use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.
the class FileSecureStore method putSecureData.
/**
* Stores an element in the secure store. Although JCEKS supports overwriting keys the interface currently does not
* support it. If the key already exists then this method throws an AlreadyExistsException.
* @param namespace The namespace this key belongs to.
* @param name Name of the element to store.
* @param data The data that needs to be securely stored.
* @param description User provided description of the entry.
* @param properties Metadata associated with the data.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws AlreadyExistsException If the key already exists in the namespace. Updating is not supported.
* @throws IOException If there was a problem storing the key to the in memory keystore
* or if there was problem persisting the keystore.
*/
@Override
public void putSecureData(String namespace, String name, String data, String description, Map<String, String> properties) throws Exception {
checkNamespaceExists(namespace);
String keyName = getKeyName(namespace, name);
SecureStoreMetadata meta = SecureStoreMetadata.of(name, description, properties);
SecureStoreData secureStoreData = new SecureStoreData(meta, data.getBytes(Charsets.UTF_8));
writeLock.lock();
try {
if (keyStore.containsAlias(keyName)) {
throw new AlreadyExistsException(new SecureKeyId(namespace, name));
}
keyStore.setKeyEntry(keyName, new KeyStoreEntry(secureStoreData, meta), password, null);
// Attempt to persist the store.
flush();
LOG.debug(String.format("Successfully stored %s in namespace %s", name, namespace));
} catch (KeyStoreException e) {
// We failed to store the key in the key store. Throw an IOException.
throw new IOException("Failed to store the key. ", e);
} finally {
writeLock.unlock();
}
}
use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.
the class FileSecureStoreTest method testDelete.
@Test(expected = NotFoundException.class)
public void testDelete() throws Exception {
populateStore();
SecureStoreMetadata metadata = SecureStoreMetadata.of(KEY1, DESCRIPTION1, PROPERTIES_1);
SecureStoreData secureStoreData = new SecureStoreData(metadata, VALUE1.getBytes(Charsets.UTF_8));
Assert.assertArrayEquals(secureStoreData.get(), secureStore.getSecureData(NAMESPACE1, KEY1).get());
secureStoreManager.deleteSecureData(NAMESPACE1, KEY1);
try {
secureStore.getSecureData(NAMESPACE1, KEY1);
} catch (IOException ioe) {
Assert.assertTrue(ioe.getMessage().contains("not found in the secure store"));
throw ioe;
}
}
use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.
the class FileSecureStoreTest method testOverwrite.
@Test(expected = Exception.class)
public void testOverwrite() throws Exception {
secureStoreManager.putSecureData(NAMESPACE1, KEY1, VALUE1, DESCRIPTION1, PROPERTIES_1);
SecureStoreData oldData = secureStore.getSecureData(NAMESPACE1, KEY1);
Assert.assertArrayEquals(VALUE1.getBytes(Charsets.UTF_8), oldData.get());
String newVal = "New value";
secureStoreManager.putSecureData(NAMESPACE1, KEY1, newVal, DESCRIPTION1, PROPERTIES_1);
}
use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.
the class KMSSecureStore method getSecureData.
/**
* Returns the data stored in the secure store. Makes two calls to the provider, one to get the metadata and another
* to get the data.
* @param namespace The namespace this key belongs to.
* @param name Name of the key.
* @return An object representing the securely stored data associated with the name.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws IOException If there was a problem getting the key or the metadata from the underlying key provider.
*/
// Unfortunately KeyProvider does not specify the underlying cause except in the message, so we can not throw a
// more specific exception.
@Override
public SecureStoreData getSecureData(String namespace, String name) throws Exception {
checkNamespaceExists(namespace);
String keyName = getKeyName(namespace, name);
KeyProvider.Metadata metadata = provider.getMetadata(keyName);
// Provider returns null if the key is not found.
if (metadata == null) {
throw new NotFoundException(new SecureKeyId(namespace, name));
}
SecureStoreMetadata meta = SecureStoreMetadata.of(name, metadata.getDescription(), metadata.getAttributes());
KeyProvider.KeyVersion keyVersion = provider.getCurrentKey(keyName);
return new SecureStoreData(meta, keyVersion.getMaterial());
}
use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.
the class SecureStoreHandler method getMetadata.
@Path("/{key-name}/metadata")
@GET
public void getMetadata(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("namespace-id") String namespace, @PathParam("key-name") String name) throws Exception {
SecureStoreData secureStoreData = secureStore.getSecureData(namespace, name);
httpResponder.sendJson(HttpResponseStatus.OK, GSON.toJson(secureStoreData.getMetadata()));
}
Aggregations