use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class SecureStoreHandler method create.
@Path("/{key-name}")
@PUT
@AuditPolicy(AuditDetail.REQUEST_BODY)
public void create(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("namespace-id") String namespace, @PathParam("key-name") String name) throws Exception {
SecureKeyId secureKeyId = new SecureKeyId(namespace, name);
SecureKeyCreateRequest secureKeyCreateRequest = parseBody(httpRequest, SecureKeyCreateRequest.class);
if (secureKeyCreateRequest == null) {
SecureKeyCreateRequest dummy = new SecureKeyCreateRequest("<description>", "<data>", ImmutableMap.of("key", "value"));
throw new BadRequestException("Unable to parse the request. The request body should be of the following format." + " \n" + GSON.toJson(dummy));
}
secureStoreManager.putSecureData(namespace, name, secureKeyCreateRequest.getData(), secureKeyCreateRequest.getDescription(), secureKeyCreateRequest.getProperties());
httpResponder.sendStatus(HttpResponseStatus.OK);
}
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class DefaultSecureStoreService method deleteSecureData.
/**
* Deletes the key if the user has ADMIN privileges to the key.
*
* @throws UnauthorizedException If the user does not have admin privileges required to delete the secure key.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws NotFoundException If the key to be deleted is not found.
* @throws IOException If there was a problem deleting it from the underlying provider.
*/
@Override
public final void deleteSecureData(String namespace, String name) throws Exception {
Principal principal = authenticationContext.getPrincipal();
SecureKeyId secureKeyId = new SecureKeyId(namespace, name);
authorizationEnforcer.enforce(secureKeyId, principal, Action.ADMIN);
secureStoreManager.deleteSecureData(namespace, name);
}
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class DefaultSecureStoreService method getSecureData.
/**
* Checks if the user has access to read the secure key and returns the {@link SecureStoreData} associated
* with the key if they do.
*
* @return Data associated with the key if the user has read access.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws NotFoundException If the key is not found in the store.
* @throws IOException If there was a problem reading from the store.
* @throws UnauthorizedException If the user does not have READ permissions on the secure key.
*/
@Override
public final SecureStoreData getSecureData(String namespace, String name) throws Exception {
Principal principal = authenticationContext.getPrincipal();
SecureKeyId secureKeyId = new SecureKeyId(namespace, name);
authorizationEnforcer.enforce(secureKeyId, principal, Action.READ);
return secureStore.getSecureData(namespace, name);
}
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class FileSecureStore method deleteSecureData.
/**
* Deletes the element with the given name. Flushes the keystore after deleting the key from the in memory keystore.
* If the flush fails, we attempt to insert to key back to the in memory store and notify the user that delete failed.
* If the insertion in the key store fails after a flush failure then there would be a discrepancy between the
* in memory store and the file on the disk. This will be remedied the next time a flush happens.
* If another flush does not happen and the system is restarted, the only time that file is read,
* then we will have an extra key in the keystore.
* @param namespace The namespace this key belongs to.
* @param name Name of the element to be deleted.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws NotFoundException If the key to be deleted is not found.
* @throws IOException If their was a problem during deleting the key from the in memory store
* or if there was a problem persisting the keystore after deleting the element.
*/
@Override
public void deleteSecureData(String namespace, String name) throws Exception {
checkNamespaceExists(namespace);
String keyName = getKeyName(namespace, name);
Key key = null;
writeLock.lock();
try {
if (!keyStore.containsAlias(keyName)) {
throw new NotFoundException(new SecureKeyId(namespace, name));
}
key = deleteFromStore(keyName, password);
flush();
LOG.debug(String.format("Successfully deleted key %s from namespace %s", name, namespace));
} catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
throw new IOException("Failed to delete the key. ", e);
} catch (IOException ioe) {
try {
keyStore.setKeyEntry(keyName, key, password, null);
} catch (KeyStoreException e) {
ioe.addSuppressed(e);
}
throw ioe;
} finally {
writeLock.unlock();
}
}
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class FileSecureStore method putSecureData.
/**
* Stores an element in the secure store. Although JCEKS supports overwriting keys the interface currently does not
* support it. If the key already exists then this method throws an AlreadyExistsException.
* @param namespace The namespace this key belongs to.
* @param name Name of the element to store.
* @param data The data that needs to be securely stored.
* @param description User provided description of the entry.
* @param properties Metadata associated with the data.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws AlreadyExistsException If the key already exists in the namespace. Updating is not supported.
* @throws IOException If there was a problem storing the key to the in memory keystore
* or if there was problem persisting the keystore.
*/
@Override
public void putSecureData(String namespace, String name, String data, String description, Map<String, String> properties) throws Exception {
checkNamespaceExists(namespace);
String keyName = getKeyName(namespace, name);
SecureStoreMetadata meta = SecureStoreMetadata.of(name, description, properties);
SecureStoreData secureStoreData = new SecureStoreData(meta, data.getBytes(Charsets.UTF_8));
writeLock.lock();
try {
if (keyStore.containsAlias(keyName)) {
throw new AlreadyExistsException(new SecureKeyId(namespace, name));
}
keyStore.setKeyEntry(keyName, new KeyStoreEntry(secureStoreData, meta), password, null);
// Attempt to persist the store.
flush();
LOG.debug(String.format("Successfully stored %s in namespace %s", name, namespace));
} catch (KeyStoreException e) {
// We failed to store the key in the key store. Throw an IOException.
throw new IOException("Failed to store the key. ", e);
} finally {
writeLock.unlock();
}
}
Aggregations