Example 1 with CertificateReader
use of org.cloudfoundry.credhub.utils.CertificateReader in project credhub by cloudfoundry.
the class CertificateGenerator method generateCredential.
@Override
public CertificateCredentialValue generateCredential(final GenerationParameters p) {
final CertificateGenerationParameters params = (CertificateGenerationParameters) p;
final KeyPair keyPair;
final String privatePem;
try {
keyPair = keyGenerator.generateKeyPair(params.getKeyLength());
privatePem = CertificateFormatter.pemOf(keyPair.getPrivate());
} catch (final Exception e) {
throw new RuntimeException(e);
}
if (params.isSelfSigned()) {
try {
final String cert = CertificateFormatter.pemOf(signedCertificateGenerator.getSelfSigned(keyPair, params));
return new CertificateCredentialValue(cert, cert, privatePem, null, params.isCa(), params.isSelfSigned(), true, false);
} catch (final Exception e) {
throw new RuntimeException(e);
}
} else {
final String caName = params.getCaName();
final CertificateCredentialValue latestNonTransitionalCaVersion = certificateAuthorityService.findActiveVersion(caName);
if (latestNonTransitionalCaVersion.getPrivateKey() == null) {
throw new ParameterizedValidationException(ErrorMessages.CA_MISSING_PRIVATE_KEY);
}
final CertificateCredentialValue transitionalCaVersion = certificateAuthorityService.findTransitionalVersion(caName);
String signingCaCertificate;
String signingCaPrivateKey;
String trustedCaCertificate = null;
if (shouldUseTransitionalParentToSign(params.getAllowTransitionalParentToSign(), latestNonTransitionalCaVersion, transitionalCaVersion)) {
signingCaCertificate = transitionalCaVersion.getCertificate();
signingCaPrivateKey = transitionalCaVersion.getPrivateKey();
trustedCaCertificate = latestNonTransitionalCaVersion.getCertificate();
} else {
signingCaCertificate = latestNonTransitionalCaVersion.getCertificate();
signingCaPrivateKey = latestNonTransitionalCaVersion.getPrivateKey();
if (transitionalCaVersion != null) {
trustedCaCertificate = transitionalCaVersion.getCertificate();
}
}
try {
final CertificateReader certificateReader = new CertificateReader(signingCaCertificate);
final X509Certificate cert = signedCertificateGenerator.getSignedByIssuer(keyPair, params, certificateReader.getCertificate(), PrivateKeyReader.getPrivateKey(signingCaPrivateKey));
return new CertificateCredentialValue(signingCaCertificate, CertificateFormatter.pemOf(cert), privatePem, caName, trustedCaCertificate, params.isCa(), params.isSelfSigned(), true, false);
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
}
Also used :
KeyPair(java.security.KeyPair)
CertificateGenerationParameters(org.cloudfoundry.credhub.domain.CertificateGenerationParameters)
CertificateCredentialValue(org.cloudfoundry.credhub.credential.CertificateCredentialValue)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
ParameterizedValidationException(org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)
X509Certificate(java.security.cert.X509Certificate)
CertificateReader(org.cloudfoundry.credhub.utils.CertificateReader)
Example 2 with CertificateReader
use of org.cloudfoundry.credhub.utils.CertificateReader in project credhub by cloudfoundry.
the class SignedCertificateGeneratorTest method getSignedByIssuer_withNonGeneratedSubjectKeyIdentifier_setsAuthorityKeyIdentifier.
@Test
public void getSignedByIssuer_withNonGeneratedSubjectKeyIdentifier_setsAuthorityKeyIdentifier() throws Exception {
final X509Certificate caCertificate = new CertificateReader(TEST_CA_WITH_DIFFERENT_SKID).getCertificate();
PrivateKey caPrivateKey = PrivateKeyReader.getPrivateKey(TEST_KEY_WITH_DIFFERENT_SKID);
final X509Certificate generatedCert = subject.getSignedByIssuer(generatedCertificateKeyPair, certificateGenerationParameters, caCertificate, caPrivateKey);
final byte[] authorityKeyIdDer = generatedCert.getExtensionValue(Extension.authorityKeyIdentifier.getId());
final AuthorityKeyIdentifier authorityKeyIdentifier = AuthorityKeyIdentifier.getInstance(parseExtensionValue(authorityKeyIdDer));
final byte[] subjectKeyIdDer = caCertificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
SubjectKeyIdentifier subjectKeyIdentifier = SubjectKeyIdentifier.getInstance(parseExtensionValue(subjectKeyIdDer));
assertThat(authorityKeyIdentifier.getKeyIdentifier(), equalTo(subjectKeyIdentifier.getKeyIdentifier()));
}
Also used :
PrivateKey(java.security.PrivateKey)
AuthorityKeyIdentifier(org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)
SubjectKeyIdentifier(org.bouncycastle.asn1.x509.SubjectKeyIdentifier)
X509Certificate(java.security.cert.X509Certificate)
CertificateReader(org.cloudfoundry.credhub.utils.CertificateReader)
Test(org.junit.Test)
Example 3 with CertificateReader
use of org.cloudfoundry.credhub.utils.CertificateReader in project credhub by cloudfoundry.
the class DefaultCertificateAuthorityServiceTest method findTransitionalVersion_givenExistingTransitionalCa_returnsTheTransitionalCa.
@Test
public void findTransitionalVersion_givenExistingTransitionalCa_returnsTheTransitionalCa() {
final CertificateReader certificateReader = mock(CertificateReader.class);
when(transitionalCertificateCredential.getParsedCertificate()).thenReturn(certificateReader);
when(certificateReader.isCa()).thenReturn(true);
when(certificateVersionDataService.findBothActiveCertAndTransitionalCert(CREDENTIAL_NAME)).thenReturn(Arrays.asList(certificateCredential, transitionalCertificateCredential));
when(transitionalCertificateCredential.getCertificate()).thenReturn(SELF_SIGNED_CA_CERT);
assertThat(certificateAuthorityService.findTransitionalVersion(CREDENTIAL_NAME).getCertificate(), equalTo(transitionalCertificateCredential.getCertificate()));
}
Also used :
CertificateReader(org.cloudfoundry.credhub.utils.CertificateReader)
Test(org.junit.Test)
Example 4 with CertificateReader
use of org.cloudfoundry.credhub.utils.CertificateReader in project credhub by cloudfoundry.
the class DefaultCertificateAuthorityServiceTest method findActiveVersion_givenExistingCa_returnsTheCa.
@Test
public void findActiveVersion_givenExistingCa_returnsTheCa() {
final CertificateReader certificateReader = mock(CertificateReader.class);
when(certificateVersionDataService.findActive(CREDENTIAL_NAME)).thenReturn(certificateCredential);
when(certificateCredential.getPrivateKey()).thenReturn("my-key");
when(certificateCredential.getParsedCertificate()).thenReturn(certificateReader);
when(certificateReader.isCa()).thenReturn(true);
when(certificateCredential.isCertificateAuthority()).thenReturn(true);
when(certificateCredential.isSelfSigned()).thenReturn(true);
when(certificateCredential.getCertificate()).thenReturn(SELF_SIGNED_CA_CERT);
when(certificateCredential.getGenerated()).thenReturn(false);
when(certificateCredential.isVersionTransitional()).thenReturn(false);
assertThat(certificateAuthorityService.findActiveVersion(CREDENTIAL_NAME), samePropertyValuesAs(certificate));
}
Also used :
CertificateReader(org.cloudfoundry.credhub.utils.CertificateReader)
Test(org.junit.Test)
Example 5 with CertificateReader
use of org.cloudfoundry.credhub.utils.CertificateReader in project credhub by cloudfoundry.
the class CAValidator method isValid.
@Override
public boolean isValid(final Object value, final ConstraintValidatorContext context) {
for (final String fieldName : fields) {
try {
final Field field = value.getClass().getDeclaredField(fieldName);
field.setAccessible(true);
if (StringUtils.isEmpty((String) field.get(value))) {
return true;
}
final String certificate = (String) field.get(value);
final CertificateReader reader = new CertificateReader(certificate);
return reader.isCa();
} catch (final MalformedCertificateException e) {
return false;
} catch (final NoSuchFieldException | IllegalAccessException e) {
throw new RuntimeException(e);
}
}
return true;
}
Also used :
Field(java.lang.reflect.Field)
CertificateReader(org.cloudfoundry.credhub.utils.CertificateReader)
MalformedCertificateException(org.cloudfoundry.credhub.exceptions.MalformedCertificateException)
Aggregations
CertificateReader (org.cloudfoundry.credhub.utils.CertificateReader)36
Test (org.junit.Test)26
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)18
MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)16
Field (java.lang.reflect.Field)6
X509Certificate (java.security.cert.X509Certificate)6
PrivateKey (java.security.PrivateKey)4
CertificateGenerationParameters (org.cloudfoundry.credhub.domain.CertificateGenerationParameters)4
MalformedCertificateException (org.cloudfoundry.credhub.exceptions.MalformedCertificateException)4
ParameterizedValidationException (org.cloudfoundry.credhub.exceptions.ParameterizedValidationException)4
KeyPair (java.security.KeyPair)2
Instant (java.time.Instant)2
AuthorityKeyIdentifier (org.bouncycastle.asn1.x509.AuthorityKeyIdentifier)2
SubjectKeyIdentifier (org.bouncycastle.asn1.x509.SubjectKeyIdentifier)2
CertificateCredentialValue (org.cloudfoundry.credhub.credential.CertificateCredentialValue)2
CertificateCredentialVersion (org.cloudfoundry.credhub.domain.CertificateCredentialVersion)2
CertificateCredentialVersionData (org.cloudfoundry.credhub.entity.CertificateCredentialVersionData)2
Credential (org.cloudfoundry.credhub.entity.Credential)2
UnreadableCertificateException (org.cloudfoundry.credhub.exceptions.UnreadableCertificateException)2
CertificateGenerateRequest (org.cloudfoundry.credhub.requests.CertificateGenerateRequest)2
