use of org.cloudfoundry.credhub.entity.EncryptedValue in project credhub by cloudfoundry-incubator.
the class PasswordCredentialVersion method setPasswordAndGenerationParameters.
public PasswordCredentialVersion setPasswordAndGenerationParameters(String password, StringGenerationParameters generationParameters) {
EncryptedValue encryptedParameters, encryptedPassword;
if (password == null) {
throw new IllegalArgumentException("password cannot be null");
}
try {
String generationParameterJson = generationParameters != null ? jsonObjectMapper.writeValueAsString(generationParameters) : null;
if (generationParameterJson != null) {
encryptedParameters = encryptor.encrypt(generationParameterJson);
delegate.setEncryptedGenerationParameters(encryptedParameters);
}
encryptedPassword = encryptor.encrypt(password);
delegate.setEncryptedValueData(encryptedPassword);
} catch (Exception e) {
throw new RuntimeException(e);
}
return this;
}
use of org.cloudfoundry.credhub.entity.EncryptedValue in project credhub by cloudfoundry-incubator.
the class LunaKeyProxyTest method beforeEach.
@Before
public void beforeEach() throws Exception {
final InternalEncryptionService encryptionService = new InternalEncryptionService(new PasswordKeyProxyFactoryTestImpl());
EncryptionKeyMetadata keyMetadata = new EncryptionKeyMetadata();
keyMetadata.setEncryptionPassword("p@ssword");
encryptionKey = encryptionService.createKeyProxy(keyMetadata).getKey();
canary = new EncryptionKeyCanary();
EncryptedValue encryptionData = encryptionService.encrypt(null, encryptionKey, CANARY_VALUE);
canary.setEncryptedCanaryValue(encryptionData.getEncryptedValue());
canary.setNonce(encryptionData.getNonce());
deprecatedCanary = new EncryptionKeyCanary();
EncryptedValue deprecatedEncryptionData = encryptionService.encrypt(null, encryptionKey, DEPRECATED_CANARY_VALUE);
deprecatedCanary.setEncryptedCanaryValue(deprecatedEncryptionData.getEncryptedValue());
deprecatedCanary.setNonce(deprecatedEncryptionData.getNonce());
}
use of org.cloudfoundry.credhub.entity.EncryptedValue in project credhub by cloudfoundry-incubator.
the class RetryingEncryptionServiceTest method encrypt_shouldEncryptTheStringWithoutAttemptingToReconnect.
@Test
public void encrypt_shouldEncryptTheStringWithoutAttemptingToReconnect() throws Exception {
when(keySet.getActive()).thenReturn(firstActiveKey);
EncryptedValue expectedEncryption = mock(EncryptedValue.class);
when(firstActiveKey.encrypt("fake-plaintext")).thenReturn(expectedEncryption);
EncryptedValue encryptedValue = subject.encrypt("fake-plaintext");
assertThat(encryptedValue, equalTo(expectedEncryption));
verify(encryptionService, times(0)).reconnect(any(IllegalBlockSizeException.class));
verify(keySet, times(0)).reload();
}
use of org.cloudfoundry.credhub.entity.EncryptedValue in project credhub by cloudfoundry-incubator.
the class CredentialVersionDataRepositoryTest method canSaveCertificatesOfLength7000WhichMeans7016ForGCM.
@Test
public void canSaveCertificatesOfLength7000WhichMeans7016ForGCM() {
byte[] encryptedValue = new byte[7016];
Arrays.fill(encryptedValue, (byte) 'A');
final StringBuilder stringBuilder = new StringBuilder(7000);
Stream.generate(() -> "a").limit(stringBuilder.capacity()).forEach(stringBuilder::append);
Credential credential = credentialRepository.save(new Credential(name));
final String longString = stringBuilder.toString();
CertificateCredentialVersionData entity = new CertificateCredentialVersionData();
entity.setCredential(credential);
entity.setCa(longString);
entity.setCertificate(longString);
entity.setEncryptedValueData(new EncryptedValue().setEncryptionKeyUuid(canaryUuid).setEncryptedValue(encryptedValue).setNonce("nonce".getBytes()));
subject.save(entity);
CertificateCredentialVersionData credentialData = (CertificateCredentialVersionData) subject.findFirstByCredentialUuidOrderByVersionCreatedAtDesc(credential.getUuid());
assertThat(credentialData.getCa().length(), equalTo(7000));
assertThat(credentialData.getCertificate().length(), equalTo(7000));
assertThat(credentialData.getEncryptedValueData().getEncryptedValue(), equalTo(encryptedValue));
assertThat(credentialData.getEncryptedValueData().getEncryptedValue().length, equalTo(7016));
}
use of org.cloudfoundry.credhub.entity.EncryptedValue in project credhub by cloudfoundry-incubator.
the class EncryptionKeyCanaryMapperTest method beforeEach.
@Before()
public void beforeEach() throws Exception {
encryptionKeyCanaryDataService = mock(EncryptionKeyCanaryDataService.class);
encryptionService = mock(EncryptionService.class);
encryptionKeysConfiguration = mock(EncryptionKeysConfiguration.class);
keySet = new EncryptionKeySet();
providerFactory = mock(EncryptionProviderFactory.class);
activeCanaryUuid = UUID.randomUUID();
existingCanaryUuid1 = UUID.randomUUID();
existingCanaryUuid2 = UUID.randomUUID();
unknownCanaryUuid = UUID.randomUUID();
activeKeyData = new EncryptionKeyMetadata();
activeKeyData.setEncryptionPassword("this-is-active");
activeKeyData.setActive(true);
activeKeyData.setProviderType(ProviderType.INTERNAL);
existingKey1Data = new EncryptionKeyMetadata();
existingKey1Data.setEncryptionPassword("existing-key-1");
existingKey1Data.setActive(false);
existingKey1Data.setProviderType(ProviderType.INTERNAL);
existingKey2Data = new EncryptionKeyMetadata();
existingKey2Data.setEncryptionPassword("existing-key-2");
existingKey2Data.setActive(false);
existingKey2Data.setProviderType(ProviderType.INTERNAL);
activeKey = mock(Key.class, "active key");
existingKey1 = mock(Key.class, "key 1");
existingKey2 = mock(Key.class, "key 2");
unknownKey = mock(Key.class, "key 3");
activeKeyProxy = mock(KeyProxy.class);
existingKey1Proxy = mock(KeyProxy.class);
existingKey2Proxy = mock(KeyProxy.class);
activeKeyCanary = createEncryptionCanary(activeCanaryUuid, "fake-active-encrypted-value", "fake-active-nonce", activeKey);
existingKeyCanary1 = createEncryptionCanary(existingCanaryUuid1, "fake-existing-encrypted-value1", "fake-existing-nonce1", existingKey1);
existingKeyCanary2 = createEncryptionCanary(existingCanaryUuid2, "fake-existing-encrypted-value2", "fake-existing-nonce2", existingKey2);
unknownCanary = createEncryptionCanary(unknownCanaryUuid, "fake-existing-encrypted-value3", "fake-existing-nonce3", unknownKey);
when(encryptionService.encrypt(null, activeKey, CANARY_VALUE)).thenReturn(new EncryptedValue(null, "fake-encrypted-value", "fake-nonce"));
when(encryptionKeysConfiguration.getKeys()).thenReturn(newArrayList(existingKey1Data, activeKeyData, existingKey2Data));
when(providerFactory.getEncryptionService(ProviderType.INTERNAL)).thenReturn(encryptionService);
when(encryptionService.createKeyProxy(eq(activeKeyData))).thenReturn(activeKeyProxy);
when(encryptionService.createKeyProxy(eq(existingKey1Data))).thenReturn(existingKey1Proxy);
when(encryptionService.createKeyProxy(eq(existingKey2Data))).thenReturn(existingKey2Proxy);
when(activeKeyProxy.matchesCanary(eq(activeKeyCanary))).thenReturn(true);
when(existingKey1Proxy.matchesCanary(eq(existingKeyCanary1))).thenReturn(true);
when(existingKey2Proxy.matchesCanary(eq(existingKeyCanary2))).thenReturn(true);
when(activeKeyProxy.getKey()).thenReturn(activeKey);
when(existingKey1Proxy.getKey()).thenReturn(existingKey1);
when(existingKey2Proxy.getKey()).thenReturn(existingKey2);
when(encryptionKeyCanaryDataService.findAll()).thenReturn(new ArrayList<>(asArrayList(existingKeyCanary1, activeKeyCanary, existingKeyCanary2)));
timedRetry = mock(TimedRetry.class);
when(timedRetry.retryEverySecondUntil(anyLong(), any(Supplier.class))).thenAnswer(answer -> {
Supplier<Boolean> retryableOperation = answer.getArgumentAt(1, Supplier.class);
for (int i = 0; i < 10; ++i) {
if (retryableOperation.get()) {
return true;
}
}
return false;
});
}
Aggregations