use of org.cloudfoundry.credhub.domain.CertificateCredentialVersion in project credhub by cloudfoundry-incubator.
the class CertificateAuthorityService method findActiveVersion.
public CertificateCredentialValue findActiveVersion(String caName) {
if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), caName, PermissionOperation.READ)) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
CredentialVersion mostRecent = certificateVersionDataService.findActive(caName);
if (mostRecent == null) {
throw new EntryNotFoundException("error.credential.invalid_access");
}
if (!(mostRecent instanceof CertificateCredentialVersion)) {
throw new ParameterizedValidationException("error.not_a_ca_name");
}
CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) mostRecent;
if (!certificateCredential.getParsedCertificate().isCa()) {
throw new ParameterizedValidationException("error.cert_not_ca");
}
return new CertificateCredentialValue(null, certificateCredential.getCertificate(), certificateCredential.getPrivateKey(), null, certificateCredential.isVersionTransitional());
}
use of org.cloudfoundry.credhub.domain.CertificateCredentialVersion in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateServiceTest method deleteVersion_whenTheProvidedCredentialDoesNotExist_returnsAnError.
@Test(expected = EntryNotFoundException.class)
public void deleteVersion_whenTheProvidedCredentialDoesNotExist_returnsAnError() throws Exception {
UUID versionUuid = UUID.randomUUID();
UUID certificateUuid = UUID.randomUUID();
UserContext userContext = mock(UserContext.class);
when(userContextHolder.getUserContext()).thenReturn(userContext);
String user = "my-user";
String credentialName = "my-credential";
when(userContext.getActor()).thenReturn(user);
when(permissionCheckingService.hasPermission(user, credentialName, PermissionOperation.DELETE)).thenReturn(true);
when(certificateDataService.findByUuid(certificateUuid)).thenReturn(null);
CertificateCredentialVersion versionToDelete = mock(CertificateCredentialVersion.class);
when(certificateVersionDataService.findVersion(versionUuid)).thenReturn(versionToDelete);
subject.deleteVersion(certificateUuid, versionUuid, newArrayList());
}
use of org.cloudfoundry.credhub.domain.CertificateCredentialVersion in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateServiceTest method deleteVersion_whenTheUserDoesNotHavePermission_returnsAnError.
@Test(expected = EntryNotFoundException.class)
public void deleteVersion_whenTheUserDoesNotHavePermission_returnsAnError() throws Exception {
UUID versionUuid = UUID.randomUUID();
UUID certificateUuid = UUID.randomUUID();
UserContext userContext = mock(UserContext.class);
when(userContextHolder.getUserContext()).thenReturn(userContext);
String user = "my-user";
when(userContext.getActor()).thenReturn(user);
String credentialName = "my-credential";
when(permissionCheckingService.hasPermission(user, credentialName, PermissionOperation.DELETE)).thenReturn(false);
Credential certificate = mock(Credential.class);
when(certificate.getName()).thenReturn(credentialName);
when(certificateDataService.findByUuid(certificateUuid)).thenReturn(certificate);
CertificateCredentialVersion versionToDelete = mock(CertificateCredentialVersion.class);
when(certificate.getUuid()).thenReturn(UUID.randomUUID());
when(certificateVersionDataService.findVersion(versionUuid)).thenReturn(versionToDelete);
when(versionToDelete.getCredential()).thenReturn(certificate);
subject.deleteVersion(certificateUuid, versionUuid, newArrayList());
}
use of org.cloudfoundry.credhub.domain.CertificateCredentialVersion in project credhub by cloudfoundry-incubator.
the class PermissionedCertificateServiceTest method save_whenTransitionalIsTrue_andThereAreNoOtherTransitionalVersions_delegatesToPermissionedCredentialService.
@Test
public void save_whenTransitionalIsTrue_andThereAreNoOtherTransitionalVersions_delegatesToPermissionedCredentialService() throws Exception {
CertificateCredentialValue value = mock(CertificateCredentialValue.class);
when(value.isTransitional()).thenReturn(true);
BaseCredentialGenerateRequest generateRequest = mock(BaseCredentialGenerateRequest.class);
when(generateRequest.getName()).thenReturn("/some-name");
CertificateCredentialVersion previousVersion = mock(CertificateCredentialVersion.class);
when(previousVersion.isVersionTransitional()).thenReturn(false);
when(permissionedCredentialService.findAllByName(eq("/some-name"), any())).thenReturn(newArrayList(previousVersion));
subject.save(mock(CredentialVersion.class), value, generateRequest, newArrayList());
Mockito.verify(generateRequest).setType(eq("certificate"));
Mockito.verify(permissionedCredentialService).save(any(), eq(value), eq(generateRequest), any());
}
use of org.cloudfoundry.credhub.domain.CertificateCredentialVersion in project credhub by cloudfoundry-incubator.
the class EncryptionKeyRotatorTest method createCredentialWithUnknownKey.
private void createCredentialWithUnknownKey() {
CertificateCredentialVersionData certificateCredentialData2 = new CertificateCredentialVersionData("/unknown-key");
credentialWithUnknownKey = new CertificateCredentialVersion(certificateCredentialData2);
credentialWithUnknownKey.setEncryptor(encryptor).setPrivateKey("cert-private-key");
certificateCredentialData2.getEncryptedValueData().setEncryptionKeyUuid(unknownCanary.getUuid());
credentialVersionDataService.save(credentialWithUnknownKey);
}
Aggregations