use of org.cloudfoundry.credhub.domain.CertificateGenerationParameters in project credhub by cloudfoundry-incubator.
the class CertificateGenerator method generateCredential.
@Override
public CertificateCredentialValue generateCredential(GenerationParameters p) {
CertificateGenerationParameters params = (CertificateGenerationParameters) p;
KeyPair keyPair;
String privatePem;
try {
keyPair = keyGenerator.generateKeyPair(params.getKeyLength());
privatePem = pemOf(keyPair.getPrivate());
} catch (Exception e) {
throw new RuntimeException(e);
}
if (params.isSelfSigned()) {
try {
String cert = pemOf(signedCertificateGenerator.getSelfSigned(keyPair, params));
return new CertificateCredentialValue(cert, cert, privatePem, null);
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
String caName = params.getCaName();
CertificateCredentialValue ca = certificateAuthorityService.findActiveVersion(caName);
if (ca.getPrivateKey() == null) {
throw new ParameterizedValidationException("error.ca_missing_private_key");
}
String caCertificate = ca.getCertificate();
try {
X509Certificate cert = signedCertificateGenerator.getSignedByIssuer(keyPair, params, CertificateReader.getCertificate(caCertificate), PrivateKeyReader.getPrivateKey(ca.getPrivateKey()));
return new CertificateCredentialValue(caCertificate, pemOf(cert), privatePem, caName);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
use of org.cloudfoundry.credhub.domain.CertificateGenerationParameters in project credhub by cloudfoundry-incubator.
the class RegenerateHandlerTest method handleBulkRegenerate_regeneratesToNestedLevels.
@Test
public void handleBulkRegenerate_regeneratesToNestedLevels() throws Exception {
when(credentialService.findAllCertificateCredentialsByCaName(SIGNER_NAME)).thenReturn(newArrayList("/firstExpectedName", "/secondExpectedName"));
when(credentialService.findAllCertificateCredentialsByCaName("/firstExpectedName")).thenReturn(newArrayList("/thirdExpectedName", "/fourthExpectedName"));
when(credentialService.findMostRecent(anyString())).thenReturn(mock(CredentialVersion.class));
CredentialVersion credentialVersion = mock(CredentialVersion.class);
when(credentialService.save(anyObject(), anyObject(), anyObject(), anyList())).thenReturn(credentialVersion);
when(credentialVersion.getName()).thenReturn("placeholder");
CertificateGenerateRequest generateRequest1 = mock(CertificateGenerateRequest.class);
when(generateRequest1.getName()).thenReturn("/firstExpectedName");
CertificateGenerationParameters generationParams1 = mock(CertificateGenerationParameters.class);
when(generationParams1.isCa()).thenReturn(true);
when(generateRequest1.getGenerationParameters()).thenReturn(generationParams1);
CertificateGenerateRequest generateRequest2 = mock(CertificateGenerateRequest.class);
when(generateRequest2.getName()).thenReturn("/secondExpectedName");
CertificateGenerationParameters generationParams2 = mock(CertificateGenerationParameters.class);
when(generationParams2.isCa()).thenReturn(false);
when(generateRequest2.getGenerationParameters()).thenReturn(generationParams2);
CertificateGenerateRequest generateRequest3 = mock(CertificateGenerateRequest.class);
when(generateRequest3.getName()).thenReturn("/thirdExpectedName");
CertificateGenerationParameters generationParams3 = mock(CertificateGenerationParameters.class);
when(generationParams3.isCa()).thenReturn(false);
when(generateRequest3.getGenerationParameters()).thenReturn(generationParams3);
CertificateGenerateRequest generateRequest4 = mock(CertificateGenerateRequest.class);
when(generateRequest4.getName()).thenReturn("/fourthExpectedName");
CertificateGenerationParameters generationParams4 = mock(CertificateGenerationParameters.class);
when(generationParams4.isCa()).thenReturn(false);
when(generateRequest4.getGenerationParameters()).thenReturn(generationParams4);
when(generationRequestGenerator.createGenerateRequest(any(CredentialVersion.class), any(String.class), any(List.class))).thenReturn(generateRequest1).thenReturn(generateRequest3).thenReturn(generateRequest4).thenReturn(generateRequest2);
subject.handleBulkRegenerate(SIGNER_NAME, newArrayList());
verify(credentialService).save(any(), any(), eq(generateRequest1), any());
verify(credentialService).save(any(), any(), eq(generateRequest3), any());
verify(credentialService).save(any(), any(), eq(generateRequest4), any());
verify(credentialService).save(any(), any(), eq(generateRequest2), any());
}
use of org.cloudfoundry.credhub.domain.CertificateGenerationParameters in project credhub by cloudfoundry-incubator.
the class RegenerateHandlerTest method handleBulkRegenerate_regeneratesEverythingInTheList.
@Test
public void handleBulkRegenerate_regeneratesEverythingInTheList() throws Exception {
when(credentialService.findAllCertificateCredentialsByCaName(SIGNER_NAME)).thenReturn(newArrayList("firstExpectedName", "secondExpectedName"));
when(credentialService.findMostRecent(anyString())).thenReturn(mock(CredentialVersion.class));
CredentialVersion credentialVersion = mock(CertificateCredentialVersion.class);
when(credentialService.save(anyObject(), anyObject(), anyObject(), anyList())).thenReturn(credentialVersion);
when(credentialVersion.getName()).thenReturn("someName");
CertificateGenerateRequest generateRequest1 = mock(CertificateGenerateRequest.class);
generateRequest1.setName("/firstExpectedName");
when(generateRequest1.getName()).thenReturn("/firstExpectedName");
CertificateGenerationParameters generationParams1 = mock(CertificateGenerationParameters.class);
when(generationParams1.isCa()).thenReturn(true);
when(generateRequest1.getGenerationParameters()).thenReturn(generationParams1);
CertificateGenerateRequest generateRequest2 = mock(CertificateGenerateRequest.class);
when(generateRequest2.getName()).thenReturn("/secondExpectedName");
CertificateGenerationParameters generationParams2 = mock(CertificateGenerationParameters.class);
when(generationParams2.isCa()).thenReturn(false);
when(generateRequest2.getGenerationParameters()).thenReturn(generationParams2);
when(generationRequestGenerator.createGenerateRequest(any(CredentialVersion.class), any(String.class), any(List.class))).thenReturn(generateRequest1).thenReturn(generateRequest2);
subject.handleBulkRegenerate(SIGNER_NAME, newArrayList());
verify(credentialService).save(any(), any(), eq(generateRequest1), any());
verify(credentialService).save(any(), any(), eq(generateRequest2), any());
}
use of org.cloudfoundry.credhub.domain.CertificateGenerationParameters in project credhub by cloudfoundry-incubator.
the class RegenerateHandler method regenerateCertificateAndDirectChildren.
private TreeSet<String> regenerateCertificateAndDirectChildren(String credentialName, List<EventAuditRecordParameters> auditRecordParameters) {
TreeSet<String> results = new TreeSet(String.CASE_INSENSITIVE_ORDER);
CredentialVersion existingCredentialVersion = credentialService.findMostRecent(credentialName);
CertificateGenerateRequest generateRequest = (CertificateGenerateRequest) generationRequestGenerator.createGenerateRequest(existingCredentialVersion, credentialName, auditRecordParameters);
CredentialValue newCredentialValue = credentialGenerator.generate(generateRequest);
CredentialVersion credentialVersion = credentialService.save(existingCredentialVersion, newCredentialValue, generateRequest, auditRecordParameters);
results.add(credentialVersion.getName());
CertificateGenerationParameters generationParameters = (CertificateGenerationParameters) generateRequest.getGenerationParameters();
if (generationParameters.isCa()) {
results.addAll(this.regenerateCertificatesSignedByCA(generateRequest.getName(), auditRecordParameters));
}
return results;
}
use of org.cloudfoundry.credhub.domain.CertificateGenerationParameters in project credhub by cloudfoundry-incubator.
the class CertificateCredentialRegeneratable method createGenerateRequest.
@Override
public BaseCredentialGenerateRequest createGenerateRequest(CredentialVersion credentialVersion, List<EventAuditRecordParameters> auditRecordParameters) {
CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) credentialVersion;
CertificateReader reader = certificateCredential.getParsedCertificate();
if (!reader.isValid() || (isEmpty(certificateCredential.getCaName()) && !reader.isSelfSigned())) {
auditRecordParameters.add(new EventAuditRecordParameters(CREDENTIAL_UPDATE, credentialVersion.getName()));
throw new ParameterizedValidationException("error.cannot_regenerate_non_generated_certificate");
}
CertificateGenerationParameters certificateGenerationParameters = new CertificateGenerationParameters(reader, certificateCredential.getCaName());
CertificateGenerateRequest generateRequest = new CertificateGenerateRequest();
generateRequest.setName(certificateCredential.getName());
generateRequest.setType(certificateCredential.getCredentialType());
generateRequest.setCertificateGenerationParameters(certificateGenerationParameters);
generateRequest.setOverwrite(true);
return generateRequest;
}
Aggregations