use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.
the class SecretsController method validateAndCreateSecret.
/**
* Validates parameters required to create a secret and creates the secret
*
* @param secretId combination of userId and secretName
* @param user
* @param secret in plain text
* @param visibilityType
* @param projectIdScope
* @return created secret object
* @throws UserException
*/
public Secret validateAndCreateSecret(SecretId secretId, Users user, String secret, VisibilityType visibilityType, Integer projectIdScope) throws UserException {
checkIfUserIsNull(user);
checkIfNameIsNullOrEmpty(secretId.getName());
if (Strings.isNullOrEmpty(secretId.getName()) || Strings.isNullOrEmpty(secret)) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_EMPTY, Level.FINE, "Secret value is either null or empty", "Secret name or value is empty or null");
}
try {
Secret storedSecret = new Secret(secretId, encryptSecret(secret), DateUtils.localDateTime2Date(DateUtils.getNow()));
storedSecret.setVisibilityType(visibilityType);
if (visibilityType.equals(VisibilityType.PRIVATE)) {
// When the user adds secrets without closing the UI modal
// they might change visibility to Private but a Project from
// the previous attempt is still selected
storedSecret.setProjectIdScope(null);
} else {
if (projectIdScope == null) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_EMPTY, Level.FINE, "Secret visibility is PROJECT but there is not Project ID scope", "Project scope for shared secret " + secretId.getName() + " is null");
}
if (projectFacade.find(projectIdScope) == null) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_EMPTY, Level.FINE, "Could not find a project for Project ID scope " + projectIdScope);
}
storedSecret.setProjectIdScope(projectIdScope);
}
return storedSecret;
} catch (IOException | GeneralSecurityException ex) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error encrypting secret", "Could not encrypt Secret " + secretId.getName(), ex);
}
}
use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.
the class SecretsController method getShared.
/**
* Gets a decrypted shared secret depending on its Visibility. It will throw an exception
* if the Visibility was set to PRIVATE or the caller is not member of the Project
* the Secret is shared with.
*
* @param caller The user who requested the Secret
* @param ownerUser the user owner of the secret
* @param secretName Identifier of the Secret
* @return The decrypted Secret
* @throws UserException
* @throws ServiceException
* @throws ProjectException
*/
public SecretPlaintext getShared(Users caller, Users ownerUser, String secretName) throws UserException, ServiceException, ProjectException {
checkIfUserIsNull(caller);
checkIfNameIsNullOrEmpty(secretName);
checkIfUserIsNull(ownerUser);
Secret storedSecret = secretsFacade.findById(new SecretId(ownerUser.getUid(), secretName));
checkIfSecretIsNull(storedSecret, secretName, ownerUser);
if (storedSecret.getVisibilityType() == null || storedSecret.getVisibilityType().equals(VisibilityType.PRIVATE)) {
throw new UserException(RESTCodes.UserErrorCode.ACCESS_CONTROL, Level.FINE, "Secret is Private", "User " + caller.getUsername() + " requested PRIVATE secret <" + ownerUser.getUid() + ", " + secretName + ">");
}
Integer projectId = storedSecret.getProjectIdScope();
if (projectId == null) {
throw new ServiceException(RESTCodes.ServiceErrorCode.SERVICE_GENERIC_ERROR, Level.WARNING, "Visibility's Project ID is empty", "Secret " + secretName + " visibility is PROJECT but Project ID is null");
}
Project project = projectFacade.find(projectId);
if (project == null) {
throw new ProjectException(RESTCodes.ProjectErrorCode.PROJECT_NOT_FOUND, Level.FINE, "Project with ID " + projectId + " does not exist!", "User " + caller.getUsername() + " requested shared Secret " + secretName + " but Project with ID " + projectId + "does not exist");
}
// Check if caller is member of the Project
for (ProjectTeam projectTeam : project.getProjectTeamCollection()) {
if (caller.getUid().equals(projectTeam.getUser().getUid())) {
try {
return decrypt(ownerUser, storedSecret);
} catch (IOException | GeneralSecurityException ex) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error decrypting Secret", "Could not decrypt Secret " + secretName, ex);
}
}
}
// Check if caller is a member of some shared project
throw new UserException(RESTCodes.UserErrorCode.ACCESS_CONTROL, Level.FINE, "Not authorized to access Secret " + secretName, "User " + caller.getUsername() + " tried to access shared Secret " + secretName + " but they are not member of Project " + project.getName());
}
use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.
the class SecretsController method delete.
/**
* Deletes a Secret associated with a user. It does NOT throw an exception if
* the secret does not exist
*
* @param user The user who owns the key
* @param secretName The name of the Secret
* @throws UserException
*/
public void delete(Users user, String secretName) throws UserException {
checkIfUserIsNull(user);
checkIfNameIsNullOrEmpty(secretName);
SecretId secretId = new SecretId(user.getUid(), secretName);
try {
secretsFacade.deleteSecret(secretId);
} catch (EJBException de) {
Throwable rootCause = getRootCause(de);
if (rootCause instanceof SQLIntegrityConstraintViolationException) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_DELETION_FAILED, Level.FINE, "Cannot delete secret. " + "Secret is in use by a connector. Try deleting the connector first. ", rootCause.getMessage());
} else {
throw de;
}
}
}
use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.
the class AuthController method validateOTP.
/**
* Validate one time password if user is already authenticated
* @param user
* @param otpStr
* @throws UserException
*/
public void validateOTP(Users user, String otpStr) throws UserException {
int otp;
try {
otp = Integer.parseInt(otpStr);
} catch (NumberFormatException e) {
throw new UserException(RESTCodes.UserErrorCode.INVALID_OTP, Level.FINE, "OTP not an integer");
}
if (user == null) {
throw new UserException(RESTCodes.UserErrorCode.USER_DOES_NOT_EXIST, Level.FINE, "User not found");
}
boolean valid = checkCode(user.getSecret(), otp);
if (!valid) {
throw new UserException(RESTCodes.UserErrorCode.INVALID_OTP, Level.FINE);
}
}
use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.
the class X509Resource method getx509.
@GET
@TransactionAttribute(TransactionAttributeType.NEVER)
@Produces(MediaType.APPLICATION_JSON)
@JWTRequired(acceptedTokens = { Audience.SERVICES, Audience.API }, allowedUserRoles = { "AGENT", "HOPS_ADMIN" })
@ApiOperation(value = "Get keystore, truststore and password of a project user", response = AccessCredentialsDTO.class)
public Response getx509(@QueryParam("username") String projectUsername, @Context SecurityContext sc) throws ProjectException, UserException, HopsSecurityException {
try {
String projectName = hdfsUsersController.getProjectName(projectUsername);
String username = hdfsUsersController.getUserName(projectUsername);
Project project = projectController.findProjectByName(projectName);
Users user = userFacade.findByUsername(username);
if (user == null) {
throw new UserException(RESTCodes.UserErrorCode.USER_DOES_NOT_EXIST, Level.FINE);
}
try {
AccessCredentialsDTO credentialsDTO = projectController.credentials(project.getId(), user);
return Response.ok(credentialsDTO).build();
} catch (DatasetException ex) {
throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CERTIFICATE_NOT_FOUND, Level.FINE);
}
} catch (ArrayIndexOutOfBoundsException ex) {
throw new UserException(RESTCodes.UserErrorCode.USER_WAS_NOT_FOUND, Level.FINE, "Invalid project user format for username: " + projectUsername);
}
}
Aggregations