Examples with EncryptionKeyCanary org.cloudfoundry.credhub.entity.EncryptionKeyCanary used on opensource projects

Search in sources :

Example 6 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class CredentialVersionDataRepositoryTest method beforeEach.

@Before
public void beforeEach() {
    name = "my-credential";
    EncryptionKeyCanary canary = canaryRepository.save(new EncryptionKeyCanary());
    canaryUuid = canary.getUuid();
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) Before(org.junit.Before)

Example 7 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class EncryptionKeyCanaryMapperTest method mapUuidsToKeys_whenTheActiveKeyIsTheOnlyKey_whenThereIsNoMatchingCanaryInTheDatabase_whenDecryptingWithTheWrongKeyRaisesAnInternalException_itShouldCreateACanaryForTheKey.

@Test
public void mapUuidsToKeys_whenTheActiveKeyIsTheOnlyKey_whenThereIsNoMatchingCanaryInTheDatabase_whenDecryptingWithTheWrongKeyRaisesAnInternalException_itShouldCreateACanaryForTheKey() throws Exception {
    when(encryptionKeysConfiguration.isKeyCreationEnabled()).thenReturn(true);
    when(encryptionKeysConfiguration.getKeys()).thenReturn(asList(activeKeyData));
    EncryptionKeyCanary nonMatchingCanary = new EncryptionKeyCanary();
    nonMatchingCanary.setUuid(UUID.randomUUID());
    nonMatchingCanary.setEncryptedCanaryValue("fake-non-matching-encrypted-value".getBytes());
    nonMatchingCanary.setNonce("fake-non-matching-nonce".getBytes());
    when(encryptionKeyCanaryDataService.findAll()).thenReturn(asArrayList(nonMatchingCanary));
    when(encryptionService.decrypt(activeKey, nonMatchingCanary.getEncryptedCanaryValue(), nonMatchingCanary.getNonce())).thenThrow(new AEADBadTagException());
    when(encryptionKeyCanaryDataService.save(any(EncryptionKeyCanary.class))).thenReturn(activeKeyCanary);
    subject = new EncryptionKeyCanaryMapper(encryptionKeyCanaryDataService, encryptionKeysConfiguration, timedRetry, providerFactory);
    subject.mapUuidsToKeys(keySet);
    assertCanaryValueWasEncryptedAndSavedToDatabase();
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) AEADBadTagException(javax.crypto.AEADBadTagException) Test(org.junit.Test)

Example 8 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class EncryptionKeyCanaryMapperTest method mapUuidsToKeys_whenTheActiveKeyIsTheOnlyKey_whenThereIsNoMatchingCanaryInTheDatabase_whenDecryptingWithTheWrongKeyRaisesAnHSMException_throwsTheException.

@Test
public void mapUuidsToKeys_whenTheActiveKeyIsTheOnlyKey_whenThereIsNoMatchingCanaryInTheDatabase_whenDecryptingWithTheWrongKeyRaisesAnHSMException_throwsTheException() throws Exception {
    when(encryptionKeysConfiguration.isKeyCreationEnabled()).thenReturn(true);
    when(encryptionKeysConfiguration.getKeys()).thenReturn(asList(activeKeyData));
    EncryptionKeyCanary nonMatchingCanary = new EncryptionKeyCanary();
    nonMatchingCanary.setUuid(UUID.randomUUID());
    nonMatchingCanary.setEncryptedCanaryValue("fake-non-matching-encrypted-value".getBytes());
    nonMatchingCanary.setNonce("fake-non-matching-nonce".getBytes());
    when(encryptionKeyCanaryDataService.findAll()).thenReturn(asArrayList(nonMatchingCanary));
    when(activeKeyProxy.matchesCanary(nonMatchingCanary)).thenThrow(new RuntimeException(new IllegalBlockSizeException("I don't know what 0x41 means and neither do you")));
    when(encryptionKeyCanaryDataService.save(any(EncryptionKeyCanary.class))).thenReturn(activeKeyCanary);
    subject = new EncryptionKeyCanaryMapper(encryptionKeyCanaryDataService, encryptionKeysConfiguration, timedRetry, providerFactory);
    exception.expectMessage("javax.crypto.IllegalBlockSizeException: I don't know what 0x41 means and neither do you");
    subject.mapUuidsToKeys(keySet);
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) Test(org.junit.Test)

Example 9 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class EncryptionKeyCanaryMapper method createCanary.

private EncryptionKeyCanary createCanary(KeyProxy keyProxy, EncryptionService encryptionService) {
    if (encryptionKeysConfiguration.isKeyCreationEnabled()) {
        logger.info("Creating a new active key canary");
        EncryptionKeyCanary canary = new EncryptionKeyCanary();
        try {
            EncryptedValue encryptionData = encryptionService.encrypt(null, keyProxy.getKey(), CANARY_VALUE);
            canary.setEncryptedCanaryValue(encryptionData.getEncryptedValue());
            canary.setNonce(encryptionData.getNonce());
            final List<Byte> salt = keyProxy.getSalt();
            final Byte[] saltArray = new Byte[salt.size()];
            canary.setSalt(toPrimitive(salt.toArray(saltArray)));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
        return encryptionKeyCanaryDataService.save(canary);
    } else {
        final EncryptionKeyCanary[] matchingCanary = new EncryptionKeyCanary[1];
        timedRetry.retryEverySecondUntil(CANARY_POPULATION_WAIT_SEC, () -> {
            for (EncryptionKeyCanary encryptionKeyCanary : encryptionKeyCanaryDataService.findAll()) {
                if (keyProxy.matchesCanary(encryptionKeyCanary)) {
                    matchingCanary[0] = encryptionKeyCanary;
                    return true;
                }
            }
            logger.info("Waiting for the active key's canary");
            return false;
        });
        if (matchingCanary[0] == null) {
            throw new RuntimeException("Timed out waiting for active key canary to be created");
        }
        return matchingCanary[0];
    }
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) EncryptedValue(org.cloudfoundry.credhub.entity.EncryptedValue)

Example 10 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class EncryptionKeyCanaryMapper method mapUuidsToKeys.

void mapUuidsToKeys(EncryptionKeySet keySet) throws Exception {
    List<EncryptionKeyCanary> encryptionKeyCanaries = encryptionKeyCanaryDataService.findAll();
    for (EncryptionKeyMetadata keyMetadata : encryptionKeysConfiguration.getKeys()) {
        EncryptionService encryptionService = providerFactory.getEncryptionService(keyMetadata.getProviderType());
        KeyProxy keyProxy = encryptionService.createKeyProxy(keyMetadata);
        EncryptionKeyCanary matchingCanary = null;
        for (EncryptionKeyCanary canary : encryptionKeyCanaries) {
            if (keyProxy.matchesCanary(canary)) {
                matchingCanary = canary;
                break;
            }
        }
        if (matchingCanary == null) {
            if (keyMetadata.isActive()) {
                matchingCanary = createCanary(keyProxy, encryptionService);
            } else {
                continue;
            }
        }
        if (keyMetadata.isActive()) {
            keySet.setActive(matchingCanary.getUuid());
        }
        try {
            keySet.add(new EncryptionKey(providerFactory.getEncryptionService(keyMetadata.getProviderType()), matchingCanary.getUuid(), keyProxy.getKey()));
        } catch (Exception e) {
            throw new RuntimeException("Failed to connect to encryption provider", e);
        }
    }
    if (keySet.getActive() == null) {
        throw new RuntimeException("No active key was found");
    }
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) EncryptionKeyMetadata(org.cloudfoundry.credhub.config.EncryptionKeyMetadata)

Aggregations

EncryptionKeyCanary (org.cloudfoundry.credhub.entity.EncryptionKeyCanary)22 Test (org.junit.Test)13 EncryptedValue (org.cloudfoundry.credhub.entity.EncryptedValue)4 Before (org.junit.Before)4 Key (java.security.Key)3 UUID (java.util.UUID)3 DataJpaTest (org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest)3 Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2 List (java.util.List)2 Collectors (java.util.stream.Collectors)2 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)2 EncryptionKeyMetadata (org.cloudfoundry.credhub.config.EncryptionKeyMetadata)2 EncryptionKeyCanaryRepository (org.cloudfoundry.credhub.repository.EncryptionKeyCanaryRepository)2 DatabaseProfileResolver (org.cloudfoundry.credhub.util.DatabaseProfileResolver)2 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)2 Matchers.containsInAnyOrder (org.hamcrest.Matchers.containsInAnyOrder)2 IsCollectionWithSize.hasSize (org.hamcrest.collection.IsCollectionWithSize.hasSize)2 IsEqual.equalTo (org.hamcrest.core.IsEqual.equalTo)2 Assert.assertNotNull (org.junit.Assert.assertNotNull)2 RunWith (org.junit.runner.RunWith)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial