public SecureKeyId secureKey(String keyName) { return new SecureKeyId(namespace, keyName); }
public SecureKeyId secureKey(String keyName) { return new SecureKeyId(namespace, keyName); }
@Override public void delete(String namespace, String name) throws Exception { validate(namespace); try { secretManager.delete(namespace, name); } catch (SecretNotFoundException e) { throw new SecureKeyNotFoundException(new SecureKeyId(namespace, name), e); } }
@SuppressWarnings("unused") public static SecureKeyId fromIdParts(Iterable<String> idString) { Iterator<String> iterator = idString.iterator(); return new SecureKeyId(next(iterator, "namespace"), nextAndEnd(iterator, "name")); }
@SuppressWarnings("unused") public static SecureKeyId fromIdParts(Iterable<String> idString) { Iterator<String> iterator = idString.iterator(); return new SecureKeyId(next(iterator, "namespace"), nextAndEnd(iterator, "name")); }
/** * Handles error based on response code. */ private void handleResponse(final HttpResponse response, String namespace, String name, String errorPrefix) throws Exception { int responseCode = response.getResponseCode(); switch (responseCode) { case HttpURLConnection.HTTP_OK: return; case HttpURLConnection.HTTP_NOT_FOUND: throw new SecureKeyNotFoundException(new SecureKeyId(namespace, name)); case HttpURLConnection.HTTP_CONFLICT: throw new SecureKeyAlreadyExistsException(new SecureKeyId(namespace, name)); case HttpURLConnection.HTTP_BAD_REQUEST: throw new IllegalArgumentException(errorPrefix + ". Reason: " + response.getResponseBodyAsString()); default: throw new IOException(errorPrefix + ". Reason: " + response.getResponseBodyAsString()); } }
/** * Returns the metadata for the element identified by the given name. * The name must be of the format namespace + NAME_SEPARATOR + key name. * @param keyName Name of the element * @return An object representing the metadata associated with the element * @throws NotFoundException If the key was not found in the store. * @throws IOException If there was a problem in getting the key from the store */ private SecureStoreMetadata getSecureStoreMetadata(String keyName) throws Exception { String[] namespaceAndName = keyName.split(NAME_SEPARATOR); Preconditions.checkArgument(namespaceAndName.length == 2); String namespace = namespaceAndName[0]; String name = namespaceAndName[1]; readLock.lock(); try { if (!keyStore.containsAlias(keyName)) { throw new NotFoundException(new SecureKeyId(namespace, name)); } Key key = keyStore.getKey(keyName, password); return deserialize(key.getEncoded()).getMetadata(); } catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e) { throw new IOException("Unable to retrieve the metadata for " + name + " in namespace " + namespace, e); } finally { readLock.unlock(); } }
@Path("/{key-name}") @GET public void get(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("namespace-id") String namespace, @PathParam("key-name") String name) throws Exception { SecureKeyId secureKeyId = new SecureKeyId(namespace, name); httpResponder.sendByteArray(HttpResponseStatus.OK, secureStore.getSecureData(namespace, name).get(), new DefaultHttpHeaders().set(HttpHeaderNames.CONTENT_TYPE, "text/plain;charset=utf-8")); }
@Path("/{key-name}") @GET public void get(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("namespace-id") String namespace, @PathParam("key-name") String name) throws Exception { SecureKeyId secureKeyId = new SecureKeyId(namespace, name); httpResponder.sendByteArray(HttpResponseStatus.OK, secureStore.get(namespace, name).get(), new DefaultHttpHeaders().set(HttpHeaderNames.CONTENT_TYPE, "text/plain;charset=utf-8")); }
/** * Deletes the key if the user has ADMIN privileges to the key. * * @throws UnauthorizedException If the user does not have admin privileges required to delete the secure key. * @throws NamespaceNotFoundException If the specified namespace does not exist. * @throws NotFoundException If the key to be deleted is not found. * @throws IOException If there was a problem deleting it from the underlying provider. */ @Override public final void delete(String namespace, String name) throws Exception { Principal principal = authenticationContext.getPrincipal(); SecureKeyId secureKeyId = new SecureKeyId(namespace, name); authorizationEnforcer.enforce(secureKeyId, principal, Action.ADMIN); secureStoreService.delete(namespace, name); }
/** * Checks if the user has access to read the secure key and returns the {@link SecureStoreData} associated * with the key if they do. * * @return Data associated with the key if the user has read access. * @throws NamespaceNotFoundException If the specified namespace does not exist. * @throws NotFoundException If the key is not found in the store. * @throws IOException If there was a problem reading from the store. * @throws UnauthorizedException If the user does not have READ permissions on the secure key. */ @Override public final SecureStoreData get(String namespace, String name) throws Exception { Principal principal = authenticationContext.getPrincipal(); SecureKeyId secureKeyId = new SecureKeyId(namespace, name); authorizationEnforcer.enforce(secureKeyId, principal, Action.READ); return secureStoreService.get(namespace, name); }
try { if (!keyStore.containsAlias(keyName)) { throw new NotFoundException(new SecureKeyId(namespace, name));
@Path("/{key-name}") @PUT @AuditPolicy(AuditDetail.REQUEST_BODY) public void create(FullHttpRequest httpRequest, HttpResponder httpResponder, @PathParam("namespace-id") String namespace, @PathParam("key-name") String name) throws Exception { SecureKeyId secureKeyId = new SecureKeyId(namespace, name); SecureKeyCreateRequest secureKeyCreateRequest = parseBody(httpRequest, SecureKeyCreateRequest.class); if (secureKeyCreateRequest == null) { SecureKeyCreateRequest dummy = new SecureKeyCreateRequest("<description>", "<data>", ImmutableMap.of("key", "value")); throw new BadRequestException("Unable to parse the request. The request body should be of the following format." + " \n" + GSON.toJson(dummy)); } secureStoreManager.putSecureData(namespace, name, secureKeyCreateRequest.getData(), secureKeyCreateRequest.getDescription(), secureKeyCreateRequest.getProperties()); httpResponder.sendStatus(HttpResponseStatus.OK); }
@Path("/{key-name}") @PUT @AuditPolicy(AuditDetail.REQUEST_BODY) public void create(FullHttpRequest httpRequest, HttpResponder httpResponder, @PathParam("namespace-id") String namespace, @PathParam("key-name") String name) throws Exception { SecureKeyId secureKeyId = new SecureKeyId(namespace, name); SecureKeyCreateRequest secureKeyCreateRequest; try { secureKeyCreateRequest = parseBody(httpRequest); } catch (IOException e) { SecureKeyCreateRequest dummy = new SecureKeyCreateRequest("<description>", "<data>", ImmutableMap.of("key", "value")); throw new BadRequestException("Unable to parse the request. The request body should be of the following format." + " \n" + GSON.toJson(dummy)); } if (Strings.isNullOrEmpty(secureKeyCreateRequest.getData()) || secureKeyCreateRequest.getData().trim().isEmpty()) { throw new BadRequestException("The data field must not be null or empty. The data will be stored securely " + "under provided key name."); } secureStoreManager.put(namespace, name, secureKeyCreateRequest.getData(), secureKeyCreateRequest.getDescription(), secureKeyCreateRequest.getProperties()); httpResponder.sendStatus(HttpResponseStatus.OK); }
/** * Lists all the secure keys in the given namespace that the user has access to. * Returns an empty list if the user does not have access to any of the keys in the namespace. * * @return A map of key names accessible by the user and their descriptions. * @throws NamespaceNotFoundException If the specified namespace does not exist. * @throws IOException If there was a problem reading from the store. * */ @Override public final List<SecureStoreMetadata> list(final String namespace) throws Exception { Principal principal = authenticationContext.getPrincipal(); List<SecureStoreMetadata> metadatas = secureStoreService.list(namespace); return AuthorizationUtil.isVisible(metadatas, authorizationEnforcer, principal, input -> new SecureKeyId(namespace, input.getName()), null); }
@Override public SecureStoreData get(String namespace, String name) throws Exception { validate(namespace); try { Secret secret = secretManager.get(namespace, name); SecretMetadata metadata = secret.getMetadata(); return new SecureStoreData(new SecureStoreMetadata(metadata.getName(), metadata.getDescription(), metadata.getCreationTimeMs(), metadata.getProperties()), secret.getData()); } catch (SecretNotFoundException e) { throw new SecureKeyNotFoundException(new SecureKeyId(namespace, name), e); } }
/** * Returns the data stored in the secure store. Makes two calls to the provider, one to get the metadata and another * to get the data. * @param namespace The namespace this key belongs to. * @param name Name of the key. * @return An object representing the securely stored data associated with the name. * @throws NamespaceNotFoundException If the specified namespace does not exist. * @throws IOException If there was a problem getting the key or the metadata from the underlying key provider. */ // Unfortunately KeyProvider does not specify the underlying cause except in the message, so we can not throw a // more specific exception. @Override public SecureStoreData get(String namespace, String name) throws Exception { checkNamespaceExists(namespace); String keyName = getKeyName(namespace, name); KeyProvider.Metadata metadata = provider.getMetadata(keyName); // Provider returns null if the key is not found. if (metadata == null) { throw new NotFoundException(new SecureKeyId(namespace, name)); } SecureStoreMetadata meta = new SecureStoreMetadata(name, metadata.getDescription(), metadata.getCreated().getTime(), metadata.getAttributes()); KeyProvider.KeyVersion keyVersion = provider.getCurrentKey(keyName); return new SecureStoreData(meta, keyVersion.getMaterial()); }