Search in sources :

Example 1 with UserCredentialVersion

use of org.cloudfoundry.credhub.domain.UserCredentialVersion in project credhub by cloudfoundry-incubator.

the class CredentialRegenerateTest method regeneratingAUser_regeneratesTheUser_andPersistsAnAuditEntry.

@Test
public void regeneratingAUser_regeneratesTheUser_andPersistsAnAuditEntry() throws Exception {
    UserCredentialVersion originalCredential = new UserCredentialVersion("/the-user");
    originalCredential.setEncryptor(encryptor);
    StringGenerationParameters generationParameters = new StringGenerationParameters();
    generationParameters.setExcludeNumber(true);
    generationParameters.setUsername("Darth Vader");
    originalCredential.setPassword("original-password");
    originalCredential.setUsername("Darth Vader");
    originalCredential.setSalt("pepper");
    originalCredential.setGenerationParameters(generationParameters);
    originalCredential.setVersionCreatedAt(FROZEN_TIME.plusSeconds(1));
    credentialVersionDataService.save(originalCredential);
    fakeTimeSetter.accept(FROZEN_TIME.plusSeconds(10).toEpochMilli());
    MockHttpServletRequestBuilder request = post("/api/v1/data").header("Authorization", "Bearer " + AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\"regenerate\":true,\"name\":\"the-user\"}");
    mockMvc.perform(request).andExpect(status().isOk()).andExpect(content().contentTypeCompatibleWith(APPLICATION_JSON)).andExpect(jsonPath("$.type").value("user")).andExpect(jsonPath("$.version_created_at").value(FROZEN_TIME.plusSeconds(10).toString()));
    UserCredentialVersion newUser = (UserCredentialVersion) credentialVersionDataService.findMostRecent("/the-user");
    assertThat(newUser.getPassword(), not(equalTo(originalCredential.getPassword())));
    assertThat(newUser.getGenerationParameters().isExcludeNumber(), equalTo(true));
    assertThat(newUser.getUsername(), equalTo(originalCredential.getUsername()));
    auditingHelper.verifyAuditing(CREDENTIAL_UPDATE, "/the-user", AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_ACTOR_ID, "/api/v1/data", 200);
}
Also used : MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion) StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Example 2 with UserCredentialVersion

use of org.cloudfoundry.credhub.domain.UserCredentialVersion in project credhub by cloudfoundry-incubator.

the class UserCredentialRegeneratable method createGenerateRequest.

@Override
public BaseCredentialGenerateRequest createGenerateRequest(CredentialVersion credentialVersion, List<EventAuditRecordParameters> auditRecordParameters) {
    UserCredentialVersion userCredential = (UserCredentialVersion) credentialVersion;
    UserGenerateRequest generateRequest = new UserGenerateRequest();
    generateRequest.setName(userCredential.getName());
    generateRequest.setType(userCredential.getCredentialType());
    generateRequest.setOverwrite(true);
    StringGenerationParameters generationParameters;
    generationParameters = userCredential.getGenerationParameters();
    if (generationParameters == null) {
        auditRecordParameters.add(new EventAuditRecordParameters(CREDENTIAL_UPDATE, credentialVersion.getName()));
        throw new ParameterizedValidationException("error.cannot_regenerate_non_generated_user");
    }
    generationParameters.setUsername(userCredential.getUsername());
    generateRequest.setGenerationParameters(generationParameters);
    return generateRequest;
}
Also used : UserGenerateRequest(org.cloudfoundry.credhub.request.UserGenerateRequest) EventAuditRecordParameters(org.cloudfoundry.credhub.audit.EventAuditRecordParameters) UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion) ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException) StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters)

Example 3 with UserCredentialVersion

use of org.cloudfoundry.credhub.domain.UserCredentialVersion in project credhub by cloudfoundry-incubator.

the class UserViewTest method canCreateViewFromEntity.

@Test
public void canCreateViewFromEntity() throws IOException {
    final UUID uuid = UUID.randomUUID();
    final String salt = new CryptSaltFactory().generateSalt("test-password");
    final String passwordHash = Crypt.crypt("test-password", salt);
    final UserCredentialVersion userCredential = mock(UserCredentialVersion.class);
    when(userCredential.getName()).thenReturn("/foo");
    when(userCredential.getUuid()).thenReturn(uuid);
    when(userCredential.getCredentialType()).thenReturn("user");
    when(userCredential.getPassword()).thenReturn("test-password");
    when(userCredential.getUsername()).thenReturn("test-username");
    when(userCredential.getSalt()).thenReturn(salt);
    UserView actual = (UserView) UserView.fromEntity(userCredential);
    assertThat(JsonTestHelper.serializeToString(actual), equalTo("{" + "\"type\":\"user\"," + "\"version_created_at\":null," + "\"id\":\"" + uuid.toString() + "\"," + "\"name\":\"/foo\"," + "\"value\":{" + "\"username\":\"test-username\"," + "\"password\":\"test-password\"," + "\"password_hash\":\"" + passwordHash + "\"" + "}}"));
}
Also used : CryptSaltFactory(org.cloudfoundry.credhub.credential.CryptSaltFactory) UUID(java.util.UUID) UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion) Test(org.junit.Test)

Example 4 with UserCredentialVersion

use of org.cloudfoundry.credhub.domain.UserCredentialVersion in project credhub by cloudfoundry-incubator.

the class CredentialsControllerTypeSpecificGenerateTest method parameters.

@Parameterized.Parameters(name = "{0}")
public static Collection<Object> parameters() {
    credentialUuid = UUID.randomUUID();
    Collection<Object> params = new ArrayList<>();
    TestParameterizer passwordParameters = new TestParameterizer("password", "{\"exclude_number\": true}") {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value", FAKE_PASSWORD);
        }

        void credentialAssertions(CredentialVersion credential) {
            PasswordCredentialVersion passwordCredential = (PasswordCredentialVersion) credential;
            assertThat(passwordCredential.getGenerationParameters().isExcludeNumber(), equalTo(true));
            assertThat(passwordCredential.getPassword(), equalTo(FAKE_PASSWORD));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new PasswordCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPasswordAndGenerationParameters(FAKE_PASSWORD, new StringGenerationParameters().setExcludeNumber(true)).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    TestParameterizer userParameterizer = new TestParameterizer("user", "null") {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value.username", USERNAME, "$.value.password", FAKE_PASSWORD);
        }

        void credentialAssertions(CredentialVersion credential) {
            UserCredentialVersion userCredential = (UserCredentialVersion) credential;
            assertThat(userCredential.getUsername(), equalTo(USERNAME));
            assertThat(userCredential.getPassword(), equalTo(FAKE_PASSWORD));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new UserCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPassword(FAKE_PASSWORD).setUsername(USERNAME).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    TestParameterizer certificateParameterizer = new TestParameterizer("certificate", "{\"common_name\":\"my-common-name\",\"self_sign\":true}") {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value.certificate", "certificate", "$.value.private_key", "private_key", "$.value.ca", "ca");
        }

        void credentialAssertions(CredentialVersion credential) {
            CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) credential;
            assertThat(certificateCredential.getCa(), equalTo(CA));
            assertThat(certificateCredential.getCertificate(), equalTo(CERTIFICATE));
            assertThat(certificateCredential.getPrivateKey(), equalTo(PRIVATE_KEY));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new CertificateCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setCa(CA).setCertificate(CERTIFICATE).setPrivateKey(PRIVATE_KEY).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    TestParameterizer sshParameterizer = new TestParameterizer("ssh", "null") {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value.public_key", "public_key", "$.value.private_key", "private_key", "$.value.public_key_fingerprint", null);
        }

        void credentialAssertions(CredentialVersion credential) {
            SshCredentialVersion sshCredential = (SshCredentialVersion) credential;
            assertThat(sshCredential.getPublicKey(), equalTo(PUBLIC_KEY));
            assertThat(sshCredential.getPrivateKey(), equalTo(PRIVATE_KEY));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new SshCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPrivateKey(PRIVATE_KEY).setPublicKey(PUBLIC_KEY).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    TestParameterizer rsaParameterizer = new TestParameterizer("rsa", "null") {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value.public_key", "public_key", "$.value.private_key", "private_key");
        }

        void credentialAssertions(CredentialVersion credential) {
            RsaCredentialVersion rsaCredential = (RsaCredentialVersion) credential;
            assertThat(rsaCredential.getPublicKey(), equalTo(PUBLIC_KEY));
            assertThat(rsaCredential.getPrivateKey(), equalTo(PRIVATE_KEY));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new RsaCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPrivateKey(PRIVATE_KEY).setPublicKey(PUBLIC_KEY).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    params.add(passwordParameters);
    params.add(userParameterizer);
    params.add(certificateParameterizer);
    params.add(sshParameterizer);
    params.add(rsaParameterizer);
    return params;
}
Also used : RsaCredentialVersion(org.cloudfoundry.credhub.domain.RsaCredentialVersion) Lists.newArrayList(com.google.common.collect.Lists.newArrayList) ArrayList(java.util.ArrayList) Encryptor(org.cloudfoundry.credhub.domain.Encryptor) SshCredentialVersion(org.cloudfoundry.credhub.domain.SshCredentialVersion) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) RsaCredentialVersion(org.cloudfoundry.credhub.domain.RsaCredentialVersion) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) SshCredentialVersion(org.cloudfoundry.credhub.domain.SshCredentialVersion) UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion) StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)

Example 5 with UserCredentialVersion

use of org.cloudfoundry.credhub.domain.UserCredentialVersion in project credhub by cloudfoundry-incubator.

the class CredentialsControllerTypeSpecificSetTest method parameters.

@Parameterized.Parameters(name = "{0}")
public static Collection<Object> parameters() {
    UUID credentialUuid = UUID.randomUUID();
    Collection<Object> params = new ArrayList<>();
    TestParametizer valueParameters = new TestParametizer("value", "\"" + VALUE_VALUE + "\"") {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value", VALUE_VALUE);
        }

        void credentialAssertions(CredentialVersion credential) {
            assertThat(((ValueCredentialVersion) credential).getValue(), equalTo(VALUE_VALUE));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new ValueCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setValue(VALUE_VALUE).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    TestParametizer passwordParameters = new TestParametizer("password", "\"" + PASSWORD_VALUE + "\"") {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value", PASSWORD_VALUE);
        }

        void credentialAssertions(CredentialVersion credential) {
            assertThat(((PasswordCredentialVersion) credential).getPassword(), equalTo(PASSWORD_VALUE));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new PasswordCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPasswordAndGenerationParameters(PASSWORD_VALUE, null).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    TestParametizer certificateParameters = new TestParametizer("certificate", CERTIFICATE_VALUE_JSON_STRING) {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value.certificate", TestConstants.TEST_CERTIFICATE, "$.value.private_key", TestConstants.TEST_PRIVATE_KEY, "$.value.ca", TestConstants.TEST_CA);
        }

        void credentialAssertions(CredentialVersion credential) {
            CertificateCredentialVersion certificateCredential = (CertificateCredentialVersion) credential;
            assertThat(certificateCredential.getCa(), equalTo(TestConstants.TEST_CA));
            assertThat(certificateCredential.getCertificate(), equalTo(TestConstants.TEST_CERTIFICATE));
            assertThat(certificateCredential.getPrivateKey(), equalTo(TestConstants.TEST_PRIVATE_KEY));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new CertificateCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setCa(TestConstants.TEST_CA).setCertificate(TestConstants.TEST_CERTIFICATE).setPrivateKey(TestConstants.TEST_PRIVATE_KEY).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    TestParametizer sshParameters = new TestParametizer("ssh", SSH_VALUE_JSON_STRING) {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value.public_key", TestConstants.SSH_PUBLIC_KEY_4096_WITH_COMMENT, "$.value.private_key", TestConstants.PRIVATE_KEY_4096, "$.value.public_key_fingerprint", "UmqxK9UJJR4Jrcw0DcwqJlCgkeQoKp8a+HY+0p0nOgc");
        }

        void credentialAssertions(CredentialVersion credential) {
            SshCredentialVersion sshCredential = (SshCredentialVersion) credential;
            assertThat(sshCredential.getPublicKey(), equalTo(TestConstants.SSH_PUBLIC_KEY_4096_WITH_COMMENT));
            assertThat(sshCredential.getPrivateKey(), equalTo(TestConstants.PRIVATE_KEY_4096));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new SshCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPrivateKey(TestConstants.PRIVATE_KEY_4096).setPublicKey(TestConstants.SSH_PUBLIC_KEY_4096_WITH_COMMENT).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    TestParametizer rsaParameters = new TestParametizer("rsa", RSA_VALUE_JSON_STRING) {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value.public_key", TestConstants.RSA_PUBLIC_KEY_4096, "$.value.private_key", TestConstants.PRIVATE_KEY_4096);
        }

        void credentialAssertions(CredentialVersion credential) {
            RsaCredentialVersion rsaCredential = (RsaCredentialVersion) credential;
            assertThat(rsaCredential.getPublicKey(), equalTo(TestConstants.RSA_PUBLIC_KEY_4096));
            assertThat(rsaCredential.getPrivateKey(), equalTo(TestConstants.PRIVATE_KEY_4096));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new RsaCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setPrivateKey(TestConstants.PRIVATE_KEY_4096).setPublicKey(TestConstants.RSA_PUBLIC_KEY_4096).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    TestParametizer jsonParameters = new TestParametizer("json", JSON_VALUE_JSON_STRING) {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value", jsonValueMap);
        }

        void credentialAssertions(CredentialVersion credential) {
            JsonCredentialVersion jsonCredential = (JsonCredentialVersion) credential;
            assertThat(jsonCredential.getValue(), equalTo(jsonValueMap));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new JsonCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setValue(jsonValueMap).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    TestParametizer userParameters = new TestParametizer("user", USER_VALUE_JSON_STRING) {

        ResultMatcher jsonAssertions() {
            return multiJsonPath("$.value.username", USERNAME_VALUE, "$.value.password", PASSWORD_VALUE);
        }

        void credentialAssertions(CredentialVersion credential) {
            UserCredentialVersion userCredential = (UserCredentialVersion) credential;
            assertThat(userCredential.getUsername(), equalTo(USERNAME_VALUE));
            assertThat(userCredential.getPassword(), equalTo(PASSWORD_VALUE));
        }

        CredentialVersion createCredential(Encryptor encryptor) {
            return new UserCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setUsername(USERNAME_VALUE).setPassword(PASSWORD_VALUE).setUuid(credentialUuid).setVersionCreatedAt(FROZEN_TIME.minusSeconds(1));
        }
    };
    params.add(valueParameters);
    params.add(passwordParameters);
    params.add(certificateParameters);
    params.add(sshParameters);
    params.add(rsaParameters);
    params.add(jsonParameters);
    params.add(userParameters);
    return params;
}
Also used : JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion) ValueCredentialVersion(org.cloudfoundry.credhub.domain.ValueCredentialVersion) RsaCredentialVersion(org.cloudfoundry.credhub.domain.RsaCredentialVersion) Lists.newArrayList(com.google.common.collect.Lists.newArrayList) ArrayList(java.util.ArrayList) Encryptor(org.cloudfoundry.credhub.domain.Encryptor) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) JSONObject(net.minidev.json.JSONObject) UUID(java.util.UUID) SshCredentialVersion(org.cloudfoundry.credhub.domain.SshCredentialVersion) UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) RsaCredentialVersion(org.cloudfoundry.credhub.domain.RsaCredentialVersion) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) JsonCredentialVersion(org.cloudfoundry.credhub.domain.JsonCredentialVersion) ValueCredentialVersion(org.cloudfoundry.credhub.domain.ValueCredentialVersion) SshCredentialVersion(org.cloudfoundry.credhub.domain.SshCredentialVersion) UserCredentialVersion(org.cloudfoundry.credhub.domain.UserCredentialVersion) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion)

Aggregations

UserCredentialVersion (org.cloudfoundry.credhub.domain.UserCredentialVersion)8 Test (org.junit.Test)5 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)4 StringGenerationParameters (org.cloudfoundry.credhub.request.StringGenerationParameters)3 Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2 ArrayList (java.util.ArrayList)2 UUID (java.util.UUID)2 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)2 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)2 Encryptor (org.cloudfoundry.credhub.domain.Encryptor)2 PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)2 RsaCredentialVersion (org.cloudfoundry.credhub.domain.RsaCredentialVersion)2 SshCredentialVersion (org.cloudfoundry.credhub.domain.SshCredentialVersion)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2 JSONObject (net.minidev.json.JSONObject)1 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)1 CryptSaltFactory (org.cloudfoundry.credhub.credential.CryptSaltFactory)1 JsonCredentialVersion (org.cloudfoundry.credhub.domain.JsonCredentialVersion)1 ValueCredentialVersion (org.cloudfoundry.credhub.domain.ValueCredentialVersion)1 ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)1