Search in sources :

Example 11 with ApiDate

use of keywhiz.api.ApiDate in project keywhiz by square.

the class ClientDetailResponseV2Test method serializesNullLastSeenCorrectly.

@Test
public void serializesNullLastSeenCorrectly() throws Exception {
    ApiDate createdAt = new ApiDate(1343826930);
    ApiDate updatedAt = new ApiDate(1347246930);
    Client client = new Client(0, "Client Name", "Client Description", createdAt, "creator-user", updatedAt, "updater-user", null, true, false);
    ClientDetailResponseV2 clientDetailResponse = ClientDetailResponseV2.fromClient(client);
    assertThat(asJson(clientDetailResponse)).isEqualTo(jsonFixture("fixtures/v2/clientDetailResponse_LastSeenNull.json"));
}
Also used : ApiDate(keywhiz.api.ApiDate) Client(keywhiz.api.model.Client) Test(org.junit.Test)

Example 12 with ApiDate

use of keywhiz.api.ApiDate in project keywhiz by square.

the class AclDAO method getSanitizedSecretFor.

public Optional<SanitizedSecret> getSanitizedSecretFor(Client client, String secretName) {
    checkNotNull(client);
    checkArgument(!secretName.isEmpty());
    SelectQuery<Record> query = dslContext.select(SECRETS.fields()).from(SECRETS).join(ACCESSGRANTS).on(SECRETS.ID.eq(ACCESSGRANTS.SECRETID)).join(MEMBERSHIPS).on(ACCESSGRANTS.GROUPID.eq(MEMBERSHIPS.GROUPID)).join(CLIENTS).on(CLIENTS.ID.eq(MEMBERSHIPS.CLIENTID)).join(SECRETS_CONTENT).on(SECRETS_CONTENT.ID.eq(SECRETS.CURRENT)).where(CLIENTS.NAME.eq(client.getName()).and(SECRETS.CURRENT.isNotNull()).and(SECRETS.NAME.eq(secretName))).limit(1).getQuery();
    query.addSelect(SECRETS_CONTENT.CONTENT_HMAC);
    query.addSelect(SECRETS_CONTENT.CREATEDAT);
    query.addSelect(SECRETS_CONTENT.CREATEDBY);
    query.addSelect(SECRETS_CONTENT.UPDATEDAT);
    query.addSelect(SECRETS_CONTENT.UPDATEDBY);
    query.addSelect(SECRETS_CONTENT.METADATA);
    query.addSelect(SECRETS_CONTENT.EXPIRY);
    return Optional.ofNullable(query.fetchOne()).map(row -> {
        SecretSeries series = secretSeriesMapper.map(row.into(SECRETS));
        return SanitizedSecret.of(series.id(), series.name(), row.getValue(SECRETS_CONTENT.CONTENT_HMAC), series.description(), new ApiDate(row.getValue(SECRETS_CONTENT.CREATEDAT)), row.getValue(SECRETS_CONTENT.CREATEDBY), new ApiDate(row.getValue(SECRETS_CONTENT.UPDATEDAT)), row.getValue(SECRETS_CONTENT.UPDATEDBY), secretContentMapper.tryToReadMapFromMetadata(row.getValue(SECRETS_CONTENT.METADATA)), series.type().orElse(null), series.generationOptions(), row.getValue(SECRETS_CONTENT.EXPIRY), series.currentVersion().orElse(null));
    });
}
Also used : ApiDate(keywhiz.api.ApiDate) SecretSeries(keywhiz.api.model.SecretSeries) SecretsRecord(keywhiz.jooq.tables.records.SecretsRecord) Record(org.jooq.Record)

Example 13 with ApiDate

use of keywhiz.api.ApiDate in project keywhiz by square.

the class ClientAuthFactoryTest method createsDbRecordForNewClient.

@Test
public void createsDbRecordForNewClient() throws Exception {
    ApiDate now = ApiDate.now();
    Client newClient = new Client(2345L, "new-client", "desc", now, "automatic", now, "automatic", null, true, false);
    // lookup doesn't find client
    when(securityContext.getUserPrincipal()).thenReturn(SimplePrincipal.of("CN=new-client"));
    when(clientDAO.getClient("new-client")).thenReturn(Optional.empty());
    // a new DB record is created
    when(clientDAO.createClient(eq("new-client"), eq("automatic"), any())).thenReturn(2345L);
    when(clientDAO.getClientById(2345L)).thenReturn(Optional.of(newClient));
    assertThat(factory.provide(request)).isEqualTo(newClient);
}
Also used : ApiDate(keywhiz.api.ApiDate) Client(keywhiz.api.model.Client) Test(org.junit.Test)

Example 14 with ApiDate

use of keywhiz.api.ApiDate in project keywhiz by square.

the class ClientAuthenticatorTest method doesNotCreateDbRecordForNewClient_whenNotConfigured_spiffePrincipal.

@Test
public void doesNotCreateDbRecordForNewClient_whenNotConfigured_spiffePrincipal() throws URISyntaxException {
    ApiDate now = ApiDate.now();
    Client newClient = new Client(2345L, "new-client", "desc", null, now, "automatic", now, "automatic", null, null, true, false);
    // lookup doesn't find client
    when(clientDAO.getClientByName("new-client")).thenReturn(Optional.empty());
    // a new DB record should not be created, but mock the DAO to create a client if called
    when(clientDAO.createClient(eq("new-client"), eq("automatic"), any(), any())).thenReturn(2345L);
    when(clientDAO.getClientById(2345L)).thenReturn(Optional.of(newClient));
    assertThat(authenticator.authenticate(new SpiffePrincipal(new URI("spiffe://example.org/new-client")), false)).isEmpty();
    // the authenticator should not have tried to create the new client
    verify(clientDAO, never()).createClient(anyString(), anyString(), anyString(), any());
}
Also used : ApiDate(keywhiz.api.ApiDate) Client(keywhiz.api.model.Client) URI(java.net.URI) SpiffePrincipal(keywhiz.auth.mutualssl.SpiffePrincipal) Test(org.junit.Test)

Example 15 with ApiDate

use of keywhiz.api.ApiDate in project keywhiz by square.

the class ClientAuthenticatorTest method respectsClientAuthConfig.

@Test
public void respectsClientAuthConfig() {
    ApiDate now = ApiDate.now();
    Client otherClient = new Client(2345L, "other-client", "desc", null, now, "automatic", now, "automatic", null, null, true, false);
    when(clientDAO.getClientByName(clientName)).thenReturn(Optional.of(client));
    when(clientDAO.getClientBySpiffeId(clientSpiffe)).thenReturn(Optional.of(otherClient));
    // Retrieve the client using the client name only
    when(clientAuthTypeConfig.useCommonName()).thenReturn(true);
    when(clientAuthTypeConfig.useSpiffeId()).thenReturn(false);
    assertThat(authenticator.authenticate(certPrincipal, false)).isEqualTo(Optional.of(client));
    // Retrieve the client using the SPIFFE ID only
    when(clientAuthTypeConfig.useCommonName()).thenReturn(false);
    when(clientAuthTypeConfig.useSpiffeId()).thenReturn(true);
    assertThat(authenticator.authenticate(certPrincipal, false)).isEqualTo(Optional.of(otherClient));
}
Also used : ApiDate(keywhiz.api.ApiDate) Client(keywhiz.api.model.Client) Test(org.junit.Test)

Aggregations

ApiDate (keywhiz.api.ApiDate)19 Test (org.junit.Test)14 Client (keywhiz.api.model.Client)13 SecretSeries (keywhiz.api.model.SecretSeries)6 URI (java.net.URI)2 AutomationClient (keywhiz.api.model.AutomationClient)2 SpiffePrincipal (keywhiz.auth.mutualssl.SpiffePrincipal)2 Instant (java.time.Instant)1 CertificatePrincipal (keywhiz.auth.mutualssl.CertificatePrincipal)1 SecretsRecord (keywhiz.jooq.tables.records.SecretsRecord)1 Record (org.jooq.Record)1 Before (org.junit.Before)1