use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.
the class LunaKeyProxyTest method beforeEach.
@Before
public void beforeEach() throws Exception {
final InternalEncryptionService encryptionService = new InternalEncryptionService(new PasswordKeyProxyFactoryTestImpl());
EncryptionKeyMetadata keyMetadata = new EncryptionKeyMetadata();
keyMetadata.setEncryptionPassword("p@ssword");
encryptionKey = encryptionService.createKeyProxy(keyMetadata).getKey();
canary = new EncryptionKeyCanary();
EncryptedValue encryptionData = encryptionService.encrypt(null, encryptionKey, CANARY_VALUE);
canary.setEncryptedCanaryValue(encryptionData.getEncryptedValue());
canary.setNonce(encryptionData.getNonce());
deprecatedCanary = new EncryptionKeyCanary();
EncryptedValue deprecatedEncryptionData = encryptionService.encrypt(null, encryptionKey, DEPRECATED_CANARY_VALUE);
deprecatedCanary.setEncryptedCanaryValue(deprecatedEncryptionData.getEncryptedValue());
deprecatedCanary.setNonce(deprecatedEncryptionData.getNonce());
}
use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.
the class PasswordBasedKeyProxyTest method matchesCanary_whenCanaryHasEmptySalt_returnsFalse.
@Test
public void matchesCanary_whenCanaryHasEmptySalt_returnsFalse() {
EncryptionKeyCanary canary = new EncryptionKeyCanary();
canary.setSalt("".getBytes());
assertFalse(subject.matchesCanary(canary));
}
use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.
the class PasswordBasedKeyProxyTest method matchesCanary_whenCanaryDoesNotMatch_doesNotAffectTheKey.
@Test
public void matchesCanary_whenCanaryDoesNotMatch_doesNotAffectTheKey() throws Exception {
// Create a canary whose value cannot be decrypted by any key
EncryptionKeyCanary canary = new EncryptionKeyCanary();
canary.setSalt(new byte[SALT_SIZE]);
canary.setNonce(new byte[NONCE_SIZE]);
canary.setEncryptedCanaryValue(new byte[32]);
// Set some well-known but bogus key into the subject
Key bogusKey = mock(Key.class);
subject.setKey(bogusKey);
final boolean match = subject.matchesCanary(canary);
assertFalse(match);
assertThat(subject.getKey(), equalTo(bogusKey));
}
use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.
the class EncryptionCanaryHelper method addCanary.
public static EncryptionKeyCanary addCanary(EncryptionKeyCanaryDataService encryptionKeyCanaryDataService) {
EncryptionKeyCanary testCanary = new EncryptionKeyCanary();
testCanary.setEncryptedCanaryValue("expectedCanaryValue".getBytes());
testCanary.setNonce("nonce".getBytes());
encryptionKeyCanaryDataService.save(testCanary);
return testCanary;
}
use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.
the class EncryptionKeyRotatorTest method createUnknownKey.
private void createUnknownKey() {
unknownCanary = new EncryptionKeyCanary();
unknownCanary.setEncryptedCanaryValue("bad-encrypted-value".getBytes());
unknownCanary.setNonce("bad-nonce".getBytes());
unknownCanary = encryptionKeyCanaryDataService.save(unknownCanary);
}
Aggregations