Example 1 with KeyNotFoundException
use of org.cloudfoundry.credhub.exceptions.KeyNotFoundException in project credhub by cloudfoundry-incubator.
the class EncryptionKeyRotator method rotate.
public void rotate() {
final long start = System.currentTimeMillis();
logger.info("Starting encryption key rotation.");
int rotatedRecordCount = 0;
final long startingNotRotatedRecordCount = encryptedValueDataService.countAllByCanaryUuid(keySet.getActive().getUuid());
List<UUID> inactiveCanaries = keySet.getInactiveUuids();
Slice<EncryptedValue> valuesEncryptedByOldKey = encryptedValueDataService.findByCanaryUuids(inactiveCanaries);
while (valuesEncryptedByOldKey.hasContent()) {
for (EncryptedValue value : valuesEncryptedByOldKey.getContent()) {
try {
encryptedValueDataService.rotate(value);
rotatedRecordCount++;
} catch (KeyNotFoundException e) {
logger.error("key not found for value, unable to rotate");
}
}
valuesEncryptedByOldKey = encryptedValueDataService.findByCanaryUuids(inactiveCanaries);
}
final long finish = System.currentTimeMillis();
final long duration = finish - start;
final long endingNotRotatedRecordCount = startingNotRotatedRecordCount - rotatedRecordCount;
if (rotatedRecordCount == 0 && endingNotRotatedRecordCount == 0) {
logger.info("Found no records in need of encryption key rotation.");
} else {
logger.info("Finished encryption key rotation in " + duration + " milliseconds. Details:");
logger.info(" Successfully rotated " + rotatedRecordCount + " item(s)");
logger.info(" Skipped " + endingNotRotatedRecordCount + " item(s) due to missing master encryption key(s).");
}
encryptionKeyCanaryMapper.delete(inactiveCanaries);
}
Also used :
UUID(java.util.UUID)
EncryptedValue(org.cloudfoundry.credhub.entity.EncryptedValue)
KeyNotFoundException(org.cloudfoundry.credhub.exceptions.KeyNotFoundException)
Example 2 with KeyNotFoundException
use of org.cloudfoundry.credhub.exceptions.KeyNotFoundException in project credhub by cloudfoundry-incubator.
the class CredentialsControllerGetTest method gettingACredential_thatIsEncryptedWithAnUnknownKey_throwsAnException.
@Test
public void gettingACredential_thatIsEncryptedWithAnUnknownKey_throwsAnException() throws Exception {
UUID uuid = UUID.randomUUID();
ValueCredentialVersion valueCredential = new ValueCredentialVersion(CREDENTIAL_NAME).setEncryptor(encryptor).setUuid(uuid).setVersionCreatedAt(FROZEN_TIME);
doThrow(new KeyNotFoundException("error.missing_encryption_key")).when(encryptor).decrypt(any());
doReturn(Arrays.asList(valueCredential)).when(credentialVersionDataService).findAllByName(CREDENTIAL_NAME);
final MockHttpServletRequestBuilder get = get("/api/v1/data?name=" + CREDENTIAL_NAME).header("Authorization", "Bearer " + AuthConstants.UAA_OAUTH2_PASSWORD_GRANT_TOKEN).accept(APPLICATION_JSON);
String expectedError = "The credential could not be accessed with the provided encryption keys. You must update your deployment configuration to continue.";
mockMvc.perform(get).andExpect(status().isInternalServerError()).andExpect(content().contentTypeCompatibleWith(APPLICATION_JSON)).andExpect(jsonPath("$.error").value(expectedError));
}
Also used :
ValueCredentialVersion(org.cloudfoundry.credhub.domain.ValueCredentialVersion)
MockHttpServletRequestBuilder(org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)
UUID(java.util.UUID)
KeyNotFoundException(org.cloudfoundry.credhub.exceptions.KeyNotFoundException)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
Test(org.junit.Test)
Aggregations
UUID (java.util.UUID)2
KeyNotFoundException (org.cloudfoundry.credhub.exceptions.KeyNotFoundException)2
ValueCredentialVersion (org.cloudfoundry.credhub.domain.ValueCredentialVersion)1
EncryptedValue (org.cloudfoundry.credhub.entity.EncryptedValue)1
Test (org.junit.Test)1
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)1
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)1
