Example 1 with EncryptionKeyCanary
use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.
the class LunaKeyProxyTest method beforeEach.
@Before
public void beforeEach() throws Exception {
final InternalEncryptionService encryptionService = new InternalEncryptionService(new PasswordKeyProxyFactoryTestImpl());
EncryptionKeyMetadata keyMetadata = new EncryptionKeyMetadata();
keyMetadata.setEncryptionPassword("p@ssword");
encryptionKey = encryptionService.createKeyProxy(keyMetadata).getKey();
canary = new EncryptionKeyCanary();
EncryptedValue encryptionData = encryptionService.encrypt(null, encryptionKey, CANARY_VALUE);
canary.setEncryptedCanaryValue(encryptionData.getEncryptedValue());
canary.setNonce(encryptionData.getNonce());
deprecatedCanary = new EncryptionKeyCanary();
EncryptedValue deprecatedEncryptionData = encryptionService.encrypt(null, encryptionKey, DEPRECATED_CANARY_VALUE);
deprecatedCanary.setEncryptedCanaryValue(deprecatedEncryptionData.getEncryptedValue());
deprecatedCanary.setNonce(deprecatedEncryptionData.getNonce());
}
Also used :
EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary)
EncryptionKeyMetadata(org.cloudfoundry.credhub.config.EncryptionKeyMetadata)
EncryptedValue(org.cloudfoundry.credhub.entity.EncryptedValue)
PasswordKeyProxyFactoryTestImpl(org.cloudfoundry.credhub.util.PasswordKeyProxyFactoryTestImpl)
Before(org.junit.Before)
Example 2 with EncryptionKeyCanary
use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.
the class PasswordBasedKeyProxyTest method matchesCanary_whenCanaryHasEmptySalt_returnsFalse.
@Test
public void matchesCanary_whenCanaryHasEmptySalt_returnsFalse() {
EncryptionKeyCanary canary = new EncryptionKeyCanary();
canary.setSalt("".getBytes());
assertFalse(subject.matchesCanary(canary));
}
Also used :
EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary)
Test(org.junit.Test)
Example 3 with EncryptionKeyCanary
use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.
the class PasswordBasedKeyProxyTest method matchesCanary_whenCanaryDoesNotMatch_doesNotAffectTheKey.
@Test
public void matchesCanary_whenCanaryDoesNotMatch_doesNotAffectTheKey() throws Exception {
// Create a canary whose value cannot be decrypted by any key
EncryptionKeyCanary canary = new EncryptionKeyCanary();
canary.setSalt(new byte[SALT_SIZE]);
canary.setNonce(new byte[NONCE_SIZE]);
canary.setEncryptedCanaryValue(new byte[32]);
// Set some well-known but bogus key into the subject
Key bogusKey = mock(Key.class);
subject.setKey(bogusKey);
final boolean match = subject.matchesCanary(canary);
assertFalse(match);
assertThat(subject.getKey(), equalTo(bogusKey));
}
Also used :
EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary)
Key(java.security.Key)
Test(org.junit.Test)
Example 4 with EncryptionKeyCanary
use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.
the class EncryptionCanaryHelper method addCanary.
public static EncryptionKeyCanary addCanary(EncryptionKeyCanaryDataService encryptionKeyCanaryDataService) {
EncryptionKeyCanary testCanary = new EncryptionKeyCanary();
testCanary.setEncryptedCanaryValue("expectedCanaryValue".getBytes());
testCanary.setNonce("nonce".getBytes());
encryptionKeyCanaryDataService.save(testCanary);
return testCanary;
}
Also used :
EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary)
Example 5 with EncryptionKeyCanary
use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.
the class EncryptionKeyRotatorTest method createUnknownKey.
private void createUnknownKey() {
unknownCanary = new EncryptionKeyCanary();
unknownCanary.setEncryptedCanaryValue("bad-encrypted-value".getBytes());
unknownCanary.setNonce("bad-nonce".getBytes());
unknownCanary = encryptionKeyCanaryDataService.save(unknownCanary);
}
Also used :
EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary)
Aggregations
EncryptionKeyCanary (org.cloudfoundry.credhub.entity.EncryptionKeyCanary)22
Test (org.junit.Test)13
EncryptedValue (org.cloudfoundry.credhub.entity.EncryptedValue)4
Before (org.junit.Before)4
Key (java.security.Key)3
UUID (java.util.UUID)3
DataJpaTest (org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest)3
Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2
List (java.util.List)2
Collectors (java.util.stream.Collectors)2
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)2
EncryptionKeyMetadata (org.cloudfoundry.credhub.config.EncryptionKeyMetadata)2
EncryptionKeyCanaryRepository (org.cloudfoundry.credhub.repository.EncryptionKeyCanaryRepository)2
DatabaseProfileResolver (org.cloudfoundry.credhub.util.DatabaseProfileResolver)2
MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)2
Matchers.containsInAnyOrder (org.hamcrest.Matchers.containsInAnyOrder)2
IsCollectionWithSize.hasSize (org.hamcrest.collection.IsCollectionWithSize.hasSize)2
IsEqual.equalTo (org.hamcrest.core.IsEqual.equalTo)2
Assert.assertNotNull (org.junit.Assert.assertNotNull)2
RunWith (org.junit.runner.RunWith)2
