Search in sources :

Example 1 with Decrypter

use of org.dataportabilityproject.security.Decrypter in project data-transfer-project by google.

the class JobProcessor method processJob.

/**
 * Process our job, whose metadata is available via {@link JobMetadata}.
 */
void processJob() {
    UUID jobId = JobMetadata.getJobId();
    logger.debug("Begin processing jobId: {}", jobId);
    PortabilityJob job = store.findJob(jobId);
    JobAuthorization jobAuthorization = job.jobAuthorization();
    Preconditions.checkState(jobAuthorization.state() == JobAuthorization.State.CREDS_ENCRYPTED);
    try {
        logger.debug("Starting copy job, id: {}, source: {}, destination: {}", jobId, job.exportService(), job.importService());
        // Decrypt the encrypted outer symmetric key, which have been encrypted with our public key
        Decrypter decrypter = DecrypterFactory.create(JobMetadata.getKeyPair().getPrivate());
        byte[] decryptedSymmetricKey = BaseEncoding.base64Url().decode(decrypter.decrypt(jobAuthorization.authSecretKey()));
        SecretKey outerSymmetricKey = symmetricKeyGenerator.parse(decryptedSymmetricKey);
        // Decrypt the doubly encrypted export and import credentials, which have been doubly
        // encrypted with two symmetric keys
        // First decrypt with the outer (secondary) encryption key
        Decrypter outerAuthDataDecrypter = DecrypterFactory.create(outerSymmetricKey);
        String singlyEncryptedExportAuthData = outerAuthDataDecrypter.decrypt(jobAuthorization.encryptedExportAuthData());
        String singlyEncryptedImportAuthData = outerAuthDataDecrypter.decrypt(jobAuthorization.encryptedImportAuthData());
        // Parse the inner (initial) symmetric encryption key that is stored encoded with the
        // jobAuthorization
        byte[] keyBytes = BaseEncoding.base64Url().decode(jobAuthorization.sessionSecretKey());
        SecretKey innerSymmetricKey = symmetricKeyGenerator.parse(keyBytes);
        // Decrypt one more time
        Decrypter innerAuthDataDecrypter = DecrypterFactory.create(innerSymmetricKey);
        String serializedExportAuthData = innerAuthDataDecrypter.decrypt(singlyEncryptedExportAuthData);
        AuthData exportAuthData = deSerialize(serializedExportAuthData);
        String serializedImportAuthData = innerAuthDataDecrypter.decrypt(singlyEncryptedImportAuthData);
        AuthData importAuthData = deSerialize(serializedImportAuthData);
        // Copy the data
        copier.copy(exportAuthData, importAuthData, jobId);
        logger.debug("Finished copy for jobId: " + jobId);
    } catch (IOException e) {
        logger.error("Error processing jobId: " + jobId, e);
    } finally {
        try {
            store.remove(jobId);
            JobMetadata.reset();
        } catch (IOException e) {
            logger.error("Error removing jobId: " + jobId, e);
        }
    }
}
Also used : PortabilityJob(org.dataportabilityproject.spi.cloud.types.PortabilityJob) JobAuthorization(org.dataportabilityproject.spi.cloud.types.JobAuthorization) SecretKey(javax.crypto.SecretKey) AuthData(org.dataportabilityproject.types.transfer.auth.AuthData) Decrypter(org.dataportabilityproject.security.Decrypter) IOException(java.io.IOException) UUID(java.util.UUID)

Aggregations

IOException (java.io.IOException)1 UUID (java.util.UUID)1 SecretKey (javax.crypto.SecretKey)1 Decrypter (org.dataportabilityproject.security.Decrypter)1 JobAuthorization (org.dataportabilityproject.spi.cloud.types.JobAuthorization)1 PortabilityJob (org.dataportabilityproject.spi.cloud.types.PortabilityJob)1 AuthData (org.dataportabilityproject.types.transfer.auth.AuthData)1