Search in sources :

Example 11 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class CertificateCredentialVersionTest method CertificateCredential_withMissingCertificateValue_shouldNotError.

@Test
public void CertificateCredential_withMissingCertificateValue_shouldNotError() {
    final CertificateCredentialValue certificateCredentialValue = new CertificateCredentialValue("someCa", "", "my-priv", "/aCaName");
    final CertificateCredentialVersion certificateCredential = new CertificateCredentialVersion(certificateCredentialValue, encryptor);
    assertThat(certificateCredential.getCa(), equalTo("someCa"));
    assertThat(certificateCredential.getCertificate(), equalTo(""));
    assertThat(certificateCredential.getPrivateKey(), equalTo("my-priv"));
    assertThat(certificateCredential.getCaName(), equalTo("/aCaName"));
}
Also used : CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) Test(org.junit.Test)

Example 12 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class CertificateGeneratorTest method whenTheCADoesNotHaveAPrivateKey_itThrowsAnException.

@Test
public void whenTheCADoesNotHaveAPrivateKey_itThrowsAnException() throws Exception {
    CertificateGenerationRequestParameters parameters = new CertificateGenerationRequestParameters();
    parameters.setCaName("/ca-without-private-key");
    parameters.setKeyLength(2048);
    parameters.setSelfSigned(false);
    CertificateCredentialValue caWithoutPrivateKey = mock(CertificateCredentialValue.class);
    when(certificateAuthorityService.findActiveVersion("/ca-without-private-key")).thenReturn(caWithoutPrivateKey);
    when(caWithoutPrivateKey.getPrivateKey()).thenReturn(null);
    when(keyGenerator.generateKeyPair(anyInt())).thenReturn(rootCaKeyPair);
    try {
        subject.generateCredential(new CertificateGenerationParameters(parameters));
        fail("Should throw exception");
    } catch (ParameterizedValidationException e) {
        assertThat(e.getMessage(), equalTo("error.ca_missing_private_key"));
    }
}
Also used : CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) CertificateGenerationRequestParameters(org.cloudfoundry.credhub.request.CertificateGenerationRequestParameters) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) Test(org.junit.Test)

Example 13 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class CertificateGeneratorTest method beforeEach.

@Before
public void beforeEach() throws Exception {
    TestHelper.getBouncyCastleProvider();
    keyGenerator = mock(LibcryptoRsaKeyPairGenerator.class);
    signedCertificateGenerator = mock(SignedCertificateGenerator.class);
    certificateAuthorityService = mock(CertificateAuthorityService.class);
    permissionCheckingService = mock(PermissionCheckingService.class);
    userContext = mock(UserContext.class);
    subject = new CertificateGenerator(keyGenerator, signedCertificateGenerator, certificateAuthorityService);
    when(permissionCheckingService.hasPermission(anyString(), anyString(), any())).thenReturn(true);
    fakeKeyPairGenerator = new FakeKeyPairGenerator();
    rootCaDn = new X500Name("O=foo,ST=bar,C=root");
    signeeDn = new X500Name("O=foo,ST=bar,C=mars");
    rootCaKeyPair = fakeKeyPairGenerator.generate();
    X509CertificateHolder caX509CertHolder = makeCert(rootCaKeyPair, rootCaKeyPair.getPrivate(), rootCaDn, rootCaDn, true);
    rootCaX509Certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(caX509CertHolder);
    rootCa = new CertificateCredentialValue(null, CertificateFormatter.pemOf(rootCaX509Certificate), CertificateFormatter.pemOf(rootCaKeyPair.getPrivate()), null);
    generationParameters = new CertificateGenerationRequestParameters();
    generationParameters.setOrganization("foo");
    generationParameters.setState("bar");
    generationParameters.setCaName("my-ca-name");
    generationParameters.setCountry("mars");
    generationParameters.setDuration(365);
    inputParameters = new CertificateGenerationParameters(generationParameters);
}
Also used : UserContext(org.cloudfoundry.credhub.auth.UserContext) CertificateAuthorityService(org.cloudfoundry.credhub.data.CertificateAuthorityService) X500Name(org.bouncycastle.asn1.x500.X500Name) CertificateGenerationRequestParameters(org.cloudfoundry.credhub.request.CertificateGenerationRequestParameters) PermissionCheckingService(org.cloudfoundry.credhub.service.PermissionCheckingService) CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) Before(org.junit.Before)

Example 14 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class PermissionedCertificateServiceTest method save_whenTransitionalIsTrue_AndThereIsAnotherTransitionalVersion_throwsAnException.

@Test
public void save_whenTransitionalIsTrue_AndThereIsAnotherTransitionalVersion_throwsAnException() throws Exception {
    CertificateCredentialValue value = mock(CertificateCredentialValue.class);
    when(value.isTransitional()).thenReturn(true);
    BaseCredentialGenerateRequest generateRequest = mock(BaseCredentialGenerateRequest.class);
    when(generateRequest.getName()).thenReturn("/some-name");
    CertificateCredentialVersion previousVersion = mock(CertificateCredentialVersion.class);
    when(previousVersion.isVersionTransitional()).thenReturn(true);
    when(permissionedCredentialService.findAllByName(eq("/some-name"), any())).thenReturn(newArrayList(previousVersion));
    try {
        subject.save(mock(CredentialVersion.class), value, generateRequest, newArrayList());
        fail("should throw exception");
    } catch (ParameterizedValidationException e) {
        assertThat(e.getMessage(), equalTo("error.too_many_transitional_versions"));
    }
}
Also used : BaseCredentialGenerateRequest(org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) Test(org.junit.Test)

Example 15 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class CertificateAuthorityServiceTest method beforeEach.

@Before
public void beforeEach() {
    certificate = new CertificateCredentialValue(null, CertificateStringConstants.SELF_SIGNED_CA_CERT, "my-key", null);
    certificateCredential = mock(CertificateCredentialVersion.class);
    permissionCheckingService = mock(PermissionCheckingService.class);
    userContext = mock(UserContext.class);
    when(userContext.getActor()).thenReturn(USER_NAME);
    when(certificateCredential.getName()).thenReturn(CREDENTIAL_NAME);
    when(permissionCheckingService.hasPermission(USER_NAME, CREDENTIAL_NAME, PermissionOperation.READ)).thenReturn(true);
    certificateVersionDataService = mock(CertificateVersionDataService.class);
    UserContextHolder userContextHolder = new UserContextHolder();
    userContextHolder.setUserContext(userContext);
    certificateAuthorityService = new CertificateAuthorityService(certificateVersionDataService, permissionCheckingService, userContextHolder);
}
Also used : PermissionCheckingService(org.cloudfoundry.credhub.service.PermissionCheckingService) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) UserContext(org.cloudfoundry.credhub.auth.UserContext) UserContextHolder(org.cloudfoundry.credhub.auth.UserContextHolder) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) Before(org.junit.Before)

Aggregations

CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)22 Test (org.junit.Test)13 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)8 CertificateGenerationParameters (org.cloudfoundry.credhub.domain.CertificateGenerationParameters)6 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)5 ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)5 BaseCredentialGenerateRequest (org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest)5 KeyPair (java.security.KeyPair)4 Before (org.junit.Before)4 X509Certificate (java.security.cert.X509Certificate)3 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)3 UserContext (org.cloudfoundry.credhub.auth.UserContext)3 StringCredentialValue (org.cloudfoundry.credhub.credential.StringCredentialValue)3 CertificateSetRequest (org.cloudfoundry.credhub.request.CertificateSetRequest)3 ArrayList (java.util.ArrayList)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)2 RsaCredentialValue (org.cloudfoundry.credhub.credential.RsaCredentialValue)2 SshCredentialValue (org.cloudfoundry.credhub.credential.SshCredentialValue)2