Search in sources :

Example 1 with CertificateGenerationParameters

use of org.cloudfoundry.credhub.domain.CertificateGenerationParameters in project credhub by cloudfoundry-incubator.

the class CertificateGenerator method generateCredential.

@Override
public CertificateCredentialValue generateCredential(GenerationParameters p) {
    CertificateGenerationParameters params = (CertificateGenerationParameters) p;
    KeyPair keyPair;
    String privatePem;
    try {
        keyPair = keyGenerator.generateKeyPair(params.getKeyLength());
        privatePem = pemOf(keyPair.getPrivate());
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
    if (params.isSelfSigned()) {
        try {
            String cert = pemOf(signedCertificateGenerator.getSelfSigned(keyPair, params));
            return new CertificateCredentialValue(cert, cert, privatePem, null);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    } else {
        String caName = params.getCaName();
        CertificateCredentialValue ca = certificateAuthorityService.findActiveVersion(caName);
        if (ca.getPrivateKey() == null) {
            throw new ParameterizedValidationException("error.ca_missing_private_key");
        }
        String caCertificate = ca.getCertificate();
        try {
            X509Certificate cert = signedCertificateGenerator.getSignedByIssuer(keyPair, params, CertificateReader.getCertificate(caCertificate), PrivateKeyReader.getPrivateKey(ca.getPrivateKey()));
            return new CertificateCredentialValue(caCertificate, pemOf(cert), privatePem, caName);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
Also used : KeyPair(java.security.KeyPair) CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters) CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) X509Certificate(java.security.cert.X509Certificate)

Example 2 with CertificateGenerationParameters

use of org.cloudfoundry.credhub.domain.CertificateGenerationParameters in project credhub by cloudfoundry-incubator.

the class RegenerateHandlerTest method handleBulkRegenerate_regeneratesToNestedLevels.

@Test
public void handleBulkRegenerate_regeneratesToNestedLevels() throws Exception {
    when(credentialService.findAllCertificateCredentialsByCaName(SIGNER_NAME)).thenReturn(newArrayList("/firstExpectedName", "/secondExpectedName"));
    when(credentialService.findAllCertificateCredentialsByCaName("/firstExpectedName")).thenReturn(newArrayList("/thirdExpectedName", "/fourthExpectedName"));
    when(credentialService.findMostRecent(anyString())).thenReturn(mock(CredentialVersion.class));
    CredentialVersion credentialVersion = mock(CredentialVersion.class);
    when(credentialService.save(anyObject(), anyObject(), anyObject(), anyList())).thenReturn(credentialVersion);
    when(credentialVersion.getName()).thenReturn("placeholder");
    CertificateGenerateRequest generateRequest1 = mock(CertificateGenerateRequest.class);
    when(generateRequest1.getName()).thenReturn("/firstExpectedName");
    CertificateGenerationParameters generationParams1 = mock(CertificateGenerationParameters.class);
    when(generationParams1.isCa()).thenReturn(true);
    when(generateRequest1.getGenerationParameters()).thenReturn(generationParams1);
    CertificateGenerateRequest generateRequest2 = mock(CertificateGenerateRequest.class);
    when(generateRequest2.getName()).thenReturn("/secondExpectedName");
    CertificateGenerationParameters generationParams2 = mock(CertificateGenerationParameters.class);
    when(generationParams2.isCa()).thenReturn(false);
    when(generateRequest2.getGenerationParameters()).thenReturn(generationParams2);
    CertificateGenerateRequest generateRequest3 = mock(CertificateGenerateRequest.class);
    when(generateRequest3.getName()).thenReturn("/thirdExpectedName");
    CertificateGenerationParameters generationParams3 = mock(CertificateGenerationParameters.class);
    when(generationParams3.isCa()).thenReturn(false);
    when(generateRequest3.getGenerationParameters()).thenReturn(generationParams3);
    CertificateGenerateRequest generateRequest4 = mock(CertificateGenerateRequest.class);
    when(generateRequest4.getName()).thenReturn("/fourthExpectedName");
    CertificateGenerationParameters generationParams4 = mock(CertificateGenerationParameters.class);
    when(generationParams4.isCa()).thenReturn(false);
    when(generateRequest4.getGenerationParameters()).thenReturn(generationParams4);
    when(generationRequestGenerator.createGenerateRequest(any(CredentialVersion.class), any(String.class), any(List.class))).thenReturn(generateRequest1).thenReturn(generateRequest3).thenReturn(generateRequest4).thenReturn(generateRequest2);
    subject.handleBulkRegenerate(SIGNER_NAME, newArrayList());
    verify(credentialService).save(any(), any(), eq(generateRequest1), any());
    verify(credentialService).save(any(), any(), eq(generateRequest3), any());
    verify(credentialService).save(any(), any(), eq(generateRequest4), any());
    verify(credentialService).save(any(), any(), eq(generateRequest2), any());
}
Also used : CertificateGenerateRequest(org.cloudfoundry.credhub.request.CertificateGenerateRequest) CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) Test(org.junit.Test)

Example 3 with CertificateGenerationParameters

use of org.cloudfoundry.credhub.domain.CertificateGenerationParameters in project credhub by cloudfoundry-incubator.

the class RegenerateHandlerTest method handleBulkRegenerate_regeneratesEverythingInTheList.

@Test
public void handleBulkRegenerate_regeneratesEverythingInTheList() throws Exception {
    when(credentialService.findAllCertificateCredentialsByCaName(SIGNER_NAME)).thenReturn(newArrayList("firstExpectedName", "secondExpectedName"));
    when(credentialService.findMostRecent(anyString())).thenReturn(mock(CredentialVersion.class));
    CredentialVersion credentialVersion = mock(CertificateCredentialVersion.class);
    when(credentialService.save(anyObject(), anyObject(), anyObject(), anyList())).thenReturn(credentialVersion);
    when(credentialVersion.getName()).thenReturn("someName");
    CertificateGenerateRequest generateRequest1 = mock(CertificateGenerateRequest.class);
    generateRequest1.setName("/firstExpectedName");
    when(generateRequest1.getName()).thenReturn("/firstExpectedName");
    CertificateGenerationParameters generationParams1 = mock(CertificateGenerationParameters.class);
    when(generationParams1.isCa()).thenReturn(true);
    when(generateRequest1.getGenerationParameters()).thenReturn(generationParams1);
    CertificateGenerateRequest generateRequest2 = mock(CertificateGenerateRequest.class);
    when(generateRequest2.getName()).thenReturn("/secondExpectedName");
    CertificateGenerationParameters generationParams2 = mock(CertificateGenerationParameters.class);
    when(generationParams2.isCa()).thenReturn(false);
    when(generateRequest2.getGenerationParameters()).thenReturn(generationParams2);
    when(generationRequestGenerator.createGenerateRequest(any(CredentialVersion.class), any(String.class), any(List.class))).thenReturn(generateRequest1).thenReturn(generateRequest2);
    subject.handleBulkRegenerate(SIGNER_NAME, newArrayList());
    verify(credentialService).save(any(), any(), eq(generateRequest1), any());
    verify(credentialService).save(any(), any(), eq(generateRequest2), any());
}
Also used : CertificateGenerateRequest(org.cloudfoundry.credhub.request.CertificateGenerateRequest) CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) Test(org.junit.Test)

Example 4 with CertificateGenerationParameters

use of org.cloudfoundry.credhub.domain.CertificateGenerationParameters in project credhub by cloudfoundry-incubator.

the class RegenerateHandler method regenerateCertificateAndDirectChildren.

private TreeSet<String> regenerateCertificateAndDirectChildren(String credentialName, List<EventAuditRecordParameters> auditRecordParameters) {
    TreeSet<String> results = new TreeSet(String.CASE_INSENSITIVE_ORDER);
    CredentialVersion existingCredentialVersion = credentialService.findMostRecent(credentialName);
    CertificateGenerateRequest generateRequest = (CertificateGenerateRequest) generationRequestGenerator.createGenerateRequest(existingCredentialVersion, credentialName, auditRecordParameters);
    CredentialValue newCredentialValue = credentialGenerator.generate(generateRequest);
    CredentialVersion credentialVersion = credentialService.save(existingCredentialVersion, newCredentialValue, generateRequest, auditRecordParameters);
    results.add(credentialVersion.getName());
    CertificateGenerationParameters generationParameters = (CertificateGenerationParameters) generateRequest.getGenerationParameters();
    if (generationParameters.isCa()) {
        results.addAll(this.regenerateCertificatesSignedByCA(generateRequest.getName(), auditRecordParameters));
    }
    return results;
}
Also used : CertificateGenerateRequest(org.cloudfoundry.credhub.request.CertificateGenerateRequest) CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters) CredentialValue(org.cloudfoundry.credhub.credential.CredentialValue) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)

Example 5 with CertificateGenerationParameters

use of org.cloudfoundry.credhub.domain.CertificateGenerationParameters in project credhub by cloudfoundry-incubator.

the class CertificateCredentialRegeneratable method createGenerateRequest.

@Override
public BaseCredentialGenerateRequest createGenerateRequest(CredentialVersion credentialVersion, List<EventAuditRecordParameters> auditRecordParameters) {
    CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) credentialVersion;
    CertificateReader reader = certificateCredential.getParsedCertificate();
    if (!reader.isValid() || (isEmpty(certificateCredential.getCaName()) && !reader.isSelfSigned())) {
        auditRecordParameters.add(new EventAuditRecordParameters(CREDENTIAL_UPDATE, credentialVersion.getName()));
        throw new ParameterizedValidationException("error.cannot_regenerate_non_generated_certificate");
    }
    CertificateGenerationParameters certificateGenerationParameters = new CertificateGenerationParameters(reader, certificateCredential.getCaName());
    CertificateGenerateRequest generateRequest = new CertificateGenerateRequest();
    generateRequest.setName(certificateCredential.getName());
    generateRequest.setType(certificateCredential.getCredentialType());
    generateRequest.setCertificateGenerationParameters(certificateGenerationParameters);
    generateRequest.setOverwrite(true);
    return generateRequest;
}
Also used : CertificateGenerateRequest(org.cloudfoundry.credhub.request.CertificateGenerateRequest) CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CertificateReader(org.cloudfoundry.credhub.util.CertificateReader)

Aggregations

CertificateGenerationParameters (org.cloudfoundry.credhub.domain.CertificateGenerationParameters)9 CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)5 Test (org.junit.Test)5 CertificateGenerateRequest (org.cloudfoundry.credhub.request.CertificateGenerateRequest)4 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)3 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)3 ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)3 KeyPair (java.security.KeyPair)2 X509Certificate (java.security.cert.X509Certificate)2 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)2 PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)2 CertificateGenerationRequestParameters (org.cloudfoundry.credhub.request.CertificateGenerationRequestParameters)2 X500Name (org.bouncycastle.asn1.x500.X500Name)1 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)1 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)1 UserContext (org.cloudfoundry.credhub.auth.UserContext)1 CredentialValue (org.cloudfoundry.credhub.credential.CredentialValue)1 CertificateAuthorityService (org.cloudfoundry.credhub.data.CertificateAuthorityService)1 PermissionCheckingService (org.cloudfoundry.credhub.service.PermissionCheckingService)1 CertificateReader (org.cloudfoundry.credhub.util.CertificateReader)1