zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-16 17:37:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/javatests/google/registry/keyring/kms/KmsKeyringTest.java
jianglai 886aa62d46 Expose encrypted data from the keyring 
This makes it possible to request the encrypted data directly in application code. It will be used to download service account credential during "nomulus login".

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=222847905
2018-12-03 19:01:15 -05:00

223 lines
7.5 KiB
Java
Raw Blame History

// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.keyring.kms;
import static com.google.common.truth.Truth.assertThat;
import static google.registry.testing.DatastoreHelper.persistResources;
import static java.nio.charset.StandardCharsets.US_ASCII;
import com.google.common.collect.ImmutableList;
import com.google.common.io.BaseEncoding;
import google.registry.keyring.api.KeySerializer;
import google.registry.model.server.KmsSecret;
import google.registry.model.server.KmsSecretRevision;
import google.registry.model.server.KmsSecretRevision.Builder;
import google.registry.testing.AppEngineRule;
import google.registry.testing.BouncyCastleProviderRule;
import java.io.UnsupportedEncodingException;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.util.Arrays;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
@RunWith(JUnit4.class)
public class KmsKeyringTest {
@Rule public final BouncyCastleProviderRule bouncy = new BouncyCastleProviderRule();
@Rule public final AppEngineRule appEngine = AppEngineRule.builder().withDatastore().build();
private KmsKeyring keyring;
@Before
public void setUp() {
keyring = new KmsKeyring(new FakeKmsConnection());
}
@Test
public void test_getRdeSigningKey() throws Exception {
saveKeyPairSecret("rde-signing-public", "rde-signing-private");
PGPKeyPair rdeSigningKey = keyring.getRdeSigningKey();
assertThat(KeySerializer.serializeKeyPair(rdeSigningKey))
.isEqualTo(KeySerializer.serializeKeyPair(KmsTestHelper.getKeyPair()));
}
@Test
public void test_getRdeStagingEncryptionKey() throws Exception {
savePublicKeySecret("rde-staging-public");
PGPPublicKey rdeStagingEncryptionKey = keyring.getRdeStagingEncryptionKey();
assertThat(rdeStagingEncryptionKey.getFingerprint())
.isEqualTo(KmsTestHelper.getPublicKey().getFingerprint());
}
@Test
public void test_getRdeStagingDecryptionKey() throws Exception {
savePrivateKeySecret("rde-staging-private");
savePublicKeySecret("rde-staging-public");
PGPPrivateKey rdeStagingDecryptionKey = keyring.getRdeStagingDecryptionKey();
PGPPublicKey rdeStagingEncryptionKey = keyring.getRdeStagingEncryptionKey();
PGPKeyPair keyPair = new PGPKeyPair(rdeStagingEncryptionKey, rdeStagingDecryptionKey);
assertThat(KeySerializer.serializeKeyPair(keyPair))
.isEqualTo(KeySerializer.serializeKeyPair(KmsTestHelper.getKeyPair()));
}
@Test
public void test_getRdeReceiverKey() throws Exception {
savePublicKeySecret("rde-receiver-public");
PGPPublicKey rdeReceiverKey = keyring.getRdeReceiverKey();
assertThat(rdeReceiverKey.getFingerprint())
.isEqualTo(KmsTestHelper.getPublicKey().getFingerprint());
}
@Test
public void test_getBrdaSigningKey() throws Exception {
saveKeyPairSecret("brda-signing-public", "brda-signing-private");
PGPKeyPair brdaSigningKey = keyring.getBrdaSigningKey();
assertThat(KeySerializer.serializeKeyPair(brdaSigningKey))
.isEqualTo(KeySerializer.serializeKeyPair(KmsTestHelper.getKeyPair()));
}
@Test
public void test_getBrdaReceiverKey() throws Exception {
savePublicKeySecret("brda-receiver-public");
PGPPublicKey brdaReceiverKey = keyring.getBrdaReceiverKey();
assertThat(brdaReceiverKey.getFingerprint())
.isEqualTo(KmsTestHelper.getPublicKey().getFingerprint());
}
@Test
public void test_getRdeSshClientPublicKey() {
saveCleartextSecret("rde-ssh-client-public-string");
String rdeSshClientPublicKey = keyring.getRdeSshClientPublicKey();
assertThat(rdeSshClientPublicKey).isEqualTo("rde-ssh-client-public-stringmoo");
}
@Test
public void test_getRdeSshClientPrivateKey() {
saveCleartextSecret("rde-ssh-client-private-string");
String rdeSshClientPrivateKey = keyring.getRdeSshClientPrivateKey();
assertThat(rdeSshClientPrivateKey).isEqualTo("rde-ssh-client-private-stringmoo");
}
@Test
public void test_getIcannReportingPassword() {
saveCleartextSecret("icann-reporting-password-string");
String icannReportingPassword = keyring.getIcannReportingPassword();
assertThat(icannReportingPassword).isEqualTo("icann-reporting-password-stringmoo");
}
@Test
public void test_getMarksdbDnlLogin() {
saveCleartextSecret("marksdb-dnl-login-string");
String marksdbDnlLogin = keyring.getMarksdbDnlLogin();
assertThat(marksdbDnlLogin).isEqualTo("marksdb-dnl-login-stringmoo");
}
@Test
public void test_getMarksdbLordnPassword() {
saveCleartextSecret("marksdb-lordn-password-string");
String marksdbLordnPassword = keyring.getMarksdbLordnPassword();
assertThat(marksdbLordnPassword).isEqualTo("marksdb-lordn-password-stringmoo");
}
@Test
public void test_getMarksdbSmdrlLogin() {
saveCleartextSecret("marksdb-smdrl-login-string");
String marksdbSmdrlLogin = keyring.getMarksdbSmdrlLogin();
assertThat(marksdbSmdrlLogin).isEqualTo("marksdb-smdrl-login-stringmoo");
}
@Test
public void test_getJsonCredential() {
saveCleartextSecret("json-credential-string");
String jsonCredential = keyring.getJsonCredential();
assertThat(jsonCredential).isEqualTo("json-credential-stringmoo");
}
@Test
public void test_getEncryptedJsonCredential() throws UnsupportedEncodingException {
saveCleartextSecret("json-credential-string");
String encryptedJsonCredential = keyring.getEncryptedData("json-credential-string");
assertThat(
new String(
Arrays.reverse(BaseEncoding.base64().decode(encryptedJsonCredential)), US_ASCII))
.isEqualTo("json-credential-stringmoo");
}
private static void persistSecret(String secretName, byte[] secretValue) {
KmsConnection kmsConnection = new FakeKmsConnection();
KmsSecretRevision secretRevision =
new Builder()
.setEncryptedValue(kmsConnection.encrypt(secretName, secretValue).ciphertext())
.setKmsCryptoKeyVersionName(KmsTestHelper.DUMMY_CRYPTO_KEY_VERSION)
.setParent(secretName)
.build();
KmsSecret secret = KmsSecret.create(secretName, secretRevision);
persistResources(ImmutableList.of(secretRevision, secret));
}
private static void saveCleartextSecret(String secretName) {
persistSecret(secretName, KeySerializer.serializeString(secretName + "moo"));
}
private static void savePublicKeySecret(String publicKeyName) throws Exception {
persistSecret(publicKeyName, KeySerializer.serializePublicKey(KmsTestHelper.getPublicKey()));
}
private static void savePrivateKeySecret(String privateKeyName) throws Exception {
persistSecret(privateKeyName, KeySerializer.serializeKeyPair(KmsTestHelper.getKeyPair()));
}
private static void saveKeyPairSecret(String publicKeyName, String privateKeyName)
throws Exception {
savePublicKeySecret(publicKeyName);
savePrivateKeySecret(privateKeyName);
}
}
Reference in a new issue View git blame Copy permalink