Search in sources :

Example 26 with UserException

use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.

the class SecretsController method validateAndCreateSecret.

/**
 * Validates parameters required to create a secret and creates the secret
 *
 * @param secretId combination of userId and secretName
 * @param user
 * @param secret in plain text
 * @param visibilityType
 * @param projectIdScope
 * @return created secret object
 * @throws UserException
 */
public Secret validateAndCreateSecret(SecretId secretId, Users user, String secret, VisibilityType visibilityType, Integer projectIdScope) throws UserException {
    checkIfUserIsNull(user);
    checkIfNameIsNullOrEmpty(secretId.getName());
    if (Strings.isNullOrEmpty(secretId.getName()) || Strings.isNullOrEmpty(secret)) {
        throw new UserException(RESTCodes.UserErrorCode.SECRET_EMPTY, Level.FINE, "Secret value is either null or empty", "Secret name or value is empty or null");
    }
    try {
        Secret storedSecret = new Secret(secretId, encryptSecret(secret), DateUtils.localDateTime2Date(DateUtils.getNow()));
        storedSecret.setVisibilityType(visibilityType);
        if (visibilityType.equals(VisibilityType.PRIVATE)) {
            // When the user adds secrets without closing the UI modal
            // they might change visibility to Private but a Project from
            // the previous attempt is still selected
            storedSecret.setProjectIdScope(null);
        } else {
            if (projectIdScope == null) {
                throw new UserException(RESTCodes.UserErrorCode.SECRET_EMPTY, Level.FINE, "Secret visibility is PROJECT but there is not Project ID scope", "Project scope for shared secret " + secretId.getName() + " is null");
            }
            if (projectFacade.find(projectIdScope) == null) {
                throw new UserException(RESTCodes.UserErrorCode.SECRET_EMPTY, Level.FINE, "Could not find a project for Project ID scope " + projectIdScope);
            }
            storedSecret.setProjectIdScope(projectIdScope);
        }
        return storedSecret;
    } catch (IOException | GeneralSecurityException ex) {
        throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error encrypting secret", "Could not encrypt Secret " + secretId.getName(), ex);
    }
}
Also used : Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) GeneralSecurityException(java.security.GeneralSecurityException) UserException(io.hops.hopsworks.exceptions.UserException) IOException(java.io.IOException)

Example 27 with UserException

use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.

the class SecretsController method getShared.

/**
 * Gets a decrypted shared secret depending on its Visibility. It will throw an exception
 * if the Visibility was set to PRIVATE or the caller is not member of the Project
 * the Secret is shared with.
 *
 * @param caller The user who requested the Secret
 * @param ownerUser the user owner of the secret
 * @param secretName Identifier of the Secret
 * @return The decrypted Secret
 * @throws UserException
 * @throws ServiceException
 * @throws ProjectException
 */
public SecretPlaintext getShared(Users caller, Users ownerUser, String secretName) throws UserException, ServiceException, ProjectException {
    checkIfUserIsNull(caller);
    checkIfNameIsNullOrEmpty(secretName);
    checkIfUserIsNull(ownerUser);
    Secret storedSecret = secretsFacade.findById(new SecretId(ownerUser.getUid(), secretName));
    checkIfSecretIsNull(storedSecret, secretName, ownerUser);
    if (storedSecret.getVisibilityType() == null || storedSecret.getVisibilityType().equals(VisibilityType.PRIVATE)) {
        throw new UserException(RESTCodes.UserErrorCode.ACCESS_CONTROL, Level.FINE, "Secret is Private", "User " + caller.getUsername() + " requested PRIVATE secret <" + ownerUser.getUid() + ", " + secretName + ">");
    }
    Integer projectId = storedSecret.getProjectIdScope();
    if (projectId == null) {
        throw new ServiceException(RESTCodes.ServiceErrorCode.SERVICE_GENERIC_ERROR, Level.WARNING, "Visibility's Project ID is empty", "Secret " + secretName + " visibility is PROJECT but Project ID is null");
    }
    Project project = projectFacade.find(projectId);
    if (project == null) {
        throw new ProjectException(RESTCodes.ProjectErrorCode.PROJECT_NOT_FOUND, Level.FINE, "Project with ID " + projectId + " does not exist!", "User " + caller.getUsername() + " requested shared Secret " + secretName + " but Project with ID " + projectId + "does not exist");
    }
    // Check if caller is member of the Project
    for (ProjectTeam projectTeam : project.getProjectTeamCollection()) {
        if (caller.getUid().equals(projectTeam.getUser().getUid())) {
            try {
                return decrypt(ownerUser, storedSecret);
            } catch (IOException | GeneralSecurityException ex) {
                throw new UserException(RESTCodes.UserErrorCode.SECRET_ENCRYPTION_ERROR, Level.SEVERE, "Error decrypting Secret", "Could not decrypt Secret " + secretName, ex);
            }
        }
    }
    // Check if caller is a member of some shared project
    throw new UserException(RESTCodes.UserErrorCode.ACCESS_CONTROL, Level.FINE, "Not authorized to access Secret " + secretName, "User " + caller.getUsername() + " tried to access shared Secret " + secretName + " but they are not member of Project " + project.getName());
}
Also used : Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) ProjectException(io.hops.hopsworks.exceptions.ProjectException) Project(io.hops.hopsworks.persistence.entity.project.Project) ProjectTeam(io.hops.hopsworks.persistence.entity.project.team.ProjectTeam) ServiceException(io.hops.hopsworks.exceptions.ServiceException) SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) GeneralSecurityException(java.security.GeneralSecurityException) UserException(io.hops.hopsworks.exceptions.UserException) IOException(java.io.IOException)

Example 28 with UserException

use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.

the class SecretsController method delete.

/**
 * Deletes a Secret associated with a user. It does NOT throw an exception if
 * the secret does not exist
 *
 * @param user The user who owns the key
 * @param secretName The name of the Secret
 * @throws UserException
 */
public void delete(Users user, String secretName) throws UserException {
    checkIfUserIsNull(user);
    checkIfNameIsNullOrEmpty(secretName);
    SecretId secretId = new SecretId(user.getUid(), secretName);
    try {
        secretsFacade.deleteSecret(secretId);
    } catch (EJBException de) {
        Throwable rootCause = getRootCause(de);
        if (rootCause instanceof SQLIntegrityConstraintViolationException) {
            throw new UserException(RESTCodes.UserErrorCode.SECRET_DELETION_FAILED, Level.FINE, "Cannot delete secret. " + "Secret is in use by a connector. Try deleting the connector first. ", rootCause.getMessage());
        } else {
            throw de;
        }
    }
}
Also used : SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) SQLIntegrityConstraintViolationException(java.sql.SQLIntegrityConstraintViolationException) UserException(io.hops.hopsworks.exceptions.UserException) EJBException(javax.ejb.EJBException)

Example 29 with UserException

use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.

the class AuthController method validateOTP.

/**
 * Validate one time password if user is already authenticated
 * @param user
 * @param otpStr
 * @throws UserException
 */
public void validateOTP(Users user, String otpStr) throws UserException {
    int otp;
    try {
        otp = Integer.parseInt(otpStr);
    } catch (NumberFormatException e) {
        throw new UserException(RESTCodes.UserErrorCode.INVALID_OTP, Level.FINE, "OTP not an integer");
    }
    if (user == null) {
        throw new UserException(RESTCodes.UserErrorCode.USER_DOES_NOT_EXIST, Level.FINE, "User not found");
    }
    boolean valid = checkCode(user.getSecret(), otp);
    if (!valid) {
        throw new UserException(RESTCodes.UserErrorCode.INVALID_OTP, Level.FINE);
    }
}
Also used : UserException(io.hops.hopsworks.exceptions.UserException)

Example 30 with UserException

use of io.hops.hopsworks.exceptions.UserException in project hopsworks by logicalclocks.

the class X509Resource method getx509.

@GET
@TransactionAttribute(TransactionAttributeType.NEVER)
@Produces(MediaType.APPLICATION_JSON)
@JWTRequired(acceptedTokens = { Audience.SERVICES, Audience.API }, allowedUserRoles = { "AGENT", "HOPS_ADMIN" })
@ApiOperation(value = "Get keystore, truststore and password of a project user", response = AccessCredentialsDTO.class)
public Response getx509(@QueryParam("username") String projectUsername, @Context SecurityContext sc) throws ProjectException, UserException, HopsSecurityException {
    try {
        String projectName = hdfsUsersController.getProjectName(projectUsername);
        String username = hdfsUsersController.getUserName(projectUsername);
        Project project = projectController.findProjectByName(projectName);
        Users user = userFacade.findByUsername(username);
        if (user == null) {
            throw new UserException(RESTCodes.UserErrorCode.USER_DOES_NOT_EXIST, Level.FINE);
        }
        try {
            AccessCredentialsDTO credentialsDTO = projectController.credentials(project.getId(), user);
            return Response.ok(credentialsDTO).build();
        } catch (DatasetException ex) {
            throw new HopsSecurityException(RESTCodes.SecurityErrorCode.CERTIFICATE_NOT_FOUND, Level.FINE);
        }
    } catch (ArrayIndexOutOfBoundsException ex) {
        throw new UserException(RESTCodes.UserErrorCode.USER_WAS_NOT_FOUND, Level.FINE, "Invalid project user format for username: " + projectUsername);
    }
}
Also used : AccessCredentialsDTO(io.hops.hopsworks.common.project.AccessCredentialsDTO) Project(io.hops.hopsworks.persistence.entity.project.Project) Users(io.hops.hopsworks.persistence.entity.user.Users) UserException(io.hops.hopsworks.exceptions.UserException) DatasetException(io.hops.hopsworks.exceptions.DatasetException) HopsSecurityException(io.hops.hopsworks.exceptions.HopsSecurityException) TransactionAttribute(javax.ejb.TransactionAttribute) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) JWTRequired(io.hops.hopsworks.jwt.annotation.JWTRequired) ApiOperation(io.swagger.annotations.ApiOperation)

Aggregations

UserException (io.hops.hopsworks.exceptions.UserException)77 Users (io.hops.hopsworks.persistence.entity.user.Users)34 HttpServletRequest (javax.servlet.http.HttpServletRequest)16 Produces (javax.ws.rs.Produces)15 Path (javax.ws.rs.Path)12 IOException (java.io.IOException)11 ApiOperation (io.swagger.annotations.ApiOperation)10 ServiceException (io.hops.hopsworks.exceptions.ServiceException)9 MessagingException (javax.mail.MessagingException)9 GET (javax.ws.rs.GET)9 ProjectException (io.hops.hopsworks.exceptions.ProjectException)8 Project (io.hops.hopsworks.persistence.entity.project.Project)8 EJBException (javax.ejb.EJBException)8 FacesContext (javax.faces.context.FacesContext)8 FeaturestoreException (io.hops.hopsworks.exceptions.FeaturestoreException)7 JWTRequired (io.hops.hopsworks.jwt.annotation.JWTRequired)6 BbcGroup (io.hops.hopsworks.persistence.entity.user.BbcGroup)6 Secret (io.hops.hopsworks.persistence.entity.user.security.secrets.Secret)6 HopsSecurityException (io.hops.hopsworks.exceptions.HopsSecurityException)5 KafkaException (io.hops.hopsworks.exceptions.KafkaException)5