Example 6 with SecretId
use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.
the class SecretsPasswordHandler method rollback.
@Override
@SuppressWarnings("unchecked")
public void rollback(MasterPasswordChangeResult result) {
Map<SecretId, byte[]> secrets2rollback = (HashMap<SecretId, byte[]>) result.getRollbackItems();
LOGGER.log(Level.INFO, "Rolling back Secrets");
Secret secret;
for (Map.Entry<SecretId, byte[]> secret2rollback : secrets2rollback.entrySet()) {
Secret persistedSecret = secretsFacade.findById(secret2rollback.getKey());
if (persistedSecret == null) {
continue;
}
secret = new Secret(secret2rollback.getKey(), secret2rollback.getValue(), persistedSecret.getAddedOn());
secret.setVisibilityType(persistedSecret.getVisibilityType());
if (persistedSecret.getProjectIdScope() != null) {
secret.setProjectIdScope(persistedSecret.getProjectIdScope());
}
secretsFacade.update(secret);
}
}Example 7 with SecretId
use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.
the class SecretsPasswordHandler method perform.
@Override
public MasterPasswordChangeResult perform(String oldPassword, String newPassword) {
Map<SecretId, byte[]> secrets2Rollback = new HashMap<>();
StringBuilder successLog = new StringBuilder();
successLog.append("Performing change of master password for Secrets\n");
SecretId secretId;
Secret newSecret;
SymmetricEncryptionDescriptor inDescriptor;
SymmetricEncryptionDescriptor outDescriptor;
try {
LOGGER.log(Level.INFO, "Updating Secrets with new Hopsworks master encryption password");
List<Secret> cipheredSecrets = secretsController.getAllCiphered();
for (Secret cipheredSecret : cipheredSecrets) {
secretId = cipheredSecret.getId();
secrets2Rollback.put(secretId, cipheredSecret.getSecret());
// First decrypt with the old password
byte[][] cryptoPrimitives = symmetricEncryptionService.splitPayloadFromCryptoPrimitives(cipheredSecret.getSecret());
inDescriptor = new SymmetricEncryptionDescriptor.Builder().setPassword(oldPassword).setSalt(cryptoPrimitives[0]).setIV(cryptoPrimitives[1]).setInput(cryptoPrimitives[2]).build();
outDescriptor = symmetricEncryptionService.decrypt(inDescriptor);
inDescriptor.clearPassword();
// Then encrypt plaintext secret with the new password
inDescriptor = new SymmetricEncryptionDescriptor.Builder().setInput(outDescriptor.getOutput()).setPassword(newPassword).build();
outDescriptor = symmetricEncryptionService.encrypt(inDescriptor);
inDescriptor.clearPassword();
byte[] newCipheredSecret = symmetricEncryptionService.mergePayloadWithCryptoPrimitives(outDescriptor.getSalt(), outDescriptor.getIv(), outDescriptor.getOutput());
// Store new API key
newSecret = new Secret(secretId, newCipheredSecret, cipheredSecret.getAddedOn());
newSecret.setVisibilityType(cipheredSecret.getVisibilityType());
if (cipheredSecret.getProjectIdScope() != null) {
newSecret.setProjectIdScope(cipheredSecret.getProjectIdScope());
}
secretsFacade.update(newSecret);
successLog.append("Updated Secret <").append(newSecret.getId().getUid()).append(",").append(newSecret.getId().getName()).append(">\n");
}
return new MasterPasswordChangeResult<>(successLog, secrets2Rollback, null);
} catch (Exception ex) {
String errorMsg = "Error while updating master encryption password for Secrets";
LOGGER.log(Level.SEVERE, errorMsg, ex);
return new MasterPasswordChangeResult<>(secrets2Rollback, new EncryptionMasterPasswordException(errorMsg, ex));
}
}
Also used :
SymmetricEncryptionDescriptor(io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor)
HashMap(java.util.HashMap)
EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)
Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret)
MasterPasswordChangeResult(io.hops.hopsworks.common.security.MasterPasswordChangeResult)
SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId)
EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)
Example 8 with SecretId
use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.
the class SecretsController method add.
/**
* Adds a new Secret. The secret is encrypted before persisted in the database.
* It throws an exception if a Secret with the same name already exists for the
* same user.
*
* @param user User to add the Secret
* @param secretName Identifier of the secret
* @param secret The secret itself
* @param visibilityType Visibility of a Secret. It can be private or shared among members of a project
* @throws UserException
*/
public Secret add(Users user, String secretName, String secret, VisibilityType visibilityType, Integer projectIdScope) throws UserException {
SecretId secretId = new SecretId(user.getUid(), secretName);
if (secretsFacade.findById(secretId) != null) {
throw new UserException(RESTCodes.UserErrorCode.SECRET_EXISTS, Level.FINE, "Secret already exists", "Secret with name " + secretName + " already exists for user " + user.getUsername());
}
Secret storedSecret = validateAndCreateSecret(secretId, user, secret, visibilityType, projectIdScope);
secretsFacade.persist(storedSecret);
return storedSecret;
}
Also used :
Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret)
SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId)
UserException(io.hops.hopsworks.exceptions.UserException)
Example 9 with SecretId
use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.
the class SecretsController method addOrUpdate.
/**
* Adds a new Secret. The secret is encrypted before persisted in the database.
* If a secret with the same name already exists for the user, it updates it.
*
* @param user
* @param secretName
* @param secretStr
* @param visibilityType
* @param projectIdScope
* @return
*/
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public Secret addOrUpdate(Users user, String secretName, String secretStr, VisibilityType visibilityType, Integer projectIdScope) throws UserException {
SecretId secretId = new SecretId(user.getUid(), secretName);
Secret secret = secretsFacade.findById(secretId);
if (secret != null) {
Secret generatedSecret = validateAndCreateSecret(secretId, user, secretStr, visibilityType, projectIdScope);
secret.setSecret(generatedSecret.getSecret());
secret.setAddedOn(generatedSecret.getAddedOn());
secret.setVisibilityType(generatedSecret.getVisibilityType());
secret.setProjectIdScope(generatedSecret.getProjectIdScope());
} else {
secret = validateAndCreateSecret(secretId, user, secretStr, visibilityType, projectIdScope);
}
secretsFacade.persist(secret);
return secret;
}
Also used :
Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret)
SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId)
TransactionAttribute(javax.ejb.TransactionAttribute)
Aggregations
SecretId (io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId)9
Secret (io.hops.hopsworks.persistence.entity.user.security.secrets.Secret)6
UserException (io.hops.hopsworks.exceptions.UserException)5
ProjectException (io.hops.hopsworks.exceptions.ProjectException)2
Project (io.hops.hopsworks.persistence.entity.project.Project)2
IOException (java.io.IOException)2
GeneralSecurityException (java.security.GeneralSecurityException)2
HashMap (java.util.HashMap)2
MasterPasswordChangeResult (io.hops.hopsworks.common.security.MasterPasswordChangeResult)1
SymmetricEncryptionDescriptor (io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor)1
EncryptionMasterPasswordException (io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)1
ServiceException (io.hops.hopsworks.exceptions.ServiceException)1
ProjectTeam (io.hops.hopsworks.persistence.entity.project.team.ProjectTeam)1
SQLIntegrityConstraintViolationException (java.sql.SQLIntegrityConstraintViolationException)1
Map (java.util.Map)1
EJBException (javax.ejb.EJBException)1
TransactionAttribute (javax.ejb.TransactionAttribute)1
