Example 6 with Key
use of com.macasaet.fernet.Key in project fernet-java8 by l0s.
the class MultiFernetKeyRotator method testSecret.
protected void testSecret(final String secretId, final String clientRequestToken) {
final ByteBuffer currentSecret = getSecretsManager().getSecretVersion(secretId, clientRequestToken);
try {
if (currentSecret.remaining() % fernetKeySize != 0) {
throw new IllegalStateException("There must be a multiple of " + fernetKeySize + " bytes.");
}
// first key will become the staged key
final byte[] signingKey = new byte[16];
currentSecret.get(signingKey);
final byte[] encryptionKey = new byte[16];
currentSecret.get(encryptionKey);
new Key(signingKey, encryptionKey);
wipe(signingKey);
wipe(encryptionKey);
} finally {
wipe(currentSecret);
}
}
Also used :
ByteBuffer(java.nio.ByteBuffer)
Key(com.macasaet.fernet.Key)
Example 7 with Key
use of com.macasaet.fernet.Key in project fernet-java8 by l0s.
the class SecretsManager method putSecretValue.
/**
* Store Fernet keys in the secret. This requires the permission <code>secretsmanager:PutSecretValue</code>
*
* @param secretId
* the ARN of the secret
* @param clientRequestToken
* the secret version identifier
* @param keys
* the keys to store in the secret
* @param stage
* the stage with which to tag the version
*/
public void putSecretValue(final String secretId, final String clientRequestToken, final Collection<? extends Key> keys, final Stage stage) {
final PutSecretValueRequest putSecretValueRequest = new PutSecretValueRequest();
putSecretValueRequest.setSecretId(secretId);
putSecretValueRequest.setClientRequestToken(clientRequestToken);
putSecretValueRequest.setVersionStages(singletonList(stage.getAwsName()));
try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream(32 * keys.size())) {
for (final Key key : keys) {
key.writeTo(outputStream);
}
final ByteBuffer buffer = ByteBuffer.wrap(outputStream.toByteArray());
putSecretValueRequest.setSecretBinary(buffer);
outputStream.reset();
for (int i = keys.size(); --i >= 0; outputStream.write(0)) ;
} catch (final IOException ioe) {
// this really should not happen as I/O is to memory only
throw new IllegalStateException(ioe.getMessage(), ioe);
}
getDelegate().putSecretValue(putSecretValueRequest);
}
Also used :
PutSecretValueRequest(com.amazonaws.services.secretsmanager.model.PutSecretValueRequest)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
ByteBuffer(java.nio.ByteBuffer)
Key(com.macasaet.fernet.Key)
Example 8 with Key
use of com.macasaet.fernet.Key in project fernet-java8 by l0s.
the class CreateMultiKey method main.
public static final void main(final String... arguments) throws Exception {
final SecureRandom random = new SecureRandom();
try (FileOutputStream outputStream = new FileOutputStream("multi-key")) {
for (int i = 3; --i >= 0; ) {
final Key key = Key.generateKey(random);
key.writeTo(outputStream);
}
}
/*
aws secretsmanager create-secret --name multi-fernet-key --secret-binary fileb://multi-key
{
"ARN": "arn:aws:secretsmanager:<region>:<account_id>:secret:multi-fernet-key-<random_value>",
"Name": "multi-fernet-key",
"VersionId": "<uuidv4>"
}
*/
}
Also used :
FileOutputStream(java.io.FileOutputStream)
SecureRandom(java.security.SecureRandom)
Key(com.macasaet.fernet.Key)
Example 9 with Key
use of com.macasaet.fernet.Key in project fernet-java8 by l0s.
the class TokenHeaderUtilityTest method verifyGetAuthorizationTokenIgnoresX.
@Test
public final void verifyGetAuthorizationTokenIgnoresX() {
// given
final Key key = Key.generateKey(random);
final Token token = Token.generate(random, key, "hello");
final ContainerRequest request = mock(ContainerRequest.class);
given(request.getHeaderString("X-Authorization")).willReturn(token.serialise());
// when
final Token result = utility.getAuthorizationToken(request);
// then
assertNull(result);
}
Also used :
Token(com.macasaet.fernet.Token)
ContainerRequest(org.glassfish.jersey.server.ContainerRequest)
Key(com.macasaet.fernet.Key)
Test(org.junit.Test)
Example 10 with Key
use of com.macasaet.fernet.Key in project fernet-java8 by l0s.
the class ProtectedResource method issueToken.
/**
* @param username a valid username
* @param password the password for the user <em>username</em>
* @return a new Fernet token if and only if the credentials are valid
* @throws NotAuthorizedException if invalid credentials are provided
*/
@POST
@Path("token")
public String issueToken(final String username, final String password) {
if ("username".equals(username) && "password".equals(password)) {
// might be nice to have Token.generate(repository, payload)
final Key primaryKey = getKeyRepository().getPrimaryKey();
final Token token = Token.generate(random, primaryKey, username);
return token.serialise();
}
throw new NotAuthorizedException("Bearer realm=\"secrets\"");
}
Also used :
Token(com.macasaet.fernet.Token)
NotAuthorizedException(javax.ws.rs.NotAuthorizedException)
Key(com.macasaet.fernet.Key)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Aggregations
Key (com.macasaet.fernet.Key)23
Test (org.junit.Test)12
Token (com.macasaet.fernet.Token)10
SecureRandom (java.security.SecureRandom)5
NotAuthorizedException (javax.ws.rs.NotAuthorizedException)5
ByteArrayOutputStream (java.io.ByteArrayOutputStream)4
ByteBuffer (java.nio.ByteBuffer)4
ContainerRequest (org.glassfish.jersey.server.ContainerRequest)4
Context (com.amazonaws.services.lambda.runtime.Context)3
DescribeSecretResult (com.amazonaws.services.secretsmanager.model.DescribeSecretResult)3
PutSecretValueRequest (com.amazonaws.services.secretsmanager.model.PutSecretValueRequest)3
InputStream (java.io.InputStream)3
OutputStream (java.io.OutputStream)3
JerseyTest (org.glassfish.jersey.test.JerseyTest)3
StringInputStream (com.amazonaws.util.StringInputStream)2
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2
FileOutputStream (java.io.FileOutputStream)2
Consumes (javax.ws.rs.Consumes)2
POST (javax.ws.rs.POST)2
Path (javax.ws.rs.Path)2
