use of org.cloudfoundry.credhub.entity.PasswordCredentialVersionData in project credhub by cloudfoundry-incubator.
the class CredentialVersionDataServiceTest method findAllPaths_returnsCompleteDirectoryStructure.
@Test
public void findAllPaths_returnsCompleteDirectoryStructure() {
String valueOther = "/fubario";
String valueName = "/value/Credential";
String passwordName = "/password/Credential";
String certificateName = "/certif/ic/ateCredential";
ValueCredentialVersionData valueCredentialData = new ValueCredentialVersionData(valueOther);
ValueCredentialVersion valueCredential = new ValueCredentialVersion(valueCredentialData);
subject.save(valueCredential);
valueCredentialData = new ValueCredentialVersionData(valueName);
valueCredential = new ValueCredentialVersion(valueCredentialData);
subject.save(valueCredential);
PasswordCredentialVersionData passwordCredentialData = new PasswordCredentialVersionData(passwordName);
PasswordCredentialVersion passwordCredential = new PasswordCredentialVersion(passwordCredentialData);
subject.save(passwordCredential);
CertificateCredentialVersionData certificateCredentialData = new CertificateCredentialVersionData(certificateName);
CertificateCredentialVersion certificateCredential = new CertificateCredentialVersion(certificateCredentialData);
subject.save(certificateCredential);
assertThat(subject.findAllPaths(), equalTo(newArrayList("/", "/certif/", "/certif/ic/", "/password/", "/value/")));
}
use of org.cloudfoundry.credhub.entity.PasswordCredentialVersionData in project credhub by cloudfoundry-incubator.
the class CredentialRotationTest method rotate_givenPasswordCredential_reEncryptsPasswordAndParametersWithActiveKey.
@Test
public void rotate_givenPasswordCredential_reEncryptsPasswordAndParametersWithActiveKey() throws Exception {
PasswordCredentialVersionData passwordCredentialData = new PasswordCredentialVersionData("some-name");
passwordCredentialData.setEncryptedValueData(new EncryptedValue().setEncryptionKeyUuid(oldEncryptionKeyUuid).setEncryptedValue("old-encrypted-value".getBytes()).setNonce("old-nonce".getBytes()));
PasswordCredentialVersion password = new PasswordCredentialVersion(passwordCredentialData);
password.setEncryptor(encryptor);
EncryptedValue encryption = new EncryptedValue(oldEncryptionKeyUuid, "old-encrypted-parameters".getBytes(), "old-parameters-nonce".getBytes());
passwordCredentialData.setEncryptedGenerationParameters(encryption);
stringifiedParameters = new ObjectMapper().writeValueAsString(new StringGenerationParameters());
when(encryptionService.decrypt(new EncryptedValue(oldEncryptionKeyUuid, "old-encrypted-parameters".getBytes(), "old-parameters-nonce".getBytes()))).thenReturn(stringifiedParameters);
when(encryptionService.encrypt(stringifiedParameters)).thenReturn(new EncryptedValue(activeEncryptionKeyUuid, "new-encrypted-parameters".getBytes(), "new-nonce-parameters".getBytes()));
password.rotate();
assertThat(passwordCredentialData.getEncryptionKeyUuid(), equalTo(activeEncryptionKeyUuid));
assertThat(passwordCredentialData.getEncryptedValueData().getEncryptedValue(), equalTo("new-encrypted-value".getBytes()));
assertThat(passwordCredentialData.getNonce(), equalTo("new-nonce".getBytes()));
assertThat(passwordCredentialData.getEncryptedGenerationParameters().getEncryptedValue(), equalTo("new-encrypted-parameters".getBytes()));
assertThat(passwordCredentialData.getEncryptedGenerationParameters().getNonce(), equalTo("new-nonce-parameters".getBytes()));
}
use of org.cloudfoundry.credhub.entity.PasswordCredentialVersionData in project credhub by cloudfoundry-incubator.
the class PasswordCredentialVersionTest method beforeEach.
@Before
public void beforeEach() throws Exception {
canaryUuid = UUID.randomUUID();
encryptor = mock(Encryptor.class);
encryptedValue = "fake-encrypted-value".getBytes();
nonce = "fake-nonce".getBytes();
encryptedParametersValue = "fake-encrypted-parameters".getBytes();
parametersNonce = "fake-parameters-nonce".getBytes();
generationParameters = new StringGenerationParameters().setExcludeLower(true).setLength(10);
String generationParametersJson = new JsonObjectMapper().writeValueAsString(generationParameters);
when(encryptor.encrypt(null)).thenReturn(new EncryptedValue(canaryUuid, "", ""));
final EncryptedValue encryption = new EncryptedValue(canaryUuid, encryptedValue, nonce);
when(encryptor.encrypt(PASSWORD)).thenReturn(encryption);
final EncryptedValue parametersEncryption = new EncryptedValue(canaryUuid, encryptedParametersValue, parametersNonce);
when(encryptor.encrypt(eq(generationParametersJson))).thenReturn(parametersEncryption);
when(encryptor.decrypt(encryption)).thenReturn(PASSWORD);
when(encryptor.decrypt(parametersEncryption)).thenReturn(generationParametersJson);
passwordCredentialData = new PasswordCredentialVersionData("/Foo");
subject = new PasswordCredentialVersion(passwordCredentialData);
subject.setEncryptor(encryptor);
}
use of org.cloudfoundry.credhub.entity.PasswordCredentialVersionData in project credhub by cloudfoundry-incubator.
the class EncryptionKeyRotatorTest method createPasswordWithOldKey.
private void createPasswordWithOldKey(Key oldKey) throws Exception {
final EncryptedValue credentialEncryption = encryptionService.encrypt(oldCanary.getUuid(), oldKey, "test-password-plaintext");
PasswordCredentialVersionData passwordCredentialData = new PasswordCredentialVersionData(passwordName);
passwordCredentialData.setEncryptedValueData(credentialEncryption);
StringGenerationParameters parameters = new StringGenerationParameters();
parameters.setExcludeNumber(true);
final EncryptedValue parameterEncryption = encryptionService.encrypt(oldCanary.getUuid(), oldKey, new ObjectMapper().writeValueAsString(parameters));
passwordCredentialData.setEncryptedGenerationParameters(parameterEncryption);
password = new PasswordCredentialVersion(passwordCredentialData);
credentialVersionDataService.save(password);
}
use of org.cloudfoundry.credhub.entity.PasswordCredentialVersionData in project credhub by cloudfoundry-incubator.
the class EncryptionKeyRotatorTest method rotation_canRotatePasswordCredentials.
@Test
public void rotation_canRotatePasswordCredentials() throws Exception {
String passwordName = name + "-password";
MockHttpServletRequestBuilder post = post("/api/v1/data").header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON).contentType(APPLICATION_JSON).content("{" + " \"name\": \"" + passwordName + "\"," + " \"type\": \"password\"" + "}");
String content = this.mockMvc.perform(post).andDo(print()).andExpect(status().isOk()).andReturn().getResponse().getContentAsString();
String originalPassword = parse(content).get("value").textValue();
Credential credential = credentialDataService.find(passwordName);
final PasswordCredentialVersionData firstEncryption = (PasswordCredentialVersionData) credentialVersionRepository.findAllByCredentialUuidOrderByVersionCreatedAtDesc(credential.getUuid()).get(0);
final byte[] firstEncryptedValue = firstEncryption.getEncryptedValueData().getEncryptedValue();
final byte[] firstEncryptedGenParams = firstEncryption.getEncryptedGenerationParameters().getEncryptedValue();
setActiveKey(1);
encryptionKeyRotator.rotate();
final PasswordCredentialVersionData secondEncryption = (PasswordCredentialVersionData) credentialVersionRepository.findAllByCredentialUuidOrderByVersionCreatedAtDesc(credential.getUuid()).get(0);
assertThat(firstEncryptedValue, not(equalTo(secondEncryption.getEncryptedValueData().getEncryptedValue())));
assertThat(firstEncryptedGenParams, not(equalTo(secondEncryption.getEncryptedGenerationParameters())));
final MockHttpServletRequestBuilder get = get("/api/v1/data?name=" + passwordName).header("Authorization", "Bearer " + UAA_OAUTH2_PASSWORD_GRANT_TOKEN);
this.mockMvc.perform(get).andExpect(status().isOk()).andExpect(jsonPath(".data[0].value").value(originalPassword));
}
Aggregations