diff --git a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/CertificateBackingEntityGenerator.java b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/CertificateBackingEntityGenerator.java index a63c1710..b41d459b 100644 --- a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/CertificateBackingEntityGenerator.java +++ b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/CertificateBackingEntityGenerator.java @@ -30,10 +30,7 @@ public VersionedKeyEntityId generateKeyPair(final ReadOnlyCertificatePolicy inpu final OffsetDateTime expiry = now.plusMonths(input.getValidityMonths()); return vaultFake.keyVaultFake().createKeyVersion(input.getName(), KeyCreateDetailedInput.builder() .key(input.toKeyCreationInput()) - .keyOperations(List.of( - KeyOperation.SIGN, KeyOperation.VERIFY, - KeyOperation.ENCRYPT, KeyOperation.DECRYPT, - KeyOperation.WRAP_KEY, KeyOperation.UNWRAP_KEY)) + .keyOperations(List.of(KeyOperation.SIGN, KeyOperation.VERIFY)) .notBefore(now) .expiresOn(expiry) .enabled(true) diff --git a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/KeyVaultCertificateEntity.java b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/KeyVaultCertificateEntity.java index 66d4304c..903d43b0 100644 --- a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/KeyVaultCertificateEntity.java +++ b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/KeyVaultCertificateEntity.java @@ -2,8 +2,10 @@ import com.github.nagyesta.lowkeyvault.model.v7_2.key.request.JsonWebKeyImportRequest; import com.github.nagyesta.lowkeyvault.model.v7_3.certificate.CertificateRestoreInput; +import com.github.nagyesta.lowkeyvault.service.EntityId; import com.github.nagyesta.lowkeyvault.service.certificate.ReadOnlyKeyVaultCertificateEntity; import com.github.nagyesta.lowkeyvault.service.certificate.id.VersionedCertificateEntityId; +import com.github.nagyesta.lowkeyvault.service.common.BaseVaultEntity; import com.github.nagyesta.lowkeyvault.service.common.impl.KeyVaultBaseEntity; import com.github.nagyesta.lowkeyvault.service.exception.CryptoException; import com.github.nagyesta.lowkeyvault.service.key.id.KeyEntityId; @@ -41,7 +43,6 @@ public class KeyVaultCertificateEntity private final String originalCertificateContents; private CertificatePolicy issuancePolicy; private PKCS10CertificationRequest csr; - /** * Constructor for certificate creation. * @@ -57,10 +58,7 @@ public KeyVaultCertificateEntity(@NonNull final String name, "Certificate name (" + name + ") did not match name from certificate creation input: " + input.getName()); final KeyEntityId kid = new KeyEntityId(vault.baseUri(), name); final SecretEntityId sid = new SecretEntityId(vault.baseUri(), name); - Assert.state(!vault.keyVaultFake().getEntities().containsName(kid.id()), - "Key must not exist to be able to store certificate data in it. " + kid.asUriNoVersion(vault.baseUri())); - Assert.state(!vault.secretVaultFake().getEntities().containsName(sid.id()), - "Secret must not exist to be able to store certificate data in it. " + sid.asUriNoVersion(vault.baseUri())); + assertNoNameCollisionWithNotManagedEntity(vault, kid, sid); this.issuancePolicy = new CertificatePolicy(input); this.originalCertificatePolicy = new CertificatePolicy(input); this.generator = new CertificateBackingEntityGenerator(vault); @@ -100,10 +98,7 @@ public KeyVaultCertificateEntity(@NonNull final String name, "Certificate name (" + name + ") did not match name from certificate creation input: " + policy.getName()); final KeyEntityId kid = new KeyEntityId(vault.baseUri(), name); final SecretEntityId sid = new SecretEntityId(vault.baseUri(), name); - Assert.state(!vault.keyVaultFake().getEntities().containsName(kid.id()), - "Key must not exist to be able to store certificate data in it. " + kid.asUriNoVersion(vault.baseUri())); - Assert.state(!vault.secretVaultFake().getEntities().containsName(sid.id()), - "Secret must not exist to be able to store certificate data in it. " + sid.asUriNoVersion(vault.baseUri())); + assertNoNameCollisionWithNotManagedEntity(vault, kid, sid); this.issuancePolicy = new CertificatePolicy(policy); this.originalCertificatePolicy = new CertificatePolicy(originalCertificateData); this.generator = new CertificateBackingEntityGenerator(vault); @@ -134,7 +129,7 @@ public KeyVaultCertificateEntity(@NonNull final ReadOnlyCertificatePolicy input, super(vault); Assert.state(vault.keyVaultFake().getEntities().containsEntity(kid), "Key must exist to be able to renew certificate using it. " + kid.asUriNoVersion(vault.baseUri())); - Assert.state(vault.secretVaultFake().getEntities().containsName(input.getName()), + Assert.state(vault.secretVaultFake().getEntities().containsEntityMatching(input.getName(), BaseVaultEntity::isManaged), "A version of the Secret must exist to be able to generate a new version using name: " + input.getName()); this.issuancePolicy = new CertificatePolicy(input); this.originalCertificatePolicy = new CertificatePolicy(input); @@ -169,6 +164,7 @@ public KeyVaultCertificateEntity(@NonNull final VersionedCertificateEntityId id, final JsonWebKeyImportRequest keyImportRequest = input.getKeyData(); final VersionedKeyEntityId kid = new VersionedKeyEntityId(vault.baseUri(), id.id(), input.getKeyVersion()); final VersionedSecretEntityId sid = new VersionedSecretEntityId(vault.baseUri(), id.id(), id.version()); + assertNoNameCollisionWithNotManagedEntity(vault, kid, sid); this.issuancePolicy = new CertificatePolicy(policy); this.originalCertificatePolicy = new CertificatePolicy(originalCertificateData); this.generator = new CertificateBackingEntityGenerator(vault); @@ -297,6 +293,18 @@ public void regenerateCertificate(final VaultFake vault) { } } + private static void assertNoNameCollisionWithNotManagedEntity( + final VaultFake vault, final KeyEntityId kid, final SecretEntityId sid) { + Assert.state(!vault.keyVaultFake().getEntities().containsEntityMatching(kid.id(), KeyVaultCertificateEntity::isNotManaged), + "Key must not exist to be able to store certificate data in it. " + kid.asUriNoVersion(vault.baseUri())); + Assert.state(!vault.secretVaultFake().getEntities().containsEntityMatching(sid.id(), KeyVaultCertificateEntity::isNotManaged), + "Secret must not exist to be able to store certificate data in it. " + sid.asUriNoVersion(vault.baseUri())); + } + + private static boolean isNotManaged(final BaseVaultEntity e) { + return !e.isManaged(); + } + private void normalizeCoreTimeStamps(final ReadOnlyCertificatePolicy certPolicy, final OffsetDateTime createOrUpdate) { this.setNotBefore(certPolicy.getValidityStart()); this.setExpiry(certPolicy.getValidityStart().plusMonths(certPolicy.getValidityMonths())); diff --git a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/common/ReadOnlyVersionedEntityMultiMap.java b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/common/ReadOnlyVersionedEntityMultiMap.java index 77f3080a..83e262a8 100644 --- a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/common/ReadOnlyVersionedEntityMultiMap.java +++ b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/common/ReadOnlyVersionedEntityMultiMap.java @@ -6,6 +6,7 @@ import java.util.Deque; import java.util.List; import java.util.Optional; +import java.util.function.Predicate; public interface ReadOnlyVersionedEntityMultiMap> { @@ -17,6 +18,8 @@ public interface ReadOnlyVersionedEntityMultiMap predicate); + boolean containsEntity(K entityId); void assertContainsEntity(V entityId); diff --git a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/common/impl/ConcurrentVersionedEntityMultiMap.java b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/common/impl/ConcurrentVersionedEntityMultiMap.java index e96ece1c..46f1f6d9 100644 --- a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/common/impl/ConcurrentVersionedEntityMultiMap.java +++ b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/common/impl/ConcurrentVersionedEntityMultiMap.java @@ -14,6 +14,7 @@ import java.util.function.BiFunction; import java.util.function.Consumer; import java.util.function.Function; +import java.util.function.Predicate; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -67,6 +68,11 @@ public boolean containsName(@NonNull final String name) { return entities.containsKey(name); } + @Override + public boolean containsEntityMatching(final String name, final Predicate predicate) { + return containsName(name) && entities.get(name).values().stream().anyMatch(predicate); + } + @Override public boolean containsEntity(@NonNull final K entityId) { return containsName(entityId.id()) && entities.get(entityId.id()).containsKey(entityId.version()); diff --git a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/AesKeyVaultKeyEntity.java b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/AesKeyVaultKeyEntity.java index ccf93f1c..646d76d5 100644 --- a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/AesKeyVaultKeyEntity.java +++ b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/AesKeyVaultKeyEntity.java @@ -15,6 +15,7 @@ import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; +import java.util.List; import static com.github.nagyesta.lowkeyvault.service.key.util.KeyGenUtil.generateAes; @@ -56,6 +57,11 @@ public int getKeySize() { return getKeyParam(); } + @Override + protected List disallowedOperations() { + return List.of(KeyOperation.SIGN, KeyOperation.VERIFY); + } + @Override public byte[] encryptBytes( @NonNull final byte[] clear, @NonNull final EncryptionAlgorithm encryptionAlgorithm, diff --git a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/EcKeyVaultKeyEntity.java b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/EcKeyVaultKeyEntity.java index 69051159..75c56498 100644 --- a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/EcKeyVaultKeyEntity.java +++ b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/EcKeyVaultKeyEntity.java @@ -13,6 +13,7 @@ import java.security.Signature; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; +import java.util.List; import java.util.Optional; import static com.github.nagyesta.lowkeyvault.service.key.util.KeyGenUtil.generateEc; @@ -69,6 +70,11 @@ public KeyCurveName getKeyCurveName() { return getKeyParam(); } + @Override + protected List disallowedOperations() { + return List.of(KeyOperation.WRAP_KEY, KeyOperation.UNWRAP_KEY, KeyOperation.ENCRYPT, KeyOperation.DECRYPT); + } + @Override public byte[] encryptBytes(final byte[] clear, final EncryptionAlgorithm encryptionAlgorithm, final byte[] iv) { throw new UnsupportedOperationException("Encrypt is not supported for EC keys."); diff --git a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/KeyVaultKeyEntity.java b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/KeyVaultKeyEntity.java index 62187423..a284c22b 100644 --- a/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/KeyVaultKeyEntity.java +++ b/lowkey-vault-app/src/main/java/com/github/nagyesta/lowkeyvault/service/key/impl/KeyVaultKeyEntity.java @@ -8,10 +8,12 @@ import com.github.nagyesta.lowkeyvault.service.vault.VaultFake; import lombok.NonNull; import org.slf4j.Logger; +import org.springframework.util.Assert; import java.util.Collections; import java.util.List; import java.util.concurrent.Callable; +import java.util.stream.Collectors; /** * Common Key entity base class. @@ -63,10 +65,16 @@ public List getOperations() { } public void setOperations(final List operations) { + final List invalid = operations.stream().filter(this.disallowedOperations()::contains).collect(Collectors.toList()); + Assert.isTrue(invalid.isEmpty(), "Operation not allowed for this key type: " + invalid + "."); this.updatedNow(); this.operations = List.copyOf(operations); } + protected List disallowedOperations() { + return Collections.emptyList(); + } + protected R doCrypto(final Callable task, final String message, final Logger log) { try { return task.call(); diff --git a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/KeyVaultCertificateEntityTest.java b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/KeyVaultCertificateEntityTest.java index 46e4ffe7..7e21b2e9 100644 --- a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/KeyVaultCertificateEntityTest.java +++ b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/certificate/impl/KeyVaultCertificateEntityTest.java @@ -120,7 +120,7 @@ void testConstructorShouldThrowExceptionWhenCalledWithAlreadyUsedKeyName() { final ReadOnlyVersionedEntityMultiMap keyMap = mock(ReadOnlyVersionedEntityMultiMap.class); - when(keyMap.containsName(eq(id.id()))).thenReturn(true); + when(keyMap.containsEntityMatching(eq(id.id()), any())).thenReturn(true); final KeyVaultFake keyFake = mock(KeyVaultFake.class); when(keyFake.getEntities()).thenReturn(keyMap); @@ -137,7 +137,7 @@ void testConstructorShouldThrowExceptionWhenCalledWithAlreadyUsedKeyName() { //then + exception verify(vault).keyVaultFake(); verify(keyFake).getEntities(); - verify(keyMap).containsName(eq(id.id())); + verify(keyMap).containsEntityMatching(eq(id.id()), any()); } @SuppressWarnings("unchecked") @@ -149,7 +149,7 @@ void testConstructorShouldThrowExceptionWhenCalledWithAlreadyUsedSecretName() { final ReadOnlyVersionedEntityMultiMap secretMap = mock(ReadOnlyVersionedEntityMultiMap.class); - when(secretMap.containsName(eq(id.id()))).thenReturn(true); + when(secretMap.containsEntityMatching(eq(id.id()), any())).thenReturn(true); final ReadOnlyVersionedEntityMultiMap keyMap = mock(ReadOnlyVersionedEntityMultiMap.class); @@ -172,7 +172,7 @@ void testConstructorShouldThrowExceptionWhenCalledWithAlreadyUsedSecretName() { //then + exception verify(vault).secretVaultFake(); verify(secretFake).getEntities(); - verify(secretMap).containsName(eq(id.id())); + verify(secretMap).containsEntityMatching(eq(id.id()), any()); } @Test @@ -383,7 +383,7 @@ void testRenewalConstructorShouldThrowExceptionWhenNoMatchingSecretNameFound() { final ReadOnlyVersionedEntityMultiMap secretMap = mock(ReadOnlyVersionedEntityMultiMap.class); - when(keyMap.containsName(eq(id.id()))).thenReturn(false); + when(keyMap.containsEntityMatching(eq(id.id()), any())).thenReturn(false); final SecretVaultFake secretFake = mock(SecretVaultFake.class); when(secretFake.getEntities()).thenReturn(secretMap); @@ -400,7 +400,7 @@ void testRenewalConstructorShouldThrowExceptionWhenNoMatchingSecretNameFound() { verify(keyFake).getEntities(); verify(keyMap).containsEntity(eq(kid)); verify(secretFake).getEntities(); - verify(secretMap).containsName(eq(id.id())); + verify(secretMap).containsEntityMatching(eq(id.id()), any()); } @ParameterizedTest diff --git a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/key/impl/AesKeyVaultKeyEntityTest.java b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/key/impl/AesKeyVaultKeyEntityTest.java index 303b9274..6112cb44 100644 --- a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/key/impl/AesKeyVaultKeyEntityTest.java +++ b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/key/impl/AesKeyVaultKeyEntityTest.java @@ -218,7 +218,6 @@ void testSignShouldThrowExceptionWhenCalled() { final VaultFake vaultFake = new VaultFakeImpl(HTTPS_LOWKEY_VAULT); final AesKeyVaultKeyEntity underTest = new AesKeyVaultKeyEntity( VERSIONED_KEY_ENTITY_ID_1_VERSION_1, vaultFake, KeyType.OCT.getValidKeyParameters(Integer.class).first(), false); - underTest.setOperations(List.of(KeyOperation.SIGN, KeyOperation.VERIFY)); underTest.setEnabled(true); //when @@ -234,7 +233,6 @@ void testVerifyShouldThrowExceptionWhenCalled() { final VaultFake vaultFake = new VaultFakeImpl(HTTPS_LOWKEY_VAULT); final AesKeyVaultKeyEntity underTest = new AesKeyVaultKeyEntity( VERSIONED_KEY_ENTITY_ID_1_VERSION_1, vaultFake, KeyType.OCT.getValidKeyParameters(Integer.class).first(), false); - underTest.setOperations(List.of(KeyOperation.SIGN, KeyOperation.VERIFY)); underTest.setEnabled(true); //when @@ -245,6 +243,21 @@ void testVerifyShouldThrowExceptionWhenCalled() { //then + exception } + @Test + void testSetOperationsShouldThrowExceptionWhenCalledWithSignOrVerify() { + //given + final VaultFake vaultFake = new VaultFakeImpl(HTTPS_LOWKEY_VAULT); + final AesKeyVaultKeyEntity underTest = new AesKeyVaultKeyEntity( + VERSIONED_KEY_ENTITY_ID_1_VERSION_1, vaultFake, KeyType.OCT.getValidKeyParameters(Integer.class).first(), false); + underTest.setEnabled(true); + + //when + Assertions.assertThrows(IllegalArgumentException.class, + () -> underTest.setOperations(List.of(KeyOperation.SIGN, KeyOperation.VERIFY))); + + //then + exception + } + @Test void testKeyCreationInputShouldReturnOriginalParameters() { //given diff --git a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/key/impl/KeyVaultFakeImplTest.java b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/key/impl/KeyVaultFakeImplTest.java index 82f0b0d0..6efe29c7 100644 --- a/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/key/impl/KeyVaultFakeImplTest.java +++ b/lowkey-vault-app/src/test/java/com/github/nagyesta/lowkeyvault/service/key/impl/KeyVaultFakeImplTest.java @@ -85,7 +85,6 @@ public static Stream keyOperationsProvider() { .add(Arguments.of(List.of())) .add(Arguments.of(List.of(KeyOperation.ENCRYPT))) .add(Arguments.of(List.of(KeyOperation.ENCRYPT, KeyOperation.DECRYPT))) - .add(Arguments.of(Arrays.asList(KeyOperation.values()))) .build(); } @@ -888,7 +887,7 @@ void testRotateKeyShouldCreateNewKeyVersionKeepingTagsAndOperationsWhenCalledWit //given final KeyCurveName keyParameter = KeyCurveName.P_384; final Map tags = Map.of(KEY_1, VALUE_1); - final List operations = List.of(KeyOperation.ENCRYPT); + final List operations = List.of(KeyOperation.SIGN); final KeyVaultFake underTest = createUnderTest(); final VersionedKeyEntityId keyEntityId = underTest diff --git a/lowkey-vault-docker/src/test/java/com/github/nagyesta/lowkeyvault/steps/CertificatesStepDefs.java b/lowkey-vault-docker/src/test/java/com/github/nagyesta/lowkeyvault/steps/CertificatesStepDefs.java index e4e4948d..b716b046 100644 --- a/lowkey-vault-docker/src/test/java/com/github/nagyesta/lowkeyvault/steps/CertificatesStepDefs.java +++ b/lowkey-vault-docker/src/test/java/com/github/nagyesta/lowkeyvault/steps/CertificatesStepDefs.java @@ -173,9 +173,10 @@ public void countCertificatesAreImportedFromTheGivenResourceUsingPassword( final int count, final String resource, final String password) throws IOException { final byte[] content = Objects.requireNonNull(getClass().getResourceAsStream("/certs/" + resource)).readAllBytes(); final CertificateClient client = context.getClient(context.getCertificateServiceVersion()); - IntStream.range(0, count).forEach(i -> { + IntStream.range(1, count + 1).forEach(i -> { final String name = "multi-import-" + i; final ImportCertificateOptions options = new ImportCertificateOptions(name, content); + options.setEnabled(true); Optional.ofNullable(password).ifPresent(options::setPassword); final KeyVaultCertificateWithPolicy certificate = client .importCertificate(options); @@ -204,7 +205,7 @@ public void theCertificateVersionsAreListed() { @And("{int} certificates with {name} prefix are deleted") public void certificatesWithMultiImportPrefixAreDeleted(final int count, final String prefix) { final CertificateClient client = context.getClient(context.getCertificateServiceVersion()); - IntStream.range(0, count).forEach(i -> { + IntStream.range(1, count + 1).forEach(i -> { final DeletedCertificate deletedCertificate = client.beginDeleteCertificate(prefix + i) .waitForCompletion().getValue(); context.setLastDeleted(deletedCertificate); @@ -214,7 +215,7 @@ public void certificatesWithMultiImportPrefixAreDeleted(final int count, final S @And("{int} certificates with {name} prefix are purged") public void certificatesWithMultiImportPrefixArePurged(final int count, final String prefix) { final CertificateClient client = context.getClient(context.getCertificateServiceVersion()); - IntStream.range(0, count).forEach(i -> { + IntStream.range(1, count + 1).forEach(i -> { client.purgeDeletedCertificate(prefix + i); }); } @@ -222,7 +223,7 @@ public void certificatesWithMultiImportPrefixArePurged(final int count, final St @And("{int} certificates with {name} prefix are recovered") public void certificatesWithMultiImportPrefixAreRecovered(final int count, final String prefix) { final CertificateClient client = context.getClient(context.getCertificateServiceVersion()); - IntStream.range(0, count).forEach(i -> { + IntStream.range(1, count + 1).forEach(i -> { client.beginRecoverDeletedCertificate(prefix + i).waitForCompletion(); }); } diff --git a/lowkey-vault-docker/src/test/java/com/github/nagyesta/lowkeyvault/steps/KeysStepDefs.java b/lowkey-vault-docker/src/test/java/com/github/nagyesta/lowkeyvault/steps/KeysStepDefs.java index 2b234a7d..03deceee 100644 --- a/lowkey-vault-docker/src/test/java/com/github/nagyesta/lowkeyvault/steps/KeysStepDefs.java +++ b/lowkey-vault-docker/src/test/java/com/github/nagyesta/lowkeyvault/steps/KeysStepDefs.java @@ -125,7 +125,7 @@ public void ecKeyImportedWithNameAndParameters(final String name, final KeyCurve final KeyPair keyPair = KeyGenUtil.generateEc(curveName); context.setKeyPair(keyPair); final JsonWebKey key = JsonWebKey.fromEc(keyPair, BOUNCY_CASTLE_PROVIDER) - .setKeyOps(List.of(KeyOperation.SIGN, KeyOperation.ENCRYPT, KeyOperation.WRAP_KEY)); + .setKeyOps(List.of(KeyOperation.SIGN)); if (hsm) { key.setKeyType(KeyType.EC_HSM); } @@ -155,7 +155,7 @@ public void octKeyImportedWithNameAndParameters(final String name, final int siz final SecretKey secretKey = KeyGenUtil.generateAes(size); context.setSecretKey(secretKey); final JsonWebKey key = JsonWebKey.fromAes(secretKey) - .setKeyOps(List.of(KeyOperation.SIGN, KeyOperation.ENCRYPT, KeyOperation.WRAP_KEY)) + .setKeyOps(List.of(KeyOperation.ENCRYPT, KeyOperation.WRAP_KEY)) .setKeyType(KeyType.OCT_HSM); final ImportKeyOptions options = new ImportKeyOptions(name, key) .setHardwareProtected(true); diff --git a/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/certificates/CreateCertificates.feature b/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/certificates/CreateCertificates.feature index 92280e14..18513b6b 100644 --- a/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/certificates/CreateCertificates.feature +++ b/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/certificates/CreateCertificates.feature @@ -59,7 +59,6 @@ Feature: Certificate creation | 7.3 | with | 73-createEcCertP384PkcsHsm | P-384 | enabled | PKCS12 | CN=example.com | | 7.3 | with | 73-createEcCertP521PkcsHsm | P-521 | enabled | PKCS12 | CN=example.com | - @Certificate @CertificateCreate @RSA Scenario Outline: RSA_CERT_CREATE_02 Single versions of RSA certificates can be created using lifetime actions Given certificate API version is used @@ -100,3 +99,43 @@ Feature: Certificate creation | api | certName | triggerValue | triggerType | action | type | | 7.3 | 73-createEcCertPemAction | 10 | days before expiry | EmailContacts | PEM | | 7.3 | 73-createEcCertPkcsAction | 80 | percent lifetime | AutoRenew | PKCS12 | + + @Certificate @CertificateCreate @RSA + Scenario Outline: RSA_CERT_CREATE_03 Two versions of the same RSA certificates can be created using the same name + Given certificate API version is used + And a certificate client is created with the vault named certs-generic + And a certificate is prepared with subject CN=localhost + And the certificate is set to be enabled + And the certificate is set to use an RSA key with 2048 and without HSM + And the certificate is created with name + # create a second version + When the certificate is created with name + Then the certificate is enabled + And the certificate secret named is downloaded + And the downloaded secret contains a certificate + And the downloaded certificate store has a certificate with CN=localhost as subject + + Examples: + | api | certName | type | + | 7.3 | 73-createRsaCertPemDouble | PEM | + | 7.3 | 73-createRsaCertPkcsDouble | PKCS12 | + + @Certificate @CertificateCreate @EC + Scenario Outline: EC_CERT_CREATE_03 Two versions of the same EC certificates can be created using the same name + Given certificate API version is used + And a certificate client is created with the vault named certs-generic + And a certificate is prepared with subject CN=localhost + And the certificate is set to be enabled + And the certificate is set to use an EC key with P-256 and without HSM + And the certificate is created with name + # create a second version + When the certificate is created with name + Then the certificate is enabled + And the certificate secret named is downloaded + And the downloaded secret contains a certificate + And the downloaded certificate store has a certificate with CN=localhost as subject + + Examples: + | api | certName | type | + | 7.3 | 73-createEcCertPemDouble | PEM | + | 7.3 | 73-createEcCertPkcsDouble | PKCS12 | diff --git a/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/certificates/DeleteCertificates.feature b/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/certificates/DeleteCertificates.feature index ae094484..2da606c7 100644 --- a/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/certificates/DeleteCertificates.feature +++ b/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/certificates/DeleteCertificates.feature @@ -5,9 +5,10 @@ Feature: Certificate delete/purge/recover Given certificate API version is used And a vault is created with name cert-del-rsa- And a certificate client is created with the vault named cert-del-rsa- - And 1 certificates are imported from the resource named using - as password - When 1 certificates with multi-import- prefix are deleted - Then the deleted certificate policy named multi-import-0 is downloaded + And certificates are imported from the resource named using - as password + And the certificate policy named multi-import- is downloaded + When certificates with multi-import- prefix are deleted + Then the deleted certificate policy named multi-import- is downloaded Examples: | api | index | fileName | @@ -18,9 +19,10 @@ Feature: Certificate delete/purge/recover Given certificate API version is used And a vault is created with name cert-del-ec- And a certificate client is created with the vault named cert-del-ec- - And 1 certificates are imported from the resource named using - as password - When 1 certificates with multi-import- prefix are deleted - Then the deleted certificate policy named multi-import-0 is downloaded + And certificates are imported from the resource named using - as password + And the certificate policy named multi-import- is downloaded + When certificates with multi-import- prefix are deleted + Then the deleted certificate policy named multi-import- is downloaded Examples: | api | index | fileName | @@ -31,9 +33,9 @@ Feature: Certificate delete/purge/recover Given certificate API version is used And a vault is created with name cert-purge-rsa- And a certificate client is created with the vault named cert-purge-rsa- - And 1 certificates are imported from the resource named using - as password - When 1 certificates with multi-import- prefix are deleted - And 1 certificates with multi-import- prefix are purged + And certificates are imported from the resource named using - as password + When certificates with multi-import- prefix are deleted + And certificates with multi-import- prefix are purged Then the deleted certificates are listed And the deleted list should contain 0 items And the certificates are listed @@ -48,9 +50,9 @@ Feature: Certificate delete/purge/recover Given certificate API version is used And a vault is created with name cert-purge-ec- And a certificate client is created with the vault named cert-purge-ec- - And 1 certificates are imported from the resource named using - as password - When 1 certificates with multi-import- prefix are deleted - And 1 certificates with multi-import- prefix are purged + And certificates are imported from the resource named using - as password + When certificates with multi-import- prefix are deleted + And certificates with multi-import- prefix are purged Then the deleted certificates are listed And the deleted list should contain 0 items And the certificates are listed @@ -65,13 +67,13 @@ Feature: Certificate delete/purge/recover Given certificate API version is used And a vault is created with name cert-recover-rsa- And a certificate client is created with the vault named cert-recover-rsa- - And 1 certificates are imported from the resource named using - as password - When 1 certificates with multi-import- prefix are deleted - And 1 certificates with multi-import- prefix are recovered + And certificates are imported from the resource named using - as password + When certificates with multi-import- prefix are deleted + And certificates with multi-import- prefix are recovered Then the deleted certificates are listed And the deleted list should contain 0 items And the certificates are listed - And the list should contain 1 items + And the list should contain items Examples: | api | index | fileName | @@ -82,13 +84,13 @@ Feature: Certificate delete/purge/recover Given certificate API version is used And a vault is created with name cert-recover-ec- And a certificate client is created with the vault named cert-recover-ec- - And 1 certificates are imported from the resource named using - as password - When 1 certificates with multi-import- prefix are deleted - And 1 certificates with multi-import- prefix are recovered + And certificates are imported from the resource named using - as password + When certificates with multi-import- prefix are deleted + And certificates with multi-import- prefix are recovered Then the deleted certificates are listed And the deleted list should contain 0 items And the certificates are listed - And the list should contain 1 items + And the list should contain items Examples: | api | index | fileName | diff --git a/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/CreateKeys.feature b/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/CreateKeys.feature index 82c57ca6..9ee2c146 100644 --- a/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/CreateKeys.feature +++ b/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/CreateKeys.feature @@ -80,35 +80,35 @@ Feature: Key creation And the key recovery settings are default Examples: - | api | hsm | keyName | curveName | nBytes | enabledStatus | operations | expires | notBefore | tagMap | - | 7.2 | without | 72-createEcKey256 | P-256 | 32 | enabled | null | null | null | null | - | 7.2 | without | 72-createEcKey256k | P-256K | 32 | enabled | null | null | null | null | - | 7.2 | without | 72-createEcKey384 | P-384 | 48 | enabled | null | null | null | null | - | 7.2 | without | 72-createEcKey521 | P-521 | 65 | enabled | null | null | null | null | - | 7.2 | with | 72-createEcKey256Hsm | P-256 | 32 | enabled | null | null | null | null | - | 7.2 | with | 72-createEcKey256kHsm | P-256K | 32 | enabled | null | null | null | null | - | 7.2 | with | 72-createEcKey384Hsm | P-384 | 48 | enabled | null | null | null | null | - | 7.2 | with | 72-createEcKey521Hsm | P-521 | 65 | enabled | null | null | null | null | - | 7.2 | without | 72-createEcKeyMap1 | P-256 | 32 | enabled | null | null | null | aKey:aValue,b1:b2 | - | 7.2 | without | 72-createEcKeyMap2 | P-256 | 32 | enabled | null | null | null | aKey:aValue | - | 7.2 | without | 72-createEcKeyAllOps | P-256 | 32 | enabled | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.2 | without | 72-createEcKeyOperations | P-256 | 32 | enabled | wrapKey,unwrapKey | null | null | null | - | 7.2 | without | 72-createEcKeyDates | P-256 | 32 | enabled | null | 4321 | 1234 | null | - | 7.2 | without | 72-createEcKeyNotEnabled | P-256 | 32 | not enabled | null | null | null | null | - | 7.3 | without | 73-createEcKey256 | P-256 | 32 | enabled | null | null | null | null | - | 7.3 | without | 73-createEcKey256k | P-256K | 32 | enabled | null | null | null | null | - | 7.3 | without | 73-createEcKey384 | P-384 | 48 | enabled | null | null | null | null | - | 7.3 | without | 73-createEcKey521 | P-521 | 65 | enabled | null | null | null | null | - | 7.3 | with | 73-createEcKey256Hsm | P-256 | 32 | enabled | null | null | null | null | - | 7.3 | with | 73-createEcKey256kHsm | P-256K | 32 | enabled | null | null | null | null | - | 7.3 | with | 73-createEcKey384Hsm | P-384 | 48 | enabled | null | null | null | null | - | 7.3 | with | 73-createEcKey521Hsm | P-521 | 65 | enabled | null | null | null | null | - | 7.3 | without | 73-createEcKeyMap1 | P-256 | 32 | enabled | null | null | null | aKey:aValue,b1:b2 | - | 7.3 | without | 73-createEcKeyMap2 | P-256 | 32 | enabled | null | null | null | aKey:aValue | - | 7.3 | without | 73-createEcKeyAllOps | P-256 | 32 | enabled | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.3 | without | 73-createEcKeyOperations | P-256 | 32 | enabled | wrapKey,unwrapKey | null | null | null | - | 7.3 | without | 73-createEcKeyDates | P-256 | 32 | enabled | null | 4321 | 1234 | null | - | 7.3 | without | 73-createEcKeyNotEnabled | P-256 | 32 | not enabled | null | null | null | null | + | api | hsm | keyName | curveName | nBytes | enabledStatus | operations | expires | notBefore | tagMap | + | 7.2 | without | 72-createEcKey256 | P-256 | 32 | enabled | null | null | null | null | + | 7.2 | without | 72-createEcKey256k | P-256K | 32 | enabled | null | null | null | null | + | 7.2 | without | 72-createEcKey384 | P-384 | 48 | enabled | null | null | null | null | + | 7.2 | without | 72-createEcKey521 | P-521 | 65 | enabled | null | null | null | null | + | 7.2 | with | 72-createEcKey256Hsm | P-256 | 32 | enabled | null | null | null | null | + | 7.2 | with | 72-createEcKey256kHsm | P-256K | 32 | enabled | null | null | null | null | + | 7.2 | with | 72-createEcKey384Hsm | P-384 | 48 | enabled | null | null | null | null | + | 7.2 | with | 72-createEcKey521Hsm | P-521 | 65 | enabled | null | null | null | null | + | 7.2 | without | 72-createEcKeyMap1 | P-256 | 32 | enabled | null | null | null | aKey:aValue,b1:b2 | + | 7.2 | without | 72-createEcKeyMap2 | P-256 | 32 | enabled | null | null | null | aKey:aValue | + | 7.2 | without | 72-createEcKeyAllOps | P-256 | 32 | enabled | sign,verify,import | null | null | null | + | 7.2 | without | 72-createEcKeyOperations | P-256 | 32 | enabled | sign,verify | null | null | null | + | 7.2 | without | 72-createEcKeyDates | P-256 | 32 | enabled | null | 4321 | 1234 | null | + | 7.2 | without | 72-createEcKeyNotEnabled | P-256 | 32 | not enabled | null | null | null | null | + | 7.3 | without | 73-createEcKey256 | P-256 | 32 | enabled | null | null | null | null | + | 7.3 | without | 73-createEcKey256k | P-256K | 32 | enabled | null | null | null | null | + | 7.3 | without | 73-createEcKey384 | P-384 | 48 | enabled | null | null | null | null | + | 7.3 | without | 73-createEcKey521 | P-521 | 65 | enabled | null | null | null | null | + | 7.3 | with | 73-createEcKey256Hsm | P-256 | 32 | enabled | null | null | null | null | + | 7.3 | with | 73-createEcKey256kHsm | P-256K | 32 | enabled | null | null | null | null | + | 7.3 | with | 73-createEcKey384Hsm | P-384 | 48 | enabled | null | null | null | null | + | 7.3 | with | 73-createEcKey521Hsm | P-521 | 65 | enabled | null | null | null | null | + | 7.3 | without | 73-createEcKeyMap1 | P-256 | 32 | enabled | null | null | null | aKey:aValue,b1:b2 | + | 7.3 | without | 73-createEcKeyMap2 | P-256 | 32 | enabled | null | null | null | aKey:aValue | + | 7.3 | without | 73-createEcKeyAllOps | P-256 | 32 | enabled | sign,verify,import | null | null | null | + | 7.3 | without | 73-createEcKeyOperations | P-256 | 32 | enabled | sign,verify | null | null | null | + | 7.3 | without | 73-createEcKeyDates | P-256 | 32 | enabled | null | 4321 | 1234 | null | + | 7.3 | without | 73-createEcKeyNotEnabled | P-256 | 32 | not enabled | null | null | null | null | @Key @KeyCreate @OCT Scenario Outline: OCT_CREATE_01 Single versions of OCT keys can be created with the key client @@ -136,24 +136,24 @@ Feature: Key creation And the key recovery settings are default Examples: - | api | hsm | keyName | keySize | enabledStatus | operations | expires | notBefore | tagMap | - | 7.2 | with | 72-createOctKey | 128 | enabled | null | null | null | null | - | 7.2 | with | 72-createOctKey192 | 192 | enabled | null | null | null | null | - | 7.2 | with | 72-createOctKey256 | 256 | enabled | null | null | null | null | - | 7.2 | with | 72-create-oct-key-128 | 128 | enabled | null | null | null | null | - | 7.2 | with | 72-createOctKeyMap1 | 128 | enabled | null | null | null | aKey:aValue,b1:b2 | - | 7.2 | with | 72-createOctKeyMap2 | 128 | enabled | null | null | null | aKey:aValue | - | 7.2 | with | 72-createOctKeyAllOps | 128 | enabled | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.2 | with | 72-createOctKeyOperations | 128 | enabled | wrapKey,unwrapKey | null | null | null | - | 7.2 | with | 72-createOctKeyDates | 128 | enabled | null | 4321 | 1234 | null | - | 7.2 | with | 72-createOctKeyNotEnabled | 128 | not enabled | null | null | null | null | - | 7.3 | with | 73-createOctKey | 128 | enabled | null | null | null | null | - | 7.3 | with | 73-createOctKey192 | 192 | enabled | null | null | null | null | - | 7.3 | with | 73-createOctKey256 | 256 | enabled | null | null | null | null | - | 7.3 | with | 73-create-oct-key-128 | 128 | enabled | null | null | null | null | - | 7.3 | with | 73-createOctKeyMap1 | 128 | enabled | null | null | null | aKey:aValue,b1:b2 | - | 7.3 | with | 73-createOctKeyMap2 | 128 | enabled | null | null | null | aKey:aValue | - | 7.3 | with | 73-createOctKeyAllOps | 128 | enabled | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.3 | with | 73-createOctKeyOperations | 128 | enabled | wrapKey,unwrapKey | null | null | null | - | 7.3 | with | 73-createOctKeyDates | 128 | enabled | null | 4321 | 1234 | null | - | 7.3 | with | 73-createOctKeyNotEnabled | 128 | not enabled | null | null | null | null | + | api | hsm | keyName | keySize | enabledStatus | operations | expires | notBefore | tagMap | + | 7.2 | with | 72-createOctKey | 128 | enabled | null | null | null | null | + | 7.2 | with | 72-createOctKey192 | 192 | enabled | null | null | null | null | + | 7.2 | with | 72-createOctKey256 | 256 | enabled | null | null | null | null | + | 7.2 | with | 72-create-oct-key-128 | 128 | enabled | null | null | null | null | + | 7.2 | with | 72-createOctKeyMap1 | 128 | enabled | null | null | null | aKey:aValue,b1:b2 | + | 7.2 | with | 72-createOctKeyMap2 | 128 | enabled | null | null | null | aKey:aValue | + | 7.2 | with | 72-createOctKeyAllOps | 128 | enabled | encrypt,decrypt,wrapKey,unwrapKey,import | null | null | null | + | 7.2 | with | 72-createOctKeyOperations | 128 | enabled | wrapKey,unwrapKey | null | null | null | + | 7.2 | with | 72-createOctKeyDates | 128 | enabled | null | 4321 | 1234 | null | + | 7.2 | with | 72-createOctKeyNotEnabled | 128 | not enabled | null | null | null | null | + | 7.3 | with | 73-createOctKey | 128 | enabled | null | null | null | null | + | 7.3 | with | 73-createOctKey192 | 192 | enabled | null | null | null | null | + | 7.3 | with | 73-createOctKey256 | 256 | enabled | null | null | null | null | + | 7.3 | with | 73-create-oct-key-128 | 128 | enabled | null | null | null | null | + | 7.3 | with | 73-createOctKeyMap1 | 128 | enabled | null | null | null | aKey:aValue,b1:b2 | + | 7.3 | with | 73-createOctKeyMap2 | 128 | enabled | null | null | null | aKey:aValue | + | 7.3 | with | 73-createOctKeyAllOps | 128 | enabled | encrypt,decrypt,wrapKey,unwrapKey,import | null | null | null | + | 7.3 | with | 73-createOctKeyOperations | 128 | enabled | wrapKey,unwrapKey | null | null | null | + | 7.3 | with | 73-createOctKeyDates | 128 | enabled | null | 4321 | 1234 | null | + | 7.3 | with | 73-createOctKeyNotEnabled | 128 | not enabled | null | null | null | null | diff --git a/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/GetKeys.feature b/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/GetKeys.feature index 9b053ee8..f56ba5b8 100644 --- a/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/GetKeys.feature +++ b/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/GetKeys.feature @@ -82,33 +82,33 @@ Feature: Key get And the key recovery settings are default Examples: - | api | versionsCount | hsm | keyName | curveName | nBytes | operations | expires | notBefore | tagMap | - | 7.2 | 2 | without | 72-get01EcKey256 | P-256 | 32 | null | null | null | null | - | 7.2 | 1 | without | 72-get01EcKey256k | P-256K | 32 | null | null | null | null | - | 7.2 | 2 | without | 72-get01EcKey384 | P-384 | 48 | null | null | null | null | - | 7.2 | 1 | without | 72-get01EcKey521 | P-521 | 65 | null | null | null | null | - | 7.2 | 4 | with | 72-get01EcKey256Hsm | P-256 | 32 | null | null | null | null | - | 7.2 | 3 | with | 72-get01EcKey256kHsm | P-256K | 32 | null | null | null | null | - | 7.2 | 4 | with | 72-get01EcKey384Hsm | P-384 | 48 | null | null | null | null | - | 7.2 | 3 | with | 72-get01EcKey521Hsm | P-521 | 65 | null | null | null | null | - | 7.2 | 4 | without | 72-get01EcKeyMap1 | P-256 | 32 | null | null | null | aKey:aValue,b1:b2 | - | 7.2 | 3 | without | 72-get01EcKeyMap2 | P-256 | 32 | null | null | null | aKey:aValue | - | 7.2 | 4 | without | 72-get01EcKeyAllOps | P-256 | 32 | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.2 | 3 | without | 72-get01EcKeyOperations | P-256 | 32 | wrapKey,unwrapKey | null | null | null | - | 7.2 | 4 | without | 72-get01EcKeyDates | P-256 | 32 | null | 4321 | 1234 | null | - | 7.3 | 2 | without | 73-get01EcKey256 | P-256 | 32 | null | null | null | null | - | 7.3 | 1 | without | 73-get01EcKey256k | P-256K | 32 | null | null | null | null | - | 7.3 | 2 | without | 73-get01EcKey384 | P-384 | 48 | null | null | null | null | - | 7.3 | 1 | without | 73-get01EcKey521 | P-521 | 65 | null | null | null | null | - | 7.3 | 4 | with | 73-get01EcKey256Hsm | P-256 | 32 | null | null | null | null | - | 7.3 | 3 | with | 73-get01EcKey256kHsm | P-256K | 32 | null | null | null | null | - | 7.3 | 4 | with | 73-get01EcKey384Hsm | P-384 | 48 | null | null | null | null | - | 7.3 | 3 | with | 73-get01EcKey521Hsm | P-521 | 65 | null | null | null | null | - | 7.3 | 4 | without | 73-get01EcKeyMap1 | P-256 | 32 | null | null | null | aKey:aValue,b1:b2 | - | 7.3 | 3 | without | 73-get01EcKeyMap2 | P-256 | 32 | null | null | null | aKey:aValue | - | 7.3 | 4 | without | 73-get01EcKeyAllOps | P-256 | 32 | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.3 | 3 | without | 73-get01EcKeyOperations | P-256 | 32 | wrapKey,unwrapKey | null | null | null | - | 7.3 | 4 | without | 73-get01EcKeyDates | P-256 | 32 | null | 4321 | 1234 | null | + | api | versionsCount | hsm | keyName | curveName | nBytes | operations | expires | notBefore | tagMap | + | 7.2 | 2 | without | 72-get01EcKey256 | P-256 | 32 | null | null | null | null | + | 7.2 | 1 | without | 72-get01EcKey256k | P-256K | 32 | null | null | null | null | + | 7.2 | 2 | without | 72-get01EcKey384 | P-384 | 48 | null | null | null | null | + | 7.2 | 1 | without | 72-get01EcKey521 | P-521 | 65 | null | null | null | null | + | 7.2 | 4 | with | 72-get01EcKey256Hsm | P-256 | 32 | null | null | null | null | + | 7.2 | 3 | with | 72-get01EcKey256kHsm | P-256K | 32 | null | null | null | null | + | 7.2 | 4 | with | 72-get01EcKey384Hsm | P-384 | 48 | null | null | null | null | + | 7.2 | 3 | with | 72-get01EcKey521Hsm | P-521 | 65 | null | null | null | null | + | 7.2 | 4 | without | 72-get01EcKeyMap1 | P-256 | 32 | null | null | null | aKey:aValue,b1:b2 | + | 7.2 | 3 | without | 72-get01EcKeyMap2 | P-256 | 32 | null | null | null | aKey:aValue | + | 7.2 | 4 | without | 72-get01EcKeyAllOps | P-256 | 32 | sign,verify,import | null | null | null | + | 7.2 | 3 | without | 72-get01EcKeyOperations | P-256 | 32 | sign,verify | null | null | null | + | 7.2 | 4 | without | 72-get01EcKeyDates | P-256 | 32 | null | 4321 | 1234 | null | + | 7.3 | 2 | without | 73-get01EcKey256 | P-256 | 32 | null | null | null | null | + | 7.3 | 1 | without | 73-get01EcKey256k | P-256K | 32 | null | null | null | null | + | 7.3 | 2 | without | 73-get01EcKey384 | P-384 | 48 | null | null | null | null | + | 7.3 | 1 | without | 73-get01EcKey521 | P-521 | 65 | null | null | null | null | + | 7.3 | 4 | with | 73-get01EcKey256Hsm | P-256 | 32 | null | null | null | null | + | 7.3 | 3 | with | 73-get01EcKey256kHsm | P-256K | 32 | null | null | null | null | + | 7.3 | 4 | with | 73-get01EcKey384Hsm | P-384 | 48 | null | null | null | null | + | 7.3 | 3 | with | 73-get01EcKey521Hsm | P-521 | 65 | null | null | null | null | + | 7.3 | 4 | without | 73-get01EcKeyMap1 | P-256 | 32 | null | null | null | aKey:aValue,b1:b2 | + | 7.3 | 3 | without | 73-get01EcKeyMap2 | P-256 | 32 | null | null | null | aKey:aValue | + | 7.3 | 4 | without | 73-get01EcKeyAllOps | P-256 | 32 | sign,verify,import | null | null | null | + | 7.3 | 3 | without | 73-get01EcKeyOperations | P-256 | 32 | sign,verify | null | null | null | + | 7.3 | 4 | without | 73-get01EcKeyDates | P-256 | 32 | null | 4321 | 1234 | null | @Key @KeyCreate @KeyGet @OCT Scenario Outline: OCT_GET_01 Multiple versions of OCT keys are created with the key client then the latest is fetched @@ -138,25 +138,25 @@ Feature: Key get And the key recovery settings are default Examples: - | api | versionsCount | hsm | keyName | keySize | operations | expires | notBefore | tagMap | - | 7.2 | 2 | with | 72-get01OctKey | 128 | null | null | null | null | - | 7.2 | 1 | with | 72-get01OctKey192 | 192 | null | null | null | null | - | 7.2 | 2 | with | 72-get01OctKey256 | 256 | null | null | null | null | - | 7.2 | 1 | with | 72-get01-oct-key-128 | 128 | null | null | null | null | - | 7.2 | 4 | with | 72-get01OctKeyMap1 | 128 | null | null | null | aKey:aValue,b1:b2 | - | 7.2 | 3 | with | 72-get01OctKeyMap2 | 128 | null | null | null | aKey:aValue | - | 7.2 | 4 | with | 72-get01OctKeyAllOps | 128 | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.2 | 3 | with | 72-get01OctKeyOperations | 128 | wrapKey,unwrapKey | null | null | null | - | 7.2 | 4 | with | 72-get01OctKeyDates | 128 | null | 4321 | 1234 | null | - | 7.3 | 2 | with | 73-get01OctKey | 128 | null | null | null | null | - | 7.3 | 1 | with | 73-get01OctKey192 | 192 | null | null | null | null | - | 7.3 | 2 | with | 73-get01OctKey256 | 256 | null | null | null | null | - | 7.3 | 1 | with | 73-get01-oct-key-128 | 128 | null | null | null | null | - | 7.3 | 4 | with | 73-get01OctKeyMap1 | 128 | null | null | null | aKey:aValue,b1:b2 | - | 7.3 | 3 | with | 73-get01OctKeyMap2 | 128 | null | null | null | aKey:aValue | - | 7.3 | 4 | with | 73-get01OctKeyAllOps | 128 | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.3 | 3 | with | 73-get01OctKeyOperations | 128 | wrapKey,unwrapKey | null | null | null | - | 7.3 | 4 | with | 73-get01OctKeyDates | 128 | null | 4321 | 1234 | null | + | api | versionsCount | hsm | keyName | keySize | operations | expires | notBefore | tagMap | + | 7.2 | 2 | with | 72-get01OctKey | 128 | null | null | null | null | + | 7.2 | 1 | with | 72-get01OctKey192 | 192 | null | null | null | null | + | 7.2 | 2 | with | 72-get01OctKey256 | 256 | null | null | null | null | + | 7.2 | 1 | with | 72-get01-oct-key-128 | 128 | null | null | null | null | + | 7.2 | 4 | with | 72-get01OctKeyMap1 | 128 | null | null | null | aKey:aValue,b1:b2 | + | 7.2 | 3 | with | 72-get01OctKeyMap2 | 128 | null | null | null | aKey:aValue | + | 7.2 | 4 | with | 72-get01OctKeyAllOps | 128 | encrypt,decrypt,wrapKey,unwrapKey,import | null | null | null | + | 7.2 | 3 | with | 72-get01OctKeyOperations | 128 | wrapKey,unwrapKey | null | null | null | + | 7.2 | 4 | with | 72-get01OctKeyDates | 128 | null | 4321 | 1234 | null | + | 7.3 | 2 | with | 73-get01OctKey | 128 | null | null | null | null | + | 7.3 | 1 | with | 73-get01OctKey192 | 192 | null | null | null | null | + | 7.3 | 2 | with | 73-get01OctKey256 | 256 | null | null | null | null | + | 7.3 | 1 | with | 73-get01-oct-key-128 | 128 | null | null | null | null | + | 7.3 | 4 | with | 73-get01OctKeyMap1 | 128 | null | null | null | aKey:aValue,b1:b2 | + | 7.3 | 3 | with | 73-get01OctKeyMap2 | 128 | null | null | null | aKey:aValue | + | 7.3 | 4 | with | 73-get01OctKeyAllOps | 128 | encrypt,decrypt,wrapKey,unwrapKey,import | null | null | null | + | 7.3 | 3 | with | 73-get01OctKeyOperations | 128 | wrapKey,unwrapKey | null | null | null | + | 7.3 | 4 | with | 73-get01OctKeyDates | 128 | null | 4321 | 1234 | null | @Key @KeyCreate @KeyGet @RSA @@ -302,32 +302,32 @@ Feature: Key get And the key recovery settings are default Examples: - | api | versionsCount | hsm | keyName | curveName | nBytes | enabledStatus | operations | expires | notBefore | tagMap | - | 7.2 | 2 | without | 72-update01EcKey256 | P-256 | 32 | enabled | null | null | null | null | - | 7.2 | 1 | without | 72-update01EcKey256k | P-256K | 32 | enabled | null | null | null | null | - | 7.2 | 2 | without | 72-update01EcKey384 | P-384 | 48 | enabled | null | null | null | null | - | 7.2 | 1 | without | 72-update01EcKey521 | P-521 | 65 | enabled | null | null | null | null | - | 7.2 | 4 | with | 72-update01EcKey256Hsm | P-256 | 32 | enabled | null | null | null | null | - | 7.2 | 3 | with | 72-update01EcKey256kHsm | P-256K | 32 | enabled | null | null | null | null | - | 7.2 | 4 | with | 72-update01EcKey384Hsm | P-384 | 48 | enabled | null | null | null | null | - | 7.2 | 3 | with | 72-update01EcKey521Hsm | P-521 | 65 | enabled | null | null | null | null | - | 7.2 | 4 | without | 72-update01EcKeyMap1 | P-256 | 32 | enabled | null | null | null | aKey:aValue,b1:b2 | - | 7.2 | 3 | without | 72-update01EcKeyMap2 | P-256 | 32 | enabled | null | null | null | aKey:aValue | - | 7.2 | 4 | without | 72-update01EcKeyAllOps | P-256 | 32 | enabled | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.2 | 3 | without | 72-update01EcKeyOperations | P-256 | 32 | enabled | wrapKey,unwrapKey | null | null | null | - | 7.2 | 4 | without | 72-update01EcKeyDates | P-256 | 32 | enabled | null | 4321 | 1234 | null | - | 7.2 | 3 | without | 72-update01EcKeyNotEnabled | P-256 | 32 | not enabled | null | null | null | null | - | 7.3 | 2 | without | 73-update01EcKey256 | P-256 | 32 | enabled | null | null | null | null | - | 7.3 | 1 | without | 73-update01EcKey256k | P-256K | 32 | enabled | null | null | null | null | - | 7.3 | 2 | without | 73-update01EcKey384 | P-384 | 48 | enabled | null | null | null | null | - | 7.3 | 1 | without | 73-update01EcKey521 | P-521 | 65 | enabled | null | null | null | null | - | 7.3 | 4 | with | 73-update01EcKey256Hsm | P-256 | 32 | enabled | null | null | null | null | - | 7.3 | 3 | with | 73-update01EcKey256kHsm | P-256K | 32 | enabled | null | null | null | null | - | 7.3 | 4 | with | 73-update01EcKey384Hsm | P-384 | 48 | enabled | null | null | null | null | - | 7.3 | 3 | with | 73-update01EcKey521Hsm | P-521 | 65 | enabled | null | null | null | null | - | 7.3 | 4 | without | 73-update01EcKeyMap1 | P-256 | 32 | enabled | null | null | null | aKey:aValue,b1:b2 | - | 7.3 | 3 | without | 73-update01EcKeyMap2 | P-256 | 32 | enabled | null | null | null | aKey:aValue | - | 7.3 | 4 | without | 73-update01EcKeyAllOps | P-256 | 32 | enabled | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.3 | 3 | without | 73-update01EcKeyOperations | P-256 | 32 | enabled | wrapKey,unwrapKey | null | null | null | - | 7.3 | 4 | without | 73-update01EcKeyDates | P-256 | 32 | enabled | null | 4321 | 1234 | null | - | 7.3 | 3 | without | 73-update01EcKeyNotEnabled | P-256 | 32 | not enabled | null | null | null | null | + | api | versionsCount | hsm | keyName | curveName | nBytes | enabledStatus | operations | expires | notBefore | tagMap | + | 7.2 | 2 | without | 72-update01EcKey256 | P-256 | 32 | enabled | null | null | null | null | + | 7.2 | 1 | without | 72-update01EcKey256k | P-256K | 32 | enabled | null | null | null | null | + | 7.2 | 2 | without | 72-update01EcKey384 | P-384 | 48 | enabled | null | null | null | null | + | 7.2 | 1 | without | 72-update01EcKey521 | P-521 | 65 | enabled | null | null | null | null | + | 7.2 | 4 | with | 72-update01EcKey256Hsm | P-256 | 32 | enabled | null | null | null | null | + | 7.2 | 3 | with | 72-update01EcKey256kHsm | P-256K | 32 | enabled | null | null | null | null | + | 7.2 | 4 | with | 72-update01EcKey384Hsm | P-384 | 48 | enabled | null | null | null | null | + | 7.2 | 3 | with | 72-update01EcKey521Hsm | P-521 | 65 | enabled | null | null | null | null | + | 7.2 | 4 | without | 72-update01EcKeyMap1 | P-256 | 32 | enabled | null | null | null | aKey:aValue,b1:b2 | + | 7.2 | 3 | without | 72-update01EcKeyMap2 | P-256 | 32 | enabled | null | null | null | aKey:aValue | + | 7.2 | 4 | without | 72-update01EcKeyAllOps | P-256 | 32 | enabled | sign,verify,import | null | null | null | + | 7.2 | 3 | without | 72-update01EcKeyOperations | P-256 | 32 | enabled | sign,verify | null | null | null | + | 7.2 | 4 | without | 72-update01EcKeyDates | P-256 | 32 | enabled | null | 4321 | 1234 | null | + | 7.2 | 3 | without | 72-update01EcKeyNotEnabled | P-256 | 32 | not enabled | null | null | null | null | + | 7.3 | 2 | without | 73-update01EcKey256 | P-256 | 32 | enabled | null | null | null | null | + | 7.3 | 1 | without | 73-update01EcKey256k | P-256K | 32 | enabled | null | null | null | null | + | 7.3 | 2 | without | 73-update01EcKey384 | P-384 | 48 | enabled | null | null | null | null | + | 7.3 | 1 | without | 73-update01EcKey521 | P-521 | 65 | enabled | null | null | null | null | + | 7.3 | 4 | with | 73-update01EcKey256Hsm | P-256 | 32 | enabled | null | null | null | null | + | 7.3 | 3 | with | 73-update01EcKey256kHsm | P-256K | 32 | enabled | null | null | null | null | + | 7.3 | 4 | with | 73-update01EcKey384Hsm | P-384 | 48 | enabled | null | null | null | null | + | 7.3 | 3 | with | 73-update01EcKey521Hsm | P-521 | 65 | enabled | null | null | null | null | + | 7.3 | 4 | without | 73-update01EcKeyMap1 | P-256 | 32 | enabled | null | null | null | aKey:aValue,b1:b2 | + | 7.3 | 3 | without | 73-update01EcKeyMap2 | P-256 | 32 | enabled | null | null | null | aKey:aValue | + | 7.3 | 4 | without | 73-update01EcKeyAllOps | P-256 | 32 | enabled | sign,verify,import | null | null | null | + | 7.3 | 3 | without | 73-update01EcKeyOperations | P-256 | 32 | enabled | sign,verify | null | null | null | + | 7.3 | 4 | without | 73-update01EcKeyDates | P-256 | 32 | enabled | null | 4321 | 1234 | null | + | 7.3 | 3 | without | 73-update01EcKeyNotEnabled | P-256 | 32 | not enabled | null | null | null | null | diff --git a/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/RotateKeys.feature b/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/RotateKeys.feature index 8fdececf..1a643472 100644 --- a/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/RotateKeys.feature +++ b/lowkey-vault-docker/src/test/resources/com/github/nagyesta/lowkeyvault/keys/RotateKeys.feature @@ -54,11 +54,11 @@ Feature: Key rotation And the key recovery settings are default Examples: - | api | hsm | keyName | curveName | nBytes | enabledStatus | operations | expires | notBefore | tagMap | - | 7.3 | without | 73-rotateEcKey256 | P-256 | 32 | enabled | null | null | null | null | - | 7.3 | without | 73-rotateEcKeyMap1 | P-256 | 32 | enabled | null | null | null | aKey:aValue,b1:b2 | - | 7.3 | without | 73-rotateEcKeyAllOps | P-256 | 32 | enabled | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.3 | without | 73-rotateEcKeyNotEnabled | P-256 | 32 | not enabled | null | null | null | null | + | api | hsm | keyName | curveName | nBytes | enabledStatus | operations | expires | notBefore | tagMap | + | 7.3 | without | 73-rotateEcKey256 | P-256 | 32 | enabled | null | null | null | null | + | 7.3 | without | 73-rotateEcKeyMap1 | P-256 | 32 | enabled | null | null | null | aKey:aValue,b1:b2 | + | 7.3 | without | 73-rotateEcKeyAllOps | P-256 | 32 | enabled | sign,verify,import | null | null | null | + | 7.3 | without | 73-rotateEcKeyNotEnabled | P-256 | 32 | not enabled | null | null | null | null | @Key @KeyCreate @KeyRotate @OCT Scenario Outline: OCT_ROTATE_01 Single versions of OCT keys can be created with the key client, then rotated and result observed @@ -85,8 +85,8 @@ Feature: Key rotation And the key recovery settings are default Examples: - | api | hsm | keyName | keySize | enabledStatus | operations | expires | notBefore | tagMap | - | 7.3 | with | 73-rotateOctKey | 128 | enabled | null | null | null | null | - | 7.3 | with | 73-rotateOctKeyMap1 | 128 | enabled | null | null | null | aKey:aValue,b1:b2 | - | 7.3 | with | 73-rotateOctKeyAllOps | 128 | enabled | encrypt,decrypt,wrapKey,unwrapKey,sign,verify,import | null | null | null | - | 7.3 | with | 73-rotateOctKeyNotEnabled | 128 | not enabled | null | null | null | null | + | api | hsm | keyName | keySize | enabledStatus | operations | expires | notBefore | tagMap | + | 7.3 | with | 73-rotateOctKey | 128 | enabled | null | null | null | null | + | 7.3 | with | 73-rotateOctKeyMap1 | 128 | enabled | null | null | null | aKey:aValue,b1:b2 | + | 7.3 | with | 73-rotateOctKeyAllOps | 128 | enabled | encrypt,decrypt,wrapKey,unwrapKey,import | null | null | null | + | 7.3 | with | 73-rotateOctKeyNotEnabled | 128 | not enabled | null | null | null | null | diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256-72.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256-72.json index c6987b61..edfc5500 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256-72.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256-72.json @@ -17,9 +17,7 @@ "crv": "P-256", "d": "IvdJQWa59MJflXPF25Cc4UlOREHZVL5_6sD27nyz1J8", "key_ops": [ - "sign", - "encrypt", - "wrapKey" + "sign" ], "kid": "https://keys-backup-jsonBackupEc-256-72.localhost:8443/keys/jsonBackupEc-256-72/f16a91376c13478996195a0c2cee39cb", "kty": "EC", diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256-73.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256-73.json index 84eba7a6..15da8d4c 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256-73.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256-73.json @@ -18,9 +18,7 @@ "crv": "P-256", "d": "IvdJQWa59MJflXPF25Cc4UlOREHZVL5_6sD27nyz1J8", "key_ops": [ - "sign", - "encrypt", - "wrapKey" + "sign" ], "kid": "https://keys-backup-jsonBackupEc-256-73.localhost:8443/keys/jsonBackupEc-256-73/f16a91376c13478996195a0c2cee39cb", "kty": "EC", diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256k-72.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256k-72.json index bdce4661..bd10a263 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256k-72.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256k-72.json @@ -17,9 +17,7 @@ "crv": "P-256K", "d": "AONvayGgRSTtrfA6lkCRC-qYccs_pQh35ZSXssCulkrJ", "key_ops": [ - "sign", - "encrypt", - "wrapKey" + "sign" ], "kid": "https://keys-backup-jsonBackupEc-256k-72.localhost:8443/keys/jsonBackupEc-256k-72/5425a5872c1f4a9fa96db8f40e6c5d07", "kty": "EC", diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256k-73.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256k-73.json index 566c35d4..1b0c76e0 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256k-73.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-256k-73.json @@ -18,9 +18,7 @@ "crv": "P-256K", "d": "AONvayGgRSTtrfA6lkCRC-qYccs_pQh35ZSXssCulkrJ", "key_ops": [ - "sign", - "encrypt", - "wrapKey" + "sign" ], "kid": "https://keys-backup-jsonBackupEc-256k-73.localhost:8443/keys/jsonBackupEc-256k-73/5425a5872c1f4a9fa96db8f40e6c5d07", "kty": "EC", diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-384-72.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-384-72.json index f2629934..47af9694 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-384-72.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-384-72.json @@ -17,9 +17,7 @@ "crv": "P-384", "d": "bd2taaXwxvA_DRUZ1wMT28l8TnaMDz1mn2Z2x_pJT_nkZ11BNS1FFxJvjYHIvoU4", "key_ops": [ - "sign", - "encrypt", - "wrapKey" + "sign" ], "kid": "https://keys-backup-jsonBackupEc-384-72.localhost:8443/keys/jsonBackupEc-384-72/7f4c0a2ef5454e07a533e597434984a8", "kty": "EC", diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-384-73.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-384-73.json index 321b9912..142e1b7c 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-384-73.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-384-73.json @@ -18,9 +18,7 @@ "crv": "P-384", "d": "bd2taaXwxvA_DRUZ1wMT28l8TnaMDz1mn2Z2x_pJT_nkZ11BNS1FFxJvjYHIvoU4", "key_ops": [ - "sign", - "encrypt", - "wrapKey" + "sign" ], "kid": "https://keys-backup-jsonBackupEc-384-73.localhost:8443/keys/jsonBackupEc-384-73/7f4c0a2ef5454e07a533e597434984a8", "kty": "EC", diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-521-72.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-521-72.json index e5cc79da..42814ad3 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-521-72.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-521-72.json @@ -17,9 +17,7 @@ "crv": "P-521", "d": "AWNmGqYqot0Zq_6uqnqv2lkA40ke1uTJhehp692dS_r2C7oPmJ0qcPgc31jOOFzc-v69chbMawkR-wyKXFf2O4mh", "key_ops": [ - "sign", - "encrypt", - "wrapKey" + "sign" ], "kid": "https://keys-backup-jsonBackupEc-521-72.localhost:8443/keys/jsonBackupEc-521-72/9301e31d18a540e08c68ad5230e60e21", "kty": "EC", diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-521-73.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-521-73.json index 84fa4d0f..0644b9f6 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-521-73.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupEc-521-73.json @@ -18,9 +18,7 @@ "crv": "P-521", "d": "AWNmGqYqot0Zq_6uqnqv2lkA40ke1uTJhehp692dS_r2C7oPmJ0qcPgc31jOOFzc-v69chbMawkR-wyKXFf2O4mh", "key_ops": [ - "sign", - "encrypt", - "wrapKey" + "sign" ], "kid": "https://keys-backup-jsonBackupEc-521-73.localhost:8443/keys/jsonBackupEc-521-73/9301e31d18a540e08c68ad5230e60e21", "kty": "EC", diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-128-72.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-128-72.json index 299b6ba5..0f2663ff 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-128-72.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-128-72.json @@ -16,7 +16,6 @@ "keyMaterial": { "k": "sx32Vta2Zx1BsdQBY2l5iQ", "key_ops": [ - "sign", "encrypt", "wrapKey" ], diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-128-73.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-128-73.json index 35bccb64..33746a98 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-128-73.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-128-73.json @@ -17,7 +17,6 @@ "keyMaterial": { "k": "sx32Vta2Zx1BsdQBY2l5iQ", "key_ops": [ - "sign", "encrypt", "wrapKey" ], diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-192-72.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-192-72.json index 24a6d808..d61d4d88 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-192-72.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-192-72.json @@ -16,7 +16,6 @@ "keyMaterial": { "k": "fp2J-nnMUBZVxCDFdKDxjDJX0F_BIM8P", "key_ops": [ - "sign", "encrypt", "wrapKey" ], diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-192-73.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-192-73.json index 95d7be06..ae75de2b 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-192-73.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-192-73.json @@ -17,7 +17,6 @@ "keyMaterial": { "k": "fp2J-nnMUBZVxCDFdKDxjDJX0F_BIM8P", "key_ops": [ - "sign", "encrypt", "wrapKey" ], diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-256-72.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-256-72.json index 475c2cba..0387b48b 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-256-72.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-256-72.json @@ -16,7 +16,6 @@ "keyMaterial": { "k": "nmgrv95gVLVdVQ2xe-RpUf-Eog7y0lT22W3EoBU4-cc", "key_ops": [ - "sign", "encrypt", "wrapKey" ], diff --git a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-256-73.json b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-256-73.json index b5151034..ac19b2db 100644 --- a/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-256-73.json +++ b/lowkey-vault-docker/src/test/resources/json/backups/jsonBackupOct-256-73.json @@ -17,7 +17,6 @@ "keyMaterial": { "k": "nmgrv95gVLVdVQ2xe-RpUf-Eog7y0lT22W3EoBU4-cc", "key_ops": [ - "sign", "encrypt", "wrapKey" ],