Search in sources :

Example 16 with PasswordCredentialVersion

use of org.cloudfoundry.credhub.domain.PasswordCredentialVersion in project credhub by cloudfoundry-incubator.

the class PasswordViewTest method beforeEach.

@Before
public void beforeEach() {
    encryptor = mock(Encryptor.class);
    uuid = UUID.randomUUID();
    entity = new PasswordCredentialVersion("/foo").setEncryptor(encryptor).setUuid(uuid);
    when(encryptor.decrypt(any())).thenReturn("fake-plaintext-value");
}
Also used : Encryptor(org.cloudfoundry.credhub.domain.Encryptor) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) Before(org.junit.Before)

Example 17 with PasswordCredentialVersion

use of org.cloudfoundry.credhub.domain.PasswordCredentialVersion in project credhub by cloudfoundry-incubator.

the class EncryptionKeyRotatorTest method whenDataExistsThatIsEncryptedWithUnknownKey_itShouldRotateDataThatItCanDecrypt.

@Test
public void whenDataExistsThatIsEncryptedWithUnknownKey_itShouldRotateDataThatItCanDecrypt() throws Exception {
    setupInitialContext();
    List<CredentialVersionData> beforeRotation = credentialVersionRepository.findByEncryptedCredentialValueEncryptionKeyUuidIn(keySet.getInactiveUuids());
    int numberToRotate = beforeRotation.size();
    assertThat(credentialVersionRepository.findOneByUuid(credentialWithUnknownKey.getUuid()).getEncryptionKeyUuid(), equalTo(unknownCanary.getUuid()));
    encryptionKeyRotator.rotate();
    List<CredentialVersionData> afterRotation = credentialVersionRepository.findByEncryptedCredentialValueEncryptionKeyUuidIn(keySet.getInactiveUuids());
    int numberToRotateWhenDone = afterRotation.size();
    assertThat(numberToRotate, equalTo(2));
    assertThat(numberToRotateWhenDone, equalTo(0));
    List<UUID> uuids = beforeRotation.stream().map(CredentialVersionData::getUuid).collect(Collectors.toList());
    // Gets updated to use current key:
    assertThat(credentialVersionRepository.findOneByUuid(credentialVersionWithOldKey.getUuid()).getEncryptionKeyUuid(), equalTo(keySet.getActive().getUuid()));
    assertThat(uuids, hasItem(credentialVersionWithOldKey.getUuid()));
    assertThat(credentialVersionRepository.findOneByUuid(password.getUuid()).getEncryptionKeyUuid(), equalTo(keySet.getActive().getUuid()));
    assertThat(uuids, hasItem(password.getUuid()));
    // Unchanged because we don't have the key:
    assertThat(credentialVersionRepository.findOneByUuid(credentialWithUnknownKey.getUuid()).getEncryptionKeyUuid(), equalTo(unknownCanary.getUuid()));
    assertThat(uuids, not(hasItem(credentialWithUnknownKey.getUuid())));
    // Unchanged because it's already up to date:
    assertThat(credentialVersionRepository.findOneByUuid(credentialWithCurrentKey.getUuid()).getEncryptionKeyUuid(), equalTo(keySet.getActive().getUuid()));
    assertThat(uuids, not(hasItem(credentialWithCurrentKey.getUuid())));
    PasswordCredentialVersion rotatedPassword = (PasswordCredentialVersion) credentialVersionDataService.findMostRecent(passwordName);
    assertThat(rotatedPassword.getPassword(), equalTo("test-password-plaintext"));
    assertThat(rotatedPassword.getGenerationParameters(), samePropertyValuesAs(new StringGenerationParameters().setExcludeNumber(true).setLength(23)));
}
Also used : PasswordCredentialVersionData(org.cloudfoundry.credhub.entity.PasswordCredentialVersionData) CertificateCredentialVersionData(org.cloudfoundry.credhub.entity.CertificateCredentialVersionData) CredentialVersionData(org.cloudfoundry.credhub.entity.CredentialVersionData) UUID(java.util.UUID) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) MockMvcResultHandlers.print(org.springframework.test.web.servlet.result.MockMvcResultHandlers.print) StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Example 18 with PasswordCredentialVersion

use of org.cloudfoundry.credhub.domain.PasswordCredentialVersion in project credhub by cloudfoundry-incubator.

the class EncryptionKeyRotatorTest method createPasswordWithOldKey.

private void createPasswordWithOldKey(Key oldKey) throws Exception {
    final EncryptedValue credentialEncryption = encryptionService.encrypt(oldCanary.getUuid(), oldKey, "test-password-plaintext");
    PasswordCredentialVersionData passwordCredentialData = new PasswordCredentialVersionData(passwordName);
    passwordCredentialData.setEncryptedValueData(credentialEncryption);
    StringGenerationParameters parameters = new StringGenerationParameters();
    parameters.setExcludeNumber(true);
    final EncryptedValue parameterEncryption = encryptionService.encrypt(oldCanary.getUuid(), oldKey, new ObjectMapper().writeValueAsString(parameters));
    passwordCredentialData.setEncryptedGenerationParameters(parameterEncryption);
    password = new PasswordCredentialVersion(passwordCredentialData);
    credentialVersionDataService.save(password);
}
Also used : PasswordCredentialVersionData(org.cloudfoundry.credhub.entity.PasswordCredentialVersionData) EncryptedValue(org.cloudfoundry.credhub.entity.EncryptedValue) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters)

Example 19 with PasswordCredentialVersion

use of org.cloudfoundry.credhub.domain.PasswordCredentialVersion in project credhub by cloudfoundry-incubator.

the class PermissionServiceTest method beforeEach.

@Before
public void beforeEach() {
    userContext = mock(UserContext.class);
    when(userContext.getActor()).thenReturn(USER_NAME);
    expectedCredential = new Credential(CREDENTIAL_NAME);
    expectedCredentialVersion = new PasswordCredentialVersion(CREDENTIAL_NAME);
    permissionDataService = mock(PermissionDataService.class);
    permissionCheckingService = mock(PermissionCheckingService.class);
    when(permissionCheckingService.hasPermission(anyString(), anyString(), any(PermissionOperation.class))).thenReturn(true);
    auditRecordParameters = newArrayList();
    UserContextHolder userContextHolder = new UserContextHolder();
    userContextHolder.setUserContext(userContext);
    subject = new PermissionService(permissionDataService, permissionCheckingService, userContextHolder);
}
Also used : Credential(org.cloudfoundry.credhub.entity.Credential) PermissionOperation(org.cloudfoundry.credhub.request.PermissionOperation) UserContext(org.cloudfoundry.credhub.auth.UserContext) UserContextHolder(org.cloudfoundry.credhub.auth.UserContextHolder) PermissionDataService(org.cloudfoundry.credhub.data.PermissionDataService) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) Before(org.junit.Before)

Example 20 with PasswordCredentialVersion

use of org.cloudfoundry.credhub.domain.PasswordCredentialVersion in project credhub by cloudfoundry-incubator.

the class PermissionedCredentialServiceTest method save_whenThereIsAnExistingCredentialAndOverwriteModeIsConvergeAndParametersAreSame_DoesNotOverwriteCredential.

@Test
public void save_whenThereIsAnExistingCredentialAndOverwriteModeIsConvergeAndParametersAreSame_DoesNotOverwriteCredential() {
    when(request.getType()).thenReturn("password");
    when(request.getOverwriteMode()).thenReturn(CredentialWriteMode.CONVERGE.mode);
    when(credentialVersionDataService.save(any(CredentialVersion.class))).thenReturn(new PasswordCredentialVersion().setEncryptor(encryptor));
    final PasswordCredentialVersion newVersion = new PasswordCredentialVersion();
    CredentialVersion originalCredentialVersion = mock(CredentialVersion.class);
    when(originalCredentialVersion.matchesGenerationParameters(generationParameters)).thenReturn(true);
    when(credentialVersionDataService.findMostRecent(CREDENTIAL_NAME)).thenReturn(originalCredentialVersion);
    when(originalCredentialVersion.getCredentialType()).thenReturn("password");
    when(credentialFactory.makeNewCredentialVersion(CredentialType.valueOf("password"), CREDENTIAL_NAME, credentialValue, originalCredentialVersion, generationParameters)).thenReturn(newVersion);
    subject.save(originalCredentialVersion, credentialValue, request, auditRecordParameters);
    verify(credentialVersionDataService, never()).save(newVersion);
}
Also used : PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) Test(org.junit.Test)

Aggregations

PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)34 Test (org.junit.Test)25 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)20 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)15 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)11 ValueCredentialVersion (org.cloudfoundry.credhub.domain.ValueCredentialVersion)11 PasswordCredentialVersionData (org.cloudfoundry.credhub.entity.PasswordCredentialVersionData)10 SshCredentialVersion (org.cloudfoundry.credhub.domain.SshCredentialVersion)9 StringGenerationParameters (org.cloudfoundry.credhub.request.StringGenerationParameters)7 EncryptedValue (org.cloudfoundry.credhub.entity.EncryptedValue)6 CertificateCredentialVersionData (org.cloudfoundry.credhub.entity.CertificateCredentialVersionData)5 ValueCredentialVersionData (org.cloudfoundry.credhub.entity.ValueCredentialVersionData)5 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)4 UUID (java.util.UUID)3 Encryptor (org.cloudfoundry.credhub.domain.Encryptor)3 CredentialVersionData (org.cloudfoundry.credhub.entity.CredentialVersionData)3 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)3 Before (org.junit.Before)3 Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2 ArrayList (java.util.ArrayList)2