Search in sources :

Example 6 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsPasswordHandler method rollback.

@Override
@SuppressWarnings("unchecked")
public void rollback(MasterPasswordChangeResult result) {
    Map<SecretId, byte[]> secrets2rollback = (HashMap<SecretId, byte[]>) result.getRollbackItems();
    LOGGER.log(Level.INFO, "Rolling back Secrets");
    Secret secret;
    for (Map.Entry<SecretId, byte[]> secret2rollback : secrets2rollback.entrySet()) {
        Secret persistedSecret = secretsFacade.findById(secret2rollback.getKey());
        if (persistedSecret == null) {
            continue;
        }
        secret = new Secret(secret2rollback.getKey(), secret2rollback.getValue(), persistedSecret.getAddedOn());
        secret.setVisibilityType(persistedSecret.getVisibilityType());
        if (persistedSecret.getProjectIdScope() != null) {
            secret.setProjectIdScope(persistedSecret.getProjectIdScope());
        }
        secretsFacade.update(secret);
    }
}
Also used : Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) HashMap(java.util.HashMap) SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) HashMap(java.util.HashMap) Map(java.util.Map)

Example 7 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsPasswordHandler method perform.

@Override
public MasterPasswordChangeResult perform(String oldPassword, String newPassword) {
    Map<SecretId, byte[]> secrets2Rollback = new HashMap<>();
    StringBuilder successLog = new StringBuilder();
    successLog.append("Performing change of master password for Secrets\n");
    SecretId secretId;
    Secret newSecret;
    SymmetricEncryptionDescriptor inDescriptor;
    SymmetricEncryptionDescriptor outDescriptor;
    try {
        LOGGER.log(Level.INFO, "Updating Secrets with new Hopsworks master encryption password");
        List<Secret> cipheredSecrets = secretsController.getAllCiphered();
        for (Secret cipheredSecret : cipheredSecrets) {
            secretId = cipheredSecret.getId();
            secrets2Rollback.put(secretId, cipheredSecret.getSecret());
            // First decrypt with the old password
            byte[][] cryptoPrimitives = symmetricEncryptionService.splitPayloadFromCryptoPrimitives(cipheredSecret.getSecret());
            inDescriptor = new SymmetricEncryptionDescriptor.Builder().setPassword(oldPassword).setSalt(cryptoPrimitives[0]).setIV(cryptoPrimitives[1]).setInput(cryptoPrimitives[2]).build();
            outDescriptor = symmetricEncryptionService.decrypt(inDescriptor);
            inDescriptor.clearPassword();
            // Then encrypt plaintext secret with the new password
            inDescriptor = new SymmetricEncryptionDescriptor.Builder().setInput(outDescriptor.getOutput()).setPassword(newPassword).build();
            outDescriptor = symmetricEncryptionService.encrypt(inDescriptor);
            inDescriptor.clearPassword();
            byte[] newCipheredSecret = symmetricEncryptionService.mergePayloadWithCryptoPrimitives(outDescriptor.getSalt(), outDescriptor.getIv(), outDescriptor.getOutput());
            // Store new API key
            newSecret = new Secret(secretId, newCipheredSecret, cipheredSecret.getAddedOn());
            newSecret.setVisibilityType(cipheredSecret.getVisibilityType());
            if (cipheredSecret.getProjectIdScope() != null) {
                newSecret.setProjectIdScope(cipheredSecret.getProjectIdScope());
            }
            secretsFacade.update(newSecret);
            successLog.append("Updated Secret <").append(newSecret.getId().getUid()).append(",").append(newSecret.getId().getName()).append(">\n");
        }
        return new MasterPasswordChangeResult<>(successLog, secrets2Rollback, null);
    } catch (Exception ex) {
        String errorMsg = "Error while updating master encryption password for Secrets";
        LOGGER.log(Level.SEVERE, errorMsg, ex);
        return new MasterPasswordChangeResult<>(secrets2Rollback, new EncryptionMasterPasswordException(errorMsg, ex));
    }
}
Also used : SymmetricEncryptionDescriptor(io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor) HashMap(java.util.HashMap) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException) Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) MasterPasswordChangeResult(io.hops.hopsworks.common.security.MasterPasswordChangeResult) SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) EncryptionMasterPasswordException(io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)

Example 8 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsController method add.

/**
 * Adds a new Secret. The secret is encrypted before persisted in the database.
 * It throws an exception if a Secret with the same name already exists for the
 * same user.
 *
 * @param user User to add the Secret
 * @param secretName Identifier of the secret
 * @param secret The secret itself
 * @param visibilityType Visibility of a Secret. It can be private or shared among members of a project
 * @throws UserException
 */
public Secret add(Users user, String secretName, String secret, VisibilityType visibilityType, Integer projectIdScope) throws UserException {
    SecretId secretId = new SecretId(user.getUid(), secretName);
    if (secretsFacade.findById(secretId) != null) {
        throw new UserException(RESTCodes.UserErrorCode.SECRET_EXISTS, Level.FINE, "Secret already exists", "Secret with name " + secretName + " already exists for user " + user.getUsername());
    }
    Secret storedSecret = validateAndCreateSecret(secretId, user, secret, visibilityType, projectIdScope);
    secretsFacade.persist(storedSecret);
    return storedSecret;
}
Also used : Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) UserException(io.hops.hopsworks.exceptions.UserException)

Example 9 with SecretId

use of io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId in project hopsworks by logicalclocks.

the class SecretsController method addOrUpdate.

/**
 * Adds a new Secret. The secret is encrypted before persisted in the database.
 * If a secret with the same name already exists for the user, it updates it.
 *
 * @param user
 * @param secretName
 * @param secretStr
 * @param visibilityType
 * @param projectIdScope
 * @return
 */
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public Secret addOrUpdate(Users user, String secretName, String secretStr, VisibilityType visibilityType, Integer projectIdScope) throws UserException {
    SecretId secretId = new SecretId(user.getUid(), secretName);
    Secret secret = secretsFacade.findById(secretId);
    if (secret != null) {
        Secret generatedSecret = validateAndCreateSecret(secretId, user, secretStr, visibilityType, projectIdScope);
        secret.setSecret(generatedSecret.getSecret());
        secret.setAddedOn(generatedSecret.getAddedOn());
        secret.setVisibilityType(generatedSecret.getVisibilityType());
        secret.setProjectIdScope(generatedSecret.getProjectIdScope());
    } else {
        secret = validateAndCreateSecret(secretId, user, secretStr, visibilityType, projectIdScope);
    }
    secretsFacade.persist(secret);
    return secret;
}
Also used : Secret(io.hops.hopsworks.persistence.entity.user.security.secrets.Secret) SecretId(io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId) TransactionAttribute(javax.ejb.TransactionAttribute)

Aggregations

SecretId (io.hops.hopsworks.persistence.entity.user.security.secrets.SecretId)9 Secret (io.hops.hopsworks.persistence.entity.user.security.secrets.Secret)6 UserException (io.hops.hopsworks.exceptions.UserException)5 ProjectException (io.hops.hopsworks.exceptions.ProjectException)2 Project (io.hops.hopsworks.persistence.entity.project.Project)2 IOException (java.io.IOException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 HashMap (java.util.HashMap)2 MasterPasswordChangeResult (io.hops.hopsworks.common.security.MasterPasswordChangeResult)1 SymmetricEncryptionDescriptor (io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor)1 EncryptionMasterPasswordException (io.hops.hopsworks.exceptions.EncryptionMasterPasswordException)1 ServiceException (io.hops.hopsworks.exceptions.ServiceException)1 ProjectTeam (io.hops.hopsworks.persistence.entity.project.team.ProjectTeam)1 SQLIntegrityConstraintViolationException (java.sql.SQLIntegrityConstraintViolationException)1 Map (java.util.Map)1 EJBException (javax.ejb.EJBException)1 TransactionAttribute (javax.ejb.TransactionAttribute)1