Examples with EncryptedAuthDataWrapper com.nike.cerberus.domain.EncryptedAuthDataWrapper used on opensource projects

Example 1 with EncryptedAuthDataWrapper

use of com.nike.cerberus.domain.EncryptedAuthDataWrapper in project cerberus by Nike-Inc.

the class AuthenticationService method authenticate.

private EncryptedAuthDataWrapper authenticate(AwsIamKmsAuthRequest credentials, Map<String, String> authPrincipalMetadata) {
    final AwsIamRoleKmsKeyRecord kmsKeyRecord;
    final AwsIamRoleRecord iamRoleRecord;
    try {
        iamRoleRecord = getIamPrincipalRecord(credentials.getIamPrincipalArn());
        kmsKeyRecord = getKmsKeyRecordForIamPrincipal(iamRoleRecord, credentials.getRegion());
    } catch (AmazonServiceException e) {
        if ("InvalidArnException".equals(e.getErrorCode())) {
            String msg = String.format("Failed to lazily provision KMS key for %s in region: %s", credentials.getIamPrincipalArn(), credentials.getRegion());
            throw ApiException.newBuilder().withApiErrors(CustomApiError.createCustomApiError(DefaultApiError.AUTH_IAM_ROLE_REJECTED, msg)).withExceptionCause(e).withExceptionMessage(msg).build();
        }
        throw e;
    }
    AuthTokenResponse authResponse = createToken(iamRoleRecord.getAwsIamRoleArn(), PrincipalType.IAM, authPrincipalMetadata, iamTokenTTL);
    byte[] authResponseJson;
    try {
        authResponseJson = objectMapper.writeValueAsBytes(authResponse);
    } catch (JsonProcessingException e) {
        String msg = "Failed to write IAM role authentication response as JSON for encrypting.";
        throw ApiException.newBuilder().withApiErrors(DefaultApiError.INTERNAL_SERVER_ERROR).withExceptionCause(e).withExceptionMessage(msg).build();
    }
    authResponseJson = validateAuthPayloadSizeAndTruncateIfLargerThanMaxKmsSupportedSize(authResponseJson, authResponse, credentials.getIamPrincipalArn());
    final byte[] encryptedAuthResponse = safeEncryptWithRetry(kmsKeyRecord.getAwsIamRoleId(), credentials.getIamPrincipalArn(), kmsKeyRecord.getId(), kmsKeyRecord.getAwsKmsKeyId(), credentials.getRegion(), authResponseJson);
    EncryptedAuthDataWrapper encryptedAuthDataWrapper = new EncryptedAuthDataWrapper();
    encryptedAuthDataWrapper.setAuthData(Base64.encodeBase64String(encryptedAuthResponse));
    return encryptedAuthDataWrapper;
}

Example 2 with EncryptedAuthDataWrapper

use of com.nike.cerberus.domain.EncryptedAuthDataWrapper in project cerberus by Nike-Inc.

the class AwsIamKmsAuthV1Controller method authenticate.

@RequestMapping(method = POST, consumes = APPLICATION_JSON_VALUE)
public EncryptedAuthDataWrapper authenticate(HttpEntity<String> httpEntity) throws JsonProcessingException {
    var content = httpEntity.getBody();
    if (content == null) {
        throw new RuntimeException("There was an error deserializing the request, the body was null");
    }
    var type = httpEntity.getHeaders().getContentType();
    if (type == null || !type.toString().contains("json")) {
        content = URLDecoder.decode(content, StandardCharsets.UTF_8);
    }
    var request = objectMapper.readValue(content, IamRoleCredentials.class);
    validator.validate(request);
    EncryptedAuthDataWrapper authResponse;
    try {
        authResponse = authenticationService.authenticate(request);
    } catch (ApiException e) {
        auditLoggingFilterDetails.setAction(String.format("Failed to authenticate in region %s, for reason: %s", request.getRegion(), e.getApiErrors().stream().map(ApiError::getMessage).collect(Collectors.joining(","))));
        throw e;
    }
    auditLoggingFilterDetails.setAction(String.format("Successfully authenticated in region %s", request.getRegion()));
    return authResponse;
}

Example 3 with EncryptedAuthDataWrapper

use of com.nike.cerberus.domain.EncryptedAuthDataWrapper in project cerberus by Nike-Inc.

the class AwsIamKmsAuthV2Controller method authenticate.

@RequestMapping(method = POST, consumes = ALL_VALUE)
public EncryptedAuthDataWrapper authenticate(HttpEntity<String> httpEntity) throws JsonProcessingException {
    var content = httpEntity.getBody();
    if (content == null) {
        throw new RuntimeException("There was an error deserializing the request, the body was null");
    }
    var type = httpEntity.getHeaders().getContentType();
    if (type == null || !type.toString().contains("json")) {
        content = URLDecoder.decode(content, StandardCharsets.UTF_8);
    }
    var request = objectMapper.readValue(content, AwsIamKmsAuthRequest.class);
    validator.validate(request);
    EncryptedAuthDataWrapper authResponse;
    try {
        authResponse = authenticationService.authenticate(request);
    } catch (ApiException e) {
        auditLoggingFilterDetails.setAction(String.format("Failed to authenticate in region %s, for reason: %s", request.getRegion(), e.getApiErrors().stream().map(ApiError::getMessage).collect(Collectors.joining(","))));
        throw e;
    }
    auditLoggingFilterDetails.setAction(String.format("Successfully authenticated in region %s", request.getRegion()));
    return authResponse;
}