.athenz.zts.cert.InstanceIdentityStoreFactory; -import com.yahoo.athenz.zts.pkey.PrivateKeyStore; -import com.yahoo.athenz.zts.pkey.PrivateKeyStoreFactory; import com.yahoo.athenz.zts.store.ChangeLogStore; import com.yahoo.athenz.zts.store.ChangeLogStoreFactory; import com.yahoo.athenz.zts.store.CloudStore; @@ -220,7 +220,7 @@ static Metric getMetric() { return metric; } - static PrivateKeyStore getPrivateKeyStore(String serverHostName) { + static PrivateKeyStore getPrivateKeyStore() { String pkeyFactoryClass = System.getProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY_STORE_CLASS, ZTS_PKEY_STORE_CLASS); PrivateKeyStoreFactory pkeyFactory = null; @@ -232,7 +232,7 @@ static PrivateKeyStore getPrivateKeyStore(String serverHostName) { return null; } - return pkeyFactory.create(serverHostName); + return pkeyFactory.create(); } @@ -287,7 +287,7 @@ public static ZTSJettyContainer createJettyContainer() { authorities.add(authority); } - PrivateKeyStore keyStore = getPrivateKeyStore(serverHostName); + PrivateKeyStore keyStore = getPrivateKeyStore(); if (keyStore == null) { return null; } @@ -305,7 +305,7 @@ public static ZTSJettyContainer createJettyContainer() { /// extract our official per-host ZTS private key StringBuilder privKeyId = new StringBuilder(256); - PrivateKey pkey = keyStore.getHostPrivateKey(privKeyId); + PrivateKey pkey = keyStore.getPrivateKey(serverHostName, privKeyId); // create our cloud store if configured diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/SelfCertSigner.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/SelfCertSigner.java index 0de637f6e4d..6764eb5ef50 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/SelfCertSigner.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/SelfCertSigner.java @@ -40,12 +40,12 @@ public String generateX509Certificate(String csr) { PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr); X509Certificate cert = Crypto.generateX509Certificate(certReq, caPrivateKey, caCertificate, certValidityTime, false); - return Crypto.x509CertificateToPem(cert); + return Crypto.convertToPEMFormat(cert); } @Override public String getCACertificate() { - return Crypto.x509CertificateToPem(caCertificate); + return Crypto.convertToPEMFormat(caCertificate); } @Override diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/PrivateKeyStore.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/PrivateKeyStore.java deleted file mode 100644 index d53a3749488..00000000000 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/PrivateKeyStore.java +++ /dev/null @@ -1,41 +0,0 @@ -/** - * Copyright 2016 Yahoo Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.yahoo.athenz.zts.pkey; - -import java.security.PrivateKey; - -public interface PrivateKeyStore { - - /** - * Retrieve private key for this ZTS Server instance to sign its tokens - * The private key identifier must be updated in the privateKeyId out - * StringBuilder field. The Private Key Store Factory has the knowledge - * which hostname we're processing this request for. - * @param privateKeyId - out argument - must be updated to include key id - * @return private key for this ZTS Server instance. - */ - default PrivateKey getHostPrivateKey(StringBuilder privateKeyId) { - return null; - } - - default PrivateKey getPrivateKey(String keyName, int keyVersion) { - return null; - } - - default String getPublicKey(String keyName, int keyVersion) { - return null; - } -} diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/PrivateKeyStoreFactory.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/PrivateKeyStoreFactory.java deleted file mode 100644 index f10c9bf03ae..00000000000 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/PrivateKeyStoreFactory.java +++ /dev/null @@ -1,26 +0,0 @@ -/** - * Copyright 2016 Yahoo Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.yahoo.athenz.zts.pkey; - -public interface PrivateKeyStoreFactory { - - /** - * Create and return a new PrivateKeyStore instance - * @param serverHostName hostname of the ZTS Server instance - * @return PrivateKeyStore instance - */ - public PrivateKeyStore create(String serverHostName); -} diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStore.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStore.java index 4d38863b742..f428b436ed3 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStore.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStore.java @@ -16,19 +16,15 @@ package com.yahoo.athenz.zts.pkey.file; import java.io.File; -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; import java.security.PrivateKey; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.yahoo.athenz.auth.PrivateKeyStore; import com.yahoo.athenz.auth.util.Crypto; import com.yahoo.athenz.zts.ResourceException; import com.yahoo.athenz.zts.ZTSConsts; -import com.yahoo.athenz.zts.pkey.PrivateKeyStore; public class FilePrivateKeyStore implements PrivateKeyStore { @@ -47,7 +43,7 @@ public FilePrivateKeyStore() { } @Override - public PrivateKey getHostPrivateKey(StringBuilder privateKeyId) { + public PrivateKey getPrivateKey(String serverHostName, StringBuilder privateKeyId) { String privKeyName = System.getProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY, rootDir + "/share/athenz/sys.auth/zts.key"); @@ -67,62 +63,4 @@ public PrivateKey getHostPrivateKey(StringBuilder privateKeyId) { privateKeyId.append(System.getProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY_ID, "0")); return pkey; } - - @Override - public PrivateKey getPrivateKey(String keyName, int keyVersion) { - - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("FilePrivateKeyStore: private key file=" + keyName); - } - - // if the version is 0 then we're going to take the keyname - // as the filename otherwise we'll append ".v" - // to generated the versioned key filename - - String fileName = keyName; - if (keyVersion != 0) { - fileName += ".v" + keyVersion; - } - File privKeyFile = new File(fileName); - String key = Crypto.encodedFile(privKeyFile); - PrivateKey pkey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(key)); - - if (pkey == null) { - throw new ResourceException(500, "Unable to retrieve private key: " + fileName); - } - - return pkey; - } - - @Override - public String getPublicKey(String keyName, int keyVersion) { - - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("FilePrivateKeyStore: public key file=" + keyName); - } - - // if the version is 0 then we're going to take the keyname - // as the filename otherwise we'll append ".v" - // to generated the versioned key filename - - String fileName = keyName; - if (keyVersion != 0) { - fileName += ".v" + keyVersion; - } - Path path = Paths.get(fileName); - String pkey = null; - try { - pkey = new String(Files.readAllBytes(path)); - } catch (IOException ex) { - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("FilePrivateKeyStore: unable to read public key", ex); - } - } - - if (pkey == null) { - throw new ResourceException(500, "Unable to retrieve public key: " + fileName); - } - - return pkey; - } } diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStoreFactory.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStoreFactory.java index 148b69c8498..056a0f99796 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStoreFactory.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStoreFactory.java @@ -15,13 +15,13 @@ */ package com.yahoo.athenz.zts.pkey.file; -import com.yahoo.athenz.zts.pkey.PrivateKeyStore; -import com.yahoo.athenz.zts.pkey.PrivateKeyStoreFactory; +import com.yahoo.athenz.auth.PrivateKeyStore; +import com.yahoo.athenz.auth.PrivateKeyStoreFactory; public class FilePrivateKeyStoreFactory implements PrivateKeyStoreFactory { @Override - public PrivateKeyStore create(String serverHostName) { + public PrivateKeyStore create() { return new FilePrivateKeyStore(); } } diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStore.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStore.java index 8cc6529b02a..2b5e5e9f6d8 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStore.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStore.java @@ -17,7 +17,8 @@ import java.security.PrivateKey; -import com.yahoo.athenz.zts.pkey.PrivateKeyStore; +import com.yahoo.athenz.auth.PrivateKeyStore; + public class HSMPrivateKeyStore implements PrivateKeyStore { @@ -25,7 +26,7 @@ public HSMPrivateKeyStore() { } @Override - public PrivateKey getHostPrivateKey(StringBuilder privateKeyId) { + public PrivateKey getPrivateKey(String serverHostName, StringBuilder privateKeyId) { return null; } } diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStoreFactory.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStoreFactory.java index 7e63e8a01e4..69799985cee 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStoreFactory.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStoreFactory.java @@ -15,13 +15,13 @@ */ package com.yahoo.athenz.zts.pkey.hsm; -import com.yahoo.athenz.zts.pkey.PrivateKeyStore; -import com.yahoo.athenz.zts.pkey.PrivateKeyStoreFactory; +import com.yahoo.athenz.auth.PrivateKeyStore; +import com.yahoo.athenz.auth.PrivateKeyStoreFactory; public class HSMPrivateKeyStoreFactory implements PrivateKeyStoreFactory { @Override - public PrivateKeyStore create(String serverHostName) { + public PrivateKeyStore create() { return new HSMPrivateKeyStore(); } } diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSDaemonTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSDaemonTest.java index a788eca1f6a..c0881928473 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSDaemonTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSDaemonTest.java @@ -92,7 +92,7 @@ public void testZTSGetMetric() { @Test public void testZTSGetPrivateKeyStore() { - assertNotNull(ZTS.getPrivateKeyStore("localhost")); + assertNotNull(ZTS.getPrivateKeyStore()); } } diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStoreTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStoreTest.java index 9cbe863fb36..dfee3f70397 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStoreTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/pkey/file/FilePrivateKeyStoreTest.java @@ -15,22 +15,20 @@ */ package com.yahoo.athenz.zts.pkey.file; -import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertNotNull; -import static org.testng.Assert.fail; import org.testng.annotations.Test; +import com.yahoo.athenz.auth.PrivateKeyStore; import com.yahoo.athenz.zts.ResourceException; import com.yahoo.athenz.zts.ZTSConsts; -import com.yahoo.athenz.zts.pkey.PrivateKeyStore; public class FilePrivateKeyStoreTest { @Test public void testCreateStore() { FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); + PrivateKeyStore store = factory.create(); assertNotNull(store); } @@ -41,11 +39,11 @@ public void testGetHostPrivateKeyExist() { System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY, "src/test/resources/zts_private.pem"); FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); + PrivateKeyStore store = factory.create(); StringBuilder sbuilder = new StringBuilder(); - assertNotNull(store.getHostPrivateKey(sbuilder)); + assertNotNull(store.getPrivateKey("localhost", sbuilder)); } @Test @@ -54,12 +52,12 @@ public void testGetHostPrivateKeyPkeyNotExist() { System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY, "src/test/resources/unknown.pem"); FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); + PrivateKeyStore store = factory.create(); StringBuilder sbuilder = new StringBuilder(); try { - store.getHostPrivateKey(sbuilder); + store.getPrivateKey("localhost", sbuilder); } catch (RuntimeException ex) { assertNotNull(ex.getMessage()); } @@ -75,12 +73,12 @@ public void testGetHostPrivateKeyInvalidFormat() { System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY, "src/test/resources/test_public.v1"); FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); + PrivateKeyStore store = factory.create(); StringBuilder sbuilder = new StringBuilder(); try { - store.getHostPrivateKey(sbuilder); + store.getPrivateKey("localhost", sbuilder); } catch (ResourceException ex) { assertNotNull(ex.getCode()); } @@ -89,57 +87,4 @@ public void testGetHostPrivateKeyInvalidFormat() { System.setProperty(ZTSConsts.ZTS_PROP_PRIVATE_KEY, "src/test/resources/zts_private.pem"); } - - @Test - public void testGetPrivateKeyExist() { - FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); - - assertNotNull(store.getPrivateKey("src/test/resources/test_private", 1)); - - } - - @Test - public void testGetPrivateKeyInvalidFormat() { - FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); - - try { - store.getPrivateKey("src/test/resources/test_public", 1); - fail(); - } catch (ResourceException ex) { - assertEquals(ex.getCode(), 500); - } - } - - @Test - public void testGetPublicKeyExist() { - FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); - - assertNotNull(store.getPublicKey("src/test/resources/test_public", 1)); - } - - @Test - public void testGetPublicKeyInvalidFormat() { - FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); - - // not validate pubkey format - assertNotNull(store.getPublicKey("src/test/resources/test_private", 1)); - } - - @Test - public void testGetPublicKeyNotExist() { - FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); - - try { - store.getPublicKey("src/test/resources/test_public", 2); - fail(); - } catch (ResourceException ex) { - assertEquals(ex.getCode(), 500); - } - } - } diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStoreTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStoreTest.java index 66b885919ca..ea7c8fd1087 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStoreTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/pkey/hsm/HSMPrivateKeyStoreTest.java @@ -22,7 +22,7 @@ import org.testng.annotations.Test; -import com.yahoo.athenz.zts.pkey.PrivateKeyStore; +import com.yahoo.athenz.auth.PrivateKeyStore; import com.yahoo.athenz.zts.pkey.hsm.HSMPrivateKeyStore; import com.yahoo.athenz.zts.pkey.hsm.HSMPrivateKeyStoreFactory; @@ -31,7 +31,7 @@ public class HSMPrivateKeyStoreTest { @Test public void testCreateStore() { HSMPrivateKeyStoreFactory factory = new HSMPrivateKeyStoreFactory(); - PrivateKeyStore store = factory.create("localhost"); + PrivateKeyStore store = factory.create(); assertNotNull(store); } @@ -40,7 +40,7 @@ public void testGetPrivateKey() { HSMPrivateKeyStore store = new HSMPrivateKeyStore(); StringBuilder privateKeyId = new StringBuilder(256); - PrivateKey pkey = store.getHostPrivateKey(privateKeyId); + PrivateKey pkey = store.getPrivateKey("localhost", privateKeyId); assertNull(pkey); } }