Search in sources :

Example 16 with CryptoKey

use of com.fathomdb.crypto.CryptoKey in project platformlayer by platformlayer.

the class SecretHelper method getSecret.

// public SecretKey decodeSecret(byte[] encoded) {
// SecretStoreDecoder visitor = new SecretStoreDecoder() {
// @Override
// public void visitAsymetricSystemKey(int keyId, byte[] data) {
// PrivateKey privateKey = keyStore.findPrivateKey(keyId);
// if (privateKey != null) {
// setSecretKey(decryptAsymetricKey(privateKey, data));
// }
// }
//
// @Override
// public void visitUserKey(int userId, byte[] data) {
// SecretKey userKey = keyStore.findUserSecret(userId);
// if (userKey != null) {
// setSecretKey(decryptSymetricKey(userKey, data));
// }
// }
// };
//
// try {
// SecretStore.read(encoded, visitor);
// } catch (IOException e) {
// throw new IllegalArgumentException("Error deserializing secret", e);
// }
//
// SecretKey secretKey = visitor.getSecretKey();
// if (secretKey == null)
// throw new IllegalArgumentException("Cannot decrypt secret");
// return secretKey;
//
// }
// public byte[] decryptSecret(byte[] data, byte[] secret) {
// CryptoKey secretKey = getSecret(secret);
//
// return FathomdbCrypto.decrypt(secretKey, data);
// }
public CryptoKey getSecret(byte[] secret) {
    SecretStore secretStore = new SecretStore(secret);
    CryptoKey secretKey = null;
    for (ProjectAuthorization project : OpsContext.get().getEncryptingProjects()) {
        secretKey = secretStore.getSecretFromProject(project);
        if (secretKey != null) {
            break;
        }
    }
    if (secretKey == null) {
        throw new SecurityException();
    }
    return secretKey;
}
Also used : CryptoKey(com.fathomdb.crypto.CryptoKey) ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) SecretStore(org.platformlayer.auth.crypto.SecretStore)

Example 17 with CryptoKey

use of com.fathomdb.crypto.CryptoKey in project platformlayer by platformlayer.

the class DirectAuthentication method build.

public static DirectAuthentication build(String authKey, String authSecret) {
    // TODO: Require SSL??
    // long t = Long.parseLong(timestampString);
    // long delta = Math.abs(t - System.currentTimeMillis());
    // if (delta > MAX_TIMESTAMP_SKEW) {
    // // If the times are out of sync, that isn't a secret
    // throw new SecurityException("Timestamp skew too large");
    // }
    ProjectAuthorization project = null;
    String projectPrefix = DirectAuthenticationToken.PREFIX;
    if (authKey.startsWith(projectPrefix)) {
        List<String> projectTokens = Lists.newArrayList(Splitter.on(':').limit(3).split(authKey));
        if (projectTokens.size() == 3) {
            final String projectKey = projectTokens.get(2);
            final int projectId = Integer.parseInt(projectTokens.get(1));
            final CryptoKey secret;
            try {
                secret = FathomdbCrypto.deserializeKey(Base64.decode(authSecret));
            } catch (Exception e) {
                log.debug("Error while deserializing user provided secret", e);
                return null;
            }
            return build(projectKey, projectId, secret);
        }
    }
    return null;
}
Also used : ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) CryptoKey(com.fathomdb.crypto.CryptoKey)

Example 18 with CryptoKey

use of com.fathomdb.crypto.CryptoKey in project platformlayer by platformlayer.

the class KeystoneRepositoryAuthenticator method getUserFromToken.

@Override
public UserEntity getUserFromToken(String userIdString, byte[] tokenSecret) throws AuthenticatorException {
    int userId;
    try {
        userId = Integer.parseInt(userIdString);
    } catch (NumberFormatException e) {
        throw new AuthenticatorException("Invalid user id", e);
    }
    if (tokenSecret.length < 1) {
        throw new IllegalArgumentException();
    }
    CryptoKey userSecret = authenticationSecrets.decryptSecretFromToken(tokenSecret);
    if (userSecret == null) {
        throw new AuthenticatorException("Authentication timed out");
    }
    UserEntity user;
    try {
        user = repository.findUserById(userId);
    } catch (RepositoryException e) {
        throw new AuthenticatorException("Error while authenticating user", e);
    }
    user.unlock(userSecret);
    if (user.isLocked()) {
        return null;
    }
    return user;
}
Also used : CryptoKey(com.fathomdb.crypto.CryptoKey) AuthenticatorException(org.platformlayer.auth.AuthenticatorException) RepositoryException(org.platformlayer.RepositoryException) UserEntity(org.platformlayer.auth.UserEntity)

Aggregations

CryptoKey (com.fathomdb.crypto.CryptoKey)18 RepositoryException (org.platformlayer.RepositoryException)8 JdbcTransaction (com.fathomdb.jdbc.JdbcTransaction)6 SQLException (java.sql.SQLException)6 AesCryptoKey (com.fathomdb.crypto.AesCryptoKey)5 SecretStore (org.platformlayer.auth.crypto.SecretStore)4 IOException (java.io.IOException)3 ByteArrayOutputStream (java.io.ByteArrayOutputStream)2 KeyPair (java.security.KeyPair)2 DirectAuthenticationToken (org.platformlayer.auth.DirectAuthenticationToken)2 DirectAuthenticator (org.platformlayer.auth.DirectAuthenticator)2 UserEntity (org.platformlayer.auth.UserEntity)2 Writer (org.platformlayer.auth.crypto.SecretStore.Writer)2 SecretInfo (org.platformlayer.core.model.SecretInfo)2 ManagedItemId (org.platformlayer.ids.ManagedItemId)2 ProjectAuthorization (org.platformlayer.model.ProjectAuthorization)2 RoleId (org.platformlayer.model.RoleId)2 CliException (com.fathomdb.cli.CliException)1 PublicKey (java.security.PublicKey)1 Certificate (java.security.cert.Certificate)1