use of org.apache.nifi.registry.security.key.Key in project nifi-registry by apache.
the class DatabaseKeyService method getKey.
@Override
public Key getKey(String id) {
if (id == null) {
throw new IllegalArgumentException("Id cannot be null");
}
Key key = null;
readLock.lock();
try {
final String sql = "SELECT * FROM signing_key WHERE id = ?";
KeyEntity keyEntity;
try {
keyEntity = jdbcTemplate.queryForObject(sql, new KeyEntityRowMapper(), id);
} catch (EmptyResultDataAccessException e) {
keyEntity = null;
}
if (keyEntity != null) {
key = DataModelMapper.map(keyEntity);
} else {
logger.debug("No signing key found with id='" + id + "'");
}
} finally {
readLock.unlock();
}
return key;
}
use of org.apache.nifi.registry.security.key.Key in project nifi-registry by apache.
the class DatabaseKeyService method getOrCreateKey.
@Override
public Key getOrCreateKey(String tenantIdentity) {
if (tenantIdentity == null) {
throw new IllegalArgumentException("Identity cannot be null");
}
Key key;
writeLock.lock();
try {
final String selectSql = "SELECT * FROM signing_key WHERE tenant_identity = ?";
KeyEntity existingKeyEntity;
try {
existingKeyEntity = jdbcTemplate.queryForObject(selectSql, new KeyEntityRowMapper(), tenantIdentity);
} catch (EmptyResultDataAccessException e) {
existingKeyEntity = null;
}
if (existingKeyEntity == null) {
logger.debug("No key found with identity='" + tenantIdentity + "'. Creating new key.");
final KeyEntity newKeyEntity = new KeyEntity();
newKeyEntity.setId(UUID.randomUUID().toString());
newKeyEntity.setTenantIdentity(tenantIdentity);
newKeyEntity.setKeyValue(UUID.randomUUID().toString());
final String insertSql = "INSERT INTO signing_key (ID, TENANT_IDENTITY, KEY_VALUE) VALUES (?, ?, ?)";
jdbcTemplate.update(insertSql, newKeyEntity.getId(), newKeyEntity.getTenantIdentity(), newKeyEntity.getKeyValue());
key = DataModelMapper.map(newKeyEntity);
} else {
key = DataModelMapper.map(existingKeyEntity);
}
} finally {
writeLock.unlock();
}
return key;
}
use of org.apache.nifi.registry.security.key.Key in project nifi-registry by apache.
the class TestDatabaseKeyService method testDeleteKeyWhenExists.
@Test
public void testDeleteKeyWhenExists() {
final Key existingKey = keyService.getKey("1");
assertNotNull(existingKey);
keyService.deleteKey(existingKey.getIdentity());
final Key deletedKey = keyService.getKey("1");
assertNull(deletedKey);
}
use of org.apache.nifi.registry.security.key.Key in project nifi-registry by apache.
the class TestDatabaseKeyService method testGetKeyByIdWhenDoesNotExist.
@Test
public void testGetKeyByIdWhenDoesNotExist() {
final Key existingKey = keyService.getKey("2");
assertNull(existingKey);
}
use of org.apache.nifi.registry.security.key.Key in project nifi-registry by apache.
the class JwtService method parseTokenFromBase64EncodedString.
private Jws<Claims> parseTokenFromBase64EncodedString(final String base64EncodedToken) throws JwtException {
try {
return Jwts.parser().setSigningKeyResolver(new SigningKeyResolverAdapter() {
@Override
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
final String identity = claims.getSubject();
// Get the key based on the key id in the claims
final String keyId = claims.get(KEY_ID_CLAIM, String.class);
final Key key = keyService.getKey(keyId);
// Ensure we were able to find a key that was previously issued by this key service for this user
if (key == null || key.getKey() == null) {
throw new UnsupportedJwtException("Unable to determine signing key for " + identity + " [kid: " + keyId + "]");
}
return key.getKey().getBytes(StandardCharsets.UTF_8);
}
}).parseClaimsJws(base64EncodedToken);
} catch (final MalformedJwtException | UnsupportedJwtException | SignatureException | ExpiredJwtException | IllegalArgumentException e) {
// TODO: Exercise all exceptions to ensure none leak key material to logs
final String errorMessage = "Unable to validate the access token.";
throw new JwtException(errorMessage, e);
}
}
Aggregations