use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.
the class CertificateAuthorityService method findActiveVersion.
public CertificateCredentialValue findActiveVersion(String caName) {
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), caName, PermissionOperation.READ)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
CredentialVersion mostRecent = certificateVersionDataService.findActive(caName);
if (mostRecent == null) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
if (!(mostRecent instanceof CertificateCredentialVersion)) {
throw new ParameterizedValidationException("error.not_a_ca_name");
}
CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) mostRecent;
if (!certificateCredential.getParsedCertificate().isCa()) {
throw new ParameterizedValidationException("error.cert_not_ca");
}
return new CertificateCredentialValue(null, certificateCredential.getCertificate(), certificateCredential.getPrivateKey(), null, certificateCredential.isVersionTransitional());
}
use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.
the class CertificateGenerator method generateCredential.
@Override
public CertificateCredentialValue generateCredential(GenerationParameters p) {
CertificateGenerationParameters params = (CertificateGenerationParameters) p;
KeyPair keyPair;
String privatePem;
try {
keyPair = keyGenerator.generateKeyPair(params.getKeyLength());
privatePem = pemOf(keyPair.getPrivate());
} catch (Exception e) {
throw new RuntimeException(e);
}
if (params.isSelfSigned()) {
try {
String cert = pemOf(signedCertificateGenerator.getSelfSigned(keyPair, params));
return new CertificateCredentialValue(cert, cert, privatePem, null);
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
String caName = params.getCaName();
CertificateCredentialValue ca = certificateAuthorityService.findActiveVersion(caName);
if (ca.getPrivateKey() == null) {
throw new ParameterizedValidationException("error.ca_missing_private_key");
}
String caCertificate = ca.getCertificate();
try {
X509Certificate cert = signedCertificateGenerator.getSignedByIssuer(keyPair, params, CertificateReader.getCertificate(caCertificate), PrivateKeyReader.getPrivateKey(ca.getPrivateKey()));
return new CertificateCredentialValue(caCertificate, pemOf(cert), privatePem, caName);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateServiceTest method save_whenTransitionalIsFalse_delegatesToPermissionedCredentialService.
@Test
public void save_whenTransitionalIsFalse_delegatesToPermissionedCredentialService() throws Exception {
CertificateCredentialValue value = mock(CertificateCredentialValue.class);
when(value.isTransitional()).thenReturn(false);
BaseCredentialGenerateRequest generateRequest = mock(BaseCredentialGenerateRequest.class);
subject.save(mock(CredentialVersion.class), value, generateRequest, newArrayList());
Mockito.verify(generateRequest).setType(eq("certificate"));
Mockito.verify(permissionedCredentialService).save(any(), eq(value), eq(generateRequest), any());
}
use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateServiceTest method save_whenTransitionalIsTrue_andThereAreNoOtherTransitionalVersions_delegatesToPermissionedCredentialService.
@Test
public void save_whenTransitionalIsTrue_andThereAreNoOtherTransitionalVersions_delegatesToPermissionedCredentialService() throws Exception {
CertificateCredentialValue value = mock(CertificateCredentialValue.class);
when(value.isTransitional()).thenReturn(true);
BaseCredentialGenerateRequest generateRequest = mock(BaseCredentialGenerateRequest.class);
when(generateRequest.getName()).thenReturn("/some-name");
CertificateCredentialVersion previousVersion = mock(CertificateCredentialVersion.class);
when(previousVersion.isVersionTransitional()).thenReturn(false);
when(permissionedCredentialService.findAllByName(eq("/some-name"), any())).thenReturn(newArrayList(previousVersion));
subject.save(mock(CredentialVersion.class), value, generateRequest, newArrayList());
Mockito.verify(generateRequest).setType(eq("certificate"));
Mockito.verify(permissionedCredentialService).save(any(), eq(value), eq(generateRequest), any());
}
use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.
the class SetHandlerTest method handleSetRequest_withACertificateSetRequest_andACaName_providesCaCertificate.
@Test
public void handleSetRequest_withACertificateSetRequest_andACaName_providesCaCertificate() {
CertificateCredentialValue cerificateAuthority = new CertificateCredentialValue(null, TestConstants.TEST_CA, null, null);
when(certificateAuthorityService.findActiveVersion("/test-ca-name")).thenReturn(cerificateAuthority);
CertificateSetRequest setRequest = new CertificateSetRequest();
final CertificateCredentialValue credentialValue = new CertificateCredentialValue(null, TestConstants.TEST_CERTIFICATE, "Enterprise", "test-ca-name");
final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
setRequest.setType("certificate");
setRequest.setName("/captain");
setRequest.setAdditionalPermissions(accessControlEntries);
setRequest.setOverwrite(false);
setRequest.setCertificateValue(credentialValue);
CertificateCredentialValue expectedCredentialValue = new CertificateCredentialValue(TestConstants.TEST_CA, TestConstants.TEST_CERTIFICATE, "Enterprise", "/test-ca-name");
ArgumentCaptor<CredentialValue> credentialValueArgumentCaptor = ArgumentCaptor.forClass(CredentialValue.class);
subject.handle(setRequest, eventAuditRecordParameters);
verify(credentialService).save(eq(null), credentialValueArgumentCaptor.capture(), eq(setRequest), eq(eventAuditRecordParameters));
assertThat(credentialValueArgumentCaptor.getValue(), samePropertyValuesAs(expectedCredentialValue));
verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
Aggregations