Example 6 with EncryptionKeyMetadata
use of org.cloudfoundry.credhub.config.EncryptionKeyMetadata in project credhub by cloudfoundry-incubator.
the class EncryptionKeyCanaryMapper method mapUuidsToKeys.
void mapUuidsToKeys(EncryptionKeySet keySet) throws Exception {
List<EncryptionKeyCanary> encryptionKeyCanaries = encryptionKeyCanaryDataService.findAll();
for (EncryptionKeyMetadata keyMetadata : encryptionKeysConfiguration.getKeys()) {
EncryptionService encryptionService = providerFactory.getEncryptionService(keyMetadata.getProviderType());
KeyProxy keyProxy = encryptionService.createKeyProxy(keyMetadata);
EncryptionKeyCanary matchingCanary = null;
for (EncryptionKeyCanary canary : encryptionKeyCanaries) {
if (keyProxy.matchesCanary(canary)) {
matchingCanary = canary;
break;
}
}
if (matchingCanary == null) {
if (keyMetadata.isActive()) {
matchingCanary = createCanary(keyProxy, encryptionService);
} else {
continue;
}
}
if (keyMetadata.isActive()) {
keySet.setActive(matchingCanary.getUuid());
}
try {
keySet.add(new EncryptionKey(providerFactory.getEncryptionService(keyMetadata.getProviderType()), matchingCanary.getUuid(), keyProxy.getKey()));
} catch (Exception e) {
throw new RuntimeException("Failed to connect to encryption provider", e);
}
}
if (keySet.getActive() == null) {
throw new RuntimeException("No active key was found");
}
}
Also used :
EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary)
EncryptionKeyMetadata(org.cloudfoundry.credhub.config.EncryptionKeyMetadata)
Example 7 with EncryptionKeyMetadata
use of org.cloudfoundry.credhub.config.EncryptionKeyMetadata in project credhub by cloudfoundry-incubator.
the class EncryptionKeyRotatorTest method setActiveKey.
private void setActiveKey(int index) throws Exception {
List<EncryptionKeyMetadata> keys = new ArrayList<>();
for (EncryptionKeyMetadata encryptionKeyMetadata : encryptionKeysConfiguration.getKeys()) {
EncryptionKeyMetadata clonedKey = new EncryptionKeyMetadata();
clonedKey.setActive(false);
clonedKey.setEncryptionPassword(encryptionKeyMetadata.getEncryptionPassword());
clonedKey.setProviderType(encryptionKeyMetadata.getProviderType());
keys.add(clonedKey);
}
keys.get(index).setActive(true);
doReturn(keys).when(encryptionKeysConfiguration).getKeys();
keySet.reload();
}
Also used :
EncryptionKeyMetadata(org.cloudfoundry.credhub.config.EncryptionKeyMetadata)
ArrayList(java.util.ArrayList)
Example 8 with EncryptionKeyMetadata
use of org.cloudfoundry.credhub.config.EncryptionKeyMetadata in project credhub by cloudfoundry-incubator.
the class InternalEncryptionServiceTest method createsPasswordBasedKeyProxy.
@Test
public void createsPasswordBasedKeyProxy() throws Exception {
InternalEncryptionService subject = new InternalEncryptionService(new PasswordKeyProxyFactoryTestImpl());
EncryptionKeyMetadata keyMetadata = new EncryptionKeyMetadata();
keyMetadata.setEncryptionPassword("foobar");
final KeyProxy keyProxy = subject.createKeyProxy(keyMetadata);
assertThat(keyProxy, instanceOf(PasswordBasedKeyProxy.class));
}
Also used :
EncryptionKeyMetadata(org.cloudfoundry.credhub.config.EncryptionKeyMetadata)
PasswordKeyProxyFactoryTestImpl(org.cloudfoundry.credhub.util.PasswordKeyProxyFactoryTestImpl)
Test(org.junit.Test)
Aggregations
EncryptionKeyMetadata (org.cloudfoundry.credhub.config.EncryptionKeyMetadata)8
Test (org.junit.Test)4
EncryptedValue (org.cloudfoundry.credhub.entity.EncryptedValue)2
EncryptionKeyCanary (org.cloudfoundry.credhub.entity.EncryptionKeyCanary)2
PasswordKeyProxyFactoryTestImpl (org.cloudfoundry.credhub.util.PasswordKeyProxyFactoryTestImpl)2
Before (org.junit.Before)2
Key (java.security.Key)1
ArrayList (java.util.ArrayList)1
Supplier (java.util.function.Supplier)1
EncryptionKeysConfiguration (org.cloudfoundry.credhub.config.EncryptionKeysConfiguration)1
EncryptionKeyCanaryDataService (org.cloudfoundry.credhub.data.EncryptionKeyCanaryDataService)1
TimedRetry (org.cloudfoundry.credhub.util.TimedRetry)1
