Search in sources :

Example 1 with SecureStoreMetadata

use of co.cask.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.

the class KMSSecureStore method getSecureData.

/**
   * Returns the data stored in the secure store. Makes two calls to the provider, one to get the metadata and another
   * to get the data.
   * @param namespace The namespace this key belongs to.
   * @param name Name of the key.
   * @return An object representing the securely stored data associated with the name.
   * @throws NamespaceNotFoundException If the specified namespace does not exist.
   * @throws IOException If there was a problem getting the key or the metadata from the underlying key provider.
   */
// Unfortunately KeyProvider does not specify the underlying cause except in the message, so we can not throw a
// more specific exception.
@Override
public SecureStoreData getSecureData(String namespace, String name) throws Exception {
    checkNamespaceExists(namespace);
    String keyName = getKeyName(namespace, name);
    KeyProvider.Metadata metadata = provider.getMetadata(keyName);
    // Provider returns null if the key is not found.
    if (metadata == null) {
        throw new NotFoundException(new SecureKeyId(namespace, name));
    }
    SecureStoreMetadata meta = SecureStoreMetadata.of(name, metadata.getDescription(), metadata.getAttributes());
    KeyProvider.KeyVersion keyVersion = provider.getCurrentKey(keyName);
    return new SecureStoreData(meta, keyVersion.getMaterial());
}
Also used : KeyProvider(org.apache.hadoop.crypto.key.KeyProvider) SecureStoreData(co.cask.cdap.api.security.store.SecureStoreData) SecureKeyId(co.cask.cdap.proto.id.SecureKeyId) SecureStoreMetadata(co.cask.cdap.api.security.store.SecureStoreMetadata) NamespaceNotFoundException(co.cask.cdap.common.NamespaceNotFoundException) NotFoundException(co.cask.cdap.common.NotFoundException)

Example 2 with SecureStoreMetadata

use of co.cask.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.

the class FileSecureStore method putSecureData.

/**
   * Stores an element in the secure store. Although JCEKS supports overwriting keys the interface currently does not
   * support it. If the key already exists then this method throws an AlreadyExistsException.
   * @param namespace The namespace this key belongs to.
   * @param name Name of the element to store.
   * @param data The data that needs to be securely stored.
   * @param description User provided description of the entry.
   * @param properties Metadata associated with the data.
   * @throws NamespaceNotFoundException If the specified namespace does not exist.
   * @throws AlreadyExistsException If the key already exists in the namespace. Updating is not supported.
   * @throws IOException If there was a problem storing the key to the in memory keystore
   * or if there was problem persisting the keystore.
   */
@Override
public void putSecureData(String namespace, String name, String data, String description, Map<String, String> properties) throws Exception {
    checkNamespaceExists(namespace);
    String keyName = getKeyName(namespace, name);
    SecureStoreMetadata meta = SecureStoreMetadata.of(name, description, properties);
    SecureStoreData secureStoreData = new SecureStoreData(meta, data.getBytes(Charsets.UTF_8));
    writeLock.lock();
    try {
        if (keyStore.containsAlias(keyName)) {
            throw new AlreadyExistsException(new SecureKeyId(namespace, name));
        }
        keyStore.setKeyEntry(keyName, new KeyStoreEntry(secureStoreData, meta), password, null);
        // Attempt to persist the store.
        flush();
        LOG.debug(String.format("Successfully stored %s in namespace %s", name, namespace));
    } catch (KeyStoreException e) {
        // We failed to store the key in the key store. Throw an IOException.
        throw new IOException("Failed to store the key. ", e);
    } finally {
        writeLock.unlock();
    }
}
Also used : SecureStoreData(co.cask.cdap.api.security.store.SecureStoreData) SecureKeyId(co.cask.cdap.proto.id.SecureKeyId) AlreadyExistsException(co.cask.cdap.common.AlreadyExistsException) SecureStoreMetadata(co.cask.cdap.api.security.store.SecureStoreMetadata) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException)

Example 3 with SecureStoreMetadata

use of co.cask.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.

the class FileSecureStoreTest method testDelete.

@Test(expected = NotFoundException.class)
public void testDelete() throws Exception {
    populateStore();
    SecureStoreMetadata metadata = SecureStoreMetadata.of(KEY1, DESCRIPTION1, PROPERTIES_1);
    SecureStoreData secureStoreData = new SecureStoreData(metadata, VALUE1.getBytes(Charsets.UTF_8));
    Assert.assertArrayEquals(secureStoreData.get(), secureStore.getSecureData(NAMESPACE1, KEY1).get());
    secureStoreManager.deleteSecureData(NAMESPACE1, KEY1);
    try {
        secureStore.getSecureData(NAMESPACE1, KEY1);
    } catch (IOException ioe) {
        Assert.assertTrue(ioe.getMessage().contains("not found in the secure store"));
        throw ioe;
    }
}
Also used : SecureStoreData(co.cask.cdap.api.security.store.SecureStoreData) SecureStoreMetadata(co.cask.cdap.api.security.store.SecureStoreMetadata) IOException(java.io.IOException) Test(org.junit.Test)

Example 4 with SecureStoreMetadata

use of co.cask.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.

the class FileSecureStoreTest method testGetMetadata.

@Test
public void testGetMetadata() throws Exception {
    populateStore();
    SecureStoreMetadata metadata = SecureStoreMetadata.of(KEY1, DESCRIPTION1, PROPERTIES_1);
    Assert.assertEquals(metadata.getDescription(), secureStore.getSecureData(NAMESPACE1, KEY1).getMetadata().getDescription());
    Assert.assertEquals(metadata.getName(), secureStore.getSecureData(NAMESPACE1, KEY1).getMetadata().getName());
    SecureStoreMetadata metadata2 = SecureStoreMetadata.of(KEY2, DESCRIPTION2, PROPERTIES_2);
    Assert.assertEquals(metadata2.getDescription(), secureStore.getSecureData(NAMESPACE1, KEY2).getMetadata().getDescription());
    Assert.assertEquals(metadata2.getName(), secureStore.getSecureData(NAMESPACE1, KEY2).getMetadata().getName());
}
Also used : SecureStoreMetadata(co.cask.cdap.api.security.store.SecureStoreMetadata) Test(org.junit.Test)

Example 5 with SecureStoreMetadata

use of co.cask.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.

the class SecureStoreClientTest method testSecureKeys.

@Test
public void testSecureKeys() throws Exception {
    // no secure keys to begin with
    Map<String, String> secureKeys = client.listKeys(NamespaceId.DEFAULT);
    Assert.assertTrue(secureKeys.isEmpty());
    // create a key
    String key = "securekey";
    String desc = "SomeDesc";
    String data = "secureData";
    Map<String, String> properties = ImmutableMap.of("k1", "v1");
    long creationTime = System.currentTimeMillis();
    SecureKeyId secureKeyId = new SecureKeyId(NamespaceId.DEFAULT.getNamespace(), key);
    client.createKey(secureKeyId, new SecureKeyCreateRequest(desc, data, properties));
    Assert.assertEquals(data, client.getData(secureKeyId));
    Assert.assertEquals(1, client.listKeys(NamespaceId.DEFAULT).size());
    SecureStoreMetadata metadata = client.getKeyMetadata(secureKeyId);
    Assert.assertEquals(desc, metadata.getDescription());
    Assert.assertTrue(metadata.getLastModifiedTime() >= creationTime);
    Assert.assertEquals(properties, metadata.getProperties());
    // delete the key
    client.deleteKey(secureKeyId);
    Assert.assertTrue(client.listKeys(NamespaceId.DEFAULT).isEmpty());
}
Also used : SecureKeyCreateRequest(co.cask.cdap.proto.security.SecureKeyCreateRequest) SecureKeyId(co.cask.cdap.proto.id.SecureKeyId) SecureStoreMetadata(co.cask.cdap.api.security.store.SecureStoreMetadata) Test(org.junit.Test)

Aggregations

SecureStoreMetadata (co.cask.cdap.api.security.store.SecureStoreMetadata)7 SecureStoreData (co.cask.cdap.api.security.store.SecureStoreData)4 Test (org.junit.Test)4 SecureKeyId (co.cask.cdap.proto.id.SecureKeyId)3 IOException (java.io.IOException)3 KeyProvider (org.apache.hadoop.crypto.key.KeyProvider)2 AlreadyExistsException (co.cask.cdap.common.AlreadyExistsException)1 NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)1 NotFoundException (co.cask.cdap.common.NotFoundException)1 SecureKeyCreateRequest (co.cask.cdap.proto.security.SecureKeyCreateRequest)1 KeyStoreException (java.security.KeyStoreException)1 ArrayList (java.util.ArrayList)1 ConcurrentModificationException (java.util.ConcurrentModificationException)1 HashMap (java.util.HashMap)1