Examples with SecureStoreData co.cask.cdap.api.security.store.SecureStoreData used on opensource projects

Example 1 with SecureStoreData

use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.

the class FileSecureStore method putSecureData.

/**
 * Stores an element in the secure store. Although JCEKS supports overwriting keys the interface currently does not
 * support it. If the key already exists then this method throws an AlreadyExistsException.
 * @param namespace The namespace this key belongs to.
 * @param name Name of the element to store.
 * @param data The data that needs to be securely stored.
 * @param description User provided description of the entry.
 * @param properties Metadata associated with the data.
 * @throws NamespaceNotFoundException If the specified namespace does not exist.
 * @throws AlreadyExistsException If the key already exists in the namespace. Updating is not supported.
 * @throws IOException If there was a problem storing the key to the in memory keystore
 * or if there was problem persisting the keystore.
 */
@Override
public void putSecureData(String namespace, String name, String data, String description, Map<String, String> properties) throws Exception {
    checkNamespaceExists(namespace);
    String keyName = getKeyName(namespace, name);
    SecureStoreMetadata meta = SecureStoreMetadata.of(name, description, properties);
    SecureStoreData secureStoreData = new SecureStoreData(meta, data.getBytes(Charsets.UTF_8));
    writeLock.lock();
    try {
        if (keyStore.containsAlias(keyName)) {
            throw new AlreadyExistsException(new SecureKeyId(namespace, name));
        }
        keyStore.setKeyEntry(keyName, new KeyStoreEntry(secureStoreData, meta), password, null);
        // Attempt to persist the store.
        flush();
        LOG.debug(String.format("Successfully stored %s in namespace %s", name, namespace));
    } catch (KeyStoreException e) {
        // We failed to store the key in the key store. Throw an IOException.
        throw new IOException("Failed to store the key. ", e);
    } finally {
        writeLock.unlock();
    }
}

Example 2 with SecureStoreData

use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.

the class FileSecureStoreTest method testDelete.

@Test(expected = NotFoundException.class)
public void testDelete() throws Exception {
    populateStore();
    SecureStoreMetadata metadata = SecureStoreMetadata.of(KEY1, DESCRIPTION1, PROPERTIES_1);
    SecureStoreData secureStoreData = new SecureStoreData(metadata, VALUE1.getBytes(Charsets.UTF_8));
    Assert.assertArrayEquals(secureStoreData.get(), secureStore.getSecureData(NAMESPACE1, KEY1).get());
    secureStoreManager.deleteSecureData(NAMESPACE1, KEY1);
    try {
        secureStore.getSecureData(NAMESPACE1, KEY1);
    } catch (IOException ioe) {
        Assert.assertTrue(ioe.getMessage().contains("not found in the secure store"));
        throw ioe;
    }
}

Example 3 with SecureStoreData

use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.

the class FileSecureStoreTest method testOverwrite.

@Test(expected = Exception.class)
public void testOverwrite() throws Exception {
    secureStoreManager.putSecureData(NAMESPACE1, KEY1, VALUE1, DESCRIPTION1, PROPERTIES_1);
    SecureStoreData oldData = secureStore.getSecureData(NAMESPACE1, KEY1);
    Assert.assertArrayEquals(VALUE1.getBytes(Charsets.UTF_8), oldData.get());
    String newVal = "New value";
    secureStoreManager.putSecureData(NAMESPACE1, KEY1, newVal, DESCRIPTION1, PROPERTIES_1);
}

Example 4 with SecureStoreData

use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.

the class KMSSecureStore method getSecureData.

/**
 * Returns the data stored in the secure store. Makes two calls to the provider, one to get the metadata and another
 * to get the data.
 * @param namespace The namespace this key belongs to.
 * @param name Name of the key.
 * @return An object representing the securely stored data associated with the name.
 * @throws NamespaceNotFoundException If the specified namespace does not exist.
 * @throws IOException If there was a problem getting the key or the metadata from the underlying key provider.
 */
// Unfortunately KeyProvider does not specify the underlying cause except in the message, so we can not throw a
// more specific exception.
@Override
public SecureStoreData getSecureData(String namespace, String name) throws Exception {
    checkNamespaceExists(namespace);
    String keyName = getKeyName(namespace, name);
    KeyProvider.Metadata metadata = provider.getMetadata(keyName);
    // Provider returns null if the key is not found.
    if (metadata == null) {
        throw new NotFoundException(new SecureKeyId(namespace, name));
    }
    SecureStoreMetadata meta = SecureStoreMetadata.of(name, metadata.getDescription(), metadata.getAttributes());
    KeyProvider.KeyVersion keyVersion = provider.getCurrentKey(keyName);
    return new SecureStoreData(meta, keyVersion.getMaterial());
}

Example 5 with SecureStoreData

use of co.cask.cdap.api.security.store.SecureStoreData in project cdap by caskdata.

the class SecureStoreHandler method getMetadata.

@Path("/{key-name}/metadata")
@GET
public void getMetadata(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("namespace-id") String namespace, @PathParam("key-name") String name) throws Exception {
    SecureStoreData secureStoreData = secureStore.getSecureData(namespace, name);
    httpResponder.sendJson(HttpResponseStatus.OK, GSON.toJson(secureStoreData.getMetadata()));
}