Example 1 with SecretStore
use of org.platformlayer.auth.crypto.SecretStore in project platformlayer by platformlayer.
the class JoinProject method runCommand.
@Override
public Object runCommand() throws RepositoryException, IOException {
UserDatabase userRepository = getContext().getUserRepository();
UserEntity me = getContext().loginDirect();
ProjectEntity project = userRepository.findProjectByKey(projectKey.getKey());
if (project == null) {
throw new CliException("Project not found: " + projectKey.getKey());
}
SecretStore secretStore = new SecretStore(project.secretData);
CryptoKey projectSecret = secretStore.getSecretFromUser(me);
if (projectSecret == null) {
String msg = "Cannot retrieve project secret.";
msg += " Is " + me.key + " a member of " + project.getName() + "?";
throw new CliException(msg);
}
if (Strings.isNullOrEmpty(roleKey)) {
throw new CliException("Role is required");
}
RoleId role = new RoleId(roleKey);
userRepository.addUserToProject(username.getKey(), project.getName(), projectSecret, Collections.singletonList(role));
return project;
}
Also used :
CliException(com.fathomdb.cli.CliException)
ProjectEntity(org.platformlayer.auth.ProjectEntity)
UserDatabase(org.platformlayer.auth.UserDatabase)
CryptoKey(com.fathomdb.crypto.CryptoKey)
SecretStore(org.platformlayer.auth.crypto.SecretStore)
RoleId(org.platformlayer.model.RoleId)
UserEntity(org.platformlayer.auth.UserEntity)
Example 2 with SecretStore
use of org.platformlayer.auth.crypto.SecretStore in project platformlayer by platformlayer.
the class JdbcUserRepository method grantProjectToProject.
@Override
@JdbcTransaction
public void grantProjectToProject(String grantToProjectKey, String onProjectKey, SecretKey onProjectSecret) throws RepositoryException {
DbHelper db = new DbHelper();
try {
ProjectEntity grantToProject = db.findProjectByKey(grantToProjectKey);
if (grantToProject == null) {
throw new RepositoryException("Project not found");
}
ProjectEntity onProject = db.findProjectByKey(onProjectKey);
if (onProject == null) {
throw new RepositoryException("Project not found");
}
byte[] projectSecretData = onProjectSecret.getEncoded();
PublicKey grantToProjectPublicKey = grantToProject.getPublicKey();
byte[] newSecretData;
try {
SecretStore store = new SecretStore(onProject.secretData);
Writer writer = store.buildWriter();
writer.writeAsymetricProjectKey(projectSecretData, grantToProject.id, grantToProjectPublicKey);
writer.close();
store.appendContents(writer);
newSecretData = store.getEncoded();
} catch (IOException e) {
throw new RepositoryException("Error writing secrets", e);
}
db.updateProjectSecret(onProject.id, newSecretData);
// db.insertUserProject(user.id, project.id);
} catch (SQLException e) {
throw new RepositoryException("Error reading groups", e);
} finally {
db.close();
}
}
Also used :
SQLException(java.sql.SQLException)
PublicKey(java.security.PublicKey)
RepositoryException(org.platformlayer.RepositoryException)
IOException(java.io.IOException)
SecretStore(org.platformlayer.auth.crypto.SecretStore)
Writer(org.platformlayer.auth.crypto.SecretStore.Writer)
JdbcTransaction(com.fathomdb.jdbc.JdbcTransaction)
Example 3 with SecretStore
use of org.platformlayer.auth.crypto.SecretStore in project platformlayer by platformlayer.
the class ProjectEntity method unlockWithProject.
public void unlockWithProject(ProjectEntity project) {
SecretStore secretStore = new SecretStore(this.secretData);
this.projectSecret = secretStore.getSecretFromProject(project);
if (this.projectSecret == null) {
throw new SecurityException();
}
}
Also used :
SecretStore(org.platformlayer.auth.crypto.SecretStore)
Example 4 with SecretStore
use of org.platformlayer.auth.crypto.SecretStore in project platformlayer by platformlayer.
the class ProjectEntity method unlockWithUser.
public void unlockWithUser(UserEntity user) {
SecretStore secretStore = new SecretStore(this.secretData);
this.projectSecret = secretStore.getSecretFromUser(user);
if (this.projectSecret == null) {
throw new SecurityException();
}
}
Also used :
SecretStore(org.platformlayer.auth.crypto.SecretStore)
Example 5 with SecretStore
use of org.platformlayer.auth.crypto.SecretStore in project platformlayer by platformlayer.
the class SecretHelper method encodeItemSecret.
// TODO: We need to use the project secret, not the item secret
public byte[] encodeItemSecret(CryptoKey itemSecret) {
try {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
SecretStore.Writer writer = new SecretStore.Writer(baos);
byte[] plaintext = FathomdbCrypto.serialize(itemSecret);
for (int backend : keyStore.getBackends()) {
PublicKey publicKey = keyStore.findPublicKey(backend);
if (publicKey != null) {
writer.writeAsymetricSystemKey(plaintext, backend, publicKey);
} else {
throw new IllegalStateException();
}
}
for (ProjectAuthorization project : OpsContext.get().getEncryptingProjects()) {
if (project.isLocked()) {
throw new IllegalStateException();
// {
// UserInfo user = OpsContext.get().getUserInfo();
// ProjectId projectId = user.getProjectId();
// OpsProject project = userRepository.findProjectByKey(projectId.getKey());
// if (project == null) {
// throw new IllegalStateException("Project not found");
// }
//
// OpsUser opsUser = userRepository.findUser(user.getUserKey());
// if (project == null) {
// throw new IllegalStateException("User not found");
// }
//
// SecretStore secretStore = new SecretStore(project.secretData);
// projectKey = secretStore.getSecretFromUser(opsUser);
//
// project.unlockWithUser(opsUser);
//
// SecretKey projectSecret = project.getProjectSecret();
// }
}
writer.writeLockedByProjectKey(plaintext, project.getId(), project.getProjectSecret());
}
// for (int userId : keyStore.getProjectIds()) {
// SecretKey secretKey = keyStore.findUserSecret(userId);
// if (secretKey != null) {
// writer.writeLockedByUserKey(plaintext, userId, secretKey);
// } else {
// throw new IllegalStateException();
// }
// }
writer.close();
baos.close();
return baos.toByteArray();
} catch (IOException e) {
throw new IllegalStateException("Error serializing key", e);
}
}
Also used :
PublicKey(java.security.PublicKey)
ProjectAuthorization(org.platformlayer.model.ProjectAuthorization)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
SecretStore(org.platformlayer.auth.crypto.SecretStore)
Aggregations
SecretStore (org.platformlayer.auth.crypto.SecretStore)8
IOException (java.io.IOException)3
PublicKey (java.security.PublicKey)3
CryptoKey (com.fathomdb.crypto.CryptoKey)2
JdbcTransaction (com.fathomdb.jdbc.JdbcTransaction)2
SQLException (java.sql.SQLException)2
RepositoryException (org.platformlayer.RepositoryException)2
Writer (org.platformlayer.auth.crypto.SecretStore.Writer)2
ProjectAuthorization (org.platformlayer.model.ProjectAuthorization)2
CliException (com.fathomdb.cli.CliException)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
ProjectEntity (org.platformlayer.auth.ProjectEntity)1
UserDatabase (org.platformlayer.auth.UserDatabase)1
UserEntity (org.platformlayer.auth.UserEntity)1
RoleId (org.platformlayer.model.RoleId)1
