Search in sources :

Example 16 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesWithRenewingCa.

@Test
public void testRenewalOfDeploymentCertificatesWithRenewingCa() throws IOException {
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.certRenewed()).thenReturn(true);
    when(clusterCaMock.isExpiring(any(), any())).thenReturn(false);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Example 17 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesWithNullSecret.

@Test
public void testRenewalOfDeploymentCertificatesWithNullSecret() throws IOException {
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, null, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Example 18 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesDelayedRenewal.

@Test
public void testRenewalOfDeploymentCertificatesDelayedRenewal() throws IOException {
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.certRenewed()).thenReturn(false);
    when(clusterCaMock.isExpiring(any(), any())).thenReturn(true);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Example 19 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesDelayedRenewalOutsideOfMaintenanceWindow.

@Test
public void testRenewalOfDeploymentCertificatesDelayedRenewalOutsideOfMaintenanceWindow() throws IOException {
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.certRenewed()).thenReturn(false);
    when(clusterCaMock.isExpiring(any(), any())).thenReturn(true);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, false);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())));
    assertThat(newSecret.getData(), hasEntry("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())));
    assertThat(newSecret.getData(), hasEntry("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Example 20 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.

the class CertificateRenewalTest method initialCaSecrets.

private List<Secret> initialCaSecrets(CertificateAuthority certificateAuthority, String commonName, String caKeySecretName, String caCertSecretName) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
    CertAndKey result = generateCa(certManager, certificateAuthority, commonName);
    List<Secret> secrets = new ArrayList<>();
    secrets.add(ResourceUtils.createInitialCaKeySecret(NAMESPACE, NAME, caKeySecretName, result.keyAsBase64String()));
    secrets.add(ResourceUtils.createInitialCaCertSecret(NAMESPACE, NAME, caCertSecretName, result.certAsBase64String(), result.trustStoreAsBase64String(), result.storePasswordAsBase64String()));
    return secrets;
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) CertAndKey(io.strimzi.certs.CertAndKey) ArrayList(java.util.ArrayList)

Aggregations

CertAndKey (io.strimzi.certs.CertAndKey)46 IOException (java.io.IOException)24 Secret (io.fabric8.kubernetes.api.model.Secret)18 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)16 File (java.io.File)16 HashMap (java.util.HashMap)16 Subject (io.strimzi.certs.Subject)12 OwnerReference (io.fabric8.kubernetes.api.model.OwnerReference)10 Base64 (java.util.Base64)10 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)10 IntOrString (io.fabric8.kubernetes.api.model.IntOrString)8 CertificateExpirationPolicy (io.strimzi.api.kafka.model.CertificateExpirationPolicy)8 CertManager (io.strimzi.certs.CertManager)8 ClusterCa (io.strimzi.operator.cluster.model.ClusterCa)8 PasswordGenerator (io.strimzi.operator.common.PasswordGenerator)8 Reconciliation (io.strimzi.operator.common.Reconciliation)8 Labels (io.strimzi.operator.common.model.Labels)8 CertificateException (java.security.cert.CertificateException)8 X509Certificate (java.security.cert.X509Certificate)8 Map (java.util.Map)8