use of org.cloudfoundry.credhub.entity.UserCredentialVersionData in project credhub by cloudfoundry-incubator.
the class UserCredentialVersionTest method getPassword_returnsDecryptedPassword_andOnlyDecryptsOnce.
@Test
public void getPassword_returnsDecryptedPassword_andOnlyDecryptsOnce() {
final EncryptedValue encryption = new EncryptedValue(ENCRYPTION_KEY_UUID, ENCRYPTED_PASSWORD, NONCE);
when(encryptor.decrypt(encryption)).thenReturn(USER_PASSWORD);
userCredentialData = new UserCredentialVersionData().setEncryptedValueData(new EncryptedValue().setEncryptedValue(ENCRYPTED_PASSWORD).setNonce(NONCE).setEncryptionKeyUuid(ENCRYPTION_KEY_UUID));
subject = new UserCredentialVersion(userCredentialData).setEncryptor(encryptor);
String password = subject.getPassword();
assertThat(password, equalTo(USER_PASSWORD));
verify(encryptor, times(1)).decrypt(any());
}
use of org.cloudfoundry.credhub.entity.UserCredentialVersionData in project credhub by cloudfoundry-incubator.
the class UserCredentialVersionTest method getGenerationParameters_returnsNullIfTheGenerationParametersAreNull.
@Test
public void getGenerationParameters_returnsNullIfTheGenerationParametersAreNull() {
userCredentialData = new UserCredentialVersionData();
subject = new UserCredentialVersion(userCredentialData).setEncryptor(encryptor);
subject.setGenerationParameters(null);
StringGenerationParameters generationParameters = subject.getGenerationParameters();
assertThat(generationParameters, equalTo(null));
}
use of org.cloudfoundry.credhub.entity.UserCredentialVersionData in project credhub by cloudfoundry-incubator.
the class UserCredentialVersionTest method getGenerationParameters_decryptsGenerationParameters.
@Test
public void getGenerationParameters_decryptsGenerationParameters() {
final EncryptedValue parameterEncryption = new EncryptedValue(ENCRYPTION_KEY_UUID, ENCRYPTED_GENERATION_PARAMS, PARAMETERS_NONCE);
final EncryptedValue passwordEncryption = new EncryptedValue(ENCRYPTION_KEY_UUID, ENCRYPTED_PASSWORD, NONCE);
when(encryptor.decrypt(parameterEncryption)).thenReturn(USER_GENERATION_PARAMS_STRING);
when(encryptor.decrypt(passwordEncryption)).thenReturn(USER_PASSWORD);
userCredentialData = new UserCredentialVersionData().setEncryptedValueData(passwordEncryption).setEncryptedGenerationParameters(parameterEncryption);
subject = new UserCredentialVersion(userCredentialData).setEncryptor(encryptor);
StringGenerationParameters generationParameters = subject.getGenerationParameters();
assertThat(generationParameters, samePropertyValuesAs(STRING_GENERATION_PARAMS));
verify(encryptor, times(2)).decrypt(any());
}
use of org.cloudfoundry.credhub.entity.UserCredentialVersionData in project credhub by cloudfoundry-incubator.
the class UserCredentialVersionTest method setUsername_setsUsernameOnDelegate.
@Test
public void setUsername_setsUsernameOnDelegate() {
UserCredentialVersionData delegate = new UserCredentialVersionData(CREDENTIAL_NAME);
subject = new UserCredentialVersion(delegate);
subject.setUsername("test-user");
assertThat(delegate.getUsername(), equalTo("test-user"));
}
use of org.cloudfoundry.credhub.entity.UserCredentialVersionData in project credhub by cloudfoundry-incubator.
the class UserCredentialVersionTest method rotate_reEncryptsPasswordWithNewEncryptionKey.
@Test
public void rotate_reEncryptsPasswordWithNewEncryptionKey() {
UUID oldEncryptionKeyUuid = UUID.randomUUID();
byte[] oldEncryptedPassword = "old-encrypted-password".getBytes();
byte[] oldEncryptedGenerationParams = "old-encrypted-generation-params".getBytes();
byte[] oldNonce = "old-nonce".getBytes();
byte[] oldParametersNonce = "old-parameters-nonce".getBytes();
EncryptedValue parametersEncryption = new EncryptedValue(oldEncryptionKeyUuid, oldEncryptedGenerationParams, oldParametersNonce);
EncryptedValue encryptedUserValue = new EncryptedValue().setEncryptionKeyUuid(oldEncryptionKeyUuid).setEncryptedValue(oldEncryptedPassword).setNonce(oldNonce);
userCredentialData = new UserCredentialVersionData(CREDENTIAL_NAME).setEncryptedValueData(encryptedUserValue).setEncryptedGenerationParameters(parametersEncryption);
subject = new UserCredentialVersion(userCredentialData).setEncryptor(encryptor);
when(encryptor.decrypt(new EncryptedValue(oldEncryptionKeyUuid, oldEncryptedPassword, oldNonce))).thenReturn(USER_PASSWORD);
when(encryptor.decrypt(new EncryptedValue(oldEncryptionKeyUuid, oldEncryptedGenerationParams, oldParametersNonce))).thenReturn(USER_GENERATION_PARAMS_STRING);
when(encryptor.encrypt(eq(USER_PASSWORD))).thenReturn(new EncryptedValue(ENCRYPTION_KEY_UUID, ENCRYPTED_PASSWORD, NONCE));
when(encryptor.encrypt(eq(USER_GENERATION_PARAMS_STRING))).thenReturn(new EncryptedValue(ENCRYPTION_KEY_UUID, ENCRYPTED_GENERATION_PARAMS, PARAMETERS_NONCE));
subject.rotate();
verify(encryptor, times(2)).decrypt(any());
verify(encryptor).encrypt(USER_PASSWORD);
verify(encryptor).encrypt(USER_GENERATION_PARAMS_STRING);
assertThat(userCredentialData.getEncryptionKeyUuid(), equalTo(ENCRYPTION_KEY_UUID));
assertThat(userCredentialData.getEncryptedValueData().getEncryptedValue(), equalTo(ENCRYPTED_PASSWORD));
assertThat(userCredentialData.getEncryptedGenerationParameters().getEncryptedValue(), equalTo(ENCRYPTED_GENERATION_PARAMS));
assertThat(userCredentialData.getNonce(), equalTo(NONCE));
assertThat(userCredentialData.getEncryptedGenerationParameters().getNonce(), equalTo(PARAMETERS_NONCE));
}
Aggregations