Examples with ProjectAuthorization org.platformlayer.model.ProjectAuthorization used on opensource projects

Search in sources :

Example 6 with ProjectAuthorization

use of org.platformlayer.model.ProjectAuthorization in project platformlayer by platformlayer.

the class SecretHelper method encodeItemSecret.

// TODO: We need to use the project secret, not the item secret
public byte[] encodeItemSecret(CryptoKey itemSecret) {
    try {
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        SecretStore.Writer writer = new SecretStore.Writer(baos);
        byte[] plaintext = FathomdbCrypto.serialize(itemSecret);
        for (int backend : keyStore.getBackends()) {
            PublicKey publicKey = keyStore.findPublicKey(backend);
            if (publicKey != null) {
                writer.writeAsymetricSystemKey(plaintext, backend, publicKey);
            } else {
                throw new IllegalStateException();
            }
        }
        for (ProjectAuthorization project : OpsContext.get().getEncryptingProjects()) {
            if (project.isLocked()) {
                throw new IllegalStateException();
            // {
            // UserInfo user = OpsContext.get().getUserInfo();
            // ProjectId projectId = user.getProjectId();
            // OpsProject project = userRepository.findProjectByKey(projectId.getKey());
            // if (project == null) {
            // throw new IllegalStateException("Project not found");
            // }
            //
            // OpsUser opsUser = userRepository.findUser(user.getUserKey());
            // if (project == null) {
            // throw new IllegalStateException("User not found");
            // }
            //
            // SecretStore secretStore = new SecretStore(project.secretData);
            // projectKey = secretStore.getSecretFromUser(opsUser);
            //
            // project.unlockWithUser(opsUser);
            //
            // SecretKey projectSecret = project.getProjectSecret();
            // }
            }
            writer.writeLockedByProjectKey(plaintext, project.getId(), project.getProjectSecret());
        }
        // for (int userId : keyStore.getProjectIds()) {
        // SecretKey secretKey = keyStore.findUserSecret(userId);
        // if (secretKey != null) {
        // writer.writeLockedByUserKey(plaintext, userId, secretKey);
        // } else {
        // throw new IllegalStateException();
        // }
        // }
        writer.close();
        baos.close();
        return baos.toByteArray();
    } catch (IOException e) {
        throw new IllegalStateException("Error serializing key", e);
    }
}
Also used : PublicKey(java.security.PublicKey) ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) SecretStore(org.platformlayer.auth.crypto.SecretStore)

Example 7 with ProjectAuthorization

use of org.platformlayer.model.ProjectAuthorization in project platformlayer by platformlayer.

the class SecretHelper method getSecret.

// public SecretKey decodeSecret(byte[] encoded) {
// SecretStoreDecoder visitor = new SecretStoreDecoder() {
// @Override
// public void visitAsymetricSystemKey(int keyId, byte[] data) {
// PrivateKey privateKey = keyStore.findPrivateKey(keyId);
// if (privateKey != null) {
// setSecretKey(decryptAsymetricKey(privateKey, data));
// }
// }
//
// @Override
// public void visitUserKey(int userId, byte[] data) {
// SecretKey userKey = keyStore.findUserSecret(userId);
// if (userKey != null) {
// setSecretKey(decryptSymetricKey(userKey, data));
// }
// }
// };
//
// try {
// SecretStore.read(encoded, visitor);
// } catch (IOException e) {
// throw new IllegalArgumentException("Error deserializing secret", e);
// }
//
// SecretKey secretKey = visitor.getSecretKey();
// if (secretKey == null)
// throw new IllegalArgumentException("Cannot decrypt secret");
// return secretKey;
//
// }
// public byte[] decryptSecret(byte[] data, byte[] secret) {
// CryptoKey secretKey = getSecret(secret);
//
// return FathomdbCrypto.decrypt(secretKey, data);
// }
public CryptoKey getSecret(byte[] secret) {
    SecretStore secretStore = new SecretStore(secret);
    CryptoKey secretKey = null;
    for (ProjectAuthorization project : OpsContext.get().getEncryptingProjects()) {
        secretKey = secretStore.getSecretFromProject(project);
        if (secretKey != null) {
            break;
        }
    }
    if (secretKey == null) {
        throw new SecurityException();
    }
    return secretKey;
}
Also used : CryptoKey(com.fathomdb.crypto.CryptoKey) ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) SecretStore(org.platformlayer.auth.crypto.SecretStore)

Example 8 with ProjectAuthorization

use of org.platformlayer.model.ProjectAuthorization in project platformlayer by platformlayer.

the class ProjectContext method getProjectCredentials.

public CertificateAndKey getProjectCredentials() throws OpsException {
    // OK... this is weird... we sign the project cert with the project cert.
    // It sort of makes sense, in that we don't want to share the project signing cert outside the auth server
    ProjectId projectId = getProjectId();
    KeyPair keyPair = privateData.findKeyPair(projectId, null, METADATA_PROJECT_KEY);
    List<X509Certificate> chain = privateData.findCertificate(projectId, null, METADATA_PROJECT_CERT);
    if (keyPair == null) {
        keyPair = RsaUtils.generateRsaKeyPair();
        privateData.putKeyPair(projectId, null, METADATA_PROJECT_KEY, keyPair);
    }
    if (chain == null) {
        AuthenticationTokenValidator authenticationTokenValidator = OpsContext.get().getInjector().getInstance(AuthenticationTokenValidator.class);
        ProjectAuthorization projectAuthorization = Scope.get().get(ProjectAuthorization.class);
        String projectKey = projectAuthorization.getName();
        if (!projectKey.equals(projectId.getKey())) {
            throw new IllegalStateException();
        }
        PlatformLayerAuthAdminClient adminClient = PlatformLayerAuthAdminClient.find(authenticationTokenValidator);
        Csr csr = Csr.buildCsr(keyPair, getX500Principal());
        chain = adminClient.signCsr(projectId.getKey(), projectAuthorization.getProjectSecret(), csr.getEncoded());
        privateData.putCertificate(projectId, null, METADATA_PROJECT_CERT, chain);
    }
    return new SimpleCertificateAndKey(chain, keyPair.getPrivate());
}
Also used : KeyPair(java.security.KeyPair) SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) ProjectId(org.platformlayer.ids.ProjectId) ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator) PlatformLayerAuthAdminClient(org.platformlayer.auth.system.PlatformLayerAuthAdminClient) X509Certificate(java.security.cert.X509Certificate)

Example 9 with ProjectAuthorization

use of org.platformlayer.model.ProjectAuthorization in project platformlayer by platformlayer.

the class DirectAuthentication method build.

public static DirectAuthentication build(String authKey, String authSecret) {
    // TODO: Require SSL??
    // long t = Long.parseLong(timestampString);
    // long delta = Math.abs(t - System.currentTimeMillis());
    // if (delta > MAX_TIMESTAMP_SKEW) {
    // // If the times are out of sync, that isn't a secret
    // throw new SecurityException("Timestamp skew too large");
    // }
    ProjectAuthorization project = null;
    String projectPrefix = DirectAuthenticationToken.PREFIX;
    if (authKey.startsWith(projectPrefix)) {
        List<String> projectTokens = Lists.newArrayList(Splitter.on(':').limit(3).split(authKey));
        if (projectTokens.size() == 3) {
            final String projectKey = projectTokens.get(2);
            final int projectId = Integer.parseInt(projectTokens.get(1));
            final CryptoKey secret;
            try {
                secret = FathomdbCrypto.deserializeKey(Base64.decode(authSecret));
            } catch (Exception e) {
                log.debug("Error while deserializing user provided secret", e);
                return null;
            }
            return build(projectKey, projectId, secret);
        }
    }
    return null;
}
Also used : ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) CryptoKey(com.fathomdb.crypto.CryptoKey)

Example 10 with ProjectAuthorization

use of org.platformlayer.model.ProjectAuthorization in project platformlayer by platformlayer.

the class RootResource method retrieveServiceList.

@Path("{projectId}")
public ServicesCollectionResource retrieveServiceList(@PathParam("projectId") String projectKey) {
    ProjectAuthorization authz = AuthenticationFilter.authorizeProject(getAuthenticationCredentials(), authTokenValidator, projectKey);
    if (authz == null) {
        throw new WebApplicationException(HttpServletResponse.SC_UNAUTHORIZED);
    }
    List<RoleId> roles = authz.getRoles();
    if (roles == null || !roles.contains(RoleId.OWNER)) {
        throw new WebApplicationException(HttpServletResponse.SC_UNAUTHORIZED);
    }
    // Note that we have a different notion of project id from the auth system
    // TODO: I think this is not needed for direct authentication? Fix? Cleanup?
    authz = new XaasProjectAuthorization(repository, authz);
    getScope().put(new ProjectId(projectKey));
    getScope().put(ProjectAuthorization.class, authz);
    ServicesCollectionResource resources = objectInjector.getInstance(ServicesCollectionResource.class);
    return resources;
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) ProjectId(org.platformlayer.ids.ProjectId) RoleId(org.platformlayer.model.RoleId) Path(javax.ws.rs.Path)

Aggregations

ProjectAuthorization (org.platformlayer.model.ProjectAuthorization)10 ProjectId (org.platformlayer.ids.ProjectId)4 PlatformLayerKey (org.platformlayer.core.model.PlatformLayerKey)3 MultitenantConfiguration (org.platformlayer.ops.MultitenantConfiguration)3 OpsException (org.platformlayer.ops.OpsException)3 CryptoKey (com.fathomdb.crypto.CryptoKey)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 RepositoryException (org.platformlayer.RepositoryException)2 SecretStore (org.platformlayer.auth.crypto.SecretStore)2 ServiceType (org.platformlayer.ids.ServiceType)2 OpsContext (org.platformlayer.ops.OpsContext)2 TimeSpan (com.fathomdb.TimeSpan)1 CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)1 SimpleCertificateAndKey (com.fathomdb.crypto.SimpleCertificateAndKey)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 IOException (java.io.IOException)1 KeyPair (java.security.KeyPair)1 PublicKey (java.security.PublicKey)1 X509Certificate (java.security.cert.X509Certificate)1 List (java.util.List)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial