use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.
the class CertificateGeneratorTest method whenCAExists_andItIsAIntermediateCA_aValidChildCertificateIsGenerated.
@Test
public void whenCAExists_andItIsAIntermediateCA_aValidChildCertificateIsGenerated() throws Exception {
final KeyPair childCertificateKeyPair = setupKeyPair();
X500Name intermediateCaDn = new X500Name("O=foo,ST=bar,C=intermediate");
KeyPair intermediateCaKeyPair = fakeKeyPairGenerator.generate();
X509CertificateHolder intermediateCaCertificateHolder = makeCert(intermediateCaKeyPair, rootCaKeyPair.getPrivate(), rootCaDn, intermediateCaDn, true);
X509Certificate intermediateX509Certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(intermediateCaCertificateHolder);
CertificateCredentialValue intermediateCa = new CertificateCredentialValue(null, CertificateFormatter.pemOf(intermediateX509Certificate), CertificateFormatter.pemOf(intermediateCaKeyPair.getPrivate()), null);
when(certificateAuthorityService.findActiveVersion("/my-ca-name")).thenReturn(intermediateCa);
when(keyGenerator.generateKeyPair(anyInt())).thenReturn(childCertificateKeyPair);
X509CertificateHolder childCertificateHolder = generateChildCertificateSignedByCa(childCertificateKeyPair, intermediateCaKeyPair.getPrivate(), intermediateCaDn);
childX509Certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(childCertificateHolder);
when(signedCertificateGenerator.getSignedByIssuer(childCertificateKeyPair, inputParameters, intermediateX509Certificate, intermediateCaKeyPair.getPrivate())).thenReturn(childX509Certificate);
CertificateCredentialValue certificateSignedByIntermediate = subject.generateCredential(inputParameters);
assertThat(certificateSignedByIntermediate.getCa(), equalTo(intermediateCa.getCertificate()));
assertThat(certificateSignedByIntermediate.getPrivateKey(), equalTo(CertificateFormatter.pemOf(childCertificateKeyPair.getPrivate())));
assertThat(certificateSignedByIntermediate.getCertificate(), equalTo(CertificateFormatter.pemOf(childX509Certificate)));
verify(keyGenerator, times(1)).generateKeyPair(2048);
}
use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.
the class CertificateGeneratorTest method whenCAExists_andItIsARootCA_aValidChildCertificateIsGenerated.
@Test
public void whenCAExists_andItIsARootCA_aValidChildCertificateIsGenerated() throws Exception {
final KeyPair childCertificateKeyPair = setupKeyPair();
setupMocksForRootCA(childCertificateKeyPair);
CertificateCredentialValue certificateSignedByRoot = subject.generateCredential(inputParameters);
assertThat(certificateSignedByRoot.getCa(), equalTo(rootCa.getCertificate()));
assertThat(certificateSignedByRoot.getPrivateKey(), equalTo(CertificateFormatter.pemOf(childCertificateKeyPair.getPrivate())));
assertThat(certificateSignedByRoot.getCertificate(), equalTo(CertificateFormatter.pemOf(childX509Certificate)));
assertThat(certificateSignedByRoot.getCaName(), equalTo("/my-ca-name"));
verify(keyGenerator, times(1)).generateKeyPair(2048);
}
Aggregations