use of co.cask.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.
the class KMSSecureStore method getSecureData.
/**
* Returns the data stored in the secure store. Makes two calls to the provider, one to get the metadata and another
* to get the data.
* @param namespace The namespace this key belongs to.
* @param name Name of the key.
* @return An object representing the securely stored data associated with the name.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws IOException If there was a problem getting the key or the metadata from the underlying key provider.
*/
// Unfortunately KeyProvider does not specify the underlying cause except in the message, so we can not throw a
// more specific exception.
@Override
public SecureStoreData getSecureData(String namespace, String name) throws Exception {
checkNamespaceExists(namespace);
String keyName = getKeyName(namespace, name);
KeyProvider.Metadata metadata = provider.getMetadata(keyName);
// Provider returns null if the key is not found.
if (metadata == null) {
throw new NotFoundException(new SecureKeyId(namespace, name));
}
SecureStoreMetadata meta = SecureStoreMetadata.of(name, metadata.getDescription(), metadata.getAttributes());
KeyProvider.KeyVersion keyVersion = provider.getCurrentKey(keyName);
return new SecureStoreData(meta, keyVersion.getMaterial());
}
use of co.cask.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.
the class FileSecureStore method putSecureData.
/**
* Stores an element in the secure store. Although JCEKS supports overwriting keys the interface currently does not
* support it. If the key already exists then this method throws an AlreadyExistsException.
* @param namespace The namespace this key belongs to.
* @param name Name of the element to store.
* @param data The data that needs to be securely stored.
* @param description User provided description of the entry.
* @param properties Metadata associated with the data.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws AlreadyExistsException If the key already exists in the namespace. Updating is not supported.
* @throws IOException If there was a problem storing the key to the in memory keystore
* or if there was problem persisting the keystore.
*/
@Override
public void putSecureData(String namespace, String name, String data, String description, Map<String, String> properties) throws Exception {
checkNamespaceExists(namespace);
String keyName = getKeyName(namespace, name);
SecureStoreMetadata meta = SecureStoreMetadata.of(name, description, properties);
SecureStoreData secureStoreData = new SecureStoreData(meta, data.getBytes(Charsets.UTF_8));
writeLock.lock();
try {
if (keyStore.containsAlias(keyName)) {
throw new AlreadyExistsException(new SecureKeyId(namespace, name));
}
keyStore.setKeyEntry(keyName, new KeyStoreEntry(secureStoreData, meta), password, null);
// Attempt to persist the store.
flush();
LOG.debug(String.format("Successfully stored %s in namespace %s", name, namespace));
} catch (KeyStoreException e) {
// We failed to store the key in the key store. Throw an IOException.
throw new IOException("Failed to store the key. ", e);
} finally {
writeLock.unlock();
}
}
use of co.cask.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.
the class FileSecureStoreTest method testDelete.
@Test(expected = NotFoundException.class)
public void testDelete() throws Exception {
populateStore();
SecureStoreMetadata metadata = SecureStoreMetadata.of(KEY1, DESCRIPTION1, PROPERTIES_1);
SecureStoreData secureStoreData = new SecureStoreData(metadata, VALUE1.getBytes(Charsets.UTF_8));
Assert.assertArrayEquals(secureStoreData.get(), secureStore.getSecureData(NAMESPACE1, KEY1).get());
secureStoreManager.deleteSecureData(NAMESPACE1, KEY1);
try {
secureStore.getSecureData(NAMESPACE1, KEY1);
} catch (IOException ioe) {
Assert.assertTrue(ioe.getMessage().contains("not found in the secure store"));
throw ioe;
}
}
use of co.cask.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.
the class FileSecureStoreTest method testGetMetadata.
@Test
public void testGetMetadata() throws Exception {
populateStore();
SecureStoreMetadata metadata = SecureStoreMetadata.of(KEY1, DESCRIPTION1, PROPERTIES_1);
Assert.assertEquals(metadata.getDescription(), secureStore.getSecureData(NAMESPACE1, KEY1).getMetadata().getDescription());
Assert.assertEquals(metadata.getName(), secureStore.getSecureData(NAMESPACE1, KEY1).getMetadata().getName());
SecureStoreMetadata metadata2 = SecureStoreMetadata.of(KEY2, DESCRIPTION2, PROPERTIES_2);
Assert.assertEquals(metadata2.getDescription(), secureStore.getSecureData(NAMESPACE1, KEY2).getMetadata().getDescription());
Assert.assertEquals(metadata2.getName(), secureStore.getSecureData(NAMESPACE1, KEY2).getMetadata().getName());
}
use of co.cask.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.
the class SecureStoreClientTest method testSecureKeys.
@Test
public void testSecureKeys() throws Exception {
// no secure keys to begin with
Map<String, String> secureKeys = client.listKeys(NamespaceId.DEFAULT);
Assert.assertTrue(secureKeys.isEmpty());
// create a key
String key = "securekey";
String desc = "SomeDesc";
String data = "secureData";
Map<String, String> properties = ImmutableMap.of("k1", "v1");
long creationTime = System.currentTimeMillis();
SecureKeyId secureKeyId = new SecureKeyId(NamespaceId.DEFAULT.getNamespace(), key);
client.createKey(secureKeyId, new SecureKeyCreateRequest(desc, data, properties));
Assert.assertEquals(data, client.getData(secureKeyId));
Assert.assertEquals(1, client.listKeys(NamespaceId.DEFAULT).size());
SecureStoreMetadata metadata = client.getKeyMetadata(secureKeyId);
Assert.assertEquals(desc, metadata.getDescription());
Assert.assertTrue(metadata.getLastModifiedTime() >= creationTime);
Assert.assertEquals(properties, metadata.getProperties());
// delete the key
client.deleteKey(secureKeyId);
Assert.assertTrue(client.listKeys(NamespaceId.DEFAULT).isEmpty());
}
Aggregations