From bf75eb4a3835184f6b6c3d0b4c926999509a7402 Mon Sep 17 00:00:00 2001
From: craman <chandrasekhar.raman@yahooinc.com>
Date: Sat, 28 Sep 2024 23:26:21 -0700
Subject: [PATCH] set resource ownership when generating JWS domain

---
 .../java/com/yahoo/athenz/zms/ZMSImpl.java    |  1 +
 .../com/yahoo/athenz/zms/ZMSImplTest.java     | 67 +++++++++++++++++++
 2 files changed, 68 insertions(+)

diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java
index 25d6d63d58c..559ec850038 100644
--- a/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java
+++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/ZMSImpl.java
@@ -7042,6 +7042,7 @@ void setDomainDataAttributes(DomainData domainData, Domain domain) {
         domainData.setCertDnsDomain(domain.getCertDnsDomain());
         domainData.setMemberPurgeExpiryDays(domain.getMemberPurgeExpiryDays());
         domainData.setContacts(domain.getContacts());
+        domainData.setResourceOwnership(domain.getResourceOwnership());
     }
 
     SignedDomain retrieveSignedDomain(Domain domain, final String metaAttr, boolean setMetaDataOnly, boolean masterCopy, boolean includeConditions) {
diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java
index 15b9a9c890f..2ae53170e87 100644
--- a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java
+++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java
@@ -23765,6 +23765,73 @@ public void testGetJWSDomainError() {
         zmsImpl.privateKey = pkey;
     }
 
+    @Test
+    public void testGetJWSDomainResourceOwnership() throws JsonProcessingException, ParseException, JOSEException {
+
+        final String domainName = "jws-domain-resource-owner";
+
+        ZMSImpl zmsImpl = zmsTestInitializer.getZms();
+        RsrcCtxWrapper ctx = zmsTestInitializer.getMockDomRsrcCtx();
+        final String auditRef = zmsTestInitializer.getAuditRef();
+
+        TopLevelDomain dom1 = zmsTestInitializer.createTopLevelDomainObject(domainName,
+                "Test Domain1", "testOrg", zmsTestInitializer.getAdminUser());
+        dom1.setMemberPurgeExpiryDays(90);
+
+        zmsImpl.postTopLevelDomain(ctx, auditRef, "unit-test", dom1);
+
+        Response response = zmsImpl.getJWSDomain(ctx, domainName, null, null);
+        JWSDomain jwsDomain = (JWSDomain) response.getEntity();
+        DomainData domainData = zmsTestInitializer.getDomainData(jwsDomain);
+
+        assertNotNull(domainData);
+        assertEquals(domainData.getName(), "jws-domain-resource-owner");
+        assertEquals(domainData.getMemberPurgeExpiryDays(), 90);
+        assertNotNull(domainData.getResourceOwnership());
+        assertEquals(domainData.getResourceOwnership().getObjectOwner(), "unit-test");
+        assertEquals(domainData.getResourceOwnership().getMetaOwner(), "unit-test");
+
+        Map<String, String> header = jwsDomain.getHeader();
+        assertEquals(header.get("kid"), "0");
+
+        // now we're going to ask for the same domain with the tag
+        // and make sure we get back 304
+
+        EntityTag tag = response.getEntityTag();
+        response = zmsImpl.getJWSDomain(ctx, domainName, Boolean.FALSE, tag.getValue());
+        assertEquals(response.getStatus(), ResourceException.NOT_MODIFIED);
+
+        // pass a timestamp a minute back and make sure we
+        // get back the domain
+
+        Timestamp tstamp = Timestamp.fromMillis(System.currentTimeMillis() - 3600);
+        response = zmsImpl.getJWSDomain(ctx, domainName, false, tstamp.toString());
+        jwsDomain = (JWSDomain) response.getEntity();
+        domainData = zmsTestInitializer.getDomainData(jwsDomain);
+
+        assertNotNull(domainData);
+        assertEquals(domainData.getName(), "jws-domain-resource-owner");
+        assertEquals(domainData.getMemberPurgeExpiryDays(), 90);
+        assertNotNull(domainData.getResourceOwnership());
+        assertEquals(domainData.getResourceOwnership().getObjectOwner(), "unit-test");
+        assertEquals(domainData.getResourceOwnership().getMetaOwner(), "unit-test");
+
+        // any invalid data is also treated as no etag
+
+        response = zmsImpl.getJWSDomain(ctx, domainName, null, "unknown-date");
+        jwsDomain = (JWSDomain) response.getEntity();
+        domainData = zmsTestInitializer.getDomainData(jwsDomain);
+
+        assertNotNull(domainData);
+        assertEquals(domainData.getName(), "jws-domain-resource-owner");
+        assertEquals(domainData.getMemberPurgeExpiryDays(), 90);
+        assertNotNull(domainData.getResourceOwnership());
+        assertEquals(domainData.getResourceOwnership().getObjectOwner(), "unit-test");
+        assertEquals(domainData.getResourceOwnership().getMetaOwner(), "unit-test");
+
+        zmsImpl.deleteTopLevelDomain(ctx, domainName, auditRef, "unit-test");
+    }
+
     @Test
     public void testValidateIntegerValue() {