Examples with CertAndKey io.strimzi.certs.CertAndKey used on opensource projects

Search in sources :

Example 26 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi by strimzi.

the class CaRenewalTest method renewalOfStatefulSetCertificatesDelayedRenewalInWindow.

@ParallelTest
public void renewalOfStatefulSetCertificatesDelayedRenewalInWindow() throws IOException {
    MockedCa mockedCa = new MockedCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, null, null, 2, 1, true, null);
    mockedCa.setCertExpiring(true);
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("pod0.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod0.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod0.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod0.password", Base64.getEncoder().encodeToString("old-password".getBytes())).addToData("pod1.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod1.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod1.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod1.password", Base64.getEncoder().encodeToString("old-password".getBytes())).addToData("pod2.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod2.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod2.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod2.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    int replicas = 3;
    Function<Integer, Subject> subjectFn = i -> new Subject.Builder().build();
    Function<Integer, String> podNameFn = i -> "pod" + i;
    boolean isMaintenanceTimeWindowsSatisfied = true;
    Map<String, CertAndKey> newCerts = mockedCa.maybeCopyOrGenerateCerts(Reconciliation.DUMMY_RECONCILIATION, replicas, subjectFn, initialSecret, podNameFn, isMaintenanceTimeWindowsSatisfied);
    assertThat(new String(newCerts.get("pod0").cert()), is("new-cert0"));
    assertThat(new String(newCerts.get("pod0").key()), is("new-key0"));
    assertThat(new String(newCerts.get("pod0").keyStore()), is("new-keystore0"));
    assertThat(newCerts.get("pod0").storePassword(), is("new-password0"));
    assertThat(new String(newCerts.get("pod1").cert()), is("new-cert1"));
    assertThat(new String(newCerts.get("pod1").key()), is("new-key1"));
    assertThat(new String(newCerts.get("pod1").keyStore()), is("new-keystore1"));
    assertThat(newCerts.get("pod1").storePassword(), is("new-password1"));
    assertThat(new String(newCerts.get("pod2").cert()), is("new-cert2"));
    assertThat(new String(newCerts.get("pod2").key()), is("new-key2"));
    assertThat(new String(newCerts.get("pod2").keyStore()), is("new-keystore2"));
    assertThat(newCerts.get("pod2").storePassword(), is("new-password2"));
}
Also used : X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) ParallelTest(io.strimzi.test.annotations.ParallelTest) CertManager(io.strimzi.certs.CertManager) IOException(java.io.IOException) VertxExtension(io.vertx.junit5.VertxExtension) CertAndKey(io.strimzi.certs.CertAndKey) Function(java.util.function.Function) File(java.io.File) Subject(io.strimzi.certs.Subject) Reconciliation(io.strimzi.operator.common.Reconciliation) Base64(java.util.Base64) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Map(java.util.Map) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy) Subject(io.strimzi.certs.Subject) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CertAndKey(io.strimzi.certs.CertAndKey) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 27 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi by strimzi.

the class CaRenewalTest method renewalOfStatefulSetCertificatesWithCaRenewal.

@ParallelTest
public void renewalOfStatefulSetCertificatesWithCaRenewal() throws IOException {
    MockedCa mockedCa = new MockedCa(Reconciliation.DUMMY_RECONCILIATION, null, null, null, null, null, null, null, 2, 1, true, null);
    mockedCa.setCertRenewed(true);
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("pod0.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod0.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod0.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod0.password", Base64.getEncoder().encodeToString("old-password".getBytes())).addToData("pod1.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod1.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod1.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod1.password", Base64.getEncoder().encodeToString("old-password".getBytes())).addToData("pod2.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("pod2.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("pod2.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("pod2.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    int replicas = 3;
    Function<Integer, Subject> subjectFn = i -> new Subject.Builder().build();
    Function<Integer, String> podNameFn = i -> "pod" + i;
    boolean isMaintenanceTimeWindowsSatisfied = true;
    Map<String, CertAndKey> newCerts = mockedCa.maybeCopyOrGenerateCerts(Reconciliation.DUMMY_RECONCILIATION, replicas, subjectFn, initialSecret, podNameFn, isMaintenanceTimeWindowsSatisfied);
    assertThat(new String(newCerts.get("pod0").cert()), is("new-cert0"));
    assertThat(new String(newCerts.get("pod0").key()), is("new-key0"));
    assertThat(new String(newCerts.get("pod0").keyStore()), is("new-keystore0"));
    assertThat(newCerts.get("pod0").storePassword(), is("new-password0"));
    assertThat(new String(newCerts.get("pod1").cert()), is("new-cert1"));
    assertThat(new String(newCerts.get("pod1").key()), is("new-key1"));
    assertThat(new String(newCerts.get("pod1").keyStore()), is("new-keystore1"));
    assertThat(newCerts.get("pod1").storePassword(), is("new-password1"));
    assertThat(new String(newCerts.get("pod2").cert()), is("new-cert2"));
    assertThat(new String(newCerts.get("pod2").key()), is("new-key2"));
    assertThat(new String(newCerts.get("pod2").keyStore()), is("new-keystore2"));
    assertThat(newCerts.get("pod2").storePassword(), is("new-password2"));
}
Also used : X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) ParallelTest(io.strimzi.test.annotations.ParallelTest) CertManager(io.strimzi.certs.CertManager) IOException(java.io.IOException) VertxExtension(io.vertx.junit5.VertxExtension) CertAndKey(io.strimzi.certs.CertAndKey) Function(java.util.function.Function) File(java.io.File) Subject(io.strimzi.certs.Subject) Reconciliation(io.strimzi.operator.common.Reconciliation) Base64(java.util.Base64) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Map(java.util.Map) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy) Subject(io.strimzi.certs.Subject) Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) CertAndKey(io.strimzi.certs.CertAndKey) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 28 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi by strimzi.

the class CruiseControl method generateCertificatesSecret.

/**
 * Generate the Secret containing the Cruise Control certificate signed by the cluster CA certificate used for TLS based
 * internal communication with Kafka
 * It also contains the related Cruise Control private key.
 *
 * @param namespace Namespace in which the Cruise Control cluster runs
 * @param kafkaName Name of the Kafka cluster (it is used for the SANs in the certificate)
 * @param clusterCa The cluster CA.
 * @param isMaintenanceTimeWindowsSatisfied Indicates whether we are in the maintenance window or not.
 *                                          This is used for certificate renewals
 *
 * @return The generated Secret.
 */
public Secret generateCertificatesSecret(String namespace, String kafkaName, ClusterCa clusterCa, boolean isMaintenanceTimeWindowsSatisfied) {
    Map<String, CertAndKey> ccCerts = new HashMap<>(4);
    LOGGER.debugCr(reconciliation, "Generating certificates");
    try {
        ccCerts = clusterCa.generateCcCerts(namespace, kafkaName, isMaintenanceTimeWindowsSatisfied);
    } catch (IOException e) {
        LOGGER.warnCr(reconciliation, "Error while generating certificates", e);
    }
    LOGGER.debugCr(reconciliation, "End generating certificates");
    String keyCertName = "cruise-control";
    Map<String, String> data = new HashMap<>(4);
    CertAndKey cert = ccCerts.get(keyCertName);
    data.put(keyCertName + ".key", cert.keyAsBase64String());
    data.put(keyCertName + ".crt", cert.certAsBase64String());
    data.put(keyCertName + ".p12", cert.keyStoreAsBase64String());
    data.put(keyCertName + ".password", cert.storePasswordAsBase64String());
    return createSecret(CruiseControlResources.secretName(cluster), data, Collections.singletonMap(clusterCa.caCertGenerationAnnotation(), String.valueOf(clusterCa.certGeneration())));
}
Also used : CertAndKey(io.strimzi.certs.CertAndKey) HashMap(java.util.HashMap) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) IOException(java.io.IOException)

Example 29 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesWithRenewingCa.

@Test
public void testRenewalOfDeploymentCertificatesWithRenewingCa() throws IOException {
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.certRenewed()).thenReturn(true);
    when(clusterCaMock.isExpiring(any(), any())).thenReturn(false);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Example 30 with CertAndKey

use of io.strimzi.certs.CertAndKey in project strimzi by strimzi.

the class CertificateRenewalTest method testRenewalOfDeploymentCertificatesDelayedRenewal.

@Test
public void testRenewalOfDeploymentCertificatesDelayedRenewal() throws IOException {
    Secret initialSecret = new SecretBuilder().withNewMetadata().withName("test-secret").endMetadata().addToData("deployment.crt", Base64.getEncoder().encodeToString("old-cert".getBytes())).addToData("deployment.key", Base64.getEncoder().encodeToString("old-key".getBytes())).addToData("deployment.p12", Base64.getEncoder().encodeToString("old-keystore".getBytes())).addToData("deployment.password", Base64.getEncoder().encodeToString("old-password".getBytes())).build();
    CertAndKey newCertAndKey = new CertAndKey("new-key".getBytes(), "new-cert".getBytes(), "new-truststore".getBytes(), "new-keystore".getBytes(), "new-password");
    ClusterCa clusterCaMock = mock(ClusterCa.class);
    when(clusterCaMock.certRenewed()).thenReturn(false);
    when(clusterCaMock.isExpiring(any(), any())).thenReturn(true);
    when(clusterCaMock.generateSignedCert(anyString(), anyString())).thenReturn(newCertAndKey);
    String namespace = "my-namespace";
    String secretName = "my-secret";
    String commonName = "deployment";
    String keyCertName = "deployment";
    Labels labels = Labels.forStrimziCluster("my-cluster");
    OwnerReference ownerReference = new OwnerReference();
    Secret newSecret = ModelUtils.buildSecret(Reconciliation.DUMMY_RECONCILIATION, clusterCaMock, initialSecret, namespace, secretName, commonName, keyCertName, labels, ownerReference, true);
    assertThat(newSecret.getData(), hasEntry("deployment.crt", newCertAndKey.certAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.key", newCertAndKey.keyAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.p12", newCertAndKey.keyStoreAsBase64String()));
    assertThat(newSecret.getData(), hasEntry("deployment.password", newCertAndKey.storePasswordAsBase64String()));
}
Also used : Secret(io.fabric8.kubernetes.api.model.Secret) SecretBuilder(io.fabric8.kubernetes.api.model.SecretBuilder) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) CertAndKey(io.strimzi.certs.CertAndKey) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Labels(io.strimzi.operator.common.model.Labels) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) Test(org.junit.jupiter.api.Test)

Aggregations

CertAndKey (io.strimzi.certs.CertAndKey)46 IOException (java.io.IOException)24 Secret (io.fabric8.kubernetes.api.model.Secret)18 SecretBuilder (io.fabric8.kubernetes.api.model.SecretBuilder)16 File (java.io.File)16 HashMap (java.util.HashMap)16 Subject (io.strimzi.certs.Subject)12 OwnerReference (io.fabric8.kubernetes.api.model.OwnerReference)10 Base64 (java.util.Base64)10 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)10 IntOrString (io.fabric8.kubernetes.api.model.IntOrString)8 CertificateExpirationPolicy (io.strimzi.api.kafka.model.CertificateExpirationPolicy)8 CertManager (io.strimzi.certs.CertManager)8 ClusterCa (io.strimzi.operator.cluster.model.ClusterCa)8 PasswordGenerator (io.strimzi.operator.common.PasswordGenerator)8 Reconciliation (io.strimzi.operator.common.Reconciliation)8 Labels (io.strimzi.operator.common.model.Labels)8 CertificateException (java.security.cert.CertificateException)8 X509Certificate (java.security.cert.X509Certificate)8 Map (java.util.Map)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial