zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-07-23 11:16:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

Expose encrypted data from the keyring

Browse source 
This makes it possible to request the encrypted data directly in application code. It will be used to download service account credential during "nomulus login".

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=222847905
This commit is contained in:
jianglai 2018-11-26 10:35:15 -08:00
parent 4598c5f105
commit 886aa62d46
6 changed files with 61 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

16
javatests/google/registry/keyring/kms/KmsKeyringTest.java
View file

@ -16,17 +16,21 @@ package google.registry.keyring.kms;
import static com.google.common.truth.Truth.assertThat;
import static google.registry.testing.DatastoreHelper.persistResources;
import static java.nio.charset.StandardCharsets.US_ASCII;
import com.google.common.collect.ImmutableList;
import com.google.common.io.BaseEncoding;
import google.registry.keyring.api.KeySerializer;
import google.registry.model.server.KmsSecret;
import google.registry.model.server.KmsSecretRevision;
import google.registry.model.server.KmsSecretRevision.Builder;
import google.registry.testing.AppEngineRule;
import google.registry.testing.BouncyCastleProviderRule;
import java.io.UnsupportedEncodingException;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.util.Arrays;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
@ -174,6 +178,18 @@ public class KmsKeyringTest {
assertThat(jsonCredential).isEqualTo("json-credential-stringmoo");
}
@Test
public void test_getEncryptedJsonCredential() throws UnsupportedEncodingException {
saveCleartextSecret("json-credential-string");
String encryptedJsonCredential = keyring.getEncryptedData("json-credential-string");
assertThat(
new String(
Arrays.reverse(BaseEncoding.base64().decode(encryptedJsonCredential)), US_ASCII))
.isEqualTo("json-credential-stringmoo");
}
private static void persistSecret(String secretName, byte[] secretValue) {
KmsConnection kmsConnection = new FakeKmsConnection();