Examples with EncryptionKeyCanary org.cloudfoundry.credhub.entity.EncryptionKeyCanary used on opensource projects

Search in sources :

Example 16 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class EncryptionKeyCanaryMapperTest method assertCanaryValueWasEncryptedAndSavedToDatabase.

private void assertCanaryValueWasEncryptedAndSavedToDatabase() throws Exception {
    ArgumentCaptor<EncryptionKeyCanary> argumentCaptor = ArgumentCaptor.forClass(EncryptionKeyCanary.class);
    verify(encryptionKeyCanaryDataService).save(argumentCaptor.capture());
    EncryptionKeyCanary encryptionKeyCanary = argumentCaptor.getValue();
    assertThat(encryptionKeyCanary.getEncryptedCanaryValue(), equalTo("fake-encrypted-value".getBytes()));
    assertThat(encryptionKeyCanary.getNonce(), equalTo("fake-nonce".getBytes()));
    verify(encryptionService, times(1)).encrypt(null, activeKey, CANARY_VALUE);
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary)

Example 17 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class EncryptionKeyCanaryMapperTest method createEncryptionCanary.

private EncryptionKeyCanary createEncryptionCanary(UUID canaryUuid, String encryptedValue, String nonce, Key encryptionKey) throws Exception {
    EncryptionKeyCanary encryptionKeyCanary = new EncryptionKeyCanary();
    encryptionKeyCanary.setUuid(canaryUuid);
    encryptionKeyCanary.setEncryptedCanaryValue(encryptedValue.getBytes());
    encryptionKeyCanary.setNonce(nonce.getBytes());
    when(encryptionService.decrypt(encryptionKey, encryptedValue.getBytes(), nonce.getBytes())).thenReturn(CANARY_VALUE);
    return encryptionKeyCanary;
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary)

Example 18 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class EncryptionKeyCanaryMapperTest method mapUuidsToKeys_whenTheActiveKeyIsTheOnlyKey_whenThereIsNoMatchingCanaryInTheDatabase_whenDecryptingWithTheWrongKeyRaisesAnHSMException_itShouldCreateACanaryForTheKey.

@Test
public void mapUuidsToKeys_whenTheActiveKeyIsTheOnlyKey_whenThereIsNoMatchingCanaryInTheDatabase_whenDecryptingWithTheWrongKeyRaisesAnHSMException_itShouldCreateACanaryForTheKey() throws Exception {
    when(encryptionKeysConfiguration.isKeyCreationEnabled()).thenReturn(true);
    when(encryptionKeysConfiguration.getKeys()).thenReturn(asList(activeKeyData));
    EncryptionKeyCanary nonMatchingCanary = new EncryptionKeyCanary();
    nonMatchingCanary.setUuid(UUID.randomUUID());
    nonMatchingCanary.setEncryptedCanaryValue("fake-non-matching-encrypted-value".getBytes());
    nonMatchingCanary.setNonce("fake-non-matching-nonce".getBytes());
    when(encryptionKeyCanaryDataService.findAll()).thenReturn(asArrayList(nonMatchingCanary));
    when(encryptionService.decrypt(activeKey, nonMatchingCanary.getEncryptedCanaryValue(), nonMatchingCanary.getNonce())).thenThrow(new IllegalBlockSizeException("Could not process input data: function 'C_Decrypt' returns 0x40"));
    when(encryptionKeyCanaryDataService.save(any(EncryptionKeyCanary.class))).thenReturn(activeKeyCanary);
    subject = new EncryptionKeyCanaryMapper(encryptionKeyCanaryDataService, encryptionKeysConfiguration, timedRetry, providerFactory);
    subject.mapUuidsToKeys(keySet);
    assertCanaryValueWasEncryptedAndSavedToDatabase();
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) Test(org.junit.Test)

Example 19 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class EncryptionKeyCanaryMapperTest method mapUuidsToKeys_whenTheActiveKeyIsTheOnlyKey_whenThereIsNoMatchingCanaryInTheDatabase_whenDecryptingWithTheWrongKeyReturnsAnIncorrectCanaryValue_createsACanaryForTheKey.

@Test
public void mapUuidsToKeys_whenTheActiveKeyIsTheOnlyKey_whenThereIsNoMatchingCanaryInTheDatabase_whenDecryptingWithTheWrongKeyReturnsAnIncorrectCanaryValue_createsACanaryForTheKey() throws Exception {
    when(encryptionKeysConfiguration.isKeyCreationEnabled()).thenReturn(true);
    when(encryptionKeysConfiguration.getKeys()).thenReturn(asList(activeKeyData));
    EncryptionKeyCanary nonMatchingCanary = new EncryptionKeyCanary();
    nonMatchingCanary.setUuid(UUID.randomUUID());
    nonMatchingCanary.setEncryptedCanaryValue("fake-non-matching-encrypted-value".getBytes());
    nonMatchingCanary.setNonce("fake-non-matching-nonce".getBytes());
    when(encryptionKeyCanaryDataService.findAll()).thenReturn(asArrayList(nonMatchingCanary));
    when(encryptionService.decrypt(activeKey, nonMatchingCanary.getEncryptedCanaryValue(), nonMatchingCanary.getNonce())).thenReturn("different-canary-value");
    when(encryptionKeyCanaryDataService.save(any(EncryptionKeyCanary.class))).thenReturn(activeKeyCanary);
    subject = new EncryptionKeyCanaryMapper(encryptionKeyCanaryDataService, encryptionKeysConfiguration, timedRetry, providerFactory);
    subject.mapUuidsToKeys(keySet);
    assertCanaryValueWasEncryptedAndSavedToDatabase();
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) Test(org.junit.Test)

Example 20 with EncryptionKeyCanary

use of org.cloudfoundry.credhub.entity.EncryptionKeyCanary in project credhub by cloudfoundry-incubator.

the class CredentialRegenerateTest method regeneratingAPasswordWithParametersThatCannotBeDecrypted_returnsAnError.

@Test
public void regeneratingAPasswordWithParametersThatCannotBeDecrypted_returnsAnError() throws Exception {
    EncryptionKeyCanary encryptionKeyCanary = new EncryptionKeyCanary();
    canaryDataService.save(encryptionKeyCanary);
    PasswordCredentialVersionData passwordCredentialData = new PasswordCredentialVersionData("/my-password");
    PasswordCredentialVersion originalCredential = new PasswordCredentialVersion(passwordCredentialData);
    originalCredential.setEncryptor(encryptor);
    originalCredential.setPasswordAndGenerationParameters("abcde", new StringGenerationParameters());
    passwordCredentialData.getEncryptedValueData().setEncryptionKeyUuid(encryptionKeyCanary.getUuid());
    credentialVersionDataService.save(originalCredential);
    // language=JSON
    String cannotRegenerate = "{\n" + "  \"error\": \"The credential could not be accessed with the provided encryption keys. You must update your deployment configuration to continue" + ".\"\n" + "}";
    MockHttpServletRequestBuilder request = post("/api/v1/data").header("Authorization", "Bearer " + AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{\"regenerate\":true,\"name\":\"my-password\"}");
    mockMvc.perform(request).andDo(print()).andExpect(status().isInternalServerError()).andExpect(content().json(cannotRegenerate));
}
Also used : EncryptionKeyCanary(org.cloudfoundry.credhub.entity.EncryptionKeyCanary) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) PasswordCredentialVersionData(org.cloudfoundry.credhub.entity.PasswordCredentialVersionData) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Aggregations

EncryptionKeyCanary (org.cloudfoundry.credhub.entity.EncryptionKeyCanary)22 Test (org.junit.Test)13 EncryptedValue (org.cloudfoundry.credhub.entity.EncryptedValue)4 Before (org.junit.Before)4 Key (java.security.Key)3 UUID (java.util.UUID)3 DataJpaTest (org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest)3 Lists.newArrayList (com.google.common.collect.Lists.newArrayList)2 List (java.util.List)2 Collectors (java.util.stream.Collectors)2 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)2 EncryptionKeyMetadata (org.cloudfoundry.credhub.config.EncryptionKeyMetadata)2 EncryptionKeyCanaryRepository (org.cloudfoundry.credhub.repository.EncryptionKeyCanaryRepository)2 DatabaseProfileResolver (org.cloudfoundry.credhub.util.DatabaseProfileResolver)2 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)2 Matchers.containsInAnyOrder (org.hamcrest.Matchers.containsInAnyOrder)2 IsCollectionWithSize.hasSize (org.hamcrest.collection.IsCollectionWithSize.hasSize)2 IsEqual.equalTo (org.hamcrest.core.IsEqual.equalTo)2 Assert.assertNotNull (org.junit.Assert.assertNotNull)2 RunWith (org.junit.runner.RunWith)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial