use of keywhiz.api.ApiDate in project keywhiz by square.
the class ClientDetailResponseV2Test method serializesNullLastSeenCorrectly.
@Test
public void serializesNullLastSeenCorrectly() throws Exception {
ApiDate createdAt = new ApiDate(1343826930);
ApiDate updatedAt = new ApiDate(1347246930);
Client client = new Client(0, "Client Name", "Client Description", createdAt, "creator-user", updatedAt, "updater-user", null, true, false);
ClientDetailResponseV2 clientDetailResponse = ClientDetailResponseV2.fromClient(client);
assertThat(asJson(clientDetailResponse)).isEqualTo(jsonFixture("fixtures/v2/clientDetailResponse_LastSeenNull.json"));
}
use of keywhiz.api.ApiDate in project keywhiz by square.
the class AclDAO method getSanitizedSecretFor.
public Optional<SanitizedSecret> getSanitizedSecretFor(Client client, String secretName) {
checkNotNull(client);
checkArgument(!secretName.isEmpty());
SelectQuery<Record> query = dslContext.select(SECRETS.fields()).from(SECRETS).join(ACCESSGRANTS).on(SECRETS.ID.eq(ACCESSGRANTS.SECRETID)).join(MEMBERSHIPS).on(ACCESSGRANTS.GROUPID.eq(MEMBERSHIPS.GROUPID)).join(CLIENTS).on(CLIENTS.ID.eq(MEMBERSHIPS.CLIENTID)).join(SECRETS_CONTENT).on(SECRETS_CONTENT.ID.eq(SECRETS.CURRENT)).where(CLIENTS.NAME.eq(client.getName()).and(SECRETS.CURRENT.isNotNull()).and(SECRETS.NAME.eq(secretName))).limit(1).getQuery();
query.addSelect(SECRETS_CONTENT.CONTENT_HMAC);
query.addSelect(SECRETS_CONTENT.CREATEDAT);
query.addSelect(SECRETS_CONTENT.CREATEDBY);
query.addSelect(SECRETS_CONTENT.UPDATEDAT);
query.addSelect(SECRETS_CONTENT.UPDATEDBY);
query.addSelect(SECRETS_CONTENT.METADATA);
query.addSelect(SECRETS_CONTENT.EXPIRY);
return Optional.ofNullable(query.fetchOne()).map(row -> {
SecretSeries series = secretSeriesMapper.map(row.into(SECRETS));
return SanitizedSecret.of(series.id(), series.name(), row.getValue(SECRETS_CONTENT.CONTENT_HMAC), series.description(), new ApiDate(row.getValue(SECRETS_CONTENT.CREATEDAT)), row.getValue(SECRETS_CONTENT.CREATEDBY), new ApiDate(row.getValue(SECRETS_CONTENT.UPDATEDAT)), row.getValue(SECRETS_CONTENT.UPDATEDBY), secretContentMapper.tryToReadMapFromMetadata(row.getValue(SECRETS_CONTENT.METADATA)), series.type().orElse(null), series.generationOptions(), row.getValue(SECRETS_CONTENT.EXPIRY), series.currentVersion().orElse(null));
});
}
use of keywhiz.api.ApiDate in project keywhiz by square.
the class ClientAuthFactoryTest method createsDbRecordForNewClient.
@Test
public void createsDbRecordForNewClient() throws Exception {
ApiDate now = ApiDate.now();
Client newClient = new Client(2345L, "new-client", "desc", now, "automatic", now, "automatic", null, true, false);
// lookup doesn't find client
when(securityContext.getUserPrincipal()).thenReturn(SimplePrincipal.of("CN=new-client"));
when(clientDAO.getClient("new-client")).thenReturn(Optional.empty());
// a new DB record is created
when(clientDAO.createClient(eq("new-client"), eq("automatic"), any())).thenReturn(2345L);
when(clientDAO.getClientById(2345L)).thenReturn(Optional.of(newClient));
assertThat(factory.provide(request)).isEqualTo(newClient);
}
use of keywhiz.api.ApiDate in project keywhiz by square.
the class ClientAuthenticatorTest method doesNotCreateDbRecordForNewClient_whenNotConfigured_spiffePrincipal.
@Test
public void doesNotCreateDbRecordForNewClient_whenNotConfigured_spiffePrincipal() throws URISyntaxException {
ApiDate now = ApiDate.now();
Client newClient = new Client(2345L, "new-client", "desc", null, now, "automatic", now, "automatic", null, null, true, false);
// lookup doesn't find client
when(clientDAO.getClientByName("new-client")).thenReturn(Optional.empty());
// a new DB record should not be created, but mock the DAO to create a client if called
when(clientDAO.createClient(eq("new-client"), eq("automatic"), any(), any())).thenReturn(2345L);
when(clientDAO.getClientById(2345L)).thenReturn(Optional.of(newClient));
assertThat(authenticator.authenticate(new SpiffePrincipal(new URI("spiffe://example.org/new-client")), false)).isEmpty();
// the authenticator should not have tried to create the new client
verify(clientDAO, never()).createClient(anyString(), anyString(), anyString(), any());
}
use of keywhiz.api.ApiDate in project keywhiz by square.
the class ClientAuthenticatorTest method respectsClientAuthConfig.
@Test
public void respectsClientAuthConfig() {
ApiDate now = ApiDate.now();
Client otherClient = new Client(2345L, "other-client", "desc", null, now, "automatic", now, "automatic", null, null, true, false);
when(clientDAO.getClientByName(clientName)).thenReturn(Optional.of(client));
when(clientDAO.getClientBySpiffeId(clientSpiffe)).thenReturn(Optional.of(otherClient));
// Retrieve the client using the client name only
when(clientAuthTypeConfig.useCommonName()).thenReturn(true);
when(clientAuthTypeConfig.useSpiffeId()).thenReturn(false);
assertThat(authenticator.authenticate(certPrincipal, false)).isEqualTo(Optional.of(client));
// Retrieve the client using the SPIFFE ID only
when(clientAuthTypeConfig.useCommonName()).thenReturn(false);
when(clientAuthTypeConfig.useSpiffeId()).thenReturn(true);
assertThat(authenticator.authenticate(certPrincipal, false)).isEqualTo(Optional.of(otherClient));
}
Aggregations