use of org.cloudfoundry.credhub.request.CertificateSetRequest in project credhub by cloudfoundry-incubator.
the class SetHandlerTest method handleSetRequest_withACertificateSetRequest_andACaName_providesCaCertificate.
@Test
public void handleSetRequest_withACertificateSetRequest_andACaName_providesCaCertificate() {
CertificateCredentialValue cerificateAuthority = new CertificateCredentialValue(null, TestConstants.TEST_CA, null, null);
when(certificateAuthorityService.findActiveVersion("/test-ca-name")).thenReturn(cerificateAuthority);
CertificateSetRequest setRequest = new CertificateSetRequest();
final CertificateCredentialValue credentialValue = new CertificateCredentialValue(null, TestConstants.TEST_CERTIFICATE, "Enterprise", "test-ca-name");
final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
setRequest.setType("certificate");
setRequest.setName("/captain");
setRequest.setAdditionalPermissions(accessControlEntries);
setRequest.setOverwrite(false);
setRequest.setCertificateValue(credentialValue);
CertificateCredentialValue expectedCredentialValue = new CertificateCredentialValue(TestConstants.TEST_CA, TestConstants.TEST_CERTIFICATE, "Enterprise", "/test-ca-name");
ArgumentCaptor<CredentialValue> credentialValueArgumentCaptor = ArgumentCaptor.forClass(CredentialValue.class);
subject.handle(setRequest, eventAuditRecordParameters);
verify(credentialService).save(eq(null), credentialValueArgumentCaptor.capture(), eq(setRequest), eq(eventAuditRecordParameters));
assertThat(credentialValueArgumentCaptor.getValue(), samePropertyValuesAs(expectedCredentialValue));
verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
use of org.cloudfoundry.credhub.request.CertificateSetRequest in project credhub by cloudfoundry-incubator.
the class SetHandler method handle.
public CredentialView handle(BaseCredentialSetRequest setRequest, List<EventAuditRecordParameters> auditRecordParameters) {
if (setRequest instanceof CertificateSetRequest) {
// fill in the ca value if it's one of ours
CertificateCredentialValue certificateValue = ((CertificateSetRequest) setRequest).getCertificateValue();
String caName = certificateValue.getCaName();
if (caName != null) {
final String caValue = certificateAuthorityService.findActiveVersion(caName).getCertificate();
certificateValue.setCa(caValue);
CertificateReader certificateReader = new CertificateReader(certificateValue.getCertificate());
if (!certificateReader.isSignedByCa(caValue)) {
throw new ParameterizedValidationException("error.certificate_was_not_signed_by_ca_name");
}
}
}
CredentialVersion existingCredentialVersion = credentialService.findMostRecent(setRequest.getName());
final CredentialVersion credentialVersion = credentialService.save(existingCredentialVersion, setRequest.getCredentialValue(), setRequest, auditRecordParameters);
final boolean isNewCredential = existingCredentialVersion == null;
if (isNewCredential || setRequest.isOverwrite()) {
permissionService.savePermissions(credentialVersion, setRequest.getAdditionalPermissions(), auditRecordParameters, isNewCredential, setRequest.getName());
}
return CredentialView.fromEntity(credentialVersion);
}
use of org.cloudfoundry.credhub.request.CertificateSetRequest in project credhub by cloudfoundry-incubator.
the class SetHandlerTest method handleSetRequest_withACertificateSetRequest_andNoCaName_usesCorrectParameters.
@Test
public void handleSetRequest_withACertificateSetRequest_andNoCaName_usesCorrectParameters() {
CertificateSetRequest setRequest = new CertificateSetRequest();
final CertificateCredentialValue certificateValue = new CertificateCredentialValue(null, "Picard", "Enterprise", null);
final ArrayList<EventAuditRecordParameters> eventAuditRecordParameters = new ArrayList<>();
setRequest.setType("certificate");
setRequest.setName("/captain");
setRequest.setAdditionalPermissions(accessControlEntries);
setRequest.setOverwrite(false);
setRequest.setCertificateValue(certificateValue);
subject.handle(setRequest, eventAuditRecordParameters);
verify(credentialService).save(null, certificateValue, setRequest, eventAuditRecordParameters);
verify(permissionService).savePermissions(credentialVersion, accessControlEntries, eventAuditRecordParameters, true, "/captain");
}
Aggregations