mirror of
https://github.com/google/nomulus.git
synced 2025-07-01 08:43:34 +02:00
Expose encrypted data from the keyring
This makes it possible to request the encrypted data directly in application code. It will be used to download service account credential during "nomulus login". ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=222847905
This commit is contained in:
parent
4598c5f105
commit
886aa62d46
6 changed files with 61 additions and 5 deletions
|
@ -16,17 +16,21 @@ package google.registry.keyring.kms;
|
|||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static google.registry.testing.DatastoreHelper.persistResources;
|
||||
import static java.nio.charset.StandardCharsets.US_ASCII;
|
||||
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.io.BaseEncoding;
|
||||
import google.registry.keyring.api.KeySerializer;
|
||||
import google.registry.model.server.KmsSecret;
|
||||
import google.registry.model.server.KmsSecretRevision;
|
||||
import google.registry.model.server.KmsSecretRevision.Builder;
|
||||
import google.registry.testing.AppEngineRule;
|
||||
import google.registry.testing.BouncyCastleProviderRule;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import org.bouncycastle.openpgp.PGPKeyPair;
|
||||
import org.bouncycastle.openpgp.PGPPrivateKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.util.Arrays;
|
||||
import org.junit.Before;
|
||||
import org.junit.Rule;
|
||||
import org.junit.Test;
|
||||
|
@ -174,6 +178,18 @@ public class KmsKeyringTest {
|
|||
assertThat(jsonCredential).isEqualTo("json-credential-stringmoo");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void test_getEncryptedJsonCredential() throws UnsupportedEncodingException {
|
||||
saveCleartextSecret("json-credential-string");
|
||||
|
||||
String encryptedJsonCredential = keyring.getEncryptedData("json-credential-string");
|
||||
|
||||
assertThat(
|
||||
new String(
|
||||
Arrays.reverse(BaseEncoding.base64().decode(encryptedJsonCredential)), US_ASCII))
|
||||
.isEqualTo("json-credential-stringmoo");
|
||||
}
|
||||
|
||||
private static void persistSecret(String secretName, byte[] secretValue) {
|
||||
KmsConnection kmsConnection = new FakeKmsConnection();
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue