Example 11 with SecureKeyId
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class DefaultSecureStoreService method listSecureData.
/**
* Lists all the secure keys in the given namespace that the user has access to. Returns an empty list if the user
* does not have access to the namespace or any of the keys in the namespace.
* @return A map of key names accessible by the user and their descriptions.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws IOException If there was a problem reading from the store.
*
*/
@Override
public final Map<String, String> listSecureData(String namespace) throws Exception {
Principal principal = authenticationContext.getPrincipal();
final Predicate<EntityId> filter = authorizationEnforcer.createFilter(principal);
Map<String, String> metadatas = secureStore.listSecureData(namespace);
Map<String, String> result = new HashMap<>(metadatas.size());
for (String name : metadatas.keySet()) {
if (filter.apply(new SecureKeyId(namespace, name))) {
result.put(name, metadatas.get(name));
}
}
return result;
}
Also used :
EntityId(co.cask.cdap.proto.id.EntityId)
SecureKeyId(co.cask.cdap.proto.id.SecureKeyId)
HashMap(java.util.HashMap)
Principal(co.cask.cdap.proto.security.Principal)
Example 12 with SecureKeyId
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class DefaultSecureStoreService method putSecureData.
/**
* Puts the user provided data in the secure store, if the user has write access to the namespace. Grants the user
* all access to the newly created entity.
* @throws BadRequestException If the request does not contain the value to be stored.
* @throws UnauthorizedException If the user does not have write permissions on the namespace.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws AlreadyExistsException If the key already exists in the namespace. Updating is not supported.
* @throws IOException If there was a problem storing the key to underlying provider.
*/
@Override
public final synchronized void putSecureData(String namespace, String name, String value, String description, Map<String, String> properties) throws Exception {
Principal principal = authenticationContext.getPrincipal();
NamespaceId namespaceId = new NamespaceId(namespace);
authorizationEnforcer.enforce(namespaceId, principal, Action.WRITE);
if (Strings.isNullOrEmpty(value)) {
throw new BadRequestException("The data field should not be empty. This is the data that will be stored " + "securely.");
}
privilegesManager.grant(new SecureKeyId(namespace, name), principal, EnumSet.allOf(Action.class));
secureStoreManager.putSecureData(namespace, name, value, description, properties);
}
Also used :
Action(co.cask.cdap.proto.security.Action)
SecureKeyId(co.cask.cdap.proto.id.SecureKeyId)
BadRequestException(co.cask.cdap.common.BadRequestException)
NamespaceId(co.cask.cdap.proto.id.NamespaceId)
Principal(co.cask.cdap.proto.security.Principal)
Example 13 with SecureKeyId
use of co.cask.cdap.proto.id.SecureKeyId in project cdap by caskdata.
the class FileSecureStore method getSecureStoreMetadata.
/**
* Returns the metadata for the element identified by the given name.
* The name must be of the format namespace + NAME_SEPARATOR + key name.
* @param keyName Name of the element
* @return An object representing the metadata associated with the element
* @throws NotFoundException If the key was not found in the store.
* @throws IOException If there was a problem in getting the key from the store
*/
private SecureStoreMetadata getSecureStoreMetadata(String keyName) throws Exception {
String[] namespaceAndName = keyName.split(NAME_SEPARATOR);
Preconditions.checkArgument(namespaceAndName.length == 2);
String namespace = namespaceAndName[0];
String name = namespaceAndName[1];
readLock.lock();
try {
if (!keyStore.containsAlias(keyName)) {
throw new NotFoundException(new SecureKeyId(namespace, name));
}
Key key = keyStore.getKey(keyName, password);
return ((KeyStoreEntry) key).getMetadata();
} catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e) {
throw new IOException("Unable to retrieve the metadata for " + name + " in namespace " + namespace, e);
} finally {
readLock.unlock();
}
}
Also used :
SecureKeyId(co.cask.cdap.proto.id.SecureKeyId)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
NamespaceNotFoundException(co.cask.cdap.common.NamespaceNotFoundException)
NotFoundException(co.cask.cdap.common.NotFoundException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
Key(java.security.Key)
Aggregations
SecureKeyId (co.cask.cdap.proto.id.SecureKeyId)13
NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)4
Principal (co.cask.cdap.proto.security.Principal)4
SecureStoreMetadata (co.cask.cdap.api.security.store.SecureStoreMetadata)3
NotFoundException (co.cask.cdap.common.NotFoundException)3
SecureKeyCreateRequest (co.cask.cdap.proto.security.SecureKeyCreateRequest)3
IOException (java.io.IOException)3
KeyStoreException (java.security.KeyStoreException)3
Test (org.junit.Test)3
SecureStoreData (co.cask.cdap.api.security.store.SecureStoreData)2
BadRequestException (co.cask.cdap.common.BadRequestException)2
EntityId (co.cask.cdap.proto.id.EntityId)2
NamespaceId (co.cask.cdap.proto.id.NamespaceId)2
Action (co.cask.cdap.proto.security.Action)2
UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)2
Key (java.security.Key)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
Path (javax.ws.rs.Path)2
AlreadyExistsException (co.cask.cdap.common.AlreadyExistsException)1
