Examples with SecretContent keywhiz.api.model.SecretContent used on opensource projects

Example 1 with SecretContent

use of keywhiz.api.model.SecretContent in project keywhiz by square.

the class SecretResource method backfillHmac.

/**
   * Backfill content hmac for this secret.
   */
@Timed
@ExceptionMetered
@Path("{name}/backfill-hmac")
@POST
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public boolean backfillHmac(@Auth AutomationClient automationClient, @PathParam("name") String name, List<String> passwords) {
    Optional<SecretSeriesAndContent> secret = secretDAO.getSecretByName(name);
    if (!secret.isPresent()) {
        return false;
    }
    logger.info("backfill-hmac {}: processing secret", name);
    SecretContent secretContent = secret.get().content();
    if (!secretContent.hmac().isEmpty()) {
        // No need to backfill
        return true;
    }
    String hmac = cryptographer.computeHmac(cryptographer.decrypt(secretContent.encryptedContent()).getBytes(UTF_8));
    // We expect only one row to be changed
    return secretSeriesDAO.setHmac(secretContent.id(), hmac) == 1;
}

Example 2 with SecretContent

use of keywhiz.api.model.SecretContent in project keywhiz by square.

the class SecretDAO method getSecrets.

/** @return list of secrets. can limit/sort by expiry, and for group if given */
public ImmutableList<SecretSeriesAndContent> getSecrets(@Nullable Long expireMaxTime, Group group) {
    return dslContext.transactionResult(configuration -> {
        SecretContentDAO secretContentDAO = secretContentDAOFactory.using(configuration);
        SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(configuration);
        ImmutableList.Builder<SecretSeriesAndContent> secretsBuilder = ImmutableList.builder();
        for (SecretSeries series : secretSeriesDAO.getSecretSeries(expireMaxTime, group)) {
            SecretContent content = secretContentDAO.getSecretContentById(series.currentVersion().get()).get();
            SecretSeriesAndContent seriesAndContent = SecretSeriesAndContent.of(series, content);
            secretsBuilder.add(seriesAndContent);
        }
        return secretsBuilder.build();
    });
}

Example 3 with SecretContent

use of keywhiz.api.model.SecretContent in project keywhiz by square.

the class SecretDetailResponseV2Test method formsCorrectlyFromSecretSeriesAndContent.

@Test
public void formsCorrectlyFromSecretSeriesAndContent() {
    SecretSeries series = SecretSeries.of(1, "secret-name", "secret-owner", "secret-description", ApiDate.parse("2013-03-28T21:23:04.159Z"), "creator-user", ApiDate.parse("2014-03-28T21:23:04.159Z"), "updater-user", "text/plain", null, 1L);
    SecretContent content = SecretContent.of(1, 1, "YXNkZGFz", "checksum", ApiDate.parse("2014-03-28T21:23:04.159Z"), "updater-user", ApiDate.parse("2014-03-28T21:23:04.159Z"), "updater-user", ImmutableMap.of("owner", "root"), 1136214245);
    SecretSeriesAndContent seriesAndContent = SecretSeriesAndContent.of(series, content);
    SecretDetailResponseV2 fromSeriesAndContent = SecretDetailResponseV2.builder().seriesAndContent(seriesAndContent).build();
    assertThat(fromSeriesAndContent).isEqualTo(secretDetailResponse);
}

Example 4 with SecretContent

use of keywhiz.api.model.SecretContent in project keywhiz by square.

the class SecretDAO method getSecretsBatched.

/**
 * @param idx the first index to select in a list of secrets sorted by creation time
 * @param num the number of secrets after idx to select in the list of secrets
 * @param newestFirst if true, order the secrets from newest creation time to oldest
 * @return A list of secrets
 */
public ImmutableList<SecretSeriesAndContent> getSecretsBatched(int idx, int num, boolean newestFirst) {
    return dslContext.transactionResult(configuration -> {
        SecretContentDAO secretContentDAO = secretContentDAOFactory.using(configuration);
        SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(configuration);
        ImmutableList.Builder<SecretSeriesAndContent> secretsBuilder = ImmutableList.builder();
        for (SecretSeries series : secretSeriesDAO.getSecretSeriesBatched(idx, num, newestFirst)) {
            SecretContent content = secretContentDAO.getSecretContentById(series.currentVersion().get()).get();
            SecretSeriesAndContent seriesAndContent = SecretSeriesAndContent.of(series, content);
            secretsBuilder.add(seriesAndContent);
        }
        return secretsBuilder.build();
    });
}

Example 5 with SecretContent

use of keywhiz.api.model.SecretContent in project keywhiz by square.

the class SecretDAO method partialUpdateSecret.

@VisibleForTesting
public long partialUpdateSecret(String name, String creator, PartialUpdateSecretRequestV2 request) {
    return dslContext.transactionResult(configuration -> {
        long now = OffsetDateTime.now().toEpochSecond();
        SecretContentDAO secretContentDAO = secretContentDAOFactory.using(configuration);
        SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(configuration);
        // Get the current version of the secret, throwing exceptions if it is not found
        SecretSeries secretSeries = secretSeriesDAO.getSecretSeriesByName(name).orElseThrow(NotFoundException::new);
        Long currentVersion = secretSeries.currentVersion().orElseThrow(NotFoundException::new);
        SecretContent secretContent = secretContentDAO.getSecretContentById(currentVersion).orElseThrow(NotFoundException::new);
        long secretId = secretSeries.id();
        // Set the fields to the original series and current version's values or the request values if provided
        String description = request.descriptionPresent() ? request.description() : secretSeries.description();
        String type = request.typePresent() ? request.type() : secretSeries.type().orElse("");
        ImmutableMap<String, String> metadata = request.metadataPresent() ? request.metadata() : secretContent.metadata();
        Long expiry = request.expiryPresent() ? request.expiry() : secretContent.expiry();
        String owner = request.ownerPresent() ? request.owner() : secretSeries.owner();
        Long ownerId = getOwnerId(configuration, owner);
        String encryptedContent = secretContent.encryptedContent();
        String hmac = secretContent.hmac();
        // Mirrors hmac-creation in SecretController
        if (request.contentPresent()) {
            checkArgument(!request.content().isEmpty());
            hmac = cryptographer.computeHmac(request.content().getBytes(UTF_8), // Compute HMAC on base64 encoded data
            "hmackey");
            if (hmac == null) {
                throw new ContentEncodingException("Error encoding content for SecretBuilder!");
            }
            encryptedContent = cryptographer.encryptionKeyDerivedFrom(name).encrypt(request.content());
        }
        secretSeriesDAO.updateSecretSeries(secretId, name, ownerId, creator, description, type, secretSeries.generationOptions(), now);
        long secretContentId = secretContentDAO.createSecretContent(secretId, encryptedContent, hmac, creator, metadata, expiry, now);
        secretSeriesDAO.setCurrentVersion(secretId, secretContentId, creator, now);
        return secretId;
    });
}