From 9158697e7938547b666f9e8a814501416ec1d049 Mon Sep 17 00:00:00 2001 From: Henry Avetisyan Date: Sat, 15 Sep 2018 22:03:31 -0700 Subject: [PATCH] Address static code analysis recommendations from IntelliJ (#549) --- .../com/yahoo/athenz/zpe/AuthZpeClient.java | 2 +- .../athenz/auth/impl/FilePrivateKeyStore.java | 3 +- .../impl/SimpleServiceIdentityProvider.java | 4 +- .../auth/impl/FilePrivateKeyStoreTest.java | 3 +- .../provider/InstanceProviderClient.java | 4 +- .../java/com/yahoo/athenz/zms/DBService.java | 2 +- .../athenz/zms/store/file/FileConnection.java | 1 + .../com/yahoo/athenz/zms/utils/ZMSUtils.java | 5 +- .../com/yahoo/athenz/zms/ZMSImplTest.java | 22 +--- .../java/com/yahoo/athenz/zts/ZTSImpl.java | 61 ++++----- .../cert/impl/DynamoDBCertRecordStore.java | 3 +- .../com/yahoo/athenz/zts/utils/ZTSUtils.java | 2 +- .../zts/InstanceProviderManagerTest.java | 5 +- .../com/yahoo/athenz/zts/ZTSImplTest.java | 6 +- .../yahoo/athenz/zts/store/DataStoreTest.java | 120 +----------------- .../store/impl/MockZMSFileChangeLogStore.java | 5 +- .../yahoo/athenz/zts/utils/ZTSUtilsTest.java | 2 - 17 files changed, 58 insertions(+), 192 deletions(-) diff --git a/clients/java/zpe/src/main/java/com/yahoo/athenz/zpe/AuthZpeClient.java b/clients/java/zpe/src/main/java/com/yahoo/athenz/zpe/AuthZpeClient.java index c2f737644e9..82252fd2617 100644 --- a/clients/java/zpe/src/main/java/com/yahoo/athenz/zpe/AuthZpeClient.java +++ b/clients/java/zpe/src/main/java/com/yahoo/athenz/zpe/AuthZpeClient.java @@ -305,7 +305,7 @@ public static AccessCheckStatus allowAccess(X509Certificate cert, String angReso } return AccessCheckStatus.DENY_CERT_MISSING_DOMAIN; } - String roleName = subject.substring(idx + ROLE_SEARCH.length(), subject.length()); + String roleName = subject.substring(idx + ROLE_SEARCH.length()); if (roleName.isEmpty()) { if (LOG.isDebugEnabled()) { LOG.debug("AUTHZPECLT:allowAccess: missing role name"); diff --git a/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/FilePrivateKeyStore.java b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/FilePrivateKeyStore.java index 5578e97c720..90b7fafd3df 100644 --- a/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/FilePrivateKeyStore.java +++ b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/FilePrivateKeyStore.java @@ -18,6 +18,7 @@ import java.io.File; import java.io.IOException; import java.io.InputStream; +import java.nio.charset.StandardCharsets; import java.security.PrivateKey; import org.slf4j.Logger; @@ -76,7 +77,7 @@ private String retrieveKeyFromResource(String resourceName) { try (InputStream is = getClass().getResourceAsStream(resourceName)) { String resourceData = getString(is); if (resourceData != null) { - key = Crypto.ybase64(resourceData.getBytes("UTF-8")); + key = Crypto.ybase64(resourceData.getBytes(StandardCharsets.UTF_8)); } } catch (IOException e) { if (LOG.isDebugEnabled()) { diff --git a/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/SimpleServiceIdentityProvider.java b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/SimpleServiceIdentityProvider.java index 408447cbf9c..65a7adf880c 100644 --- a/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/SimpleServiceIdentityProvider.java +++ b/libs/java/auth_core/src/main/java/com/yahoo/athenz/auth/impl/SimpleServiceIdentityProvider.java @@ -35,8 +35,8 @@ public class SimpleServiceIdentityProvider implements ServiceIdentityProvider { private String domain; private String service; - private PrivateKey key = null; - private long tokenTimeout = 3600; + private PrivateKey key; + private long tokenTimeout; private String keyId; private String host = null; private Authority authority; diff --git a/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/FilePrivateKeyStoreTest.java b/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/FilePrivateKeyStoreTest.java index 92c1bbd1dae..1db82aa1c95 100644 --- a/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/FilePrivateKeyStoreTest.java +++ b/libs/java/auth_core/src/test/java/com/yahoo/athenz/auth/impl/FilePrivateKeyStoreTest.java @@ -20,6 +20,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.charset.StandardCharsets; import java.security.PrivateKey; import org.testng.annotations.Test; @@ -95,7 +96,7 @@ public void testGetString() throws IOException { FilePrivateKeyStoreFactory factory = new FilePrivateKeyStoreFactory(); FilePrivateKeyStore store = (FilePrivateKeyStore) factory.create(); - try (InputStream is = new ByteArrayInputStream(str.getBytes("UTF-8"))) { + try (InputStream is = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8))) { String getStr = store.getString(is); assertEquals(getStr, str); } diff --git a/libs/java/instance_provider/src/main/java/com/yahoo/athenz/instance/provider/InstanceProviderClient.java b/libs/java/instance_provider/src/main/java/com/yahoo/athenz/instance/provider/InstanceProviderClient.java index 5c84476ad8e..72313b48d79 100644 --- a/libs/java/instance_provider/src/main/java/com/yahoo/athenz/instance/provider/InstanceProviderClient.java +++ b/libs/java/instance_provider/src/main/java/com/yahoo/athenz/instance/provider/InstanceProviderClient.java @@ -91,7 +91,7 @@ private String responseText(final Response response) { public InstanceConfirmation postInstanceConfirmation(InstanceConfirmation confirmation) { WebTarget target = base.path("/instance"); Invocation.Builder invocationBuilder = target.request(MediaType.APPLICATION_JSON); - Response response = null; + Response response; try { response = invocationBuilder.post(Entity.entity(confirmation, MediaType.APPLICATION_JSON)); } catch (Exception ex) { @@ -111,7 +111,7 @@ public InstanceConfirmation postInstanceConfirmation(InstanceConfirmation confir public InstanceConfirmation postRefreshConfirmation(InstanceConfirmation confirmation) { WebTarget target = base.path("/refresh"); Invocation.Builder invocationBuilder = target.request(MediaType.APPLICATION_JSON); - Response response = null; + Response response; try { response = invocationBuilder.post(Entity.entity(confirmation, MediaType.APPLICATION_JSON)); } catch (Exception ex) { diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java index 100f83ca92e..d575f7c2f2f 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/DBService.java @@ -2373,7 +2373,7 @@ Policy updateTemplatePolicy(Policy policy, String domainName, List params) { - String templateServiceName = serviceIdentity.getName().replace(TEMPLATE_DOMAIN_NAME, domainName);; + String templateServiceName = serviceIdentity.getName().replace(TEMPLATE_DOMAIN_NAME, domainName); if (params != null) { for (TemplateParam param : params) { final String paramKey = "_" + param.getName() + "_"; diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/store/file/FileConnection.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/store/file/FileConnection.java index 008bbed6057..b047b98bdb4 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/store/file/FileConnection.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/store/file/FileConnection.java @@ -512,6 +512,7 @@ public List listPrincipals(String domainName) { return new ArrayList<>(principals); } + @SuppressWarnings("SuspiciousListRemoveInLoop") @Override public boolean deletePrincipal(String principalName, boolean subDomains) { diff --git a/servers/zms/src/main/java/com/yahoo/athenz/zms/utils/ZMSUtils.java b/servers/zms/src/main/java/com/yahoo/athenz/zms/utils/ZMSUtils.java index f27df12c190..02902597c62 100644 --- a/servers/zms/src/main/java/com/yahoo/athenz/zms/utils/ZMSUtils.java +++ b/servers/zms/src/main/java/com/yahoo/athenz/zms/utils/ZMSUtils.java @@ -194,14 +194,15 @@ public static void validateRoleMembers(final Role role, final String caller, } } + @SuppressWarnings("SuspiciousListRemoveInLoop") public static void removeMembers(List originalRoleMembers, - List removeRoleMembers) { + List removeRoleMembers) { if (removeRoleMembers == null || originalRoleMembers == null) { return; } for (RoleMember removeMember : removeRoleMembers) { String removeName = removeMember.getMemberName(); - for (int j = 0; j < originalRoleMembers.size(); j ++) { + for (int j = 0; j < originalRoleMembers.size(); j++) { if (removeName.equalsIgnoreCase(originalRoleMembers.get(j).getMemberName())) { originalRoleMembers.remove(j); } diff --git a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java index f46a9df3b97..a900739b067 100644 --- a/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java +++ b/servers/zms/src/test/java/com/yahoo/athenz/zms/ZMSImplTest.java @@ -18,6 +18,7 @@ import java.io.File; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -6896,27 +6897,16 @@ public void testGetPublicKeyZMS() { String publicKey = zms.getPublicKey("sys.auth", "zms", "0"); assertNotNull(publicKey); - try { - assertEquals(pubKey, Crypto.ybase64(publicKey.getBytes("UTF-8"))); - } catch (UnsupportedEncodingException e) { - fail(); - } + assertEquals(pubKey, Crypto.ybase64(publicKey.getBytes(StandardCharsets.UTF_8))); + publicKey = zms.getPublicKey("sys.auth", "zms", "1"); assertNotNull(publicKey); - try { - assertEquals(pubKeyK1, Crypto.ybase64(publicKey.getBytes("UTF-8"))); - } catch (UnsupportedEncodingException e) { - fail(); - } - + assertEquals(pubKeyK1, Crypto.ybase64(publicKey.getBytes(StandardCharsets.UTF_8))); + publicKey = zms.getPublicKey("sys.auth", "zms", "2"); assertNotNull(publicKey); - try { - assertEquals(pubKeyK2, Crypto.ybase64(publicKey.getBytes("UTF-8"))); - } catch (UnsupportedEncodingException e) { - fail(); - } + assertEquals(pubKeyK2, Crypto.ybase64(publicKey.getBytes(StandardCharsets.UTF_8))); } @Test diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTSImpl.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTSImpl.java index 88ca9856291..ccbdc18ee23 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTSImpl.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/ZTSImpl.java @@ -80,10 +80,10 @@ public class ZTSImpl implements KeyStore, ZTSHandler { private static String ROOT_DIR; - protected DataStore dataStore = null; - protected CloudStore cloudStore = null; - protected InstanceCertManager instanceCertManager = null; - protected InstanceProviderManager instanceProviderManager = null; + protected DataStore dataStore; + protected CloudStore cloudStore; + protected InstanceCertManager instanceCertManager; + protected InstanceProviderManager instanceProviderManager; protected Metric metric = null; protected Schema schema = null; protected PrivateKey privateKey = null; @@ -92,7 +92,6 @@ public class ZTSImpl implements KeyStore, ZTSHandler { protected int roleTokenDefaultTimeout; protected int roleTokenMaxTimeout; protected long x509CertRefreshResetTime; - protected boolean traceAccess = true; protected long signedPolicyTimeout; protected static String serverHostName = null; protected String ostkHostSignerDomain = null; @@ -1754,7 +1753,7 @@ X509CertRecord insertX509CertRecord(ResourceContext ctx, final String cn, final } return x509CertRecord; - }; + } @Override public void postInstanceRegisterInformation(ResourceContext ctx, InstanceRegisterInformation info, @@ -2198,19 +2197,8 @@ InstanceIdentity processProviderX509RefreshRequest(ResourceContext ctx, final Pr x509CertRecord.setPrevSerial(x509CertRecord.getCurrentSerial()); } else if (!x509CertRecord.getPrevSerial().equals(serialNumber)) { - - // we have a mismatch for both current and previous serial - // numbers so we're going to revoke it - - LOGGER.error("Revoking certificate refresh for cn: {} instance id: {}," + - " current serial: {}, previous serial: {}, cert serial: {}", - principalName, x509CertRecord.getInstanceId(), x509CertRecord.getCurrentSerial(), - x509CertRecord.getPrevSerial(), serialNumber); - - x509CertRecord.setPrevSerial("-1"); - x509CertRecord.setCurrentSerial("-1"); - - instanceCertManager.updateX509CertRecord(x509CertRecord); + + revokeCertificateRefresh(principalName, serialNumber, x509CertRecord); throw forbiddenError("Certificate revoked", caller, domain); } @@ -2297,19 +2285,8 @@ InstanceIdentity processProviderSSHRefreshRequest(ResourceContext ctx, final Pri String serialNumber = cert.getSerialNumber().toString(); if (!x509CertRecord.getCurrentSerial().equals(serialNumber) && !x509CertRecord.getPrevSerial().equals(serialNumber)) { - - // we have a mismatch for both current and previous serial - // numbers so we're going to revoke it - - LOGGER.error("Revoking certificate refresh for cn: {} instance id: {}," + - " current serial: {}, previous serial: {}, cert serial: {}", - principalName, x509CertRecord.getInstanceId(), x509CertRecord.getCurrentSerial(), - x509CertRecord.getPrevSerial(), serialNumber); - - x509CertRecord.setPrevSerial("-1"); - x509CertRecord.setCurrentSerial("-1"); - - instanceCertManager.updateX509CertRecord(x509CertRecord); + + revokeCertificateRefresh(principalName, serialNumber, x509CertRecord); throw forbiddenError("Certificate revoked", caller, domain); } @@ -2343,7 +2320,23 @@ InstanceIdentity processProviderSSHRefreshRequest(ResourceContext ctx, final Pri return identity; } - + + void revokeCertificateRefresh(final String principalName, final String serialNumber, + X509CertRecord x509CertRecord) { + + // we have a mismatch for both current and previous serial + // numbers so we're going to revoke it + + LOGGER.error("Revoking certificate refresh for cn: {} instance id: {}, current serial: {}, previous serial: {}, cert serial: {}", + principalName, x509CertRecord.getInstanceId(), x509CertRecord.getCurrentSerial(), + x509CertRecord.getPrevSerial(), serialNumber); + + x509CertRecord.setPrevSerial("-1"); + x509CertRecord.setCurrentSerial("-1"); + + instanceCertManager.updateX509CertRecord(x509CertRecord); + } + @Override public void deleteInstanceIdentity(ResourceContext ctx, String provider, String domain, String service, String instanceId) { @@ -2618,7 +2611,7 @@ public SSHCertificates postSSHCertRequest(ResourceContext ctx, SSHCertRequest ce // generate our certificate. the ssh signer interface throws // rest ResourceExceptions so we'll catch and log those - SSHCertificates certs = null; + SSHCertificates certs; try { certs = instanceCertManager.getSSHCertificates(principal, certRequest, instanceId); diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/DynamoDBCertRecordStore.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/DynamoDBCertRecordStore.java index 748534e4575..8dd76343ba7 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/DynamoDBCertRecordStore.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/cert/impl/DynamoDBCertRecordStore.java @@ -38,8 +38,7 @@ public DynamoDBCertRecordStore(AmazonDynamoDB client, final String tableName) { @Override public CertRecordStoreConnection getConnection() { try { - DynamoDBCertRecordStoreConnection dynamoConn = new DynamoDBCertRecordStoreConnection(dynamoDB, tableName); - return dynamoConn; + return new DynamoDBCertRecordStoreConnection(dynamoDB, tableName); } catch (Exception ex) { LOG.error("getConnection: {}", ex.getMessage()); throw new ResourceException(ResourceException.SERVICE_UNAVAILABLE, ex.getMessage()); diff --git a/servers/zts/src/main/java/com/yahoo/athenz/zts/utils/ZTSUtils.java b/servers/zts/src/main/java/com/yahoo/athenz/zts/utils/ZTSUtils.java index ea7c8b5f0b3..1bf655c2903 100644 --- a/servers/zts/src/main/java/com/yahoo/athenz/zts/utils/ZTSUtils.java +++ b/servers/zts/src/main/java/com/yahoo/athenz/zts/utils/ZTSUtils.java @@ -114,7 +114,7 @@ public static SslContextFactory createSSLContextObject(final String[] clientProt ZTS_DEFAULT_EXCLUDED_CIPHER_SUITES); String excludedProtocols = System.getProperty(ZTSConsts.ZTS_PROP_EXCLUDED_PROTOCOLS, ZTS_DEFAULT_EXCLUDED_PROTOCOLS); - Boolean wantClientAuth = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_WANT_CLIENT_CERT, "false")); + boolean wantClientAuth = Boolean.parseBoolean(System.getProperty(ZTSConsts.ZTS_PROP_WANT_CLIENT_CERT, "false")); SslContextFactory sslContextFactory = new SslContextFactory(); if (keyStorePath != null) { diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/InstanceProviderManagerTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/InstanceProviderManagerTest.java index 74167551084..840b81087bd 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/InstanceProviderManagerTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/InstanceProviderManagerTest.java @@ -201,9 +201,8 @@ public void testGetHttpsProviderUnknownProvider() throws NoSuchAlgorithmExceptio store.processDomain(signedDomain, false); InstanceProviderManager provider = new InstanceProviderManager(store, SSLContext.getDefault(), null); - InstanceProvider client = provider.getProvider("coretech.weather"); - assertNotNull(client); - client.close(); + InstanceProvider client = provider.getProvider("coretech.weather2"); + assertNull(client); } @Test diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSImplTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSImplTest.java index 731753029bf..7447f9bd5a7 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSImplTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/ZTSImplTest.java @@ -2478,8 +2478,8 @@ public void testGetAWSTemporaryCredentials() { Principal principal = SimplePrincipal.create("user_domain", "user101", "v=U1;d=user_domain;n=user101;s=signature", 0, null); - CloudStore cloudStore = new MockCloudStore(); - ((MockCloudStore) cloudStore).setMockFields("1234", "aws_role_name", "user_domain.user101"); + MockCloudStore cloudStore = new MockCloudStore(); + cloudStore.setMockFields("1234", "aws_role_name", "user_domain.user101"); store.setCloudStore(cloudStore); zts.cloudStore = cloudStore; @@ -2493,7 +2493,7 @@ public void testGetAWSTemporaryCredentials() { // now try a failure case try { - ((MockCloudStore) cloudStore).setMockFields("1234", "aws_role2_name", "user_domain.user101"); + cloudStore.setMockFields("1234", "aws_role2_name", "user_domain.user101"); zts.getAWSTemporaryCredentials(createResourceContext(principal), "athenz.product", "aws_role_name", null, null); fail(); } catch (ResourceException ex) { diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/store/DataStoreTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/store/DataStoreTest.java index 1b805ef1cd1..fc7725a2da2 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/store/DataStoreTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/store/DataStoreTest.java @@ -21,6 +21,7 @@ import java.io.FileNotFoundException; import java.io.IOException; import java.io.PrintWriter; +import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -254,7 +255,7 @@ public void testSaveLastModificationTime() { String data = null; File f = new File("/tmp/zts_server_unit_tests/zts_root/.lastModTime"); try { - data = new String(Files.readAllBytes(f.toPath()), "UTF-8"); + data = new String(Files.readAllBytes(f.toPath()), StandardCharsets.UTF_8); } catch (IOException e) { fail(); } @@ -888,19 +889,6 @@ public void testAddRoleToListPrefixNoMatch() { store.addRoleToList("sports:role.admin", "coretech:role.", null, accessibleRoles, false); assertEquals(accessibleRoles.size(), 0); } - - @Test - public void testAddRoleToListNullSuffix() { - - ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", - pkey, "0"); - DataStore store = new DataStore(clogStore, null); - - Set accessibleRoles = new HashSet<>(); - store.addRoleToList("coretech:role.admin", "coretech:role.", null, accessibleRoles, false); - assertEquals(accessibleRoles.size(), 1); - assertTrue(accessibleRoles.contains("admin")); - } @Test public void testAddRoleToList() { @@ -1300,73 +1288,6 @@ public void testAddDomainToCacheSamePublicKeys() { assertEquals(store.getPublicKey("coretech", "storage", "1"), ZTS_PEM_CERT1); assertNull(store.getPublicKey("coretech", "storage", "2")); } - - @Test - public void testAddDomainToCacheUpdatedPublicKeysV0() { - ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", - pkey, "0"); - DataStore store = new DataStore(clogStore, null); - - DataCache dataCache = new DataCache(); - - ServiceIdentity service = new ServiceIdentity(); - service.setName("coretech.storage"); - - setServicePublicKey(service, "0", ZTS_Y64_CERT0); - - com.yahoo.athenz.zms.PublicKeyEntry publicKey = new com.yahoo.athenz.zms.PublicKeyEntry(); - publicKey.setKey(ZTS_Y64_CERT1); - publicKey.setId("1"); - - List publicKeys = new ArrayList<>(); - publicKeys.add(publicKey); - - service.setPublicKeys(publicKeys); - - List services = new ArrayList<>(); - services.add(service); - dataCache.processServiceIdentity(service); - - DomainData domainData = new DomainData(); - domainData.setServices(services); - dataCache.setDomainData(domainData); - - store.addDomainToCache("coretech", dataCache); - - /* update V0 public key */ - - dataCache = new DataCache(); - service = new ServiceIdentity(); - service.setName("coretech.storage"); - - publicKeys = new ArrayList<>(); - - publicKey = new com.yahoo.athenz.zms.PublicKeyEntry(); - publicKey.setKey(ZTS_Y64_CERT2); - publicKey.setId("0"); - publicKeys.add(publicKey); - - publicKey = new com.yahoo.athenz.zms.PublicKeyEntry(); - publicKey.setKey(ZTS_Y64_CERT1); - publicKey.setId("1"); - publicKeys.add(publicKey); - - service.setPublicKeys(publicKeys); - - services = new ArrayList<>(); - services.add(service); - dataCache.processServiceIdentity(service); - - domainData = new DomainData(); - domainData.setServices(services); - dataCache.setDomainData(domainData); - - store.addDomainToCache("coretech", dataCache); - - assertEquals(store.getPublicKey("coretech", "storage", "0"), ZTS_PEM_CERT2); - assertEquals(store.getPublicKey("coretech", "storage", "1"), ZTS_PEM_CERT1); - assertNull(store.getPublicKey("coretech", "storage", "2")); - } @Test public void testAddDomainToCacheUpdatedPublicKeysVersions() { @@ -1681,44 +1602,7 @@ public void testDeleteDomainFromCachePublicKeys() { assertNull(store.getPublicKey("coretech", "storage", "1")); assertNull(store.getPublicKey("coretech", "storage", "2")); } - - @Test - public void testDeleteDomainFromCacheServices() { - ChangeLogStore clogStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root", - pkey, "0"); - DataStore store = new DataStore(clogStore, null); - - SignedDomain signedDomain = new SignedDomain(); - - List roles = new ArrayList<>(); - Role role = new Role(); - role.setName("coretech:role.admin"); - List members = new ArrayList<>(); - members.add(new RoleMember().setMemberName("user_domain.user")); - role.setRoleMembers(members); - - DomainData domainData = new DomainData(); - domainData.setName("coretech"); - domainData.setRoles(roles); - - signedDomain.setDomain(domainData); - signedDomain.setKeyId("0"); - ((MockZMSFileChangeLogStore) store.changeLogStore).put("coretech", JSON.bytes(signedDomain)); - - DataCache dataCache = new DataCache(); - dataCache.setDomainData(domainData); - - store.addDomainToCache("coretech", dataCache); - store.deleteDomainFromCache("coretech"); - store.changeLogStore.removeLocalDomain("coretech"); - - assertNull(store.getCacheStore().getIfPresent("coretech")); - - File file = new File("/tmp/zts_server_unit_tests/zts_root/coretech"); - assertFalse(file.exists()); - } - @Test public void testRetrieveTagHeadersEmptyList() { diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/store/impl/MockZMSFileChangeLogStore.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/store/impl/MockZMSFileChangeLogStore.java index 3147ebf0144..e2ea8640955 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/store/impl/MockZMSFileChangeLogStore.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/store/impl/MockZMSFileChangeLogStore.java @@ -36,8 +36,7 @@ public class MockZMSFileChangeLogStore extends ZMSFileChangeLogStore { private final ZMSClient zms; private DomainList domList = null; private String tagHeader; - private final String userDomain; - + public MockZMSFileChangeLogStore(String rootDirectory, PrivateKey privateKey, String privateKeyId) { super(rootDirectory, privateKey, privateKeyId); @@ -47,7 +46,7 @@ public MockZMSFileChangeLogStore(String rootDirectory, PrivateKey privateKey, St // we're going to return on domain for local list and then another // for server list - thus ending up with initialized store with no domains - userDomain = System.getProperty(ZTSConsts.ZTS_PROP_USER_DOMAIN, "user"); + final String userDomain = System.getProperty(ZTSConsts.ZTS_PROP_USER_DOMAIN, "user"); DomainList localDomainList = new DomainList(); List localDomains = new ArrayList<>(); diff --git a/servers/zts/src/test/java/com/yahoo/athenz/zts/utils/ZTSUtilsTest.java b/servers/zts/src/test/java/com/yahoo/athenz/zts/utils/ZTSUtilsTest.java index 74dcf6c0e37..cff85056a3c 100644 --- a/servers/zts/src/test/java/com/yahoo/athenz/zts/utils/ZTSUtilsTest.java +++ b/servers/zts/src/test/java/com/yahoo/athenz/zts/utils/ZTSUtilsTest.java @@ -36,11 +36,9 @@ import com.yahoo.athenz.auth.PrivateKeyStore; import com.yahoo.athenz.auth.util.Crypto; import com.yahoo.athenz.auth.util.CryptoException; -import com.yahoo.athenz.common.server.cert.CertSigner; import com.yahoo.athenz.zts.Identity; import com.yahoo.athenz.zts.ZTSConsts; import com.yahoo.athenz.zts.cert.X509CertRecord; -import com.yahoo.athenz.zts.utils.ZTSUtils; public class ZTSUtilsTest {