Search in sources :

Example 21 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class CertificateGeneratorTest method whenCAExists_andItIsAIntermediateCA_aValidChildCertificateIsGenerated.

@Test
public void whenCAExists_andItIsAIntermediateCA_aValidChildCertificateIsGenerated() throws Exception {
    final KeyPair childCertificateKeyPair = setupKeyPair();
    X500Name intermediateCaDn = new X500Name("O=foo,ST=bar,C=intermediate");
    KeyPair intermediateCaKeyPair = fakeKeyPairGenerator.generate();
    X509CertificateHolder intermediateCaCertificateHolder = makeCert(intermediateCaKeyPair, rootCaKeyPair.getPrivate(), rootCaDn, intermediateCaDn, true);
    X509Certificate intermediateX509Certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(intermediateCaCertificateHolder);
    CertificateCredentialValue intermediateCa = new CertificateCredentialValue(null, CertificateFormatter.pemOf(intermediateX509Certificate), CertificateFormatter.pemOf(intermediateCaKeyPair.getPrivate()), null);
    when(certificateAuthorityService.findActiveVersion("/my-ca-name")).thenReturn(intermediateCa);
    when(keyGenerator.generateKeyPair(anyInt())).thenReturn(childCertificateKeyPair);
    X509CertificateHolder childCertificateHolder = generateChildCertificateSignedByCa(childCertificateKeyPair, intermediateCaKeyPair.getPrivate(), intermediateCaDn);
    childX509Certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(childCertificateHolder);
    when(signedCertificateGenerator.getSignedByIssuer(childCertificateKeyPair, inputParameters, intermediateX509Certificate, intermediateCaKeyPair.getPrivate())).thenReturn(childX509Certificate);
    CertificateCredentialValue certificateSignedByIntermediate = subject.generateCredential(inputParameters);
    assertThat(certificateSignedByIntermediate.getCa(), equalTo(intermediateCa.getCertificate()));
    assertThat(certificateSignedByIntermediate.getPrivateKey(), equalTo(CertificateFormatter.pemOf(childCertificateKeyPair.getPrivate())));
    assertThat(certificateSignedByIntermediate.getCertificate(), equalTo(CertificateFormatter.pemOf(childX509Certificate)));
    verify(keyGenerator, times(1)).generateKeyPair(2048);
}
Also used : KeyPair(java.security.KeyPair) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) X500Name(org.bouncycastle.asn1.x500.X500Name) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Example 22 with CertificateCredentialValue

use of org.cloudfoundry.credhub.credential.CertificateCredentialValue in project credhub by cloudfoundry-incubator.

the class CertificateGeneratorTest method whenCAExists_andItIsARootCA_aValidChildCertificateIsGenerated.

@Test
public void whenCAExists_andItIsARootCA_aValidChildCertificateIsGenerated() throws Exception {
    final KeyPair childCertificateKeyPair = setupKeyPair();
    setupMocksForRootCA(childCertificateKeyPair);
    CertificateCredentialValue certificateSignedByRoot = subject.generateCredential(inputParameters);
    assertThat(certificateSignedByRoot.getCa(), equalTo(rootCa.getCertificate()));
    assertThat(certificateSignedByRoot.getPrivateKey(), equalTo(CertificateFormatter.pemOf(childCertificateKeyPair.getPrivate())));
    assertThat(certificateSignedByRoot.getCertificate(), equalTo(CertificateFormatter.pemOf(childX509Certificate)));
    assertThat(certificateSignedByRoot.getCaName(), equalTo("/my-ca-name"));
    verify(keyGenerator, times(1)).generateKeyPair(2048);
}
Also used : KeyPair(java.security.KeyPair) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) Test(org.junit.Test)

Aggregations

CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)22 Test (org.junit.Test)13 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)8 CertificateGenerationParameters (org.cloudfoundry.credhub.domain.CertificateGenerationParameters)6 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)5 ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)5 BaseCredentialGenerateRequest (org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest)5 KeyPair (java.security.KeyPair)4 Before (org.junit.Before)4 X509Certificate (java.security.cert.X509Certificate)3 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)3 UserContext (org.cloudfoundry.credhub.auth.UserContext)3 StringCredentialValue (org.cloudfoundry.credhub.credential.StringCredentialValue)3 CertificateSetRequest (org.cloudfoundry.credhub.request.CertificateSetRequest)3 ArrayList (java.util.ArrayList)2 X500Name (org.bouncycastle.asn1.x500.X500Name)2 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)2 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)2 RsaCredentialValue (org.cloudfoundry.credhub.credential.RsaCredentialValue)2 SshCredentialValue (org.cloudfoundry.credhub.credential.SshCredentialValue)2