Example 21 with SecretSeriesAndContent
use of keywhiz.api.model.SecretSeriesAndContent in project keywhiz by square.
the class SecretResource method backfillHmac.
/**
* Backfill content hmac for this secret.
*/
@Timed
@ExceptionMetered
@Path("{name}/backfill-hmac")
@POST
@Consumes(APPLICATION_JSON)
@Produces(APPLICATION_JSON)
public boolean backfillHmac(@Auth AutomationClient automationClient, @PathParam("name") String name) {
Optional<SecretSeriesAndContent> secret = secretDAO.getSecretByName(name);
if (!secret.isPresent()) {
return false;
}
logger.info("backfill-hmac {}: processing secret", name);
SecretContent secretContent = secret.get().content();
if (!secretContent.hmac().isEmpty()) {
// No need to backfill
return true;
}
String hmac = cryptographer.computeHmac(cryptographer.decrypt(secretContent.encryptedContent()).getBytes(UTF_8), "hmackey");
// We expect only one row to be changed
return secretSeriesDAO.setHmac(secretContent.id(), hmac) == 1;
}
Also used :
SecretContent(keywhiz.api.model.SecretContent)
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
ExceptionMetered(com.codahale.metrics.annotation.ExceptionMetered)
Example 22 with SecretSeriesAndContent
use of keywhiz.api.model.SecretSeriesAndContent in project keywhiz by square.
the class SecretTransformerTest method transformsOwner.
@Test
public void transformsOwner() {
String ownerName = "foo";
SecretSeries series = validSeries().toBuilder().owner(ownerName).build();
SecretContent content = validContent();
SecretSeriesAndContent seriesAndContent = SecretSeriesAndContent.of(series, content);
Secret secret = transformer.transform(seriesAndContent);
assertEquals(ownerName, secret.getOwner());
}
Also used :
Secret(keywhiz.api.model.Secret)
SecretSeries(keywhiz.api.model.SecretSeries)
SecretContent(keywhiz.api.model.SecretContent)
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Test(org.junit.Test)
Example 23 with SecretSeriesAndContent
use of keywhiz.api.model.SecretSeriesAndContent in project keywhiz by square.
the class GroupDAOTest method deleteSetsSecretOwnerToNull.
@Test
public void deleteSetsSecretOwnerToNull() {
String groupName = randomName();
long groupId = groupDAO.createGroup(groupName, "creator", "description", ImmutableMap.of());
long secretId = secretDAO.createSecret(randomName(), groupName, "encryptedSecret", "hmac", "creator", Collections.emptyMap(), 0, "description", null, null);
SecretSeriesAndContent original = secretDAO.getSecretById(secretId).get();
assertEquals(groupName, original.series().owner());
groupDAO.deleteGroup(groupDAO.getGroupById(groupId).get());
SecretSeriesAndContent updated = secretDAO.getSecretById(secretId).get();
assertNull(updated.series().owner());
}
Also used :
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Test(org.junit.Test)
Example 24 with SecretSeriesAndContent
use of keywhiz.api.model.SecretSeriesAndContent in project keywhiz by square.
the class SecretDAOTest method createSecret.
@Test
public void createSecret() {
int secretsBefore = tableSize(SECRETS);
int secretContentsBefore = tableSize(SECRETS_CONTENT);
String name = "newSecret";
String content = "c2VjcmV0MQ==";
String hmac = cryptographer.computeHmac(content.getBytes(UTF_8), "hmackey");
String encryptedContent = cryptographer.encryptionKeyDerivedFrom(name).encrypt(content);
long newId = secretDAO.createSecret(name, null, encryptedContent, hmac, "creator", ImmutableMap.of(), 0, "", null, ImmutableMap.of());
SecretSeriesAndContent newSecret = secretDAO.getSecretById(newId).get();
assertThat(tableSize(SECRETS)).isEqualTo(secretsBefore + 1);
assertThat(tableSize(SECRETS_CONTENT)).isEqualTo(secretContentsBefore + 1);
newSecret = secretDAO.getSecretByName(newSecret.series().name()).get();
assertThat(secretDAO.getSecrets(null, null, null, null, null)).containsOnly(secret1, secret2b, newSecret);
}
Also used :
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Test(org.junit.Test)
Example 25 with SecretSeriesAndContent
use of keywhiz.api.model.SecretSeriesAndContent in project keywhiz by square.
the class SecretDAOTest method createOrUpdateExistingSecretUpdatesOwner.
@Test
public void createOrUpdateExistingSecretUpdatesOwner() {
String ownerName1 = createGroup();
String ownerName2 = createGroup();
String secretName = randomName();
long secretId1 = createOrUpdateSecretWithOwner(secretName, ownerName1);
long secretId2 = createOrUpdateSecretWithOwner(secretName, ownerName2);
assertEquals(secretId1, secretId2);
SecretSeriesAndContent secret = secretDAO.getSecretById(secretId1).get();
assertEquals(ownerName2, secret.series().owner());
}
Also used :
SecretSeriesAndContent(keywhiz.api.model.SecretSeriesAndContent)
Test(org.junit.Test)
Aggregations
SecretSeriesAndContent (keywhiz.api.model.SecretSeriesAndContent)26
Test (org.junit.Test)16
SecretContent (keywhiz.api.model.SecretContent)9
SecretSeries (keywhiz.api.model.SecretSeries)8
ImmutableList (com.google.common.collect.ImmutableList)5
ExceptionMetered (com.codahale.metrics.annotation.ExceptionMetered)3
Timed (com.codahale.metrics.annotation.Timed)3
Consumes (javax.ws.rs.Consumes)3
POST (javax.ws.rs.POST)3
Path (javax.ws.rs.Path)3
NotFoundException (javax.ws.rs.NotFoundException)2
Produces (javax.ws.rs.Produces)2
SanitizedSecret (keywhiz.api.model.SanitizedSecret)2
Secret (keywhiz.api.model.Secret)2
Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1
Preconditions.checkNotNull (com.google.common.base.Preconditions.checkNotNull)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
UTF_8 (java.nio.charset.StandardCharsets.UTF_8)1
ArrayList (java.util.ArrayList)1
