Example 6 with KeyPair
use of com.bluenimble.platform.security.KeyPair in project serverless by bluenimble.
the class GetKeysSpi method execute.
@Override
public ApiOutput execute(Api api, final ApiConsumer consumer, ApiRequest request, ApiResponse response) throws ApiServiceExecutionException {
String accessKey = (String) request.get(ApiConsumer.Fields.AccessKey);
String paraphrase = (String) request.get(Spec.Paraphrase);
if (!MgmUtils.isSecure(request.getService())) {
return getNotSecure(api, request, accessKey, paraphrase);
}
Role cRole = Role.valueOf((String) consumer.get(CommonSpec.Role));
String cAccessKey = (String) consumer.get(ApiConsumer.Fields.AccessKey);
ApiSpace keysSpace = null;
KeyPair kp;
// if consumer is super
try {
if (Role.SUPER.equals(cRole)) {
// If super is calling this service, accessKey should be prefixed by space namespace
int indexOfDot = accessKey.indexOf(Lang.DOT);
if (indexOfDot <= 0) {
throw new ApiServiceExecutionException("invalid accessKey. Using super privileges, you should prefix the accessKey by the space.").status(ApiResponse.BAD_REQUEST);
}
String space = accessKey.substring(0, indexOfDot);
accessKey = accessKey.substring(indexOfDot + 1);
keysSpace = api.space().space(space);
} else {
keysSpace = MgmUtils.space(consumer, api);
}
} catch (Exception e) {
throw new ApiServiceExecutionException("access denied. " + e.getMessage(), e).status(ApiResponse.FORBIDDEN);
}
try {
kp = keysSpace.keystore().get(accessKey, true);
} catch (Exception e) {
throw new ApiServiceExecutionException("can't access space keystore").status(ApiResponse.FORBIDDEN);
}
if (kp == null) {
throw new ApiServiceExecutionException("accessKey " + accessKey + " not found").status(ApiResponse.NOT_FOUND);
}
if (cAccessKey.equals(keysSpace.getNamespace() + Lang.DOT + accessKey)) {
try {
return toOutput(kp, paraphrase, keysSpace, api, request);
} catch (Exception e) {
throw new ApiServiceExecutionException(e.getMessage(), e);
}
}
Role keysRole = Role.valueOf((String) kp.property(CommonSpec.Role));
if (Role.DEVELOPER.equals(cRole)) {
throw new ApiServiceExecutionException("access denied").status(ApiResponse.FORBIDDEN);
}
if (Role.ADMIN.equals(cRole) && Role.ADMIN.equals(keysRole)) {
throw new ApiServiceExecutionException("access denied. only super keys can read ADMIN keys").status(ApiResponse.FORBIDDEN);
}
try {
return toOutput(kp, paraphrase, keysSpace, api, request);
} catch (Exception e) {
throw new ApiServiceExecutionException(e.getMessage(), e);
}
}
Also used :
Role(com.bluenimble.platform.apis.mgm.Role)
KeyPair(com.bluenimble.platform.security.KeyPair)
ApiSpace(com.bluenimble.platform.api.ApiSpace)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException)
EncryptionProviderException(com.bluenimble.platform.security.EncryptionProviderException)
Example 7 with KeyPair
use of com.bluenimble.platform.security.KeyPair in project serverless by bluenimble.
the class GetKeysSpi method getNotSecure.
private ApiOutput getNotSecure(Api api, ApiRequest request, String accessKey, String paraphrase) throws ApiServiceExecutionException {
ApiSpace keysSpace = null;
int indexOfDot = accessKey.indexOf(Lang.DOT);
if (indexOfDot <= 0) {
throw new ApiServiceExecutionException("invalid accessKey. Using super privileges, you should prefix the accessKey by the space NS.").status(ApiResponse.BAD_REQUEST);
}
String space = accessKey.substring(0, indexOfDot);
accessKey = accessKey.substring(indexOfDot + 1);
try {
keysSpace = api.space().space(space);
} catch (ApiAccessDeniedException e) {
throw new ApiServiceExecutionException("access denied").status(ApiResponse.FORBIDDEN);
}
KeyPair skp = null;
try {
skp = keysSpace.keystore().get(accessKey, true);
} catch (Exception e) {
throw new ApiServiceExecutionException(e.getMessage(), e);
}
if (skp == null) {
throw new ApiServiceExecutionException("keys " + accessKey + " not found").status(ApiResponse.NOT_FOUND);
}
try {
return toOutput(skp, paraphrase, keysSpace, api, request);
} catch (Exception e) {
throw new ApiServiceExecutionException(e.getMessage(), e);
}
}
Also used :
ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException)
KeyPair(com.bluenimble.platform.security.KeyPair)
ApiSpace(com.bluenimble.platform.api.ApiSpace)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException)
EncryptionProviderException(com.bluenimble.platform.security.EncryptionProviderException)
Example 8 with KeyPair
use of com.bluenimble.platform.security.KeyPair in project serverless by bluenimble.
the class CreateSpaceSpi method execute.
@Override
public ApiOutput execute(Api api, ApiConsumer consumer, ApiRequest request, ApiResponse response) throws ApiServiceExecutionException {
String namespace = (String) request.get(Spec.Space);
JsonObject oSpace = (JsonObject) spaceModel.duplicate().set(ApiSpace.Spec.Namespace, namespace);
// set default secrets
JsonObject defaultSecrets = Json.getObject(Json.getObject(oSpace, ApiSpace.Spec.secrets.class.getSimpleName()), ApiSpace.Secrets.Default);
if (defaultSecrets != null) {
defaultSecrets.set(ApiSpace.Spec.secrets.Key, Lang.UUID(16));
}
// create space
ApiSpace newSpace = null;
try {
newSpace = api.space().create(oSpace);
} catch (ApiManagementException e) {
throw new ApiServiceExecutionException(e.getMessage(), e);
}
// create root keys
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(CommonSpec.Role, Role.ADMIN.name());
List<KeyPair> keys = null;
try {
keys = newSpace.keystore().create(1, null, properties);
} catch (Exception e) {
throw new ApiServiceExecutionException(e.getMessage(), e);
}
JsonObject result = newSpace.describe(DescribeOption.Info);
if (keys != null) {
result.set(CommonOutput.Keys, keys.get(0).toJson());
}
return new JsonApiOutput(result);
}
Also used :
KeyPair(com.bluenimble.platform.security.KeyPair)
HashMap(java.util.HashMap)
JsonObject(com.bluenimble.platform.json.JsonObject)
ApiManagementException(com.bluenimble.platform.api.ApiManagementException)
ApiResourcesManagerException(com.bluenimble.platform.api.ApiResourcesManagerException)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
ApiManagementException(com.bluenimble.platform.api.ApiManagementException)
ApiSpace(com.bluenimble.platform.api.ApiSpace)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
JsonObject(com.bluenimble.platform.json.JsonObject)
CommonSpec(com.bluenimble.platform.apis.mgm.CommonSpec)
JsonApiOutput(com.bluenimble.platform.api.impls.JsonApiOutput)
Example 9 with KeyPair
use of com.bluenimble.platform.security.KeyPair in project serverless by bluenimble.
the class ApiSpaceImpl method describe.
@Override
public JsonObject describe(DescribeOption... options) {
if (options == null || options.length == 0) {
return JsonObject.Blank;
}
Map<DescribeOption.Option, DescribeOption> opts = DescribeUtils.toMap(options);
JsonObject describe = new JsonObject();
if (opts.containsKey(DescribeOption.Option.info)) {
describe.set(ApiSpace.Spec.Namespace, getNamespace());
describe.set(ApiSpace.Spec.Name, getName());
describe.set(ApiSpace.Spec.Description, getDescription());
describe.set(Describe.Status, isStarted() ? ApiStatus.Running.name() : ApiStatus.Stopped.name());
describe.set(ApiSpace.Spec.Blocked, isBlocked());
if (opts.size() == 1) {
return describe;
}
}
descriptor = descriptor.duplicate();
if (opts.containsKey(DescribeOption.Option.keys) && keystore != null) {
List<KeyPair> keys = null;
try {
keys = keystore.list(0, 100);
} catch (SpaceKeyStoreException e) {
tracer.log(Tracer.Level.Error, Lang.BLANK, e);
}
JsonArray aKeys = new JsonArray();
if (keys != null) {
for (KeyPair kp : keys) {
JsonObject okp = kp.toJson().duplicate();
okp.remove(KeyPair.Fields.SecretKey);
aKeys.add(okp);
}
}
describe.set(DescribeOption.Option.keys.name(), aKeys);
}
if (opts.containsKey(DescribeOption.Option.secrets)) {
describe.set(DescribeOption.Option.secrets.name(), descriptor.get(Spec.secrets.class.getSimpleName()));
}
if (opts.containsKey(DescribeOption.Option.features)) {
describe.set(DescribeOption.Option.features.name(), descriptor.get(Spec.Features));
}
if (opts.containsKey(DescribeOption.Option.runtime)) {
describe.set(DescribeOption.Option.runtime.name(), descriptor.get(RuntimeKey));
}
if (opts.containsKey(DescribeOption.Option.apis)) {
final JsonArray aApis = new JsonArray();
describe.set(DescribeOption.Option.apis.name(), aApis);
list(new Selector() {
@Override
public boolean select(Api api) {
aApis.add(api.describe(options));
return false;
}
});
}
if (opts.containsKey(DescribeOption.Option.workers) && executor != null) {
describe.set(DescribeOption.Option.workers.name(), executor.describe());
}
return describe;
}
Also used :
JsonArray(com.bluenimble.platform.json.JsonArray)
KeyPair(com.bluenimble.platform.security.KeyPair)
SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException)
DescribeOption(com.bluenimble.platform.api.DescribeOption)
JsonObject(com.bluenimble.platform.json.JsonObject)
DescribeOption(com.bluenimble.platform.api.DescribeOption)
Api(com.bluenimble.platform.api.Api)
Example 10 with KeyPair
use of com.bluenimble.platform.security.KeyPair in project serverless by bluenimble.
the class CreateKeysSpi method execute.
@Override
public ApiOutput execute(Api api, ApiConsumer consumer, ApiRequest request, ApiResponse response) throws ApiServiceExecutionException {
JsonObject payload = (JsonObject) request.get(ApiRequest.Payload);
Role cRole = Role.valueOf((String) consumer.get(CommonSpec.Role));
Role role = Role.SUPER.equals(cRole) ? Role.ADMIN : Role.DEVELOPER;
String sRole = Json.getString(payload, CommonSpec.Role);
if (!Lang.isNullOrEmpty(sRole)) {
try {
role = Role.valueOf(sRole.trim().toUpperCase());
} catch (Exception ex) {
// undefined role
}
}
if (Role.SUPER.equals(cRole) && role.equals(Role.DEVELOPER)) {
throw new ApiServiceExecutionException("super users can't create developer keys").status(ApiResponse.FORBIDDEN);
}
if (Role.ADMIN.equals(cRole) && role.equals(Role.ADMIN)) {
throw new ApiServiceExecutionException("admin users can't create admin keys").status(ApiResponse.FORBIDDEN);
}
ApiSpace space;
if (Role.SUPER.equals(cRole)) {
String spaceNs = Json.getString(payload, Spec.Space);
if (Lang.isNullOrEmpty(spaceNs)) {
throw new ApiServiceExecutionException("no space found in payload").status(ApiResponse.BAD_REQUEST);
}
try {
space = api.space().space(spaceNs);
} catch (ApiAccessDeniedException e) {
throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.FORBIDDEN);
}
} else {
try {
space = MgmUtils.space(consumer, api);
} catch (ApiAccessDeniedException e) {
throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.FORBIDDEN);
}
}
if (space == null) {
throw new ApiServiceExecutionException("target space where to create the keys isn't found").status(ApiResponse.BAD_REQUEST);
}
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(CommonSpec.Role, role.name());
Date expiryDate = null;
if (!Json.isNullOrEmpty(payload)) {
expiryDate = (Date) payload.get(KeyPair.Fields.ExpiryDate);
Iterator<String> props = payload.keys();
while (props.hasNext()) {
String p = props.next();
if (Exclude.contains(p)) {
continue;
}
properties.put(p, payload.get(p));
}
}
List<KeyPair> list = null;
try {
list = space.keystore().create(1, expiryDate, properties);
} catch (SpaceKeyStoreException e) {
throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.BAD_REQUEST);
}
if (list == null) {
return new JsonApiOutput(null);
}
return new JsonApiOutput(list.get(0).toJson());
}
Also used :
KeyPair(com.bluenimble.platform.security.KeyPair)
HashMap(java.util.HashMap)
JsonObject(com.bluenimble.platform.json.JsonObject)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException)
SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException)
Date(java.util.Date)
Role(com.bluenimble.platform.apis.mgm.Role)
ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException)
ApiSpace(com.bluenimble.platform.api.ApiSpace)
SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
JsonObject(com.bluenimble.platform.json.JsonObject)
JsonApiOutput(com.bluenimble.platform.api.impls.JsonApiOutput)
Aggregations
KeyPair (com.bluenimble.platform.security.KeyPair)12
JsonObject (com.bluenimble.platform.json.JsonObject)6
ApiServiceExecutionException (com.bluenimble.platform.api.ApiServiceExecutionException)5
ApiSpace (com.bluenimble.platform.api.ApiSpace)5
ApiAccessDeniedException (com.bluenimble.platform.api.ApiAccessDeniedException)4
SpaceKeyStoreException (com.bluenimble.platform.security.SpaceKeyStoreException)4
JsonArray (com.bluenimble.platform.json.JsonArray)3
HashMap (java.util.HashMap)3
JsonApiOutput (com.bluenimble.platform.api.impls.JsonApiOutput)2
Role (com.bluenimble.platform.apis.mgm.Role)2
EncryptionProviderException (com.bluenimble.platform.security.EncryptionProviderException)2
Api (com.bluenimble.platform.api.Api)1
ApiManagementException (com.bluenimble.platform.api.ApiManagementException)1
ApiResourcesManagerException (com.bluenimble.platform.api.ApiResourcesManagerException)1
DescribeOption (com.bluenimble.platform.api.DescribeOption)1
ApiByteArrayOutput (com.bluenimble.platform.api.impls.ApiByteArrayOutput)1
ApiAuthenticationException (com.bluenimble.platform.api.security.ApiAuthenticationException)1
CommonSpec (com.bluenimble.platform.apis.mgm.CommonSpec)1
BufferedReader (java.io.BufferedReader)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
