use of io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor in project hopsworks by logicalclocks.
the class SecretsController method encryptSecret.
/**
* Encrypts a Secret.
*
* @param secret
* @return Encrypted secret along with cryptographic primitives. The structure is the following:
* Salt(64 bytes), InitializationVector(12 bytes), EncryptedPayload
* @throws IOException
* @throws GeneralSecurityException
*/
public byte[] encryptSecret(String secret) throws IOException, GeneralSecurityException {
String password = certificatesMgmService.getMasterEncryptionPassword();
SymmetricEncryptionDescriptor descriptor = new SymmetricEncryptionDescriptor.Builder().setInput(string2bytes(secret)).setPassword(password).build();
descriptor = symmetricEncryptionService.encrypt(descriptor);
return symmetricEncryptionService.mergePayloadWithCryptoPrimitives(descriptor.getSalt(), descriptor.getIv(), descriptor.getOutput());
}
use of io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor in project hopsworks by logicalclocks.
the class SecretsPasswordHandler method perform.
@Override
public MasterPasswordChangeResult perform(String oldPassword, String newPassword) {
Map<SecretId, byte[]> secrets2Rollback = new HashMap<>();
StringBuilder successLog = new StringBuilder();
successLog.append("Performing change of master password for Secrets\n");
SecretId secretId;
Secret newSecret;
SymmetricEncryptionDescriptor inDescriptor;
SymmetricEncryptionDescriptor outDescriptor;
try {
LOGGER.log(Level.INFO, "Updating Secrets with new Hopsworks master encryption password");
List<Secret> cipheredSecrets = secretsController.getAllCiphered();
for (Secret cipheredSecret : cipheredSecrets) {
secretId = cipheredSecret.getId();
secrets2Rollback.put(secretId, cipheredSecret.getSecret());
// First decrypt with the old password
byte[][] cryptoPrimitives = symmetricEncryptionService.splitPayloadFromCryptoPrimitives(cipheredSecret.getSecret());
inDescriptor = new SymmetricEncryptionDescriptor.Builder().setPassword(oldPassword).setSalt(cryptoPrimitives[0]).setIV(cryptoPrimitives[1]).setInput(cryptoPrimitives[2]).build();
outDescriptor = symmetricEncryptionService.decrypt(inDescriptor);
inDescriptor.clearPassword();
// Then encrypt plaintext secret with the new password
inDescriptor = new SymmetricEncryptionDescriptor.Builder().setInput(outDescriptor.getOutput()).setPassword(newPassword).build();
outDescriptor = symmetricEncryptionService.encrypt(inDescriptor);
inDescriptor.clearPassword();
byte[] newCipheredSecret = symmetricEncryptionService.mergePayloadWithCryptoPrimitives(outDescriptor.getSalt(), outDescriptor.getIv(), outDescriptor.getOutput());
// Store new API key
newSecret = new Secret(secretId, newCipheredSecret, cipheredSecret.getAddedOn());
newSecret.setVisibilityType(cipheredSecret.getVisibilityType());
if (cipheredSecret.getProjectIdScope() != null) {
newSecret.setProjectIdScope(cipheredSecret.getProjectIdScope());
}
secretsFacade.update(newSecret);
successLog.append("Updated Secret <").append(newSecret.getId().getUid()).append(",").append(newSecret.getId().getName()).append(">\n");
}
return new MasterPasswordChangeResult<>(successLog, secrets2Rollback, null);
} catch (Exception ex) {
String errorMsg = "Error while updating master encryption password for Secrets";
LOGGER.log(Level.SEVERE, errorMsg, ex);
return new MasterPasswordChangeResult<>(secrets2Rollback, new EncryptionMasterPasswordException(errorMsg, ex));
}
}
use of io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor in project hopsworks by logicalclocks.
the class SecretsController method decrypt.
/**
* Decrypts an encrypted Secret
*
* @param user
* @param ciphered
* @return
* @throws IOException
* @throws GeneralSecurityException
*/
private SecretPlaintext decrypt(Users user, Secret ciphered) throws IOException, GeneralSecurityException {
String password = certificatesMgmService.getMasterEncryptionPassword();
// [salt(64),iv(12),payload)]
byte[][] split = symmetricEncryptionService.splitPayloadFromCryptoPrimitives(ciphered.getSecret());
SymmetricEncryptionDescriptor descriptor = new SymmetricEncryptionDescriptor.Builder().setPassword(password).setSalt(split[0]).setIV(split[1]).setInput(split[2]).build();
descriptor = symmetricEncryptionService.decrypt(descriptor);
byte[] plaintext = descriptor.getOutput();
return SecretPlaintext.newInstance(user, ciphered.getId().getName(), bytes2string(plaintext), ciphered.getAddedOn(), ciphered.getVisibilityType(), ciphered.getProjectIdScope());
}
Aggregations