Search in sources :

Example 1 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class LunaKeyProxyTest method beforeEach.

@Before
public void beforeEach() throws Exception {
    final InternalEncryptionService encryptionService = new InternalEncryptionService(new PasswordKeyProxyFactoryTestImpl());
    EncryptionKeyMetadata keyMetadata = new EncryptionKeyMetadata();
    keyMetadata.setEncryptionPassword("p@ssword");
    encryptionKey = encryptionService.createKeyProxy(keyMetadata).getKey();
    canary = new EncryptionKeyCanary();
    EncryptedValue encryptionData = encryptionService.encrypt(null, encryptionKey, CANARY_VALUE);
    canary.setEncryptedCanaryValue(encryptionData.getEncryptedValue());
    canary.setNonce(encryptionData.getNonce());
    deprecatedCanary = new EncryptionKeyCanary();
    EncryptedValue deprecatedEncryptionData = encryptionService.encrypt(null, encryptionKey, DEPRECATED_CANARY_VALUE);
    deprecatedCanary.setEncryptedCanaryValue(deprecatedEncryptionData.getEncryptedValue());
    deprecatedCanary.setNonce(deprecatedEncryptionData.getNonce());
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) EncryptionKeyMetadata(org.cloudfoundry.credhub.config.EncryptionKeyMetadata) EncryptedValue(org.cloudfoundry.credhub.entity.EncryptedValue) PasswordKeyProxyFactoryTestImpl(org.cloudfoundry.credhub.util.PasswordKeyProxyFactoryTestImpl) Before(org.junit.Before)

Example 2 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class PasswordBasedKeyProxyTest method matchesCanary_whenCanaryHasEmptySalt_returnsFalse.

@Test
public void matchesCanary_whenCanaryHasEmptySalt_returnsFalse() {
    EncryptionKeyCanary canary = new EncryptionKeyCanary();
    canary.setSalt("".getBytes());
    assertFalse(subject.matchesCanary(canary));
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) Test(org.junit.Test)

Example 3 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class PasswordBasedKeyProxyTest method matchesCanary_whenCanaryDoesNotMatch_doesNotAffectTheKey.

@Test
public void matchesCanary_whenCanaryDoesNotMatch_doesNotAffectTheKey() throws Exception {
    // Create a canary whose value cannot be decrypted by any key
    EncryptionKeyCanary canary = new EncryptionKeyCanary();
    canary.setSalt(new byte[SALT_SIZE]);
    canary.setNonce(new byte[NONCE_SIZE]);
    canary.setEncryptedCanaryValue(new byte[32]);
    // Set some well-known but bogus key into the subject
    Key bogusKey = mock(Key.class);
    subject.setKey(bogusKey);
    final boolean match = subject.matchesCanary(canary);
    assertFalse(match);
    assertThat(subject.getKey(), equalTo(bogusKey));
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) Key(java.security.Key) Test(org.junit.Test)

Example 4 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class EncryptionCanaryHelper method addCanary.

public static EncryptionKeyCanary addCanary(EncryptionKeyCanaryDataService encryptionKeyCanaryDataService) {
    EncryptionKeyCanary testCanary = new EncryptionKeyCanary();
    testCanary.setEncryptedCanaryValue("expectedCanaryValue".getBytes());
    testCanary.setNonce("nonce".getBytes());
    encryptionKeyCanaryDataService.save(testCanary);
    return testCanary;
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary)

Example 5 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class EncryptionKeyRotatorTest method createUnknownKey.

private void createUnknownKey() {
    unknownCanary = new EncryptionKeyCanary();
    unknownCanary.setEncryptedCanaryValue("bad-encrypted-value".getBytes());
    unknownCanary.setNonce("bad-nonce".getBytes());
    unknownCanary = encryptionKeyCanaryDataService.save(unknownCanary);
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary)

Aggregations

EncryptionKeyCanary (org.cloudfoundry.credhub.entity.EncryptionKeyCanary)22 Test (org.junit.Test)13 EncryptedValue (org.cloudfoundry.credhub.entity.EncryptedValue)4 Before (org.junit.Before)4 Key (java.security.Key)3 UUID (java.util.UUID)3 DataJpaTest (org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest)3 Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2 List (java.util.List)2 Collectors (java.util.stream.Collectors)2 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)2 EncryptionKeyMetadata (org.cloudfoundry.credhub.config.EncryptionKeyMetadata)2 EncryptionKeyCanaryRepository (org.cloudfoundry.credhub.repository.EncryptionKeyCanaryRepository)2 DatabaseProfileResolver (org.cloudfoundry.credhub.util.DatabaseProfileResolver)2 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)2 Matchers.containsInAnyOrder (org.hamcrest.Matchers.containsInAnyOrder)2 IsCollectionWithSize.hasSize (org.hamcrest.collection.IsCollectionWithSize.hasSize)2 IsEqual.equalTo (org.hamcrest.core.IsEqual.equalTo)2 Assert.assertNotNull (org.junit.Assert.assertNotNull)2 RunWith (org.junit.runner.RunWith)2