use of org.cloudfoundry.credhub.domain.PasswordCredentialVersion in project credhub by cloudfoundry-incubator.
the class PasswordViewTest method beforeEach.
@Before
public void beforeEach() {
encryptor = mock(Encryptor.class);
uuid = UUID.randomUUID();
entity = new PasswordCredentialVersion("/foo").setEncryptor(encryptor).setUuid(uuid);
when(encryptor.decrypt(any())).thenReturn("fake-plaintext-value");
}
use of org.cloudfoundry.credhub.domain.PasswordCredentialVersion in project credhub by cloudfoundry-incubator.
the class EncryptionKeyRotatorTest method whenDataExistsThatIsEncryptedWithUnknownKey_itShouldRotateDataThatItCanDecrypt.
@Test
public void whenDataExistsThatIsEncryptedWithUnknownKey_itShouldRotateDataThatItCanDecrypt() throws Exception {
setupInitialContext();
List<CredentialVersionData> beforeRotation = credentialVersionRepository.findByEncryptedCredentialValueEncryptionKeyUuidIn(keySet.getInactiveUuids());
int numberToRotate = beforeRotation.size();
assertThat(credentialVersionRepository.findOneByUuid(credentialWithUnknownKey.getUuid()).getEncryptionKeyUuid(), equalTo(unknownCanary.getUuid()));
encryptionKeyRotator.rotate();
List<CredentialVersionData> afterRotation = credentialVersionRepository.findByEncryptedCredentialValueEncryptionKeyUuidIn(keySet.getInactiveUuids());
int numberToRotateWhenDone = afterRotation.size();
assertThat(numberToRotate, equalTo(2));
assertThat(numberToRotateWhenDone, equalTo(0));
List<UUID> uuids = beforeRotation.stream().map(CredentialVersionData::getUuid).collect(Collectors.toList());
// Gets updated to use current key:
assertThat(credentialVersionRepository.findOneByUuid(credentialVersionWithOldKey.getUuid()).getEncryptionKeyUuid(), equalTo(keySet.getActive().getUuid()));
assertThat(uuids, hasItem(credentialVersionWithOldKey.getUuid()));
assertThat(credentialVersionRepository.findOneByUuid(password.getUuid()).getEncryptionKeyUuid(), equalTo(keySet.getActive().getUuid()));
assertThat(uuids, hasItem(password.getUuid()));
// Unchanged because we don't have the key:
assertThat(credentialVersionRepository.findOneByUuid(credentialWithUnknownKey.getUuid()).getEncryptionKeyUuid(), equalTo(unknownCanary.getUuid()));
assertThat(uuids, not(hasItem(credentialWithUnknownKey.getUuid())));
// Unchanged because it's already up to date:
assertThat(credentialVersionRepository.findOneByUuid(credentialWithCurrentKey.getUuid()).getEncryptionKeyUuid(), equalTo(keySet.getActive().getUuid()));
assertThat(uuids, not(hasItem(credentialWithCurrentKey.getUuid())));
PasswordCredentialVersion rotatedPassword = (PasswordCredentialVersion) credentialVersionDataService.findMostRecent(passwordName);
assertThat(rotatedPassword.getPassword(), equalTo("test-password-plaintext"));
assertThat(rotatedPassword.getGenerationParameters(), samePropertyValuesAs(new StringGenerationParameters().setExcludeNumber(true).setLength(23)));
}
use of org.cloudfoundry.credhub.domain.PasswordCredentialVersion in project credhub by cloudfoundry-incubator.
the class EncryptionKeyRotatorTest method createPasswordWithOldKey.
private void createPasswordWithOldKey(Key oldKey) throws Exception {
final EncryptedValue credentialEncryption = encryptionService.encrypt(oldCanary.getUuid(), oldKey, "test-password-plaintext");
PasswordCredentialVersionData passwordCredentialData = new PasswordCredentialVersionData(passwordName);
passwordCredentialData.setEncryptedValueData(credentialEncryption);
StringGenerationParameters parameters = new StringGenerationParameters();
parameters.setExcludeNumber(true);
final EncryptedValue parameterEncryption = encryptionService.encrypt(oldCanary.getUuid(), oldKey, new ObjectMapper().writeValueAsString(parameters));
passwordCredentialData.setEncryptedGenerationParameters(parameterEncryption);
password = new PasswordCredentialVersion(passwordCredentialData);
credentialVersionDataService.save(password);
}
use of org.cloudfoundry.credhub.domain.PasswordCredentialVersion in project credhub by cloudfoundry-incubator.
the class PermissionServiceTest method beforeEach.
@Before
public void beforeEach() {
userContext = mock(UserContext.class);
when(userContext.getActor()).thenReturn(USER_NAME);
expectedCredential = new Credential(CREDENTIAL_NAME);
expectedCredentialVersion = new PasswordCredentialVersion(CREDENTIAL_NAME);
permissionDataService = mock(PermissionDataService.class);
permissionCheckingService = mock(PermissionCheckingService.class);
when(permissionCheckingService.hasPermission(anyString(), anyString(), any(PermissionOperation.class))).thenReturn(true);
auditRecordParameters = newArrayList();
UserContextHolder userContextHolder = new UserContextHolder();
userContextHolder.setUserContext(userContext);
subject = new PermissionService(permissionDataService, permissionCheckingService, userContextHolder);
}
use of org.cloudfoundry.credhub.domain.PasswordCredentialVersion in project credhub by cloudfoundry-incubator.
the class PermissionedCredentialServiceTest method save_whenThereIsAnExistingCredentialAndOverwriteModeIsConvergeAndParametersAreSame_DoesNotOverwriteCredential.
@Test
public void save_whenThereIsAnExistingCredentialAndOverwriteModeIsConvergeAndParametersAreSame_DoesNotOverwriteCredential() {
when(request.getType()).thenReturn("password");
when(request.getOverwriteMode()).thenReturn(CredentialWriteMode.CONVERGE.mode);
when(credentialVersionDataService.save(any(CredentialVersion.class))).thenReturn(new PasswordCredentialVersion().setEncryptor(encryptor));
final PasswordCredentialVersion newVersion = new PasswordCredentialVersion();
CredentialVersion originalCredentialVersion = mock(CredentialVersion.class);
when(originalCredentialVersion.matchesGenerationParameters(generationParameters)).thenReturn(true);
when(credentialVersionDataService.findMostRecent(CREDENTIAL_NAME)).thenReturn(originalCredentialVersion);
when(originalCredentialVersion.getCredentialType()).thenReturn("password");
when(credentialFactory.makeNewCredentialVersion(CredentialType.valueOf("password"), CREDENTIAL_NAME, credentialValue, originalCredentialVersion, generationParameters)).thenReturn(newVersion);
subject.save(originalCredentialVersion, credentialValue, request, auditRecordParameters);
verify(credentialVersionDataService, never()).save(newVersion);
}
Aggregations