Search in sources :

Example 1 with SymmetricEncryptionDescriptor

use of io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor in project hopsworks by logicalclocks.

the class SecretsController method encryptSecret.

/**
 * Encrypts a Secret.
 *
 * @param secret
 * @return Encrypted secret along with cryptographic primitives. The structure is the following:
 * Salt(64 bytes), InitializationVector(12 bytes), EncryptedPayload
 * @throws IOException
 * @throws GeneralSecurityException
 */
public byte[] encryptSecret(String secret) throws IOException, GeneralSecurityException {
    String password = certificatesMgmService.getMasterEncryptionPassword();
    SymmetricEncryptionDescriptor descriptor = new SymmetricEncryptionDescriptor.Builder().setInput(string2bytes(secret)).setPassword(password).build();
    descriptor = symmetricEncryptionService.encrypt(descriptor);
    return symmetricEncryptionService.mergePayloadWithCryptoPrimitives(descriptor.getSalt(), descriptor.getIv(), descriptor.getOutput());
}
Also used : SymmetricEncryptionDescriptor(io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor)

Example 2 with SymmetricEncryptionDescriptor

use of io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor in project hopsworks by logicalclocks.

the class SecretsPasswordHandler method perform.

@Override
public MasterPasswordChangeResult perform(String oldPassword, String newPassword) {
    Map<SecretId, byte[]> secrets2Rollback = new HashMap<>();
    StringBuilder successLog = new StringBuilder();
    successLog.append("Performing change of master password for Secrets\n");
    SecretId secretId;
    Secret newSecret;
    SymmetricEncryptionDescriptor inDescriptor;
    SymmetricEncryptionDescriptor outDescriptor;
    try {
        LOGGER.log(Level.INFO, "Updating Secrets with new Hopsworks master encryption password");
        List<Secret> cipheredSecrets = secretsController.getAllCiphered();
        for (Secret cipheredSecret : cipheredSecrets) {
            secretId = cipheredSecret.getId();
            secrets2Rollback.put(secretId, cipheredSecret.getSecret());
            // First decrypt with the old password
            byte[][] cryptoPrimitives = symmetricEncryptionService.splitPayloadFromCryptoPrimitives(cipheredSecret.getSecret());
            inDescriptor = new SymmetricEncryptionDescriptor.Builder().setPassword(oldPassword).setSalt(cryptoPrimitives[0]).setIV(cryptoPrimitives[1]).setInput(cryptoPrimitives[2]).build();
            outDescriptor = symmetricEncryptionService.decrypt(inDescriptor);
            inDescriptor.clearPassword();
            // Then encrypt plaintext secret with the new password
            inDescriptor = new SymmetricEncryptionDescriptor.Builder().setInput(outDescriptor.getOutput()).setPassword(newPassword).build();
            outDescriptor = symmetricEncryptionService.encrypt(inDescriptor);
            inDescriptor.clearPassword();
            byte[] newCipheredSecret = symmetricEncryptionService.mergePayloadWithCryptoPrimitives(outDescriptor.getSalt(), outDescriptor.getIv(), outDescriptor.getOutput());
            // Store new API key
            newSecret = new Secret(secretId, newCipheredSecret, cipheredSecret.getAddedOn());
            newSecret.setVisibilityType(cipheredSecret.getVisibilityType());
            if (cipheredSecret.getProjectIdScope() != null) {
                newSecret.setProjectIdScope(cipheredSecret.getProjectIdScope());
            }
            secretsFacade.update(newSecret);
            successLog.append("Updated Secret <").append(newSecret.getId().getUid()).append(",").append(newSecret.getId().getName()).append(">\n");
        }
        return new MasterPasswordChangeResult<>(successLog, secrets2Rollback, null);
    } catch (Exception ex) {
        String errorMsg = "Error while updating master encryption password for Secrets";
        LOGGER.log(Level.SEVERE, errorMsg, ex);
        return new MasterPasswordChangeResult<>(secrets2Rollback, new EncryptionMasterPasswordException(errorMsg, ex));
    }
}
Also used : SymmetricEncryptionDescriptor(io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor) HashMap(java.util.HashMap) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException) Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) MasterPasswordChangeResult(io.hops.hopsworks.common.security.MasterPasswordChangeResult) SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)

Example 3 with SymmetricEncryptionDescriptor

use of io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor in project hopsworks by logicalclocks.

the class SecretsController method decrypt.

/**
 * Decrypts an encrypted Secret
 *
 * @param user
 * @param ciphered
 * @return
 * @throws IOException
 * @throws GeneralSecurityException
 */
private SecretPlaintext decrypt(Users user, Secret ciphered) throws IOException, GeneralSecurityException {
    String password = certificatesMgmService.getMasterEncryptionPassword();
    // [salt(64),iv(12),payload)]
    byte[][] split = symmetricEncryptionService.splitPayloadFromCryptoPrimitives(ciphered.getSecret());
    SymmetricEncryptionDescriptor descriptor = new SymmetricEncryptionDescriptor.Builder().setPassword(password).setSalt(split[0]).setIV(split[1]).setInput(split[2]).build();
    descriptor = symmetricEncryptionService.decrypt(descriptor);
    byte[] plaintext = descriptor.getOutput();
    return SecretPlaintext.newInstance(user, ciphered.getId().getName(), bytes2string(plaintext), ciphered.getAddedOn(), ciphered.getVisibilityType(), ciphered.getProjectIdScope());
}
Also used : SymmetricEncryptionDescriptor(io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor)

Aggregations

SymmetricEncryptionDescriptor (io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor)3 MasterPasswordChangeResult (io.hops.hopsworks.common.security.MasterPasswordChangeResult)1 EncryptionMasterPasswordException (io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)1 Secret (io.hops.hopsworks.persistence.entity.user.security.secrets.Secret)1 SecretId (io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId)1 HashMap (java.util.HashMap)1