use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesWithRenewingCa.
@Test
public void testRenewalOfDeploymentCertificatesWithRenewingCa() throws IOException {
Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
ClusterCa clusterCaMock = mock(ClusterCa.class);
when(clusterCaMock.certRenewed()).thenReturn(true);
when(clusterCaMock.isExpiring(any(), any())).thenReturn(false);
when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
String namespace = "my-namespace";
String secretName = "my-secret";
String commonName = "deployment";
String keyCertName = "deployment";
Labels labels = Labels.forStrimziCluster("my-cluster");
OwnerReference ownerReference = new OwnerReference();
Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesWithNullSecret.
@Test
public void testRenewalOfDeploymentCertificatesWithNullSecret() throws IOException {
CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
ClusterCa clusterCaMock = mock(ClusterCa.class);
when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
String namespace = "my-namespace";
String secretName = "my-secret";
String commonName = "deployment";
String keyCertName = "deployment";
Labels labels = Labels.forStrimziCluster("my-cluster");
OwnerReference ownerReference = new OwnerReference();
Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, null, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesDelayedRenewal.
@Test
public void testRenewalOfDeploymentCertificatesDelayedRenewal() throws IOException {
Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
ClusterCa clusterCaMock = mock(ClusterCa.class);
when(clusterCaMock.certRenewed()).thenReturn(false);
when(clusterCaMock.isExpiring(any(), any())).thenReturn(true);
when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
String namespace = "my-namespace";
String secretName = "my-secret";
String commonName = "deployment";
String keyCertName = "deployment";
Labels labels = Labels.forStrimziCluster("my-cluster");
OwnerReference ownerReference = new OwnerReference();
Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesDelayedRenewalOutsideOfMaintenanceWindow.
@Test
public void testRenewalOfDeploymentCertificatesDelayedRenewalOutsideOfMaintenanceWindow() throws IOException {
Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
ClusterCa clusterCaMock = mock(ClusterCa.class);
when(clusterCaMock.certRenewed()).thenReturn(false);
when(clusterCaMock.isExpiring(any(), any())).thenReturn(true);
when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
String namespace = "my-namespace";
String secretName = "my-secret";
String commonName = "deployment";
String keyCertName = "deployment";
Labels labels = Labels.forStrimziCluster("my-cluster");
OwnerReference ownerReference = new OwnerReference();
Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, false);
assertThat(newSecret.getData(), hasEntry("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())));
assertThat(newSecret.getData(), hasEntry("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())));
assertThat(newSecret.getData(), hasEntry("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())));
assertThat(newSecret.getData(), hasEntry("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())));
}
use of io.strimzi.certs.CertAndKey in project strimzi-kafka-operator by strimzi.
the class CertificateRenewalTest method initialCaSecrets.
private List<Secret> initialCaSecrets(CertificateAuthority certificateAuthority, String commonName, String caKeySecretName, String caCertSecretName) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
CertAndKey result = generateCa(certManager, certificateAuthority, commonName);
List<Secret> secrets = new ArrayList<>();
secrets.add(ResourceUtils.createInitialCaKeySecret(NAMESPACE, NAME, caKeySecretName, result.keyAsBase64String()));
secrets.add(ResourceUtils.createInitialCaCertSecret(NAMESPACE, NAME, caCertSecretName, result.certAsBase64String(), result.trustStoreAsBase64String(), result.storePasswordAsBase64String()));
return secrets;
}
Aggregations