Search in sources :

Example 6 with DescribeSecretResult

use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.

the class MultiFernetKeyRotatorTest method verifyCreateClearsIntermediateSecret.

@Test
public final void verifyCreateClearsIntermediateSecret() throws IOException {
    // given
    final byte[] secretBytes = new byte[32];
    random.nextBytes(secretBytes);
    final int originalHashCode = Arrays.hashCode(secretBytes);
    final ByteBuffer secretByteBuffer = ByteBuffer.wrap(secretBytes);
    assertTrue(Arrays.equals(secretByteBuffer.array(), secretBytes));
    final DescribeSecretResult description = new DescribeSecretResult();
    description.setRotationEnabled(true);
    description.setVersionIdsToStages(ImmutableMap.of("clientRequestToken", Arrays.asList("AWSPENDING")));
    given(secretsManager.getSecretStage("secretId", CURRENT)).willReturn(secretByteBuffer);
    given(secretsManager.describeSecret("secretId")).willReturn(description);
    given(secretsManager.getSecretVersion("secretId", "clientRequestToken")).willThrow(new ResourceNotFoundException(""));
    final InputStream input = new StringInputStream("{\"Step\": \"createSecret\",\"ClientRequestToken\": \"clientRequestToken\",\"SecretId\":\"secretId\"}");
    final ByteArrayOutputStream output = new ByteArrayOutputStream();
    final Context context = mock(Context.class);
    // when
    rotator.handleRequest(input, output, context);
    // then
    final byte[] modifiedBytes = secretByteBuffer.array();
    assertEquals(32, modifiedBytes.length);
    assertNotEquals(originalHashCode, Arrays.hashCode(secretBytes));
    new ObjectMapper().readTree(output.toByteArray());
}
Also used : Context(com.amazonaws.services.lambda.runtime.Context) DescribeSecretResult(com.amazonaws.services.secretsmanager.model.DescribeSecretResult) StringInputStream(com.amazonaws.util.StringInputStream) StringInputStream(com.amazonaws.util.StringInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ResourceNotFoundException(com.amazonaws.services.secretsmanager.model.ResourceNotFoundException) ByteBuffer(java.nio.ByteBuffer) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.Test)

Example 7 with DescribeSecretResult

use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.

the class MultiFernetKeyRotatorTest method verifyTestRejectsTooFewBytes.

@Test
public final void verifyTestRejectsTooFewBytes() throws IOException {
    // given
    final byte[] shortArray = new byte[6 * 32 - 1];
    Arrays.fill(shortArray, (byte) 0);
    final DescribeSecretResult description = new DescribeSecretResult();
    description.setRotationEnabled(true);
    description.setVersionIdsToStages(ImmutableMap.of("version", Arrays.asList("AWSPENDING")));
    final InputStream input = new StringInputStream("{\"Step\": \"testSecret\",\"ClientRequestToken\": \"version\",\"SecretId\":\"secret\"}");
    final ByteArrayOutputStream output = new ByteArrayOutputStream();
    final Context context = mock(Context.class);
    given(secretsManager.getSecretVersion("secret", "version")).willReturn(ByteBuffer.wrap(shortArray));
    given(secretsManager.describeSecret("secret")).willReturn(description);
    // when / then
    assertThrows(IllegalStateException.class, () -> rotator.handleRequest(input, output, context));
    new ObjectMapper().readTree(output.toByteArray());
}
Also used : Context(com.amazonaws.services.lambda.runtime.Context) DescribeSecretResult(com.amazonaws.services.secretsmanager.model.DescribeSecretResult) StringInputStream(com.amazonaws.util.StringInputStream) StringInputStream(com.amazonaws.util.StringInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.Test)

Example 8 with DescribeSecretResult

use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.

the class MultiFernetKeyRotatorTest method verifyTestAcceptsValidSecret.

@Test
public final void verifyTestAcceptsValidSecret() throws IOException {
    // given
    final Key key0 = Key.generateKey(random);
    final Key key1 = Key.generateKey(random);
    final Key key2 = Key.generateKey(random);
    final DescribeSecretResult description = new DescribeSecretResult();
    description.setRotationEnabled(true);
    description.setVersionIdsToStages(ImmutableMap.of("version", Arrays.asList("AWSPENDING")));
    final InputStream input = new StringInputStream("{\"Step\": \"testSecret\",\"ClientRequestToken\": \"version\",\"SecretId\":\"secret\"}");
    final ByteArrayOutputStream output = new ByteArrayOutputStream();
    final Context context = mock(Context.class);
    try (ByteArrayOutputStream stream = new ByteArrayOutputStream()) {
        key0.writeTo(stream);
        key1.writeTo(stream);
        key2.writeTo(stream);
        given(secretsManager.getSecretVersion("secret", "version")).willReturn(ByteBuffer.wrap(stream.toByteArray()));
        given(secretsManager.getSecretStage("secret", CURRENT)).willReturn(ByteBuffer.wrap(stream.toByteArray()));
        given(secretsManager.describeSecret("secret")).willReturn(description);
        // when
        rotator.handleRequest(input, output, context);
        // then
        new ObjectMapper().readTree(output.toByteArray());
    }
}
Also used : Context(com.amazonaws.services.lambda.runtime.Context) DescribeSecretResult(com.amazonaws.services.secretsmanager.model.DescribeSecretResult) StringInputStream(com.amazonaws.util.StringInputStream) StringInputStream(com.amazonaws.util.StringInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Key(com.macasaet.fernet.Key) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.Test)

Example 9 with DescribeSecretResult

use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.

the class MultiFernetKeyRotatorTest method verifyTestClearsIntermediateSecret.

@Test
public final void verifyTestClearsIntermediateSecret() throws IOException {
    // given
    final byte[] secretBytes = new byte[32];
    for (byte i = 32; --i >= 0; secretBytes[i] = i) ;
    final int originalHashCode = Arrays.hashCode(secretBytes);
    final ByteBuffer secretByteBuffer = ByteBuffer.wrap(secretBytes);
    assertTrue(Arrays.equals(secretByteBuffer.array(), secretBytes));
    final DescribeSecretResult description = new DescribeSecretResult();
    description.setRotationEnabled(true);
    description.setVersionIdsToStages(ImmutableMap.of("clientRequestToken", Arrays.asList("AWSPENDING")));
    final InputStream input = new StringInputStream("{\"Step\": \"testSecret\",\"ClientRequestToken\": \"clientRequestToken\",\"SecretId\":\"secretId\"}");
    final ByteArrayOutputStream output = new ByteArrayOutputStream();
    final Context context = mock(Context.class);
    given(secretsManager.getSecretVersion("secretId", "clientRequestToken")).willReturn(secretByteBuffer);
    given(secretsManager.describeSecret("secretId")).willReturn(description);
    // when
    rotator.handleRequest(input, output, context);
    // then
    final byte[] modifiedBytes = secretByteBuffer.array();
    assertEquals(32, modifiedBytes.length);
    assertNotEquals(originalHashCode, Arrays.hashCode(secretBytes));
    new ObjectMapper().readTree(output.toByteArray());
}
Also used : Context(com.amazonaws.services.lambda.runtime.Context) DescribeSecretResult(com.amazonaws.services.secretsmanager.model.DescribeSecretResult) StringInputStream(com.amazonaws.util.StringInputStream) StringInputStream(com.amazonaws.util.StringInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ByteBuffer(java.nio.ByteBuffer) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.Test)

Example 10 with DescribeSecretResult

use of com.amazonaws.services.secretsmanager.model.DescribeSecretResult in project fernet-java8 by l0s.

the class SimpleFernetKeyRotatorTest method verifyHandleRequestTestsTooManyBytes.

@Test
public final void verifyHandleRequestTestsTooManyBytes() throws IOException {
    // given
    final Context context = mock(Context.class);
    final String clientRequestToken = "clientRequestToken";
    final String secretId = "secretId";
    final DescribeSecretResult secretDescription = new DescribeSecretResult();
    secretDescription.setRotationEnabled(true);
    secretDescription.addVersionIdsToStagesEntry(clientRequestToken, singletonList("AWSPENDING"));
    given(secretsManager.describeSecret(secretId)).willReturn(secretDescription);
    given(secretsManager.getSecretVersion(secretId, clientRequestToken)).willReturn(ByteBuffer.allocateDirect(33));
    final RotationRequest testRequest = new RotationRequest();
    testRequest.setClientRequestToken(clientRequestToken);
    testRequest.setSecretId(secretId);
    testRequest.setStep(Step.TEST_SECRET);
    final byte[] testRequestBytes = mapper.writeValueAsBytes(testRequest);
    try (InputStream input = new ByteArrayInputStream(testRequestBytes)) {
        try (OutputStream output = new ByteArrayOutputStream()) {
            // when / then (exception thrown)
            assertThrows(RuntimeException.class, () -> rotator.handleRequest(input, output, context));
        }
    }
}
Also used : Context(com.amazonaws.services.lambda.runtime.Context) DescribeSecretResult(com.amazonaws.services.secretsmanager.model.DescribeSecretResult) ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) OutputStream(java.io.OutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Test(org.junit.Test)

Aggregations

DescribeSecretResult (com.amazonaws.services.secretsmanager.model.DescribeSecretResult)12 Test (org.junit.Test)11 Context (com.amazonaws.services.lambda.runtime.Context)10 ByteArrayOutputStream (java.io.ByteArrayOutputStream)10 InputStream (java.io.InputStream)10 StringInputStream (com.amazonaws.util.StringInputStream)6 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)6 Key (com.macasaet.fernet.Key)4 ByteArrayInputStream (java.io.ByteArrayInputStream)4 OutputStream (java.io.OutputStream)4 ResourceNotFoundException (com.amazonaws.services.secretsmanager.model.ResourceNotFoundException)3 DescribeSecretRequest (com.amazonaws.services.secretsmanager.model.DescribeSecretRequest)2 ByteBuffer (java.nio.ByteBuffer)2