Search in sources :

Example 1 with SecureStoreData

use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.

the class FileSecureStore method putSecureData.

/**
 * Stores an element in the secure store. Although JCEKS supports overwriting keys the interface currently does not
 * support it. If the key already exists then this method throws an AlreadyExistsException.
 * @param namespace The namespace this key belongs to.
 * @param name Name of the element to store.
 * @param data The data that needs to be securely stored.
 * @param description User provided description of the entry.
 * @param properties Metadata associated with the data.
 * @throws NamespaceNotFoundException If the specified namespace does not exist.
 * @throws AlreadyExistsException If the key already exists in the namespace. Updating is not supported.
 * @throws IOException If there was a problem storing the key to the in memory keystore
 * or if there was problem persisting the keystore.
 */
@Override
public void putSecureData(String namespace, String name, String data, String description, Map<String, String> properties) throws Exception {
    checkNamespaceExists(namespace);
    String keyName = getKeyName(namespace, name);
    SecureStoreMetadata meta = SecureStoreMetadata.of(name, description, properties);
    SecureStoreData secureStoreData = new SecureStoreData(meta, data.getBytes(Charsets.UTF_8));
    writeLock.lock();
    try {
        if (keyStore.containsAlias(keyName)) {
            throw new AlreadyExistsException(new SecureKeyId(namespace, name));
        }
        keyStore.setKeyEntry(keyName, new KeyStoreEntry(secureStoreData, meta), password, null);
        // Attempt to persist the store.
        flush();
        LOG.debug(String.format("Successfully stored %s in namespace %s", name, namespace));
    } catch (KeyStoreException e) {
        // We failed to store the key in the key store. Throw an IOException.
        throw new IOException("Failed to store the key. ", e);
    } finally {
        writeLock.unlock();
    }
}
Also used : SecureStoreData(co.cask.cdap.api.security.store.SecureStoreData) SecureKeyId(co.cask.cdap.proto.id.SecureKeyId) AlreadyExistsException(co.cask.cdap.common.AlreadyExistsException) SecureStoreMetadata(co.cask.cdap.api.security.store.SecureStoreMetadata) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException)

Example 2 with SecureStoreData

use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.

the class FileSecureStoreTest method testDelete.

@Test(expected = NotFoundException.class)
public void testDelete() throws Exception {
    populateStore();
    SecureStoreMetadata metadata = SecureStoreMetadata.of(KEY1, DESCRIPTION1, PROPERTIES_1);
    SecureStoreData secureStoreData = new SecureStoreData(metadata, VALUE1.getBytes(Charsets.UTF_8));
    Assert.assertArrayEquals(secureStoreData.get(), secureStore.getSecureData(NAMESPACE1, KEY1).get());
    secureStoreManager.deleteSecureData(NAMESPACE1, KEY1);
    try {
        secureStore.getSecureData(NAMESPACE1, KEY1);
    } catch (IOException ioe) {
        Assert.assertTrue(ioe.getMessage().contains("not found in the secure store"));
        throw ioe;
    }
}
Also used : SecureStoreData(co.cask.cdap.api.security.store.SecureStoreData) SecureStoreMetadata(co.cask.cdap.api.security.store.SecureStoreMetadata) IOException(java.io.IOException) Test(org.junit.Test)

Example 3 with SecureStoreData

use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.

the class FileSecureStoreTest method testOverwrite.

@Test(expected = Exception.class)
public void testOverwrite() throws Exception {
    secureStoreManager.putSecureData(NAMESPACE1, KEY1, VALUE1, DESCRIPTION1, PROPERTIES_1);
    SecureStoreData oldData = secureStore.getSecureData(NAMESPACE1, KEY1);
    Assert.assertArrayEquals(VALUE1.getBytes(Charsets.UTF_8), oldData.get());
    String newVal = "New value";
    secureStoreManager.putSecureData(NAMESPACE1, KEY1, newVal, DESCRIPTION1, PROPERTIES_1);
}
Also used : SecureStoreData(co.cask.cdap.api.security.store.SecureStoreData) Test(org.junit.Test)

Example 4 with SecureStoreData

use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.

the class KMSSecureStore method getSecureData.

/**
 * Returns the data stored in the secure store. Makes two calls to the provider, one to get the metadata and another
 * to get the data.
 * @param namespace The namespace this key belongs to.
 * @param name Name of the key.
 * @return An object representing the securely stored data associated with the name.
 * @throws NamespaceNotFoundException If the specified namespace does not exist.
 * @throws IOException If there was a problem getting the key or the metadata from the underlying key provider.
 */
// Unfortunately KeyProvider does not specify the underlying cause except in the message, so we can not throw a
// more specific exception.
@Override
public SecureStoreData getSecureData(String namespace, String name) throws Exception {
    checkNamespaceExists(namespace);
    String keyName = getKeyName(namespace, name);
    KeyProvider.Metadata metadata = provider.getMetadata(keyName);
    // Provider returns null if the key is not found.
    if (metadata == null) {
        throw new NotFoundException(new SecureKeyId(namespace, name));
    }
    SecureStoreMetadata meta = SecureStoreMetadata.of(name, metadata.getDescription(), metadata.getAttributes());
    KeyProvider.KeyVersion keyVersion = provider.getCurrentKey(keyName);
    return new SecureStoreData(meta, keyVersion.getMaterial());
}
Also used : KeyProvider(org.apache.hadoop.crypto.key.KeyProvider) SecureStoreData(co.cask.cdap.api.security.store.SecureStoreData) SecureKeyId(co.cask.cdap.proto.id.SecureKeyId) SecureStoreMetadata(co.cask.cdap.api.security.store.SecureStoreMetadata) NamespaceNotFoundException(co.cask.cdap.common.NamespaceNotFoundException) NotFoundException(co.cask.cdap.common.NotFoundException)

Example 5 with SecureStoreData

use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.

the class SecureStoreHandler method getMetadata.

@Path("/{key-name}/metadata")
@GET
public void getMetadata(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("namespace-id") String namespace, @PathParam("key-name") String name) throws Exception {
    SecureStoreData secureStoreData = secureStore.getSecureData(namespace, name);
    httpResponder.sendJson(HttpResponseStatus.OK, GSON.toJson(secureStoreData.getMetadata()));
}
Also used : SecureStoreData(co.cask.cdap.api.security.store.SecureStoreData) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET)

Aggregations

SecureStoreData (co.cask.cdap.api.security.store.SecureStoreData)7 SecureStoreMetadata (co.cask.cdap.api.security.store.SecureStoreMetadata)4 Test (org.junit.Test)3 SecureKeyId (co.cask.cdap.proto.id.SecureKeyId)2 IOException (java.io.IOException)2 AlreadyExistsException (co.cask.cdap.common.AlreadyExistsException)1 NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)1 NotFoundException (co.cask.cdap.common.NotFoundException)1 KeyStoreException (java.security.KeyStoreException)1 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 KeyProvider (org.apache.hadoop.crypto.key.KeyProvider)1