Search in sources :

Example 6 with AuthData

use of org.dataportabilityproject.types.transfer.auth.AuthData in project data-transfer-project by google.

the class JobProcessor method processJob.

/**
 * Process our job, whose metadata is available via {@link JobMetadata}.
 */
void processJob() {
    UUID jobId = JobMetadata.getJobId();
    logger.debug("Begin processing jobId: {}", jobId);
    PortabilityJob job = store.findJob(jobId);
    JobAuthorization jobAuthorization = job.jobAuthorization();
    Preconditions.checkState(jobAuthorization.state() == JobAuthorization.State.CREDS_ENCRYPTED);
    try {
        logger.debug("Starting copy job, id: {}, source: {}, destination: {}", jobId, job.exportService(), job.importService());
        // Decrypt the encrypted outer symmetric key, which have been encrypted with our public key
        Decrypter decrypter = DecrypterFactory.create(JobMetadata.getKeyPair().getPrivate());
        byte[] decryptedSymmetricKey = BaseEncoding.base64Url().decode(decrypter.decrypt(jobAuthorization.authSecretKey()));
        SecretKey outerSymmetricKey = symmetricKeyGenerator.parse(decryptedSymmetricKey);
        // Decrypt the doubly encrypted export and import credentials, which have been doubly
        // encrypted with two symmetric keys
        // First decrypt with the outer (secondary) encryption key
        Decrypter outerAuthDataDecrypter = DecrypterFactory.create(outerSymmetricKey);
        String singlyEncryptedExportAuthData = outerAuthDataDecrypter.decrypt(jobAuthorization.encryptedExportAuthData());
        String singlyEncryptedImportAuthData = outerAuthDataDecrypter.decrypt(jobAuthorization.encryptedImportAuthData());
        // Parse the inner (initial) symmetric encryption key that is stored encoded with the
        // jobAuthorization
        byte[] keyBytes = BaseEncoding.base64Url().decode(jobAuthorization.sessionSecretKey());
        SecretKey innerSymmetricKey = symmetricKeyGenerator.parse(keyBytes);
        // Decrypt one more time
        Decrypter innerAuthDataDecrypter = DecrypterFactory.create(innerSymmetricKey);
        String serializedExportAuthData = innerAuthDataDecrypter.decrypt(singlyEncryptedExportAuthData);
        AuthData exportAuthData = deSerialize(serializedExportAuthData);
        String serializedImportAuthData = innerAuthDataDecrypter.decrypt(singlyEncryptedImportAuthData);
        AuthData importAuthData = deSerialize(serializedImportAuthData);
        // Copy the data
        copier.copy(exportAuthData, importAuthData, jobId);
        logger.debug("Finished copy for jobId: " + jobId);
    } catch (IOException e) {
        logger.error("Error processing jobId: " + jobId, e);
    } finally {
        try {
            store.remove(jobId);
            JobMetadata.reset();
        } catch (IOException e) {
            logger.error("Error removing jobId: " + jobId, e);
        }
    }
}
Also used : PortabilityJob(org.dataportabilityproject.spi.cloud.types.PortabilityJob) JobAuthorization(org.dataportabilityproject.spi.cloud.types.JobAuthorization) SecretKey(javax.crypto.SecretKey) AuthData(org.dataportabilityproject.types.transfer.auth.AuthData) Decrypter(org.dataportabilityproject.security.Decrypter) IOException(java.io.IOException) UUID(java.util.UUID)

Aggregations

AuthData (org.dataportabilityproject.types.transfer.auth.AuthData)6 UUID (java.util.UUID)5 IOException (java.io.IOException)4 SecretKey (javax.crypto.SecretKey)4 PortabilityJob (org.dataportabilityproject.spi.cloud.types.PortabilityJob)4 Headers (com.sun.net.httpserver.Headers)3 AuthDataGenerator (org.dataportabilityproject.spi.gateway.auth.AuthDataGenerator)3 AuthMode (org.dataportabilityproject.spi.gateway.auth.AuthServiceProviderRegistry.AuthMode)3 HttpHeaders (com.google.common.net.HttpHeaders)2 Photoset (com.flickr4java.flickr.photosets.Photoset)1 Photosets (com.flickr4java.flickr.photosets.Photosets)1 AuthorizationCodeResponseUrl (com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl)1 HttpCookie (java.net.HttpCookie)1 HttpHeaders (org.apache.http.HttpHeaders)1 Decrypter (org.dataportabilityproject.security.Decrypter)1 JobAuthorization (org.dataportabilityproject.spi.cloud.types.JobAuthorization)1 ContinuationData (org.dataportabilityproject.spi.transfer.types.ContinuationData)1 IdOnlyContainerResource (org.dataportabilityproject.spi.transfer.types.IdOnlyContainerResource)1 IntPaginationToken (org.dataportabilityproject.spi.transfer.types.IntPaginationToken)1 DataTransferResponse (org.dataportabilityproject.types.client.transfer.DataTransferResponse)1