Example 1 with SpaceKeyStoreException
use of com.bluenimble.platform.security.SpaceKeyStoreException in project serverless by bluenimble.
the class ApiSpaceImpl method describe.
@Override
public JsonObject describe(DescribeOption... options) {
if (options == null || options.length == 0) {
return JsonObject.Blank;
}
Map<DescribeOption.Option, DescribeOption> opts = DescribeUtils.toMap(options);
JsonObject describe = new JsonObject();
if (opts.containsKey(DescribeOption.Option.info)) {
describe.set(ApiSpace.Spec.Namespace, getNamespace());
describe.set(ApiSpace.Spec.Name, getName());
describe.set(ApiSpace.Spec.Description, getDescription());
describe.set(Describe.Status, isStarted() ? ApiStatus.Running.name() : ApiStatus.Stopped.name());
describe.set(ApiSpace.Spec.Blocked, isBlocked());
if (opts.size() == 1) {
return describe;
}
}
descriptor = descriptor.duplicate();
if (opts.containsKey(DescribeOption.Option.keys) && keystore != null) {
List<KeyPair> keys = null;
try {
keys = keystore.list(0, 100);
} catch (SpaceKeyStoreException e) {
tracer.log(Tracer.Level.Error, Lang.BLANK, e);
}
JsonArray aKeys = new JsonArray();
if (keys != null) {
for (KeyPair kp : keys) {
JsonObject okp = kp.toJson().duplicate();
okp.remove(KeyPair.Fields.SecretKey);
aKeys.add(okp);
}
}
describe.set(DescribeOption.Option.keys.name(), aKeys);
}
if (opts.containsKey(DescribeOption.Option.secrets)) {
describe.set(DescribeOption.Option.secrets.name(), descriptor.get(Spec.secrets.class.getSimpleName()));
}
if (opts.containsKey(DescribeOption.Option.features)) {
describe.set(DescribeOption.Option.features.name(), descriptor.get(Spec.Features));
}
if (opts.containsKey(DescribeOption.Option.runtime)) {
describe.set(DescribeOption.Option.runtime.name(), descriptor.get(RuntimeKey));
}
if (opts.containsKey(DescribeOption.Option.apis)) {
final JsonArray aApis = new JsonArray();
describe.set(DescribeOption.Option.apis.name(), aApis);
list(new Selector() {
@Override
public boolean select(Api api) {
aApis.add(api.describe(options));
return false;
}
});
}
if (opts.containsKey(DescribeOption.Option.workers) && executor != null) {
describe.set(DescribeOption.Option.workers.name(), executor.describe());
}
return describe;
}
Also used :
JsonArray(com.bluenimble.platform.json.JsonArray)
KeyPair(com.bluenimble.platform.security.KeyPair)
SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException)
DescribeOption(com.bluenimble.platform.api.DescribeOption)
JsonObject(com.bluenimble.platform.json.JsonObject)
DescribeOption(com.bluenimble.platform.api.DescribeOption)
Api(com.bluenimble.platform.api.Api)
Example 2 with SpaceKeyStoreException
use of com.bluenimble.platform.security.SpaceKeyStoreException in project serverless by bluenimble.
the class SpaceKeyStoreImpl method create.
@Override
public List<KeyPair> create(int pack, final Date expiryDate, final Map<String, Object> properties) throws SpaceKeyStoreException {
if (pack < 1) {
return null;
}
List<KeyPair> keys = null;
try {
keys = new ArrayList<KeyPair>();
for (int i = 0; i < pack; i++) {
final String[] aKeys = Lang.keys();
KeyPair skp = new KeyPair() {
private static final long serialVersionUID = -1855450550265796892L;
@Override
public String accessKey() {
return aKeys[0];
}
@Override
public String secretKey() {
return aKeys[1];
}
@Override
public Date expiryDate() {
return expiryDate;
}
@Override
public Iterator<String> properties() {
if (properties == null) {
return null;
}
return properties.keySet().iterator();
}
@Override
public Object property(String name) {
if (properties == null) {
return null;
}
return properties.get(name);
}
@Override
public JsonObject toJson() {
JsonObject out = new JsonObject();
out.set(KeyPair.Fields.AccessKey, accessKey()).set(KeyPair.Fields.SecretKey, secretKey());
if (expiryDate() != null) {
out.set(KeyPair.Fields.ExpiryDate, Lang.toUTC(expiryDate()));
}
if (properties != null) {
out.set(KeyPair.Fields.Properties, properties);
}
return out;
}
@Override
public String toString() {
return toJson().toString();
}
};
put(skp);
keys.add(skp);
}
} catch (Exception ex) {
throw new SpaceKeyStoreException(ex.getMessage(), ex);
}
return keys;
}
Also used :
KeyPair(com.bluenimble.platform.security.KeyPair)
SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException)
JsonObject(com.bluenimble.platform.json.JsonObject)
SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException)
Example 3 with SpaceKeyStoreException
use of com.bluenimble.platform.security.SpaceKeyStoreException in project serverless by bluenimble.
the class CreateKeysSpi method execute.
@Override
public ApiOutput execute(Api api, ApiConsumer consumer, ApiRequest request, ApiResponse response) throws ApiServiceExecutionException {
JsonObject payload = (JsonObject) request.get(ApiRequest.Payload);
Role cRole = Role.valueOf((String) consumer.get(CommonSpec.Role));
Role role = Role.SUPER.equals(cRole) ? Role.ADMIN : Role.DEVELOPER;
String sRole = Json.getString(payload, CommonSpec.Role);
if (!Lang.isNullOrEmpty(sRole)) {
try {
role = Role.valueOf(sRole.trim().toUpperCase());
} catch (Exception ex) {
// undefined role
}
}
if (Role.SUPER.equals(cRole) && role.equals(Role.DEVELOPER)) {
throw new ApiServiceExecutionException("super users can't create developer keys").status(ApiResponse.FORBIDDEN);
}
if (Role.ADMIN.equals(cRole) && role.equals(Role.ADMIN)) {
throw new ApiServiceExecutionException("admin users can't create admin keys").status(ApiResponse.FORBIDDEN);
}
ApiSpace space;
if (Role.SUPER.equals(cRole)) {
String spaceNs = Json.getString(payload, Spec.Space);
if (Lang.isNullOrEmpty(spaceNs)) {
throw new ApiServiceExecutionException("no space found in payload").status(ApiResponse.BAD_REQUEST);
}
try {
space = api.space().space(spaceNs);
} catch (ApiAccessDeniedException e) {
throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.FORBIDDEN);
}
} else {
try {
space = MgmUtils.space(consumer, api);
} catch (ApiAccessDeniedException e) {
throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.FORBIDDEN);
}
}
if (space == null) {
throw new ApiServiceExecutionException("target space where to create the keys isn't found").status(ApiResponse.BAD_REQUEST);
}
Map<String, Object> properties = new HashMap<String, Object>();
properties.put(CommonSpec.Role, role.name());
Date expiryDate = null;
if (!Json.isNullOrEmpty(payload)) {
expiryDate = (Date) payload.get(KeyPair.Fields.ExpiryDate);
Iterator<String> props = payload.keys();
while (props.hasNext()) {
String p = props.next();
if (Exclude.contains(p)) {
continue;
}
properties.put(p, payload.get(p));
}
}
List<KeyPair> list = null;
try {
list = space.keystore().create(1, expiryDate, properties);
} catch (SpaceKeyStoreException e) {
throw new ApiServiceExecutionException(e.getMessage(), e).status(ApiResponse.BAD_REQUEST);
}
if (list == null) {
return new JsonApiOutput(null);
}
return new JsonApiOutput(list.get(0).toJson());
}
Also used :
KeyPair(com.bluenimble.platform.security.KeyPair)
HashMap(java.util.HashMap)
JsonObject(com.bluenimble.platform.json.JsonObject)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException)
SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException)
Date(java.util.Date)
Role(com.bluenimble.platform.apis.mgm.Role)
ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException)
ApiSpace(com.bluenimble.platform.api.ApiSpace)
SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException)
ApiServiceExecutionException(com.bluenimble.platform.api.ApiServiceExecutionException)
JsonObject(com.bluenimble.platform.json.JsonObject)
JsonApiOutput(com.bluenimble.platform.api.impls.JsonApiOutput)
Example 4 with SpaceKeyStoreException
use of com.bluenimble.platform.security.SpaceKeyStoreException in project serverless by bluenimble.
the class KeyStoreAwareApiSpi method findConsumer.
@Override
public void findConsumer(Api api, ApiService service, ApiRequest request, ApiConsumer consumer) throws ApiAuthenticationException {
String accessKey = (String) consumer.get(ApiConsumer.Fields.AccessKey);
if ("container".equals(request.getChannel())) {
consumer.override((ApiConsumer) request.get(ApiRequest.Consumer));
return;
}
if (!MgmUtils.isSecure(service)) {
if (root.accessKey().equals(accessKey)) {
consumer.set(ApiConsumer.Fields.SecretKey, root.secretKey());
consumer.set(ApiConsumer.Fields.ExpiryDate, root.expiryDate());
consumer.set(CommonSpec.Role, Role.SUPER.name());
}
return;
}
if (!consumer.type().equals(Type.Signature)) {
throw new ApiAuthenticationException("unsupported authentication scheme");
}
JsonArray roles = Json.getArray(service.getSecurity(), ApiService.Spec.Security.Roles);
if (root.accessKey().equals(accessKey)) {
if (roles == null || roles.isEmpty() || !roles.contains(Role.SUPER.name().toLowerCase())) {
throw new ApiAuthenticationException("insuffisant permissions");
}
consumer.set(ApiConsumer.Fields.SecretKey, root.secretKey());
consumer.set(ApiConsumer.Fields.ExpiryDate, root.expiryDate());
consumer.set(CommonSpec.Role, Role.SUPER.name());
} else {
int indexOfDot = accessKey.indexOf(Lang.DOT);
if (indexOfDot <= 0) {
throw new ApiAuthenticationException("invalid accessKey");
}
String consumerSpaceNs = accessKey.substring(0, indexOfDot);
accessKey = accessKey.substring(indexOfDot + 1);
ApiSpace consumerSpace;
try {
consumerSpace = api.space().space(consumerSpaceNs);
} catch (ApiAccessDeniedException e) {
throw new ApiAuthenticationException("instance manager can't access requested space");
}
KeyPair skp;
try {
skp = consumerSpace.keystore().get(accessKey, true);
} catch (SpaceKeyStoreException e) {
throw new ApiAuthenticationException("instance manager can't access space keystore");
}
if (skp == null) {
throw new ApiAuthenticationException("accessKey " + accessKey + " not found");
}
String role = (String) skp.property(CommonSpec.Role);
if (Lang.isNullOrEmpty(role)) {
throw new ApiAuthenticationException("no role defined for consumer");
}
if (roles != null && !roles.isEmpty() && !roles.contains(role.toLowerCase())) {
throw new ApiAuthenticationException("insuffisant permissions");
}
consumer.set(ApiConsumer.Fields.Space, consumerSpaceNs);
consumer.set(ApiConsumer.Fields.SecretKey, skp.secretKey());
consumer.set(ApiConsumer.Fields.ExpiryDate, skp.expiryDate());
Iterator<String> props = skp.properties();
if (props != null) {
while (props.hasNext()) {
String p = props.next();
consumer.set(p, skp.property(p));
}
}
}
}
Also used :
JsonArray(com.bluenimble.platform.json.JsonArray)
ApiAccessDeniedException(com.bluenimble.platform.api.ApiAccessDeniedException)
KeyPair(com.bluenimble.platform.security.KeyPair)
ApiSpace(com.bluenimble.platform.api.ApiSpace)
SpaceKeyStoreException(com.bluenimble.platform.security.SpaceKeyStoreException)
ApiAuthenticationException(com.bluenimble.platform.api.security.ApiAuthenticationException)
Aggregations
KeyPair (com.bluenimble.platform.security.KeyPair)4
SpaceKeyStoreException (com.bluenimble.platform.security.SpaceKeyStoreException)4
JsonObject (com.bluenimble.platform.json.JsonObject)3
ApiAccessDeniedException (com.bluenimble.platform.api.ApiAccessDeniedException)2
ApiSpace (com.bluenimble.platform.api.ApiSpace)2
JsonArray (com.bluenimble.platform.json.JsonArray)2
Api (com.bluenimble.platform.api.Api)1
ApiServiceExecutionException (com.bluenimble.platform.api.ApiServiceExecutionException)1
DescribeOption (com.bluenimble.platform.api.DescribeOption)1
JsonApiOutput (com.bluenimble.platform.api.impls.JsonApiOutput)1
ApiAuthenticationException (com.bluenimble.platform.api.security.ApiAuthenticationException)1
Role (com.bluenimble.platform.apis.mgm.Role)1
Date (java.util.Date)1
HashMap (java.util.HashMap)1
