Search in sources :

Example 6 with PasswordCredentialVersionData

use of org.cloudfoundry.credhub.entity.PasswordCredentialVersionData in project credhub by cloudfoundry-incubator.

the class CredentialVersionDataServiceTest method findAllPaths_returnsCompleteDirectoryStructure.

@Test
public void findAllPaths_returnsCompleteDirectoryStructure() {
    String valueOther = "/fubario";
    String valueName = "/value/Credential";
    String passwordName = "/password/Credential";
    String certificateName = "/certif/ic/ateCredential";
    ValueCredentialVersionData valueCredentialData = new ValueCredentialVersionData(valueOther);
    ValueCredentialVersion valueCredential = new ValueCredentialVersion(valueCredentialData);
    subject.save(valueCredential);
    valueCredentialData = new ValueCredentialVersionData(valueName);
    valueCredential = new ValueCredentialVersion(valueCredentialData);
    subject.save(valueCredential);
    PasswordCredentialVersionData passwordCredentialData = new PasswordCredentialVersionData(passwordName);
    PasswordCredentialVersion passwordCredential = new PasswordCredentialVersion(passwordCredentialData);
    subject.save(passwordCredential);
    CertificateCredentialVersionData certificateCredentialData = new CertificateCredentialVersionData(certificateName);
    CertificateCredentialVersion certificateCredential = new CertificateCredentialVersion(certificateCredentialData);
    subject.save(certificateCredential);
    assertThat(subject.findAllPaths(), equalTo(newArrayList("/", "/certif/", "/certif/ic/", "/password/", "/value/")));
}
Also used : ValueCredentialVersion(org.cloudfoundry.credhub.domain.ValueCredentialVersion) CertificateCredentialVersionData(org.cloudfoundry.credhub.entity.CertificateCredentialVersionData) PasswordCredentialVersionData(org.cloudfoundry.credhub.entity.PasswordCredentialVersionData) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) ValueCredentialVersionData(org.cloudfoundry.credhub.entity.ValueCredentialVersionData) CertificateCredentialVersion(org.cloudfoundry.credhub.domain.CertificateCredentialVersion) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Example 7 with PasswordCredentialVersionData

use of org.cloudfoundry.credhub.entity.PasswordCredentialVersionData in project credhub by cloudfoundry-incubator.

the class CredentialRotationTest method rotate_givenPasswordCredential_reEncryptsPasswordAndParametersWithActiveKey.

@Test
public void rotate_givenPasswordCredential_reEncryptsPasswordAndParametersWithActiveKey() throws Exception {
    PasswordCredentialVersionData passwordCredentialData = new PasswordCredentialVersionData("some-name");
    passwordCredentialData.setEncryptedValueData(new EncryptedValue().setEncryptionKeyUuid(oldEncryptionKeyUuid).setEncryptedValue("old-encrypted-value".getBytes()).setNonce("old-nonce".getBytes()));
    PasswordCredentialVersion password = new PasswordCredentialVersion(passwordCredentialData);
    password.setEncryptor(encryptor);
    EncryptedValue encryption = new EncryptedValue(oldEncryptionKeyUuid, "old-encrypted-parameters".getBytes(), "old-parameters-nonce".getBytes());
    passwordCredentialData.setEncryptedGenerationParameters(encryption);
    stringifiedParameters = new ObjectMapper().writeValueAsString(new StringGenerationParameters());
    when(encryptionService.decrypt(new EncryptedValue(oldEncryptionKeyUuid, "old-encrypted-parameters".getBytes(), "old-parameters-nonce".getBytes()))).thenReturn(stringifiedParameters);
    when(encryptionService.encrypt(stringifiedParameters)).thenReturn(new EncryptedValue(activeEncryptionKeyUuid, "new-encrypted-parameters".getBytes(), "new-nonce-parameters".getBytes()));
    password.rotate();
    assertThat(passwordCredentialData.getEncryptionKeyUuid(), equalTo(activeEncryptionKeyUuid));
    assertThat(passwordCredentialData.getEncryptedValueData().getEncryptedValue(), equalTo("new-encrypted-value".getBytes()));
    assertThat(passwordCredentialData.getNonce(), equalTo("new-nonce".getBytes()));
    assertThat(passwordCredentialData.getEncryptedGenerationParameters().getEncryptedValue(), equalTo("new-encrypted-parameters".getBytes()));
    assertThat(passwordCredentialData.getEncryptedGenerationParameters().getNonce(), equalTo("new-nonce-parameters".getBytes()));
}
Also used : PasswordCredentialVersionData(org.cloudfoundry.credhub.entity.PasswordCredentialVersionData) EncryptedValue(org.cloudfoundry.credhub.entity.EncryptedValue) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters) Test(org.junit.Test)

Example 8 with PasswordCredentialVersionData

use of org.cloudfoundry.credhub.entity.PasswordCredentialVersionData in project credhub by cloudfoundry-incubator.

the class PasswordCredentialVersionTest method beforeEach.

@Before
public void beforeEach() throws Exception {
    canaryUuid = UUID.randomUUID();
    encryptor = mock(Encryptor.class);
    encryptedValue = "fake-encrypted-value".getBytes();
    nonce = "fake-nonce".getBytes();
    encryptedParametersValue = "fake-encrypted-parameters".getBytes();
    parametersNonce = "fake-parameters-nonce".getBytes();
    generationParameters = new StringGenerationParameters().setExcludeLower(true).setLength(10);
    String generationParametersJson = new JsonObjectMapper().writeValueAsString(generationParameters);
    when(encryptor.encrypt(null)).thenReturn(new EncryptedValue(canaryUuid, "", ""));
    final EncryptedValue encryption = new EncryptedValue(canaryUuid, encryptedValue, nonce);
    when(encryptor.encrypt(PASSWORD)).thenReturn(encryption);
    final EncryptedValue parametersEncryption = new EncryptedValue(canaryUuid, encryptedParametersValue, parametersNonce);
    when(encryptor.encrypt(eq(generationParametersJson))).thenReturn(parametersEncryption);
    when(encryptor.decrypt(encryption)).thenReturn(PASSWORD);
    when(encryptor.decrypt(parametersEncryption)).thenReturn(generationParametersJson);
    passwordCredentialData = new PasswordCredentialVersionData("/Foo");
    subject = new PasswordCredentialVersion(passwordCredentialData);
    subject.setEncryptor(encryptor);
}
Also used : JsonObjectMapper(org.cloudfoundry.credhub.util.JsonObjectMapper) PasswordCredentialVersionData(org.cloudfoundry.credhub.entity.PasswordCredentialVersionData) EncryptedValue(org.cloudfoundry.credhub.entity.EncryptedValue) StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters) Before(org.junit.Before)

Example 9 with PasswordCredentialVersionData

use of org.cloudfoundry.credhub.entity.PasswordCredentialVersionData in project credhub by cloudfoundry-incubator.

the class EncryptionKeyRotatorTest method createPasswordWithOldKey.

private void createPasswordWithOldKey(Key oldKey) throws Exception {
    final EncryptedValue credentialEncryption = encryptionService.encrypt(oldCanary.getUuid(), oldKey, "test-password-plaintext");
    PasswordCredentialVersionData passwordCredentialData = new PasswordCredentialVersionData(passwordName);
    passwordCredentialData.setEncryptedValueData(credentialEncryption);
    StringGenerationParameters parameters = new StringGenerationParameters();
    parameters.setExcludeNumber(true);
    final EncryptedValue parameterEncryption = encryptionService.encrypt(oldCanary.getUuid(), oldKey, new ObjectMapper().writeValueAsString(parameters));
    passwordCredentialData.setEncryptedGenerationParameters(parameterEncryption);
    password = new PasswordCredentialVersion(passwordCredentialData);
    credentialVersionDataService.save(password);
}
Also used : PasswordCredentialVersionData(org.cloudfoundry.credhub.entity.PasswordCredentialVersionData) EncryptedValue(org.cloudfoundry.credhub.entity.EncryptedValue) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) StringGenerationParameters(org.cloudfoundry.credhub.request.StringGenerationParameters)

Example 10 with PasswordCredentialVersionData

use of org.cloudfoundry.credhub.entity.PasswordCredentialVersionData in project credhub by cloudfoundry-incubator.

the class EncryptionKeyRotatorTest method rotation_canRotatePasswordCredentials.

@Test
public void rotation_canRotatePasswordCredentials() throws Exception {
    String passwordName = name + "-password";
    MockHttpServletRequestBuilder post = post("/api/v1/data").header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{" + "  \"name\": \"" + passwordName + "\"," + "  \"type\": \"password\"" + "}");
    String content = this.mockMvc.perform(post).andDo(print()).andExpect(status().isOk()).andReturn().getResponse().getContentAsString();
    String originalPassword = parse(content).get("value").textValue();
    Credential credential = credentialDataService.find(passwordName);
    final PasswordCredentialVersionData firstEncryption = (PasswordCredentialVersionData) credentialVersionRepository.findAllByCredentialUuidOrderByVersionCreatedAtDesc(credential.getUuid()).get(0);
    final byte[] firstEncryptedValue = firstEncryption.getEncryptedValueData().getEncryptedValue();
    final byte[] firstEncryptedGenParams = firstEncryption.getEncryptedGenerationParameters().getEncryptedValue();
    setActiveKey(1);
    encryptionKeyRotator.rotate();
    final PasswordCredentialVersionData secondEncryption = (PasswordCredentialVersionData) credentialVersionRepository.findAllByCredentialUuidOrderByVersionCreatedAtDesc(credential.getUuid()).get(0);
    assertThat(firstEncryptedValue, not(equalTo(secondEncryption.getEncryptedValueData().getEncryptedValue())));
    assertThat(firstEncryptedGenParams, not(equalTo(secondEncryption.getEncryptedGenerationParameters())));
    final MockHttpServletRequestBuilder get = get("/api/v1/data?name=" + passwordName).header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN);
    this.mockMvc.perform(get).andExpect(status().isOk()).andExpect(jsonPath(".data[0].value").value(originalPassword));
}
Also used : Credential(org.cloudfoundry.credhub.entity.Credential) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) PasswordCredentialVersionData(org.cloudfoundry.credhub.entity.PasswordCredentialVersionData) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Aggregations

PasswordCredentialVersionData (org.cloudfoundry.credhub.entity.PasswordCredentialVersionData)16 EncryptedValue (org.cloudfoundry.credhub.entity.EncryptedValue)12 Test (org.junit.Test)11 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)10 PasswordCredentialVersion (org.cloudfoundry.credhub.domain.PasswordCredentialVersion)9 ValueCredentialVersion (org.cloudfoundry.credhub.domain.ValueCredentialVersion)5 Credential (org.cloudfoundry.credhub.entity.Credential)5 ValueCredentialVersionData (org.cloudfoundry.credhub.entity.ValueCredentialVersionData)5 CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)4 CertificateCredentialVersionData (org.cloudfoundry.credhub.entity.CertificateCredentialVersionData)4 StringGenerationParameters (org.cloudfoundry.credhub.request.StringGenerationParameters)4 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)2 SshCredentialVersion (org.cloudfoundry.credhub.domain.SshCredentialVersion)2 CredentialVersionData (org.cloudfoundry.credhub.entity.CredentialVersionData)2 SshCredentialVersionData (org.cloudfoundry.credhub.entity.SshCredentialVersionData)2 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2 EncryptionKeyCanary (org.cloudfoundry.credhub.entity.EncryptionKeyCanary)1 JsonObjectMapper (org.cloudfoundry.credhub.util.JsonObjectMapper)1