Rename *minimumDuration fields, make 0 the default

Authored-by: Brian Upton <bupton@vmware.com> Authored-by: Preethi Varambally <pvarambally@pivotal.io>
cloudfoundry · Aug 16, 2021 · 312e5dd · 312e5dd
1 parent 1197675
commit 312e5dd
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 23 deletions.
diff --git a/applications/credhub-api/src/test/resources/application-minimum-duration.yml b/applications/credhub-api/src/test/resources/application-minimum-duration.yml
@@ -1,3 +1,4 @@
 certificates:
-  ca_minimum_duration: 1825
-  leaf_minimum_duration: 1460
+  ca_minimum_duration_in_days: 1825
+  leaf_minimum_duration_in_days: 1460
+
diff --git a/...s/credentials/src/main/java/org/cloudfoundry/credhub/generators/CertificateGenerator.java b/...s/credentials/src/main/java/org/cloudfoundry/credhub/generators/CertificateGenerator.java
@@ -24,23 +24,23 @@ public class CertificateGenerator implements CredentialGenerator<CertificateCred
   private final RsaKeyPairGenerator keyGenerator;
   private final SignedCertificateGenerator signedCertificateGenerator;
   private final CertificateAuthorityService certificateAuthorityService;
-  private final Integer caMinimumDuration;
-  private final Integer leafMinimumDuration;
+  private final int caMinimumDurationInDays;
+  private final int leafMinimumDurationInDays;
 
 
   @Autowired
   public CertificateGenerator(
     final RsaKeyPairGenerator keyGenerator,
     final SignedCertificateGenerator signedCertificateGenerator,
     final CertificateAuthorityService certificateAuthorityService,
-    @Value("${certificates.ca_minimum_duration:#{null}}") final Integer caMinimumDuration,
-    @Value("${certificates.leaf_minimum_duration:#{null}}") final Integer leafMinimumDuration) {
+    @Value("${certificates.ca_minimum_duration_in_days:#{0}}") final int caMinimumDurationInDays,
+    @Value("${certificates.leaf_minimum_duration_in_days:#{0}}") final int leafMinimumDurationInDays) {
     super();
     this.keyGenerator = keyGenerator;
     this.signedCertificateGenerator = signedCertificateGenerator;
     this.certificateAuthorityService = certificateAuthorityService;
-    this.caMinimumDuration = caMinimumDuration;
-    this.leafMinimumDuration = leafMinimumDuration;
+    this.caMinimumDurationInDays = caMinimumDurationInDays;
+    this.leafMinimumDurationInDays = leafMinimumDurationInDays;
   }
 
   @Override
@@ -131,11 +131,9 @@ private boolean shouldUseTransitionalParentToSign(final Boolean allowTransitiona
   }
 
   private int getCertificateDuration(final CertificateGenerationParameters params) {
-    if (params.isCa() && caMinimumDuration != null) {
-      return Math.max(params.getDuration(), caMinimumDuration);
-    } else if (!params.isCa() && leafMinimumDuration != null) {
-      return Math.max(params.getDuration(), leafMinimumDuration);
+    if (params.isCa()) {
+      return Math.max(params.getDuration(), caMinimumDurationInDays);
     }
-    return params.getDuration();
+    return Math.max(params.getDuration(), leafMinimumDurationInDays);
   }
 }
diff --git a/...edentials/src/test/java/org/cloudfoundry/credhub/generators/CertificateGeneratorTest.java b/...edentials/src/test/java/org/cloudfoundry/credhub/generators/CertificateGeneratorTest.java
@@ -79,8 +79,8 @@ public void beforeEach() throws Exception {
       keyGenerator,
       signedCertificateGenerator,
       certificateAuthorityService,
-      null,
-      null
+      0,
+      0
     );
 
 
@@ -350,7 +350,7 @@ public void whenTheCADoesNotHaveAPrivateKey_itThrowsAnException() throws Excepti
   public void whenSelfSignIsTrueAndItIsCA_itGeneratesAValidSelfSignedCertificateUsingTheCaMinimumDuration() throws Exception {
     final X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleFipsProvider.PROVIDER_NAME)
             .getCertificate(generateX509SelfSignedCert());
-    final CertificateGenerationParameters expectedParameters = setupMinimumDuration(3650, null, 365, true, true, 3650);
+    final CertificateGenerationParameters expectedParameters = setupMinimumDuration(3650, 0, 365, true, true, 3650);
     when(keyGenerator.generateKeyPair(anyInt())).thenReturn(rootCaKeyPair);
     when(signedCertificateGenerator.getSelfSigned(rootCaKeyPair, expectedParameters))
       .thenReturn(certificate);
@@ -364,7 +364,7 @@ public void whenSelfSignIsTrueAndItIsCA_itGeneratesAValidSelfSignedCertificateUs
 
   @Test
   public void whenSelfSignIsFalseAndItIsCA_itGeneratesAValidCertificateUsingTheCaMinimumDuration() throws Exception {
-    final CertificateGenerationParameters expectedParameters = setupMinimumDuration(3650, null, 365, true, false, 3650);
+    final CertificateGenerationParameters expectedParameters = setupMinimumDuration(3650, 0, 365, true, false, 3650);
     final KeyPair childCertificateKeyPair = setupKeyPair();
     setupMocksForRootCA(childCertificateKeyPair, expectedParameters);
 
@@ -380,7 +380,7 @@ public void whenSelfSignIsFalseAndItIsCA_itGeneratesAValidCertificateUsingTheCaM
   public void whenSelfSignIsTrueAndNotCA_itGeneratesAValidSelfSignedCertificateUsingTheLeafMinimumDuration() throws Exception {
     final X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleFipsProvider.PROVIDER_NAME)
             .getCertificate(generateX509SelfSignedCert());
-    final CertificateGenerationParameters expectedParameters = setupMinimumDuration(null, 1460, 365, false, true, 1460);
+    final CertificateGenerationParameters expectedParameters = setupMinimumDuration(0, 1460, 365, false, true, 1460);
     when(keyGenerator.generateKeyPair(anyInt())).thenReturn(rootCaKeyPair);
     when(signedCertificateGenerator.getSelfSigned(rootCaKeyPair, expectedParameters))
             .thenReturn(certificate);
@@ -394,7 +394,7 @@ public void whenSelfSignIsTrueAndNotCA_itGeneratesAValidSelfSignedCertificateUsi
 
   @Test
   public void whenSelfSignIsFalseAndNotCA_itGeneratesAValidCertificateUsingTheLeafMinimumDuration() throws Exception {
-    final CertificateGenerationParameters expectedParameters = setupMinimumDuration(null, 1460, 365, false, false, 1460);
+    final CertificateGenerationParameters expectedParameters = setupMinimumDuration(0, 1460, 365, false, false, 1460);
     final KeyPair childCertificateKeyPair = setupKeyPair();
     setupMocksForRootCA(childCertificateKeyPair, expectedParameters);
 
@@ -471,8 +471,8 @@ private KeyPair setupKeyPair() throws NoSuchProviderException, NoSuchAlgorithmEx
     return fakeKeyPairGenerator.generate();
   }
 
-  private CertificateGenerationParameters setupMinimumDuration(final Integer caMinimumDuration,
-                                                               final Integer leafMinimumDuration,
+  private CertificateGenerationParameters setupMinimumDuration(final int caMinimumDurationInDays,
+                                                               final int leafMinimumDurationInDays,
                                                                final int defaultDuration,
                                                                final boolean ca,
                                                                final boolean selfSigned,
@@ -481,8 +481,8 @@ private CertificateGenerationParameters setupMinimumDuration(final Integer caMin
             keyGenerator,
             signedCertificateGenerator,
             certificateAuthorityService,
-            caMinimumDuration,
-            leafMinimumDuration
+            caMinimumDurationInDays,
+            leafMinimumDurationInDays
     );
     generationParameters.setCa(ca);
     generationParameters.setSelfSigned(selfSigned);