Examples with SecretContent keywhiz.api.model.SecretContent used on opensource projects

Example 6 with SecretContent

use of keywhiz.api.model.SecretContent in project keywhiz by square.

the class SecretContentDAO method getSecretContentById.

public Optional<SecretContent> getSecretContentById(long id) {
    SecretsContentRecord r = dslContext.fetchOne(SECRETS_CONTENT, SECRETS_CONTENT.ID.eq(id));
    Optional<SecretContent> result = Optional.ofNullable(r).map(secretContentMapper::map);
    if (result.isEmpty()) {
        return result;
    }
    String rowHmac = rowHmacGenerator.computeRowHmac(SECRETS_CONTENT.getName(), List.of(r.getEncryptedContent(), r.getMetadata(), r.getId()));
    if (!rowHmac.equals(r.getRowHmac())) {
        String errorMessage = String.format("Secret Content HMAC verification failed for secretContent: %d", r.getId());
        if (config.getRowHmacCheck() == RowHmacCheck.DISABLED_BUT_LOG) {
            logger.warn(errorMessage);
        }
        if (config.getRowHmacCheck() == RowHmacCheck.ENFORCED) {
            throw new AssertionError(errorMessage);
        }
    }
    return result;
}

Example 7 with SecretContent

use of keywhiz.api.model.SecretContent in project keywhiz by square.

the class SecretTransformer method transform.

/**
 * Transform DB content to a Secret model.
 * @param seriesAndContent a secret series and secret contents as stored in the database
 * @return the same information restructured as a Secret
 */
public Secret transform(SecretSeriesAndContent seriesAndContent) {
    checkNotNull(seriesAndContent);
    SecretSeries series = seriesAndContent.series();
    SecretContent content = seriesAndContent.content();
    return new Secret(series.id(), series.name(), series.owner(), series.description(), () -> cryptographer.decrypt(content.encryptedContent()), content.hmac(), series.createdAt(), series.createdBy(), series.updatedAt(), series.updatedBy(), content.metadata(), series.type().orElse(null), series.generationOptions(), content.expiry(), series.currentVersion().orElse(null), content.createdAt(), content.createdBy());
}

Example 8 with SecretContent

use of keywhiz.api.model.SecretContent in project keywhiz by square.

the class SecretDAO method getSecrets.

/**
 * @param expireMaxTime the maximum expiration date for secrets to return (exclusive)
 * @param group the group secrets returned must be assigned to
 * @param expireMinTime the minimum expiration date for secrets to return (inclusive)
 * @param minName the minimum name (alphabetically) that will be returned for secrets
 *                expiring on expireMinTime (inclusive)
 * @param limit the maximum number of secrets to return
 *               which to start the list of returned secrets
 * @return list of secrets. can limit/sort by expiry, and for group if given
 */
public ImmutableList<SecretSeriesAndContent> getSecrets(@Nullable Long expireMaxTime, @Nullable Group group, @Nullable Long expireMinTime, @Nullable String minName, @Nullable Integer limit) {
    return dslContext.transactionResult(configuration -> {
        SecretContentDAO secretContentDAO = secretContentDAOFactory.using(configuration);
        SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(configuration);
        ImmutableList.Builder<SecretSeriesAndContent> secretsBuilder = ImmutableList.builder();
        for (SecretSeries series : secretSeriesDAO.getSecretSeries(expireMaxTime, group, expireMinTime, minName, limit)) {
            SecretContent content = secretContentDAO.getSecretContentById(series.currentVersion().get()).get();
            SecretSeriesAndContent seriesAndContent = SecretSeriesAndContent.of(series, content);
            secretsBuilder.add(seriesAndContent);
        }
        return secretsBuilder.build();
    });
}

Example 9 with SecretContent

use of keywhiz.api.model.SecretContent in project keywhiz by square.

the class SecretDAO method getSecretsByName.

/**
 * @param names of secrets series to look up secrets by.
 * @return Secrets matching input parameters.
 */
public List<SecretSeriesAndContent> getSecretsByName(List<String> names) {
    checkArgument(!names.isEmpty());
    SecretContentDAO secretContentDAO = secretContentDAOFactory.using(dslContext.configuration());
    SecretSeriesDAO secretSeriesDAO = secretSeriesDAOFactory.using(dslContext.configuration());
    List<SecretSeries> multipleSeries = secretSeriesDAO.getMultipleSecretSeriesByName(names);
    List<SecretSeriesAndContent> ret = new ArrayList<SecretSeriesAndContent>();
    for (SecretSeries series : multipleSeries) {
        if (series.currentVersion().isPresent()) {
            long secretContentId = series.currentVersion().get();
            Optional<SecretContent> secretContent = secretContentDAO.getSecretContentById(secretContentId);
            if (secretContent.isPresent()) {
                ret.add(SecretSeriesAndContent.of(series, secretContent.get()));
            } else {
                throw new NotFoundException("Secret not found.");
            }
        }
    }
    return ret;
}

Example 10 with SecretContent

use of keywhiz.api.model.SecretContent in project keywhiz by square.

the class AclDAO method getSanitizedSecretsFor.

public ImmutableSet<SanitizedSecret> getSanitizedSecretsFor(Group group) {
    checkNotNull(group);
    ImmutableSet.Builder<SanitizedSecret> set = ImmutableSet.builder();
    return dslContext.transactionResult(configuration -> {
        SecretContentDAO secretContentDAO = secretContentDAOFactory.using(configuration);
        for (SecretSeries series : getSecretSeriesFor(configuration, group)) {
            SecretContent content = secretContentDAO.getSecretContentById(series.currentVersion().get()).get();
            SecretSeriesAndContent seriesAndContent = SecretSeriesAndContent.of(series, content);
            set.add(SanitizedSecret.fromSecretSeriesAndContent(seriesAndContent));
        }
        return set.build();
    });
}