Example 11 with SecureStoreMetadata
use of io.cdap.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.
the class RemoteSecureStore method get.
@Override
public SecureStoreData get(String namespace, String name) throws Exception {
// 1. Get metadata of the secure key
HttpRequest request = remoteClient.requestBuilder(HttpMethod.GET, createPath(namespace, name) + "/metadata").build();
HttpResponse response = remoteClient.execute(request);
handleResponse(response, namespace, name, String.format("Error occurred while getting metadata for key %s:%s", namespace, name));
SecureStoreMetadata metadata = GSON.fromJson(response.getResponseBodyAsString(), SecureStoreMetadata.class);
// 2. Get sensitive data for the secure key
request = remoteClient.requestBuilder(HttpMethod.GET, createPath(namespace, name)).build();
response = remoteClient.execute(request);
handleResponse(response, namespace, name, String.format("Error occurred while getting key %s:%s", namespace, name));
// response is not a json object
byte[] data = response.getResponseBody();
return new SecureStoreData(metadata, data);
}
Also used :
HttpRequest(io.cdap.common.http.HttpRequest)
SecureStoreData(io.cdap.cdap.api.security.store.SecureStoreData)
SecureStoreMetadata(io.cdap.cdap.api.security.store.SecureStoreMetadata)
HttpResponse(io.cdap.common.http.HttpResponse)
Example 12 with SecureStoreMetadata
use of io.cdap.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.
the class FileSecureStoreService method deserialize.
private SecureStoreData deserialize(byte[] data) throws IOException {
DataInputStream dis = new DataInputStream(new ByteArrayInputStream(data));
String name = dis.readUTF();
boolean descriptionExists = dis.readBoolean();
String description = descriptionExists ? dis.readUTF() : null;
long lastModified = dis.readLong();
Map<String, String> properties = new HashMap<>();
int len = dis.readInt();
for (int i = 0; i < len; i++) {
properties.put(dis.readUTF(), dis.readUTF());
}
SecureStoreMetadata meta = new SecureStoreMetadata(name, description, lastModified, properties);
byte[] secret = new byte[dis.readInt()];
dis.readFully(secret);
return new SecureStoreData(meta, secret);
}
Also used :
SecureStoreData(io.cdap.cdap.api.security.store.SecureStoreData)
ByteArrayInputStream(java.io.ByteArrayInputStream)
HashMap(java.util.HashMap)
SecureStoreMetadata(io.cdap.cdap.api.security.store.SecureStoreMetadata)
DataInputStream(java.io.DataInputStream)
Example 13 with SecureStoreMetadata
use of io.cdap.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.
the class FileSecureStoreService method put.
/**
* Stores an element in the secure store. If the element already exists, it will get overwritten.
* @param namespace The namespace this key belongs to.
* @param name Name of the element to store.
* @param data The data that needs to be securely stored.
* @param description User provided description of the entry.
* @param properties Metadata associated with the data.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws IOException If there was a problem storing the key to the in memory keystore
* or if there was problem persisting the keystore.
*/
@Override
public void put(String namespace, String name, String data, @Nullable String description, Map<String, String> properties) throws Exception {
checkNamespaceExists(namespace);
String keyName = getKeyName(namespace, name);
SecureStoreMetadata meta = new SecureStoreMetadata(name, description, System.currentTimeMillis(), properties);
SecureStoreData secureStoreData = new SecureStoreData(meta, data.getBytes(Charsets.UTF_8));
writeLock.lock();
try {
keyStore.setKeyEntry(keyName, new SecretKeySpec(serialize(secureStoreData), "none"), password, null);
// Attempt to persist the store.
flush();
LOG.debug(String.format("Successfully stored %s in namespace %s", name, namespace));
} catch (KeyStoreException e) {
// We failed to store the key in the key store. Throw an IOException.
throw new IOException("Failed to store the key. ", e);
} finally {
writeLock.unlock();
}
}
Also used :
SecureStoreData(io.cdap.cdap.api.security.store.SecureStoreData)
SecureStoreMetadata(io.cdap.cdap.api.security.store.SecureStoreMetadata)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
Example 14 with SecureStoreMetadata
use of io.cdap.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.
the class FileSecureStoreServiceTest method verifyList.
private void verifyList(List<SecureStoreMetadata> metadatas, ImmutableMap<String, String> map) {
Assert.assertEquals(metadatas.size(), map.size());
UnmodifiableIterator<Map.Entry<String, String>> iterator = map.entrySet().iterator();
for (SecureStoreMetadata metadata : metadatas) {
Map.Entry<String, String> expected = iterator.next();
Assert.assertEquals(expected.getKey(), metadata.getName());
Assert.assertEquals(expected.getValue(), metadata.getDescription());
}
}
Also used :
SecureStoreMetadata(io.cdap.cdap.api.security.store.SecureStoreMetadata)
HashMap(java.util.HashMap)
Map(java.util.Map)
ImmutableMap(com.google.common.collect.ImmutableMap)
Example 15 with SecureStoreMetadata
use of io.cdap.cdap.api.security.store.SecureStoreMetadata in project cdap by caskdata.
the class RemoteSecureStoreTest method testRemoteSecureStore.
@Test
public void testRemoteSecureStore() throws Exception {
SecureStoreMetadata secureStoreMetadata = new SecureStoreMetadata("key", "description", 1, ImmutableMap.of("prop1", "value1"));
SecureStoreData secureStoreData = new SecureStoreData(secureStoreMetadata, "value".getBytes(StandardCharsets.UTF_8));
// test put and get
remoteSecureStore.put(NAMESPACE1, "key", "value", "description", ImmutableMap.of("prop1", "value1"));
SecureStoreData actual = remoteSecureStore.get(NAMESPACE1, "key");
Assert.assertEquals(secureStoreMetadata.getName(), actual.getMetadata().getName());
Assert.assertArrayEquals(secureStoreData.get(), actual.get());
Assert.assertEquals(secureStoreMetadata.getDescription(), actual.getMetadata().getDescription());
Assert.assertEquals(secureStoreMetadata.getProperties().size(), actual.getMetadata().getProperties().size());
// test list
List<SecureStoreMetadata> secureData = remoteSecureStore.list(NAMESPACE1);
Assert.assertEquals(1, secureData.size());
SecureStoreMetadata metadata = secureData.get(0);
Assert.assertEquals("key", metadata.getName());
Assert.assertEquals("description", metadata.getDescription());
// test delete
remoteSecureStore.delete(NAMESPACE1, "key");
Assert.assertEquals(0, remoteSecureStore.list(NAMESPACE1).size());
}
Also used :
SecureStoreData(io.cdap.cdap.api.security.store.SecureStoreData)
SecureStoreMetadata(io.cdap.cdap.api.security.store.SecureStoreMetadata)
Test(org.junit.Test)
Aggregations
SecureStoreMetadata (io.cdap.cdap.api.security.store.SecureStoreMetadata)20
SecureStoreData (io.cdap.cdap.api.security.store.SecureStoreData)9
Test (org.junit.Test)8
HashMap (java.util.HashMap)5
SecureKeyId (io.cdap.cdap.proto.id.SecureKeyId)4
IOException (java.io.IOException)4
HttpResponse (io.cdap.common.http.HttpResponse)3
ArrayList (java.util.ArrayList)3
NamespaceNotFoundException (io.cdap.cdap.common.NamespaceNotFoundException)2
NotFoundException (io.cdap.cdap.common.NotFoundException)2
SecureKeyCreateRequest (io.cdap.cdap.proto.security.SecureKeyCreateRequest)2
SecretMetadata (io.cdap.cdap.securestore.spi.secret.SecretMetadata)2
KeyStoreException (java.security.KeyStoreException)2
Map (java.util.Map)2
KeyProvider (org.apache.hadoop.crypto.key.KeyProvider)2
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
Predicate (com.google.common.base.Predicate)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
TypeToken (com.google.common.reflect.TypeToken)1
AbstractModule (com.google.inject.AbstractModule)1
