Example 6 with UserKeyPair
use of com.dracoon.sdk.crypto.model.UserKeyPair in project cyberduck by iterate-ch.
the class SDSSession method unlockTripleCryptKeyPair.
protected void unlockTripleCryptKeyPair(final LoginCallback prompt, final UserAccountWrapper user, final UserKeyPair.Version requiredKeyPairVersion) throws BackgroundException {
try {
Credentials deprecatedCredentials = null;
if (this.isNewCryptoAvailable()) {
final List<UserKeyPairContainer> pairs = new UserApi(client).requestUserKeyPairs(StringUtils.EMPTY, null);
if (pairs.size() == 0) {
if (log.isDebugEnabled()) {
log.debug(String.format("No keypair found for user %s", user));
}
return;
}
boolean migrated = false;
for (UserKeyPairContainer pair : pairs) {
if (requiredKeyPairVersion == TripleCryptConverter.toCryptoUserKeyPair(pair).getUserPublicKey().getVersion()) {
migrated = true;
break;
}
}
if (migrated && pairs.size() == 2) {
final UserKeyPairContainer deprecated = new UserApi(client).requestUserKeyPair(StringUtils.EMPTY, UserKeyPair.Version.RSA2048.getValue(), null);
final UserKeyPair keypair = TripleCryptConverter.toCryptoUserKeyPair(deprecated);
if (log.isDebugEnabled()) {
log.debug(String.format("Attempt to unlock deprecated private key %s", keypair.getUserPrivateKey()));
}
deprecatedCredentials = new TripleCryptKeyPair().unlock(prompt, host, keypair);
keyPairDeprecated.set(deprecated);
}
if (!migrated) {
final UserKeyPairContainer deprecated = new UserApi(client).requestUserKeyPair(StringUtils.EMPTY, UserKeyPair.Version.RSA2048.getValue(), null);
final UserKeyPair keypair = TripleCryptConverter.toCryptoUserKeyPair(deprecated);
if (log.isDebugEnabled()) {
log.debug(String.format("Attempt to unlock and migrate deprecated private key %s", keypair.getUserPrivateKey()));
}
deprecatedCredentials = new TripleCryptKeyPair().unlock(prompt, host, keypair);
final UserKeyPair newPair = Crypto.generateUserKeyPair(requiredKeyPairVersion, deprecatedCredentials.getPassword());
final CreateKeyPairRequest request = new CreateKeyPairRequest();
request.setPreviousPrivateKey(deprecated.getPrivateKeyContainer());
final UserKeyPairContainer userKeyPairContainer = TripleCryptConverter.toSwaggerUserKeyPairContainer(newPair);
request.setPrivateKeyContainer(userKeyPairContainer.getPrivateKeyContainer());
request.setPublicKeyContainer(userKeyPairContainer.getPublicKeyContainer());
if (log.isDebugEnabled()) {
log.debug("Create new key pair");
}
new UserApi(client).createAndPreserveUserKeyPair(request, null);
keyPairDeprecated.set(deprecated);
}
}
final UserKeyPairContainer container = new UserApi(client).requestUserKeyPair(StringUtils.EMPTY, requiredKeyPairVersion.getValue(), null);
keyPair.set(container);
final UserKeyPair keypair = TripleCryptConverter.toCryptoUserKeyPair(keyPair.get());
if (deprecatedCredentials != null) {
if (log.isDebugEnabled()) {
log.debug(String.format("Attempt to unlock private key with passphrase from deprecated private key %s", keypair.getUserPrivateKey()));
}
if (Crypto.checkUserKeyPair(keypair, deprecatedCredentials.getPassword())) {
new TripleCryptKeyPair().unlock(prompt, host, keypair, deprecatedCredentials.getPassword());
} else {
new TripleCryptKeyPair().unlock(prompt, host, keypair);
}
} else {
if (log.isDebugEnabled()) {
log.debug(String.format("Attempt to unlock private key %s", keypair.getUserPrivateKey()));
}
new TripleCryptKeyPair().unlock(prompt, host, keypair);
}
} catch (CryptoException e) {
throw new TripleCryptExceptionMappingService().map(e);
} catch (ApiException e) {
log.warn(String.format("Ignore failure unlocking user key pair. %s", new SDSExceptionMappingService(nodeid).map(e)));
} catch (LoginCanceledException e) {
log.warn("Ignore cancel unlocking triple crypt private key pair");
}
}
Also used :
UserKeyPair(com.dracoon.sdk.crypto.model.UserKeyPair)
UserKeyPairContainer(ch.cyberduck.core.sds.io.swagger.client.model.UserKeyPairContainer)
LoginCanceledException(ch.cyberduck.core.exception.LoginCanceledException)
CreateKeyPairRequest(ch.cyberduck.core.sds.io.swagger.client.model.CreateKeyPairRequest)
TripleCryptKeyPair(ch.cyberduck.core.sds.triplecrypt.TripleCryptKeyPair)
TripleCryptExceptionMappingService(ch.cyberduck.core.sds.triplecrypt.TripleCryptExceptionMappingService)
UserApi(ch.cyberduck.core.sds.io.swagger.client.api.UserApi)
CryptoException(com.dracoon.sdk.crypto.error.CryptoException)
ApiException(ch.cyberduck.core.sds.io.swagger.client.ApiException)
Example 7 with UserKeyPair
use of com.dracoon.sdk.crypto.model.UserKeyPair in project cyberduck by iterate-ch.
the class TripleCryptReadFeature method getUserKeyPair.
private UserKeyPair getUserKeyPair(final EncryptedFileKey encFileKey) throws BackgroundException, UnknownVersionException {
final UserKeyPairContainer keyPairContainer = session.getKeyPairForFileKey(encFileKey.getVersion());
final UserKeyPair userKeyPair = TripleCryptConverter.toCryptoUserKeyPair(keyPairContainer);
if (log.isDebugEnabled()) {
log.debug(String.format("Attempt to unlock private key %s", userKeyPair.getUserPrivateKey()));
}
return userKeyPair;
}
Also used :
UserKeyPair(com.dracoon.sdk.crypto.model.UserKeyPair)
UserKeyPairContainer(ch.cyberduck.core.sds.io.swagger.client.model.UserKeyPairContainer)
Example 8 with UserKeyPair
use of com.dracoon.sdk.crypto.model.UserKeyPair in project cyberduck by iterate-ch.
the class SDSMissingFileKeysSchedulerFeatureTest method testFileKeyMigration.
@Test
public void testFileKeyMigration() throws Exception {
final UserApi userApi = new UserApi(session.getClient());
this.removeKeyPairs(userApi);
session.resetUserKeyPairs();
// create legacy and new crypto key pair
final UserKeyPair deprecated = Crypto.generateUserKeyPair(UserKeyPair.Version.RSA2048, "eth[oh8uv4Eesij");
userApi.setUserKeyPair(TripleCryptConverter.toSwaggerUserKeyPairContainer(deprecated), null);
List<UserKeyPairContainer> keyPairs = userApi.requestUserKeyPairs(null, null);
assertEquals(1, keyPairs.size());
final SDSNodeIdProvider nodeid = new SDSNodeIdProvider(session);
final Path room = new SDSDirectoryFeature(session, nodeid).createRoom(new Path(new AlphanumericRandomStringService().random(), EnumSet.of(Path.Type.directory, Path.Type.volume)), true);
final byte[] content = RandomUtils.nextBytes(32769);
final TransferStatus status = new TransferStatus();
status.setLength(content.length);
final Path test = new Path(room, UUID.randomUUID().toString(), EnumSet.of(Path.Type.file));
final SDSEncryptionBulkFeature bulk = new SDSEncryptionBulkFeature(session, nodeid);
bulk.pre(Transfer.Type.upload, Collections.singletonMap(new TransferItem(test), status), new DisabledConnectionCallback());
final TripleCryptWriteFeature writer = new TripleCryptWriteFeature(session, nodeid, new SDSMultipartWriteFeature(session, nodeid));
final StatusOutputStream<Node> out = writer.write(test, status, new DisabledConnectionCallback());
new StreamCopier(status, status).transfer(new ByteArrayInputStream(content), out);
// Start migration
session.unlockTripleCryptKeyPair(new DisabledLoginCallback() {
@Override
public Credentials prompt(final Host bookmark, final String title, final String reason, final LoginOptions options) throws LoginCanceledException {
return new VaultCredentials("eth[oh8uv4Eesij");
}
}, session.userAccount(), UserKeyPair.Version.RSA4096);
keyPairs = userApi.requestUserKeyPairs(null, null);
assertEquals(2, keyPairs.size());
final FileKey key = new NodesApi(session.getClient()).requestUserFileKey(Long.parseLong(test.attributes().getVersionId()), null, null);
final EncryptedFileKey encFileKey = TripleCryptConverter.toCryptoEncryptedFileKey(key);
assertEquals(EncryptedFileKey.Version.RSA2048_AES256GCM, encFileKey.getVersion());
final SDSMissingFileKeysSchedulerFeature background = new SDSMissingFileKeysSchedulerFeature();
final List<UserFileKeySetRequest> processed = background.operate(session, new DisabledPasswordCallback() {
@Override
public Credentials prompt(final Host bookmark, final String title, final String reason, final LoginOptions options) {
return new VaultCredentials("eth[oh8uv4Eesij");
}
}, null);
assertFalse(processed.isEmpty());
boolean found = false;
for (UserFileKeySetRequest p : processed) {
if (p.getFileId().equals(Long.parseLong(test.attributes().getVersionId()))) {
found = true;
break;
}
}
assertTrue(found);
final List<UserFileKeySetRequest> empty = new SDSMissingFileKeysSchedulerFeature().operate(session, new DisabledPasswordCallback() {
@Override
public Credentials prompt(final Host bookmark, final String title, final String reason, final LoginOptions options) {
return new VaultCredentials("eth[oh8uv4Eesij");
}
}, null);
assertTrue(empty.isEmpty());
assertEquals(2, userApi.requestUserKeyPairs(null, null).size());
new SDSDeleteFeature(session, nodeid).delete(Collections.singletonList(room), new DisabledLoginCallback(), new Delete.DisabledCallback());
}
Also used :
Delete(ch.cyberduck.core.features.Delete)
EncryptedFileKey(com.dracoon.sdk.crypto.model.EncryptedFileKey)
Node(ch.cyberduck.core.sds.io.swagger.client.model.Node)
LoginOptions(ch.cyberduck.core.LoginOptions)
NodesApi(ch.cyberduck.core.sds.io.swagger.client.api.NodesApi)
TransferStatus(ch.cyberduck.core.transfer.TransferStatus)
TripleCryptWriteFeature(ch.cyberduck.core.sds.triplecrypt.TripleCryptWriteFeature)
UserApi(ch.cyberduck.core.sds.io.swagger.client.api.UserApi)
UserKeyPair(com.dracoon.sdk.crypto.model.UserKeyPair)
Path(ch.cyberduck.core.Path)
EncryptedFileKey(com.dracoon.sdk.crypto.model.EncryptedFileKey)
FileKey(ch.cyberduck.core.sds.io.swagger.client.model.FileKey)
UserKeyPairContainer(ch.cyberduck.core.sds.io.swagger.client.model.UserKeyPairContainer)
VaultCredentials(ch.cyberduck.core.vault.VaultCredentials)
LoginCanceledException(ch.cyberduck.core.exception.LoginCanceledException)
Host(ch.cyberduck.core.Host)
UserFileKeySetRequest(ch.cyberduck.core.sds.io.swagger.client.model.UserFileKeySetRequest)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DisabledLoginCallback(ch.cyberduck.core.DisabledLoginCallback)
AlphanumericRandomStringService(ch.cyberduck.core.AlphanumericRandomStringService)
TransferItem(ch.cyberduck.core.transfer.TransferItem)
DisabledPasswordCallback(ch.cyberduck.core.DisabledPasswordCallback)
DisabledConnectionCallback(ch.cyberduck.core.DisabledConnectionCallback)
StreamCopier(ch.cyberduck.core.io.StreamCopier)
VaultCredentials(ch.cyberduck.core.vault.VaultCredentials)
Credentials(ch.cyberduck.core.Credentials)
Test(org.junit.Test)
IntegrationTest(ch.cyberduck.test.IntegrationTest)
Example 9 with UserKeyPair
use of com.dracoon.sdk.crypto.model.UserKeyPair in project cyberduck by iterate-ch.
the class SDSSessionTest method testKeyPairMigration.
@Test
public void testKeyPairMigration() throws Exception {
final UserApi userApi = new UserApi(session.getClient());
try {
userApi.removeUserKeyPair(UserKeyPair.Version.RSA2048.getValue(), null);
} catch (ApiException e) {
if (e.getCode() == HttpStatus.SC_NOT_FOUND) {
// ignore
} else {
throw e;
}
}
try {
userApi.removeUserKeyPair(UserKeyPair.Version.RSA4096.getValue(), null);
} catch (ApiException e) {
if (e.getCode() == HttpStatus.SC_NOT_FOUND) {
// ignore
} else {
throw e;
}
}
// create legacy key pair
final UserKeyPair userKeyPair = Crypto.generateUserKeyPair(UserKeyPair.Version.RSA2048, "eth[oh8uv4Eesij");
userApi.setUserKeyPair(TripleCryptConverter.toSwaggerUserKeyPairContainer(userKeyPair), null);
List<UserKeyPairContainer> keyPairs = userApi.requestUserKeyPairs(null, null);
assertEquals(1, keyPairs.size());
// Start migration
session.unlockTripleCryptKeyPair(new DisabledLoginCallback() {
@Override
public Credentials prompt(final Host bookmark, final String title, final String reason, final LoginOptions options) throws LoginCanceledException {
return new VaultCredentials("eth[oh8uv4Eesij");
}
}, session.userAccount(), UserKeyPair.Version.RSA4096);
keyPairs = userApi.requestUserKeyPairs(null, null);
assertEquals(2, keyPairs.size());
assertEquals(UserKeyPair.Version.RSA4096.getValue(), session.keyPair().getPublicKeyContainer().getVersion());
assertEquals(UserKeyPair.Version.RSA2048.getValue(), session.keyPairDeprecated().getPublicKeyContainer().getVersion());
}
Also used :
UserKeyPair(com.dracoon.sdk.crypto.model.UserKeyPair)
UserKeyPairContainer(ch.cyberduck.core.sds.io.swagger.client.model.UserKeyPairContainer)
VaultCredentials(ch.cyberduck.core.vault.VaultCredentials)
LoginCanceledException(ch.cyberduck.core.exception.LoginCanceledException)
UserApi(ch.cyberduck.core.sds.io.swagger.client.api.UserApi)
VaultCredentials(ch.cyberduck.core.vault.VaultCredentials)
ApiException(ch.cyberduck.core.sds.io.swagger.client.ApiException)
Test(org.junit.Test)
IntegrationTest(ch.cyberduck.test.IntegrationTest)
Aggregations
UserKeyPair (com.dracoon.sdk.crypto.model.UserKeyPair)9
UserKeyPairContainer (ch.cyberduck.core.sds.io.swagger.client.model.UserKeyPairContainer)6
ApiException (ch.cyberduck.core.sds.io.swagger.client.ApiException)5
NodesApi (ch.cyberduck.core.sds.io.swagger.client.api.NodesApi)4
CryptoException (com.dracoon.sdk.crypto.error.CryptoException)4
EncryptedFileKey (com.dracoon.sdk.crypto.model.EncryptedFileKey)4
Credentials (ch.cyberduck.core.Credentials)3
DisabledListProgressListener (ch.cyberduck.core.DisabledListProgressListener)3
LoginCanceledException (ch.cyberduck.core.exception.LoginCanceledException)3
UserApi (ch.cyberduck.core.sds.io.swagger.client.api.UserApi)3
FileKey (ch.cyberduck.core.sds.io.swagger.client.model.FileKey)3
TripleCryptExceptionMappingService (ch.cyberduck.core.sds.triplecrypt.TripleCryptExceptionMappingService)3
TripleCryptKeyPair (ch.cyberduck.core.sds.triplecrypt.TripleCryptKeyPair)3
Test (org.junit.Test)3
Host (ch.cyberduck.core.Host)2
LoginOptions (ch.cyberduck.core.LoginOptions)2
UserFileKeySetRequest (ch.cyberduck.core.sds.io.swagger.client.model.UserFileKeySetRequest)2
VaultCredentials (ch.cyberduck.core.vault.VaultCredentials)2
IntegrationTest (ch.cyberduck.test.IntegrationTest)2
PlainFileKey (com.dracoon.sdk.crypto.model.PlainFileKey)2
