Search in sources :

Example 11 with RequestAuditRecord

use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.

the class CredentialsControllerAuditLogTest method whenARequestHasMultipleXForwardedForHeaders_logsAllXForwardedForValues.

@Test
public void whenARequestHasMultipleXForwardedForHeaders_logsAllXForwardedForValues() throws Exception {
    when(credentialVersionDataService.save(any(CredentialVersion.class))).thenAnswer(invocation -> {
        ValueCredentialVersion valueCredential = invocation.getArgumentAt(0, ValueCredentialVersion.class);
        valueCredential.setUuid(UUID.randomUUID());
        return valueCredential;
    });
    MockHttpServletRequestBuilder putRequest = MockMvcRequestBuilders.put(CredentialsController.API_V1_DATA).accept(MediaType.APPLICATION_JSON).contentType(MediaType.APPLICATION_JSON).header("Authorization", "Bearer " + AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN).header("X-Forwarded-For", "1.1.1.1,2.2.2.2").header("X-Forwarded-For", "3.3.3.3").content("{\"type\":\"value\",\"name\":\"foo\",\"value\":\"password\"}").with(request -> {
        request.setRemoteAddr("12346");
        return request;
    });
    mockMvc.perform(putRequest).andExpect(status().isOk());
    ArgumentCaptor<RequestAuditRecord> recordCaptor = ArgumentCaptor.forClass(RequestAuditRecord.class);
    verify(requestAuditRecordDataService, times(1)).save(recordCaptor.capture());
    RequestAuditRecord auditRecord = recordCaptor.getValue();
    assertThat(auditRecord.getXForwardedFor(), equalTo("1.1.1.1,2.2.2.2,3.3.3.3"));
}
Also used : ValueCredentialVersion(org.cloudfoundry.credhub.domain.ValueCredentialVersion) RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord) MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder) PasswordCredentialVersion(org.cloudfoundry.credhub.domain.PasswordCredentialVersion) CredentialVersion(org.cloudfoundry.credhub.domain.CredentialVersion) ValueCredentialVersion(org.cloudfoundry.credhub.domain.ValueCredentialVersion) SpringBootTest(org.springframework.boot.test.context.SpringBootTest) Test(org.junit.Test)

Example 12 with RequestAuditRecord

use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.

the class AuditOAuth2AccessDeniedHandlerTest method logsTheFailureInTheRequestAuditRecordTable.

@Test
public void logsTheFailureInTheRequestAuditRecordTable() {
    RequestAuditRecord auditRecord = requestAuditRecordRepository.findAll(new Sort(DESC, "now")).get(0);
    assertThat(auditRecord.getPath(), equalTo(CredentialsController.API_V1_DATA));
    assertThat(auditRecord.getQueryParameters(), equalTo("name=foo&query=value"));
    assertThat(auditRecord.getRequesterIp(), equalTo("12346"));
    assertThat(auditRecord.getXForwardedFor(), equalTo("1.1.1.1,2.2.2.2"));
    OAuth2AccessToken accessToken = tokenServices.readAccessToken(AuthConstants.INVALID_SCOPE_KEY_JWT);
    Map<String, Object> additionalInformation = accessToken.getAdditionalInformation();
    assertThat(auditRecord.getUserId(), equalTo(additionalInformation.get("user_id")));
    assertThat(auditRecord.getUserName(), equalTo(additionalInformation.get("user_name")));
    assertThat(auditRecord.getUaaUrl(), equalTo(additionalInformation.get("iss")));
    assertThat(auditRecord.getAuthValidFrom(), equalTo(// 2737304753L (year 2056)
    ((Number) additionalInformation.get("iat")).longValue()));
    assertThat(auditRecord.getAuthValidUntil(), equalTo(// 2737304773L (year 2056)
    accessToken.getExpiration().toInstant().getEpochSecond()));
    assertThat(auditRecord.getClientId(), equalTo("credhub_cli"));
    assertThat(auditRecord.getScope(), equalTo("credhub.bad_scope"));
    assertThat(auditRecord.getGrantType(), equalTo("password"));
    assertThat(auditRecord.getMethod(), equalTo("GET"));
    assertThat(auditRecord.getStatusCode(), equalTo(403));
}
Also used : RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord) OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken) Sort(org.springframework.data.domain.Sort) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 13 with RequestAuditRecord

use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.

the class SecurityEventsLogServiceTest method log_recordsAnOperationAuditRecordToTheSysLogWhenUsingMTLS.

@Test
public void log_recordsAnOperationAuditRecordToTheSysLogWhenUsingMTLS() {
    RequestAuditRecord requestAuditRecord = makeOperationAuditRecord("foo=bar", AUTH_METHOD_MUTUAL_TLS);
    subject.log(new SecurityEventAuditRecord(requestAuditRecord, "actor-id"));
    verify(securityEventsLogger).info("CEF:0|cloud_foundry|credhub|" + fakeVersion + "|GET /api/some-path|" + "GET /api/some-path|0|rt=" + String.valueOf(now.toEpochMilli()) + " suser=user-name " + "suid=actor-id " + "cs1Label=userAuthenticationMechanism " + "cs1=mutual-tls " + "request=/api/some-path?foo=bar " + "requestMethod=GET " + "cs3Label=result " + "cs3=success " + "cs4Label=httpStatusCode " + "cs4=200 " + "src=127.0.0.1 " + "dst=host.example.com");
}
Also used : SecurityEventAuditRecord(org.cloudfoundry.credhub.domain.SecurityEventAuditRecord) RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord) Test(org.junit.Test)

Example 14 with RequestAuditRecord

use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.

the class SecurityEventsLogServiceTest method log_whenTheQueryParamStringIsEmpty_shouldSpecifyOnlyThePathInTheRequest.

@Test
public void log_whenTheQueryParamStringIsEmpty_shouldSpecifyOnlyThePathInTheRequest() {
    RequestAuditRecord requestAuditRecord = makeOperationAuditRecord("", AUTH_METHOD_UAA);
    subject.log(new SecurityEventAuditRecord(requestAuditRecord, "actor-id"));
    assertThat(fakeVersion, notNullValue());
    assertThat(fakeVersion.length(), greaterThan(0));
    verify(securityEventsLogger).info(contains("request=/api/some-path requestMethod=GET"));
}
Also used : SecurityEventAuditRecord(org.cloudfoundry.credhub.domain.SecurityEventAuditRecord) RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord) Test(org.junit.Test)

Example 15 with RequestAuditRecord

use of org.cloudfoundry.credhub.entity.RequestAuditRecord in project credhub by cloudfoundry-incubator.

the class SecurityEventsLogServiceTest method makeOperationAuditRecord.

private RequestAuditRecord makeOperationAuditRecord(String queryParameters, String authMethod) {
    RequestAuditRecord requestAuditRecord = mock(RequestAuditRecord.class);
    when(requestAuditRecord.getAuthMethod()).thenReturn(authMethod);
    when(requestAuditRecord.getUserId()).thenReturn("user-id");
    when(requestAuditRecord.getNow()).thenReturn(now);
    when(requestAuditRecord.getMethod()).thenReturn("GET");
    when(requestAuditRecord.getPath()).thenReturn("/api/some-path");
    when(requestAuditRecord.getRequesterIp()).thenReturn("127.0.0.1");
    when(requestAuditRecord.getHostName()).thenReturn("host.example.com");
    when(requestAuditRecord.getClientId()).thenReturn("some-client-id");
    when(requestAuditRecord.getUserName()).thenReturn("user-name");
    when(requestAuditRecord.getQueryParameters()).thenReturn(queryParameters);
    when(requestAuditRecord.getStatusCode()).thenReturn(200);
    return requestAuditRecord;
}
Also used : RequestAuditRecord(org.cloudfoundry.credhub.entity.RequestAuditRecord)

Aggregations

RequestAuditRecord (org.cloudfoundry.credhub.entity.RequestAuditRecord)19 Test (org.junit.Test)13 SecurityEventAuditRecord (org.cloudfoundry.credhub.domain.SecurityEventAuditRecord)8 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)6 EventAuditRecord (org.cloudfoundry.credhub.entity.EventAuditRecord)4 Sort (org.springframework.data.domain.Sort)4 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)3 List (java.util.List)2 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)2 Principal (java.security.Principal)1 Collections.emptyList (java.util.Collections.emptyList)1 UUID (java.util.UUID)1 Collectors (java.util.stream.Collectors)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 StringUtils (org.apache.commons.lang3.StringUtils)1 AuditingOperationCode (org.cloudfoundry.credhub.audit.AuditingOperationCode)1 EventAuditRecordParameters (org.cloudfoundry.credhub.audit.EventAuditRecordParameters)1 UserContext (org.cloudfoundry.credhub.auth.UserContext)1 CredentialVersion (org.cloudfoundry.credhub.domain.CredentialVersion)1