Examples with KeyPair com.bluenimble.platform.security.KeyPair used on opensource projects

Example 11 with KeyPair

use of com.bluenimble.platform.security.KeyPair in project serverless by bluenimble.

the class KeyStoreAwareApiSpi method findConsumer.

@Override
public void findConsumer(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
    String accessKey = (String) consumer.get(ApiConsumer.Fields.AccessKey);
    if ("container".equals(request.getChannel())) {
        consumer.override((ApiConsumer) request.get(ApiRequest.Consumer));
        return;
    }
    if (!MgmUtils.isSecure(service)) {
        if (root.accessKey().equals(accessKey)) {
            consumer.set(ApiConsumer.Fields.SecretKey, root.secretKey());
            consumer.set(ApiConsumer.Fields.ExpiryDate, root.expiryDate());
            consumer.set(CommonSpec.Role, Role.SUPER.name());
        }
        return;
    }
    if (!consumer.type().equals(Type.Signature)) {
        throw new ApiAuthenticationException("unsupported authentication scheme");
    }
    JsonArray roles = Json.getArray(service.getSecurity(), ApiService.Spec.Security.Roles);
    if (root.accessKey().equals(accessKey)) {
        if (roles == null || roles.isEmpty() || !roles.contains(Role.SUPER.name().toLowerCase())) {
            throw new ApiAuthenticationException("insuffisant permissions");
        }
        consumer.set(ApiConsumer.Fields.SecretKey, root.secretKey());
        consumer.set(ApiConsumer.Fields.ExpiryDate, root.expiryDate());
        consumer.set(CommonSpec.Role, Role.SUPER.name());
    } else {
        int indexOfDot = accessKey.indexOf(Lang.DOT);
        if (indexOfDot <= 0) {
            throw new ApiAuthenticationException("invalid accessKey");
        }
        String consumerSpaceNs = accessKey.substring(0, indexOfDot);
        accessKey = accessKey.substring(indexOfDot + 1);
        ApiSpace consumerSpace;
        try {
            consumerSpace = api.space().space(consumerSpaceNs);
        } catch (ApiAccessDeniedException e) {
            throw new ApiAuthenticationException("instance manager can't access requested space");
        }
        KeyPair skp;
        try {
            skp = consumerSpace.keystore().get(accessKey, true);
        } catch (SpaceKeyStoreException e) {
            throw new ApiAuthenticationException("instance manager can't access space keystore");
        }
        if (skp == null) {
            throw new ApiAuthenticationException("accessKey " + accessKey + " not found");
        }
        String role = (String) skp.property(CommonSpec.Role);
        if (Lang.isNullOrEmpty(role)) {
            throw new ApiAuthenticationException("no role defined for consumer");
        }
        if (roles != null && !roles.isEmpty() && !roles.contains(role.toLowerCase())) {
            throw new ApiAuthenticationException("insuffisant permissions");
        }
        consumer.set(ApiConsumer.Fields.Space, consumerSpaceNs);
        consumer.set(ApiConsumer.Fields.SecretKey, skp.secretKey());
        consumer.set(ApiConsumer.Fields.ExpiryDate, skp.expiryDate());
        Iterator<String> props = skp.properties();
        if (props != null) {
            while (props.hasNext()) {
                String p = props.next();
                consumer.set(p, skp.property(p));
            }
        }
    }
}

Example 12 with KeyPair

use of com.bluenimble.platform.security.KeyPair in project serverless by bluenimble.

the class FileSystemKeyStoreManager method toKeyPair.

private static KeyPair toKeyPair(String line) {
    if (Lang.isNullOrEmpty(line)) {
        return null;
    }
    final String[] tokens = line.split(Lang.SEMICOLON);
    Map<String, Object> props = new HashMap<String, Object>(5);
    if (tokens.length > 3 && !Lang.isNullOrEmpty(tokens[3])) {
        String[] aProps = Lang.split(tokens[3], Lang.COMMA, true);
        for (String pv : aProps) {
            String p = pv;
            Object v = true;
            int indexOfEquals = pv.indexOf(Lang.EQUALS);
            if (indexOfEquals > 0) {
                p = pv.substring(0, indexOfEquals);
                v = pv.substring(indexOfEquals + 1);
            }
            props.put(p, v);
        }
    }
    return new KeyPair() {

        private static final long serialVersionUID = 2787981500577507959L;

        @Override
        public String accessKey() {
            return tokens[0];
        }

        @Override
        public String secretKey() {
            return tokens[1];
        }

        @Override
        public Date expiryDate() {
            if (tokens.length < 3 || Lang.isNullOrEmpty(tokens[2])) {
                return null;
            }
            try {
                return Lang.toDate(tokens[2], Lang.DEFAULT_DATE_FORMAT);
            } catch (ParseException e) {
                return null;
            }
        }

        @Override
        public Object property(String name) {
            if (props.isEmpty()) {
                return null;
            }
            return props.get(name);
        }

        @Override
        public Iterator<String> properties() {
            if (props.isEmpty()) {
                return null;
            }
            return props.keySet().iterator();
        }

        @Override
        public JsonObject toJson() {
            JsonObject out = new JsonObject();
            out.set(KeyPair.Fields.AccessKey, accessKey()).set(KeyPair.Fields.SecretKey, secretKey());
            if (expiryDate() != null) {
                out.set(KeyPair.Fields.ExpiryDate, Lang.toUTC(expiryDate()));
            }
            if (!props.isEmpty()) {
                out.set(KeyPair.Fields.Properties, props);
            }
            return out;
        }

        @Override
        public String toString() {
            return toJson().toString();
        }
    };
}