use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.
the class MultiFernetKeyRotatorTest method verifyCreateClearsIntermediateSecret.
@Test
public final void verifyCreateClearsIntermediateSecret() throws IOException {
// given
final byte[] secretBytes = new byte[32];
random.nextBytes(secretBytes);
final int originalHashCode = Arrays.hashCode(secretBytes);
final ByteBuffer secretByteBuffer = ByteBuffer.wrap(secretBytes);
assertTrue(Arrays.equals(secretByteBuffer.array(), secretBytes));
final DescribeSecretResult description = new DescribeSecretResult();
description.setRotationEnabled(true);
description.setVersionIdsToStages(ImmutableMap.of("clientRequestToken", Arrays.asList("AWSPENDING")));
given(secretsManager.getSecretStage("secretId", CURRENT)).willReturn(secretByteBuffer);
given(secretsManager.describeSecret("secretId")).willReturn(description);
given(secretsManager.getSecretVersion("secretId", "clientRequestToken")).willThrow(new ResourceNotFoundException(""));
final InputStream input = new StringInputStream("{\"Step\": \"createSecret\",\"ClientRequestToken\": \"clientRequestToken\",\"SecretId\":\"secretId\"}");
final ByteArrayOutputStream output = new ByteArrayOutputStream();
final Context context = mock(Context.class);
// when
rotator.handleRequest(input, output, context);
// then
final byte[] modifiedBytes = secretByteBuffer.array();
assertEquals(32, modifiedBytes.length);
assertNotEquals(originalHashCode, Arrays.hashCode(secretBytes));
new ObjectMapper().readTree(output.toByteArray());
}
use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.
the class MultiFernetKeyRotatorTest method verifyTestRejectsTooFewBytes.
@Test
public final void verifyTestRejectsTooFewBytes() throws IOException {
// given
final byte[] shortArray = new byte[6 * 32 - 1];
Arrays.fill(shortArray, (byte) 0);
final DescribeSecretResult description = new DescribeSecretResult();
description.setRotationEnabled(true);
description.setVersionIdsToStages(ImmutableMap.of("version", Arrays.asList("AWSPENDING")));
final InputStream input = new StringInputStream("{\"Step\": \"testSecret\",\"ClientRequestToken\": \"version\",\"SecretId\":\"secret\"}");
final ByteArrayOutputStream output = new ByteArrayOutputStream();
final Context context = mock(Context.class);
given(secretsManager.getSecretVersion("secret", "version")).willReturn(ByteBuffer.wrap(shortArray));
given(secretsManager.describeSecret("secret")).willReturn(description);
// when / then
assertThrows(IllegalStateException.class, () -> rotator.handleRequest(input, output, context));
new ObjectMapper().readTree(output.toByteArray());
}
use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.
the class MultiFernetKeyRotatorTest method verifyTestAcceptsValidSecret.
@Test
public final void verifyTestAcceptsValidSecret() throws IOException {
// given
final Key key0 = Key.generateKey(random);
final Key key1 = Key.generateKey(random);
final Key key2 = Key.generateKey(random);
final DescribeSecretResult description = new DescribeSecretResult();
description.setRotationEnabled(true);
description.setVersionIdsToStages(ImmutableMap.of("version", Arrays.asList("AWSPENDING")));
final InputStream input = new StringInputStream("{\"Step\": \"testSecret\",\"ClientRequestToken\": \"version\",\"SecretId\":\"secret\"}");
final ByteArrayOutputStream output = new ByteArrayOutputStream();
final Context context = mock(Context.class);
try (ByteArrayOutputStream stream = new ByteArrayOutputStream()) {
key0.writeTo(stream);
key1.writeTo(stream);
key2.writeTo(stream);
given(secretsManager.getSecretVersion("secret", "version")).willReturn(ByteBuffer.wrap(stream.toByteArray()));
given(secretsManager.getSecretStage("secret", CURRENT)).willReturn(ByteBuffer.wrap(stream.toByteArray()));
given(secretsManager.describeSecret("secret")).willReturn(description);
// when
rotator.handleRequest(input, output, context);
// then
new ObjectMapper().readTree(output.toByteArray());
}
}
use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.
the class MultiFernetKeyRotatorTest method verifyTestClearsIntermediateSecret.
@Test
public final void verifyTestClearsIntermediateSecret() throws IOException {
// given
final byte[] secretBytes = new byte[32];
for (byte i = 32; --i >= 0; secretBytes[i] = i) ;
final int originalHashCode = Arrays.hashCode(secretBytes);
final ByteBuffer secretByteBuffer = ByteBuffer.wrap(secretBytes);
assertTrue(Arrays.equals(secretByteBuffer.array(), secretBytes));
final DescribeSecretResult description = new DescribeSecretResult();
description.setRotationEnabled(true);
description.setVersionIdsToStages(ImmutableMap.of("clientRequestToken", Arrays.asList("AWSPENDING")));
final InputStream input = new StringInputStream("{\"Step\": \"testSecret\",\"ClientRequestToken\": \"clientRequestToken\",\"SecretId\":\"secretId\"}");
final ByteArrayOutputStream output = new ByteArrayOutputStream();
final Context context = mock(Context.class);
given(secretsManager.getSecretVersion("secretId", "clientRequestToken")).willReturn(secretByteBuffer);
given(secretsManager.describeSecret("secretId")).willReturn(description);
// when
rotator.handleRequest(input, output, context);
// then
final byte[] modifiedBytes = secretByteBuffer.array();
assertEquals(32, modifiedBytes.length);
assertNotEquals(originalHashCode, Arrays.hashCode(secretBytes));
new ObjectMapper().readTree(output.toByteArray());
}
use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.
the class SimpleFernetKeyRotatorTest method verifyHandleRequestTestsTooManyBytes.
@Test
public final void verifyHandleRequestTestsTooManyBytes() throws IOException {
// given
final Context context = mock(Context.class);
final String clientRequestToken = "clientRequestToken";
final String secretId = "secretId";
final DescribeSecretResult secretDescription = new DescribeSecretResult();
secretDescription.setRotationEnabled(true);
secretDescription.addVersionIdsToStagesEntry(clientRequestToken, singletonList("AWSPENDING"));
given(secretsManager.describeSecret(secretId)).willReturn(secretDescription);
given(secretsManager.getSecretVersion(secretId, clientRequestToken)).willReturn(ByteBuffer.allocateDirect(33));
final RotationRequest testRequest = new RotationRequest();
testRequest.setClientRequestToken(clientRequestToken);
testRequest.setSecretId(secretId);
testRequest.setStep(Step.TEST_SECRET);
final byte[] testRequestBytes = mapper.writeValueAsBytes(testRequest);
try (InputStream input = new ByteArrayInputStream(testRequestBytes)) {
try (OutputStream output = new ByteArrayOutputStream()) {
// when / then (exception thrown)
assertThrows(RuntimeException.class, () -> rotator.handleRequest(input, output, context));
}
}
}
Aggregations