Example 1 with UserCredentialVersion
use of org.cloudfoundry.credhub.domain.UserCredentialVersion in project credhub by cloudfoundry-incubator.
the class CredentialRegenerateTest method regeneratingAUser_regeneratesTheUser_andPersistsAnAuditEntry.
@Test
public void regeneratingAUser_regeneratesTheUser_andPersistsAnAuditEntry() throws Exception {
UserCredentialVersion originalCredential = new UserCredentialVersion("/the-user");
originalCredential.setEncryptor(encryptor);
StringGenerationParameters generationParameters = new StringGenerationParameters();
generationParameters.setExcludeNumber(true);
generationParameters.setUsername("Darth Vader");
originalCredential.setPassword("original-password");
originalCredential.setUsername("Darth Vader");
originalCredential.setSalt("pepper");
originalCredential.setGenerationParameters(generationParameters);
originalCredential.setVersionCreatedAt(FROZEN_TIME.plusSeconds(1));
credentialVersionDataService.save(originalCredential);
fakeTimeSetter.accept(FROZEN_TIME.plusSeconds(10).toEpochMilli());
MockHttpServletRequestBuilder request = post("/api/v1/data").header("Authorization", "Bearer " + AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\"regenerate\":true,\"name\":\"the-user\"}");
mockMvc.perform(request).andExpect(status().isOk()).andExpect(content().contentTypeCompatibleWith(APPLICATION_JSON)).andExpect(jsonPath("$.type").value("user")).andExpect(jsonPath("$.version_created_at").value(FROZEN_TIME.plusSeconds(10).toString()));
UserCredentialVersion newUser = (UserCredentialVersion) credentialVersionDataService.findMostRecent("/the-user");
assertThat(newUser.getPassword(), not(equalTo(originalCredential.getPassword())));
assertThat(newUser.getGenerationParameters().isExcludeNumber(), equalTo(true));
assertThat(newUser.getUsername(), equalTo(originalCredential.getUsername()));
auditingHelper.verifyAuditing(CREDENTIAL_UPDATE, "/the-user", AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "/api/v1/data", 200);
}
Also used :
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion)
StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
Test(org.junit.Test)
Example 2 with UserCredentialVersion
use of org.cloudfoundry.credhub.domain.UserCredentialVersion in project credhub by cloudfoundry-incubator.
the class UserCredentialRegeneratable method createGenerateRequest.
@Override
public BaseCredentialGenerateRequest createGenerateRequest(CredentialVersion credentialVersion, List<EventAuditRecordParameters> auditRecordParameters) {
UserCredentialVersion userCredential = (UserCredentialVersion) credentialVersion;
UserGenerateRequest generateRequest = new UserGenerateRequest();
generateRequest.setName(userCredential.getName());
generateRequest.setType(userCredential.getCredentialType());
generateRequest.setOverwrite(true);
StringGenerationParameters generationParameters;
generationParameters = userCredential.getGenerationParameters();
if (generationParameters == null) {
auditRecordParameters.add(new EventAuditRecordParameters(CREDENTIAL_UPDATE, credentialVersion.getName()));
throw new ParameterizedValidationException("error.cannot_regenerate_non_generated_user");
}
generationParameters.setUsername(userCredential.getUsername());
generateRequest.setGenerationParameters(generationParameters);
return generateRequest;
}
Also used :
UserGenerateRequest(org.cloudfoundry.credhub.request.UserGenerateRequest)
EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters)
UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters)
Example 3 with UserCredentialVersion
use of org.cloudfoundry.credhub.domain.UserCredentialVersion in project credhub by cloudfoundry-incubator.
the class UserViewTest method canCreateViewFromEntity.
@Test
public void canCreateViewFromEntity() throws IOException {
final UUID uuid = UUID.randomUUID();
final String salt = new CryptSaltFactory().generateSalt("test-password");
final String passwordHash = Crypt.crypt("test-password", salt);
final UserCredentialVersion userCredential = mock(UserCredentialVersion.class);
when(userCredential.getName()).thenReturn("/foo");
when(userCredential.getUuid()).thenReturn(uuid);
when(userCredential.getCredentialType()).thenReturn("user");
when(userCredential.getPassword()).thenReturn("test-password");
when(userCredential.getUsername()).thenReturn("test-username");
when(userCredential.getSalt()).thenReturn(salt);
UserView actual = (UserView) UserView.fromEntity(userCredential);
assertThat(JsonTestHelper.serializeToString(actual), equalTo("{" + "\"type\":\"user\"," + "\"version_created_at\":null," + "\"id\":\"" + uuid.toString() + "\"," + "\"name\":\"/foo\"," + "\"value\":{" + "\"username\":\"test-username\"," + "\"password\":\"test-password\"," + "\"password_hash\":\"" + passwordHash + "\"" + "}}"));
}
Also used :
CryptSaltFactory(org.cloudfoundry.credhub.credential.CryptSaltFactory)
UUID(java.util.UUID)
UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion)
Test(org.junit.Test)
Example 4 with UserCredentialVersion
use of org.cloudfoundry.credhub.domain.UserCredentialVersion in project credhub by cloudfoundry-incubator.
the class CredentialsControllerTypeSpecificGenerateTest method parameters.
@Parameterized.Parameters(name = "{0}")
public static Collection<Object> parameters() {
credentialUuid = UUID.randomUUID();
Collection<Object> params = new ArrayList<>();
TestParameterizer passwordParameters = new TestParameterizer("password", "{\"exclude_number\": true}") {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value", FAKE_PASSWORD);
}
void credentialAssertions(CredentialVersion credential) {
PasswordCredentialVersion passwordCredential = (PasswordCredentialVersion) credential;
assertThat(passwordCredential.getGenerationParameters().isExcludeNumber(), equalTo(true));
assertThat(passwordCredential.getPassword(), equalTo(FAKE_PASSWORD));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new PasswordCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPasswordAndGenerationParameters(FAKE_PASSWORD, new StringGenerationParameters().setExcludeNumber(true)).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
TestParameterizer userParameterizer = new TestParameterizer("user", "null") {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value.username", USERNAME, "$.value.password", FAKE_PASSWORD);
}
void credentialAssertions(CredentialVersion credential) {
UserCredentialVersion userCredential = (UserCredentialVersion) credential;
assertThat(userCredential.getUsername(), equalTo(USERNAME));
assertThat(userCredential.getPassword(), equalTo(FAKE_PASSWORD));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new UserCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPassword(FAKE_PASSWORD).setUsername(USERNAME).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
TestParameterizer certificateParameterizer = new TestParameterizer("certificate", "{\"common_name\":\"my-common-name\",\"self_sign\":true}") {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value.certificate", "certificate", "$.value.private_key", "private_key", "$.value.ca", "ca");
}
void credentialAssertions(CredentialVersion credential) {
CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) credential;
assertThat(certificateCredential.getCa(), equalTo(CA));
assertThat(certificateCredential.getCertificate(), equalTo(CERTIFICATE));
assertThat(certificateCredential.getPrivateKey(), equalTo(PRIVATE_KEY));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new CertificateCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setCa(CA).setCertificate(CERTIFICATE).setPrivateKey(PRIVATE_KEY).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
TestParameterizer sshParameterizer = new TestParameterizer("ssh", "null") {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value.public_key", "public_key", "$.value.private_key", "private_key", "$.value.public_key_fingerprint", null);
}
void credentialAssertions(CredentialVersion credential) {
SshCredentialVersion sshCredential = (SshCredentialVersion) credential;
assertThat(sshCredential.getPublicKey(), equalTo(PUBLIC_KEY));
assertThat(sshCredential.getPrivateKey(), equalTo(PRIVATE_KEY));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new SshCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPrivateKey(PRIVATE_KEY).setPublicKey(PUBLIC_KEY).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
TestParameterizer rsaParameterizer = new TestParameterizer("rsa", "null") {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value.public_key", "public_key", "$.value.private_key", "private_key");
}
void credentialAssertions(CredentialVersion credential) {
RsaCredentialVersion rsaCredential = (RsaCredentialVersion) credential;
assertThat(rsaCredential.getPublicKey(), equalTo(PUBLIC_KEY));
assertThat(rsaCredential.getPrivateKey(), equalTo(PRIVATE_KEY));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new RsaCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPrivateKey(PRIVATE_KEY).setPublicKey(PUBLIC_KEY).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
params.add(passwordParameters);
params.add(userParameterizer);
params.add(certificateParameterizer);
params.add(sshParameterizer);
params.add(rsaParameterizer);
return params;
}
Also used :
RsaCredentialVersion(org.cloudfoundry.credhub.domain.RsaCredentialVersion)
Lists.newArrayList(com.google.common.collect.Lists.newArrayList)
ArrayList(java.util.ArrayList)
Encryptor(org.cloudfoundry.credhub.domain.Encryptor)
SshCredentialVersion(org.cloudfoundry.credhub.domain.SshCredentialVersion)
PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion)
UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion)
PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion)
RsaCredentialVersion(org.cloudfoundry.credhub.domain.RsaCredentialVersion)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)
SshCredentialVersion(org.cloudfoundry.credhub.domain.SshCredentialVersion)
UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion)
StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
Example 5 with UserCredentialVersion
use of org.cloudfoundry.credhub.domain.UserCredentialVersion in project credhub by cloudfoundry-incubator.
the class CredentialsControllerTypeSpecificSetTest method parameters.
@Parameterized.Parameters(name = "{0}")
public static Collection<Object> parameters() {
UUID credentialUuid = UUID.randomUUID();
Collection<Object> params = new ArrayList<>();
TestParametizer valueParameters = new TestParametizer("value", "\"" + VALUE_VALUE + "\"") {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value", VALUE_VALUE);
}
void credentialAssertions(CredentialVersion credential) {
assertThat(((ValueCredentialVersion) credential).getValue(), equalTo(VALUE_VALUE));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new ValueCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setValue(VALUE_VALUE).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
TestParametizer passwordParameters = new TestParametizer("password", "\"" + PASSWORD_VALUE + "\"") {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value", PASSWORD_VALUE);
}
void credentialAssertions(CredentialVersion credential) {
assertThat(((PasswordCredentialVersion) credential).getPassword(), equalTo(PASSWORD_VALUE));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new PasswordCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPasswordAndGenerationParameters(PASSWORD_VALUE, null).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
TestParametizer certificateParameters = new TestParametizer("certificate", CERTIFICATE_VALUE_JSON_STRING) {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value.certificate", TestConstants.TEST_CERTIFICATE, "$.value.private_key", TestConstants.TEST_PRIVATE_KEY, "$.value.ca", TestConstants.TEST_CA);
}
void credentialAssertions(CredentialVersion credential) {
CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) credential;
assertThat(certificateCredential.getCa(), equalTo(TestConstants.TEST_CA));
assertThat(certificateCredential.getCertificate(), equalTo(TestConstants.TEST_CERTIFICATE));
assertThat(certificateCredential.getPrivateKey(), equalTo(TestConstants.TEST_PRIVATE_KEY));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new CertificateCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setCa(TestConstants.TEST_CA).setCertificate(TestConstants.TEST_CERTIFICATE).setPrivateKey(TestConstants.TEST_PRIVATE_KEY).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
TestParametizer sshParameters = new TestParametizer("ssh", SSH_VALUE_JSON_STRING) {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value.public_key", TestConstants.SSH_PUBLIC_KEY_4096_WITH_COMMENT, "$.value.private_key", TestConstants.PRIVATE_KEY_4096, "$.value.public_key_fingerprint", "UmqxK9UJJR4Jrcw0DcwqJlCgkeQoKp8a+HY+0p0nOgc");
}
void credentialAssertions(CredentialVersion credential) {
SshCredentialVersion sshCredential = (SshCredentialVersion) credential;
assertThat(sshCredential.getPublicKey(), equalTo(TestConstants.SSH_PUBLIC_KEY_4096_WITH_COMMENT));
assertThat(sshCredential.getPrivateKey(), equalTo(TestConstants.PRIVATE_KEY_4096));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new SshCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPrivateKey(TestConstants.PRIVATE_KEY_4096).setPublicKey(TestConstants.SSH_PUBLIC_KEY_4096_WITH_COMMENT).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
TestParametizer rsaParameters = new TestParametizer("rsa", RSA_VALUE_JSON_STRING) {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value.public_key", TestConstants.RSA_PUBLIC_KEY_4096, "$.value.private_key", TestConstants.PRIVATE_KEY_4096);
}
void credentialAssertions(CredentialVersion credential) {
RsaCredentialVersion rsaCredential = (RsaCredentialVersion) credential;
assertThat(rsaCredential.getPublicKey(), equalTo(TestConstants.RSA_PUBLIC_KEY_4096));
assertThat(rsaCredential.getPrivateKey(), equalTo(TestConstants.PRIVATE_KEY_4096));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new RsaCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPrivateKey(TestConstants.PRIVATE_KEY_4096).setPublicKey(TestConstants.RSA_PUBLIC_KEY_4096).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
TestParametizer jsonParameters = new TestParametizer("json", JSON_VALUE_JSON_STRING) {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value", jsonValueMap);
}
void credentialAssertions(CredentialVersion credential) {
JsonCredentialVersion jsonCredential = (JsonCredentialVersion) credential;
assertThat(jsonCredential.getValue(), equalTo(jsonValueMap));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new JsonCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setValue(jsonValueMap).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
TestParametizer userParameters = new TestParametizer("user", USER_VALUE_JSON_STRING) {
ResultMatcher jsonAssertions() {
return multiJsonPath("$.value.username", USERNAME_VALUE, "$.value.password", PASSWORD_VALUE);
}
void credentialAssertions(CredentialVersion credential) {
UserCredentialVersion userCredential = (UserCredentialVersion) credential;
assertThat(userCredential.getUsername(), equalTo(USERNAME_VALUE));
assertThat(userCredential.getPassword(), equalTo(PASSWORD_VALUE));
}
CredentialVersion createCredential(Encryptor encryptor) {
return new UserCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setUsername(USERNAME_VALUE).setPassword(PASSWORD_VALUE).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
}
};
params.add(valueParameters);
params.add(passwordParameters);
params.add(certificateParameters);
params.add(sshParameters);
params.add(rsaParameters);
params.add(jsonParameters);
params.add(userParameters);
return params;
}
Also used :
JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion)
ValueCredentialVersion(org.cloudfoundry.credhub.domain.ValueCredentialVersion)
RsaCredentialVersion(org.cloudfoundry.credhub.domain.RsaCredentialVersion)
Lists.newArrayList(com.google.common.collect.Lists.newArrayList)
ArrayList(java.util.ArrayList)
Encryptor(org.cloudfoundry.credhub.domain.Encryptor)
PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion)
JSONObject(net.minidev.json.JSONObject)
UUID(java.util.UUID)
SshCredentialVersion(org.cloudfoundry.credhub.domain.SshCredentialVersion)
UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion)
PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion)
RsaCredentialVersion(org.cloudfoundry.credhub.domain.RsaCredentialVersion)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion)
JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion)
ValueCredentialVersion(org.cloudfoundry.credhub.domain.ValueCredentialVersion)
SshCredentialVersion(org.cloudfoundry.credhub.domain.SshCredentialVersion)
UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion)
CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)
Aggregations
UserCredentialVersion (org.cloudfoundry.credhub.domain.UserCredentialVersion)8
Test (org.junit.Test)5
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4
StringGenerationParameters (org.cloudfoundry.credhub.request.StringGenerationParameters)3
Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2
ArrayList (java.util.ArrayList)2
UUID (java.util.UUID)2
CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)2
CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)2
Encryptor (org.cloudfoundry.credhub.domain.Encryptor)2
PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)2
RsaCredentialVersion (org.cloudfoundry.credhub.domain.RsaCredentialVersion)2
SshCredentialVersion (org.cloudfoundry.credhub.domain.SshCredentialVersion)2
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2
JSONObject (net.minidev.json.JSONObject)1
EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)1
CryptSaltFactory (org.cloudfoundry.credhub.credential.CryptSaltFactory)1
JsonCredentialVersion (org.cloudfoundry.credhub.domain.JsonCredentialVersion)1
ValueCredentialVersion (org.cloudfoundry.credhub.domain.ValueCredentialVersion)1
ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)1
