Example 11 with CryptoKey
use of com.fathomdb.crypto.CryptoKey in project platformlayer by platformlayer.
the class JdbcManagedItemRepository method mapToModel.
static <T extends ItemBase> T mapToModel(ProjectId project, ServiceType serviceType, ItemType itemType, ItemEntity entity, JaxbHelper jaxb, SecretProvider secretProvider) throws RepositoryException {
try {
int id = entity.id;
String key = entity.key;
int stateCode = entity.state;
byte[] data = entity.data;
SecretInfo secret = new SecretInfo(entity.secret);
CryptoKey itemSecret = secretProvider.getItemSecret(secret);
if (itemSecret == null) {
throw new RepositoryException("Could not get secret to decrypt item");
}
if (itemSecret instanceof AesCryptoKey) {
log.warn("Legacy AES crypto key on {} {} {} {}", new Object[] { project, serviceType, itemType, entity });
}
secret.unlock(itemSecret);
byte[] plaintext = FathomdbCrypto.decrypt(itemSecret, data);
String xml = new String(plaintext, Charsets.UTF_8);
T model = (T) jaxb.unmarshal(xml);
model.state = ManagedItemState.fromCode(stateCode);
model.secret = secret;
PlatformLayerKey plk = new PlatformLayerKey(null, project, serviceType, itemType, new ManagedItemId(key));
model.setKey(plk);
return model;
} catch (JAXBException e) {
throw new RepositoryException("Error deserializing data", e);
}
}
Also used :
AesCryptoKey(com.fathomdb.crypto.AesCryptoKey)
SecretInfo(org.platformlayer.core.model.SecretInfo)
JAXBException(javax.xml.bind.JAXBException)
CryptoKey(com.fathomdb.crypto.CryptoKey)
AesCryptoKey(com.fathomdb.crypto.AesCryptoKey)
RepositoryException(org.platformlayer.RepositoryException)
PlatformLayerKey(org.platformlayer.core.model.PlatformLayerKey)
ManagedItemId(org.platformlayer.ids.ManagedItemId)
Example 12 with CryptoKey
use of com.fathomdb.crypto.CryptoKey in project platformlayer by platformlayer.
the class JdbcManagedItemRepository method updateManagedItem.
@Override
@JdbcTransaction
public <T extends ItemBase> T updateManagedItem(ProjectId project, T item) throws RepositoryException {
Class<T> itemClass = (Class<T>) item.getClass();
DbHelper db = new DbHelper(itemClass, project);
try {
ManagedItemId itemId = new ManagedItemId(item.getId());
ModelClass<T> modelClass = serviceProviderDirectory.getModelClass(itemClass);
int projectId = db.mapToValue(project);
int modelId = db.mapToValue(modelClass.getItemType());
int serviceId = db.mapToValue(modelClass.getServiceType());
ItemEntity rs = db.queries.findItem(serviceId, modelId, projectId, itemId.getKey());
if (rs == null) {
throw new RepositoryException("Item not found");
}
byte[] secretData = rs.secret;
CryptoKey itemSecret;
if (secretData == null) {
itemSecret = FathomdbCrypto.generateKey();
secretData = itemSecrets.encodeItemSecret(itemSecret);
db.updateSecret(itemId, secretData);
} else {
itemSecret = item.secret.getSecret();
}
byte[] data = serialize(item, itemSecret);
db.updateItem(itemId, data, item.state);
// Note: we can't change tags here (that needs a separate call to updateTags)
SecretProvider secretProvider = SecretProvider.forKey(itemSecret);
boolean fetchTags = true;
return fetchItem(db, modelClass.getServiceType(), modelClass.getItemType(), project, itemId, itemClass, secretProvider, fetchTags);
} catch (SQLException e) {
throw new RepositoryException("Error running query", e);
} finally {
db.close();
}
}
Also used :
SQLException(java.sql.SQLException)
CryptoKey(com.fathomdb.crypto.CryptoKey)
AesCryptoKey(com.fathomdb.crypto.AesCryptoKey)
RepositoryException(org.platformlayer.RepositoryException)
ManagedItemId(org.platformlayer.ids.ManagedItemId)
ModelClass(org.platformlayer.xaas.services.ModelClass)
SecretProvider(org.platformlayer.auth.crypto.SecretProvider)
JdbcTransaction(com.fathomdb.jdbc.JdbcTransaction)
Example 13 with CryptoKey
use of com.fathomdb.crypto.CryptoKey in project platformlayer by platformlayer.
the class KeystoneRepositoryAuthenticator method getUserFromToken.
@Override
public UserEntity getUserFromToken(String userIdString, byte[] tokenSecret) throws AuthenticatorException {
int userId;
try {
userId = Integer.parseInt(userIdString);
} catch (NumberFormatException e) {
throw new AuthenticatorException("Invalid user id", e);
}
if (tokenSecret.length < 1) {
throw new IllegalArgumentException();
}
CryptoKey userSecret = authenticationSecrets.decryptSecretFromToken(tokenSecret);
if (userSecret == null) {
throw new AuthenticatorException("Authentication timed out");
}
UserEntity user;
try {
user = repository.findUserById(userId);
} catch (RepositoryException e) {
throw new AuthenticatorException("Error while authenticating user", e);
}
user.unlock(userSecret);
if (user.isLocked()) {
return null;
}
return user;
}
Also used :
CryptoKey(com.fathomdb.crypto.CryptoKey)
AuthenticatorException(org.platformlayer.auth.AuthenticatorException)
RepositoryException(org.platformlayer.RepositoryException)
UserEntity(org.platformlayer.auth.UserEntity)
Example 14 with CryptoKey
use of com.fathomdb.crypto.CryptoKey in project platformlayer by platformlayer.
the class SecretHelper method getSecret.
// public SecretKey decodeSecret(byte[] encoded) {
// SecretStoreDecoder visitor = new SecretStoreDecoder() {
// @Override
// public void visitAsymetricSystemKey(int keyId, byte[] data) {
// PrivateKey privateKey = keyStore.findPrivateKey(keyId);
// if (privateKey != null) {
// setSecretKey(decryptAsymetricKey(privateKey, data));
// }
// }
//
// @Override
// public void visitUserKey(int userId, byte[] data) {
// SecretKey userKey = keyStore.findUserSecret(userId);
// if (userKey != null) {
// setSecretKey(decryptSymetricKey(userKey, data));
// }
// }
// };
//
// try {
// SecretStore.read(encoded, visitor);
// } catch (IOException e) {
// throw new IllegalArgumentException("Error deserializing secret", e);
// }
//
// SecretKey secretKey = visitor.getSecretKey();
// if (secretKey == null)
// throw new IllegalArgumentException("Cannot decrypt secret");
// return secretKey;
//
// }
// public byte[] decryptSecret(byte[] data, byte[] secret) {
// CryptoKey secretKey = getSecret(secret);
//
// return FathomdbCrypto.decrypt(secretKey, data);
// }
public CryptoKey getSecret(byte[] secret) {
SecretStore secretStore = new SecretStore(secret);
CryptoKey secretKey = null;
for (ProjectAuthorization project : OpsContext.get().getEncryptingProjects()) {
secretKey = secretStore.getSecretFromProject(project);
if (secretKey != null) {
break;
}
}
if (secretKey == null) {
throw new SecurityException();
}
return secretKey;
}
Also used :
CryptoKey(com.fathomdb.crypto.CryptoKey)
ProjectAuthorization(org.platformlayer.model.ProjectAuthorization)
SecretStore(org.platformlayer.auth.crypto.SecretStore)
Example 15 with CryptoKey
use of com.fathomdb.crypto.CryptoKey in project platformlayer by platformlayer.
the class DirectAuthentication method build.
public static DirectAuthentication build(String authKey, String authSecret) {
// TODO: Require SSL??
// long t = Long.parseLong(timestampString);
// long delta = Math.abs(t - System.currentTimeMillis());
// if (delta > MAX_TIMESTAMP_SKEW) {
// // If the times are out of sync, that isn't a secret
// throw new SecurityException("Timestamp skew too large");
// }
ProjectAuthorization project = null;
String projectPrefix = DirectAuthenticationToken.PREFIX;
if (authKey.startsWith(projectPrefix)) {
List<String> projectTokens = Lists.newArrayList(Splitter.on(':').limit(3).split(authKey));
if (projectTokens.size() == 3) {
final String projectKey = projectTokens.get(2);
final int projectId = Integer.parseInt(projectTokens.get(1));
final CryptoKey secret;
try {
secret = FathomdbCrypto.deserializeKey(Base64.decode(authSecret));
} catch (Exception e) {
log.debug("Error while deserializing user provided secret", e);
return null;
}
return build(projectKey, projectId, secret);
}
}
return null;
}
Also used :
ProjectAuthorization(org.platformlayer.model.ProjectAuthorization)
CryptoKey(com.fathomdb.crypto.CryptoKey)
Aggregations
CryptoKey (com.fathomdb.crypto.CryptoKey)18
RepositoryException (org.platformlayer.RepositoryException)8
JdbcTransaction (com.fathomdb.jdbc.JdbcTransaction)6
SQLException (java.sql.SQLException)6
AesCryptoKey (com.fathomdb.crypto.AesCryptoKey)5
SecretStore (org.platformlayer.auth.crypto.SecretStore)4
IOException (java.io.IOException)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
KeyPair (java.security.KeyPair)2
DirectAuthenticationToken (org.platformlayer.auth.DirectAuthenticationToken)2
DirectAuthenticator (org.platformlayer.auth.DirectAuthenticator)2
UserEntity (org.platformlayer.auth.UserEntity)2
Writer (org.platformlayer.auth.crypto.SecretStore.Writer)2
SecretInfo (org.platformlayer.core.model.SecretInfo)2
ManagedItemId (org.platformlayer.ids.ManagedItemId)2
ProjectAuthorization (org.platformlayer.model.ProjectAuthorization)2
RoleId (org.platformlayer.model.RoleId)2
CliException (com.fathomdb.cli.CliException)1
PublicKey (java.security.PublicKey)1
Certificate (java.security.cert.Certificate)1
