Search in sources :

Example 1 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class CertificateAuthorityService method findActiveVersion.

public CertificateCredentialValue findActiveVersion(String caName) {
    if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), caName, PermissionOperation.READ)) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    CredentialVersion mostRecent = certificateVersionDataService.findActive(caName);
    if (mostRecent == null) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    if (!(mostRecent instanceof CertificateCredentialVersion)) {
        throw new ParameterizedValidationException("error.not_a_ca_name");
    }
    CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) mostRecent;
    if (!certificateCredential.getParsedCertificate().isCa()) {
        throw new ParameterizedValidationException("error.cert_not_ca");
    }
    return new CertificateCredentialValue(null, certificateCredential.getCertificate(), certificateCredential.getPrivateKey(), null, certificateCredential.isVersionTransitional());
}
Also used : CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)

Example 2 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class CertificateGenerator method generateCredential.

@Override
public CertificateCredentialValue generateCredential(GenerationParameters p) {
    CertificateGenerationParameters params = (CertificateGenerationParameters) p;
    KeyPair keyPair;
    String privatePem;
    try {
        keyPair = keyGenerator.generateKeyPair(params.getKeyLength());
        privatePem = pemOf(keyPair.getPrivate());
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    if (params.isSelfSigned()) {
        try {
            String cert = pemOf(signedCertificateGenerator.getSelfSigned(keyPair, params));
            return new CertificateCredentialValue(cert, cert, privatePem, null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    } else {
        String caName = params.getCaName();
        CertificateCredentialValue ca = certificateAuthorityService.findActiveVersion(caName);
        if (ca.getPrivateKey() == null) {
            throw new ParameterizedValidationException("error.ca_missing_private_key");
        }
        String caCertificate = ca.getCertificate();
        try {
            X509Certificate cert = signedCertificateGenerator.getSignedByIssuer(keyPair, params, CertificateReader.getCertificate(caCertificate), PrivateKeyReader.getPrivateKey(ca.getPrivateKey()));
            return new CertificateCredentialValue(caCertificate, pemOf(cert), privatePem, caName);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
Also used : KeyPair(java.security.KeyPair) CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) X509Certificate(java.security.cert.X509Certificate)

Example 3 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class PermissionedCertificateServiceTest method save_whenTransitionalIsFalse_delegatesToPermissionedCredentialService.

@Test
public void save_whenTransitionalIsFalse_delegatesToPermissionedCredentialService() throws Exception {
    CertificateCredentialValue value = mock(CertificateCredentialValue.class);
    when(value.isTransitional()).thenReturn(false);
    BaseCredentialGenerateRequest generateRequest = mock(BaseCredentialGenerateRequest.class);
    subject.save(mock(CredentialVersion.class), value, generateRequest, newArrayList());
    Mockito.verify(generateRequest).setType(eq("certificate"));
    Mockito.verify(permissionedCredentialService).save(any(), eq(value), eq(generateRequest), any());
}
Also used : BaseCredentialGenerateRequest(org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) Test(org.junit.Test)

Example 4 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class PermissionedCertificateServiceTest method save_whenTransitionalIsTrue_andThereAreNoOtherTransitionalVersions_delegatesToPermissionedCredentialService.

@Test
public void save_whenTransitionalIsTrue_andThereAreNoOtherTransitionalVersions_delegatesToPermissionedCredentialService() throws Exception {
    CertificateCredentialValue value = mock(CertificateCredentialValue.class);
    when(value.isTransitional()).thenReturn(true);
    BaseCredentialGenerateRequest generateRequest = mock(BaseCredentialGenerateRequest.class);
    when(generateRequest.getName()).thenReturn("/some-name");
    CertificateCredentialVersion previousVersion = mock(CertificateCredentialVersion.class);
    when(previousVersion.isVersionTransitional()).thenReturn(false);
    when(permissionedCredentialService.findAllByName(eq("/some-name"), any())).thenReturn(newArrayList(previousVersion));
    subject.save(mock(CredentialVersion.class), value, generateRequest, newArrayList());
    Mockito.verify(generateRequest).setType(eq("certificate"));
    Mockito.verify(permissionedCredentialService).save(any(), eq(value), eq(generateRequest), any());
}
Also used : BaseCredentialGenerateRequest(org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) Test(org.junit.Test)

Example 5 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class SetHandlerTest method handleSetRequest_withACertificateSetRequest_andACaName_providesCaCertificate.

@Test
public void handleSetRequest_withACertificateSetRequest_andACaName_providesCaCertificate() {
    CertificateCredentialValue cerificateAuthority = new CertificateCredentialValue(null, TestConstants.TEST_CA, null, null);
    when(certificateAuthorityService.findActiveVersion("/test-ca-name")).thenReturn(cerificateAuthority);
    CertificateSetRequest setRequest = new CertificateSetRequest();
    final CertificateCredentialValue credentialValue = new CertificateCredentialValue(null, TestConstants.TEST_CERTIFICATE, "Enterprise", "test-ca-name");
    final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
    setRequest.setType("certificate");
    setRequest.setName("/captain");
    setRequest.setAdditionalPermissions(accessControlEntries);
    setRequest.setOverwrite(false);
    setRequest.setCertificateValue(credentialValue);
    CertificateCredentialValue expectedCredentialValue = new CertificateCredentialValue(TestConstants.TEST_CA, TestConstants.TEST_CERTIFICATE, "Enterprise", "/test-ca-name");
    ArgumentCaptor<CredentialValue> credentialValueArgumentCaptor = ArgumentCaptor.forClass(CredentialValue.class);
    subject.handle(setRequest, eventAuditRecordParameters);
    verify(credentialService).save(eq(null), credentialValueArgumentCaptor.capture(), eq(setRequest), eq(eventAuditRecordParameters));
    assertThat(credentialValueArgumentCaptor.getValue(), samePropertyValuesAs(expectedCredentialValue));
    verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
Also used : UserCredentialValue(org.cloudfoundry.credhub.credential.UserCredentialValue) CredentialValue(org.cloudfoundry.credhub.credential.CredentialValue) StringCredentialValue(org.cloudfoundry.credhub.credential.StringCredentialValue) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) ArrayList(java.util.ArrayList) CertificateSetRequest(org.cloudfoundry.credhub.request.CertificateSetRequest) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) Test(org.junit.Test)

Aggregations

CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)22 Test (org.junit.Test)13 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)8 CertificateGenerationParameters (org.cloudfoundry.credhub.domain.CertificateGenerationParameters)6 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)5 ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)5 BaseCredentialGenerateRequest (org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest)5 KeyPair (java.security.KeyPair)4 Before (org.junit.Before)4 X509Certificate (java.security.cert.X509Certificate)3 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)3 UserContext (org.cloudfoundry.credhub.auth.UserContext)3 StringCredentialValue (org.cloudfoundry.credhub.credential.StringCredentialValue)3 CertificateSetRequest (org.cloudfoundry.credhub.request.CertificateSetRequest)3 ArrayList (java.util.ArrayList)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)2 RsaCredentialValue (org.cloudfoundry.credhub.credential.RsaCredentialValue)2 SshCredentialValue (org.cloudfoundry.credhub.credential.SshCredentialValue)2