Search in sources :

Example 1 with CertificateCredentialVersion

use of org.cloudfoundry.credhub.domain.CertificateCredentialVersion in project credhub by cloudfoundry-incubator.

the class CertificateAuthorityService method findActiveVersion.

public CertificateCredentialValue findActiveVersion(String caName) {
    if (!permissionCheckingService.hasPermission(userContextHolder.getUserContext().getActor(), caName, PermissionOperation.READ)) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    CredentialVersion mostRecent = certificateVersionDataService.findActive(caName);
    if (mostRecent == null) {
        throw new EntryNotFoundException("error.credential.invalid_access");
    }
    if (!(mostRecent instanceof CertificateCredentialVersion)) {
        throw new ParameterizedValidationException("error.not_a_ca_name");
    }
    CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) mostRecent;
    if (!certificateCredential.getParsedCertificate().isCa()) {
        throw new ParameterizedValidationException("error.cert_not_ca");
    }
    return new CertificateCredentialValue(null, certificateCredential.getCertificate(), certificateCredential.getPrivateKey(), null, certificateCredential.isVersionTransitional());
}
Also used : CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) EntryNotFoundException(org.cloudfoundry.credhub.exceptions.EntryNotFoundException) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)

Example 2 with CertificateCredentialVersion

use of org.cloudfoundry.credhub.domain.CertificateCredentialVersion in project credhub by cloudfoundry-incubator.

the class PermissionedCertificateServiceTest method deleteVersion_whenTheProvidedCredentialDoesNotExist_returnsAnError.

@Test(expected = EntryNotFoundException.class)
public void deleteVersion_whenTheProvidedCredentialDoesNotExist_returnsAnError() throws Exception {
    UUID versionUuid = UUID.randomUUID();
    UUID certificateUuid = UUID.randomUUID();
    UserContext userContext = mock(UserContext.class);
    when(userContextHolder.getUserContext()).thenReturn(userContext);
    String user = "my-user";
    String credentialName = "my-credential";
    when(userContext.getActor()).thenReturn(user);
    when(permissionCheckingService.hasPermission(user, credentialName, PermissionOperation.DELETE)).thenReturn(true);
    when(certificateDataService.findByUuid(certificateUuid)).thenReturn(null);
    CertificateCredentialVersion versionToDelete = mock(CertificateCredentialVersion.class);
    when(certificateVersionDataService.findVersion(versionUuid)).thenReturn(versionToDelete);
    subject.deleteVersion(certificateUuid, versionUuid, newArrayList());
}
Also used : UserContext(org.cloudfoundry.credhub.auth.UserContext) UUID(java.util.UUID) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) Test(org.junit.Test)

Example 3 with CertificateCredentialVersion

use of org.cloudfoundry.credhub.domain.CertificateCredentialVersion in project credhub by cloudfoundry-incubator.

the class PermissionedCertificateServiceTest method deleteVersion_whenTheUserDoesNotHavePermission_returnsAnError.

@Test(expected = EntryNotFoundException.class)
public void deleteVersion_whenTheUserDoesNotHavePermission_returnsAnError() throws Exception {
    UUID versionUuid = UUID.randomUUID();
    UUID certificateUuid = UUID.randomUUID();
    UserContext userContext = mock(UserContext.class);
    when(userContextHolder.getUserContext()).thenReturn(userContext);
    String user = "my-user";
    when(userContext.getActor()).thenReturn(user);
    String credentialName = "my-credential";
    when(permissionCheckingService.hasPermission(user, credentialName, PermissionOperation.DELETE)).thenReturn(false);
    Credential certificate = mock(Credential.class);
    when(certificate.getName()).thenReturn(credentialName);
    when(certificateDataService.findByUuid(certificateUuid)).thenReturn(certificate);
    CertificateCredentialVersion versionToDelete = mock(CertificateCredentialVersion.class);
    when(certificate.getUuid()).thenReturn(UUID.randomUUID());
    when(certificateVersionDataService.findVersion(versionUuid)).thenReturn(versionToDelete);
    when(versionToDelete.getCredential()).thenReturn(certificate);
    subject.deleteVersion(certificateUuid, versionUuid, newArrayList());
}
Also used : Credential(org.cloudfoundry.credhub.entity.Credential) UserContext(org.cloudfoundry.credhub.auth.UserContext) UUID(java.util.UUID) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) Test(org.junit.Test)

Example 4 with CertificateCredentialVersion

use of org.cloudfoundry.credhub.domain.CertificateCredentialVersion in project credhub by cloudfoundry-incubator.

the class PermissionedCertificateServiceTest method save_whenTransitionalIsTrue_andThereAreNoOtherTransitionalVersions_delegatesToPermissionedCredentialService.

@Test
public void save_whenTransitionalIsTrue_andThereAreNoOtherTransitionalVersions_delegatesToPermissionedCredentialService() throws Exception {
    CertificateCredentialValue value = mock(CertificateCredentialValue.class);
    when(value.isTransitional()).thenReturn(true);
    BaseCredentialGenerateRequest generateRequest = mock(BaseCredentialGenerateRequest.class);
    when(generateRequest.getName()).thenReturn("/some-name");
    CertificateCredentialVersion previousVersion = mock(CertificateCredentialVersion.class);
    when(previousVersion.isVersionTransitional()).thenReturn(false);
    when(permissionedCredentialService.findAllByName(eq("/some-name"), any())).thenReturn(newArrayList(previousVersion));
    subject.save(mock(CredentialVersion.class), value, generateRequest, newArrayList());
    Mockito.verify(generateRequest).setType(eq("certificate"));
    Mockito.verify(permissionedCredentialService).save(any(), eq(value), eq(generateRequest), any());
}
Also used : BaseCredentialGenerateRequest(org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) Test(org.junit.Test)

Example 5 with CertificateCredentialVersion

use of org.cloudfoundry.credhub.domain.CertificateCredentialVersion in project credhub by cloudfoundry-incubator.

the class EncryptionKeyRotatorTest method createCredentialWithUnknownKey.

private void createCredentialWithUnknownKey() {
    CertificateCredentialVersionData certificateCredentialData2 = new CertificateCredentialVersionData("/unknown-key");
    credentialWithUnknownKey = new CertificateCredentialVersion(certificateCredentialData2);
    credentialWithUnknownKey.setEncryptor(encryptor).setPrivateKey("cert-private-key");
    certificateCredentialData2.getEncryptedValueData().setEncryptionKeyUuid(unknownCanary.getUuid());
    credentialVersionDataService.save(credentialWithUnknownKey);
}
Also used : CertificateCredentialVersionData(org.cloudfoundry.credhub.entity.CertificateCredentialVersionData) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)

Aggregations

CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)33 Test (org.junit.Test)16 UUID (java.util.UUID)10 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)10 Credential (org.cloudfoundry.credhub.entity.Credential)9 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)8 CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)8 EntryNotFoundException (org.cloudfoundry.credhub.exceptions.EntryNotFoundException)7 ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)6 BaseCredentialGenerateRequest (org.cloudfoundry.credhub.request.BaseCredentialGenerateRequest)6 UserContext (org.cloudfoundry.credhub.auth.UserContext)5 PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)5 CertificateView (org.cloudfoundry.credhub.view.CertificateView)5 ValueCredentialVersion (org.cloudfoundry.credhub.domain.ValueCredentialVersion)4 CertificateCredentialVersionData (org.cloudfoundry.credhub.entity.CertificateCredentialVersionData)4 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 Encryptor (org.cloudfoundry.credhub.domain.Encryptor)3 SshCredentialVersion (org.cloudfoundry.credhub.domain.SshCredentialVersion)3 EncryptedValue (org.cloudfoundry.credhub.entity.EncryptedValue)3 CertificateRegenerateRequest (org.cloudfoundry.credhub.request.CertificateRegenerateRequest)3