use of org.dataportabilityproject.security.Decrypter in project data-transfer-project by google.
the class JobProcessor method processJob.
/**
* Process our job, whose metadata is available via {@link JobMetadata}.
*/
void processJob() {
UUID jobId = JobMetadata.getJobId();
logger.debug("Begin processing jobId: {}", jobId);
PortabilityJob job = store.findJob(jobId);
JobAuthorization jobAuthorization = job.jobAuthorization();
Preconditions.checkState(jobAuthorization.state() == JobAuthorization.State.CREDS_ENCRYPTED);
try {
logger.debug("Starting copy job, id: {}, source: {}, destination: {}", jobId, job.exportService(), job.importService());
// Decrypt the encrypted outer symmetric key, which have been encrypted with our public key
Decrypter decrypter = DecrypterFactory.create(JobMetadata.getKeyPair().getPrivate());
byte[] decryptedSymmetricKey = BaseEncoding.base64Url().decode(decrypter.decrypt(jobAuthorization.authSecretKey()));
SecretKey outerSymmetricKey = symmetricKeyGenerator.parse(decryptedSymmetricKey);
// Decrypt the doubly encrypted export and import credentials, which have been doubly
// encrypted with two symmetric keys
// First decrypt with the outer (secondary) encryption key
Decrypter outerAuthDataDecrypter = DecrypterFactory.create(outerSymmetricKey);
String singlyEncryptedExportAuthData = outerAuthDataDecrypter.decrypt(jobAuthorization.encryptedExportAuthData());
String singlyEncryptedImportAuthData = outerAuthDataDecrypter.decrypt(jobAuthorization.encryptedImportAuthData());
// Parse the inner (initial) symmetric encryption key that is stored encoded with the
// jobAuthorization
byte[] keyBytes = BaseEncoding.base64Url().decode(jobAuthorization.sessionSecretKey());
SecretKey innerSymmetricKey = symmetricKeyGenerator.parse(keyBytes);
// Decrypt one more time
Decrypter innerAuthDataDecrypter = DecrypterFactory.create(innerSymmetricKey);
String serializedExportAuthData = innerAuthDataDecrypter.decrypt(singlyEncryptedExportAuthData);
AuthData exportAuthData = deSerialize(serializedExportAuthData);
String serializedImportAuthData = innerAuthDataDecrypter.decrypt(singlyEncryptedImportAuthData);
AuthData importAuthData = deSerialize(serializedImportAuthData);
// Copy the data
copier.copy(exportAuthData, importAuthData, jobId);
logger.debug("Finished copy for jobId: " + jobId);
} catch (IOException e) {
logger.error("Error processing jobId: " + jobId, e);
} finally {
try {
store.remove(jobId);
JobMetadata.reset();
} catch (IOException e) {
logger.error("Error removing jobId: " + jobId, e);
}
}
}
Aggregations