Example #1
0
        /// <exception cref="System.IO.IOException"/>
        /// <exception cref="GeneralSecurityException"/>
        public virtual KeyProvider.KeyVersion DecryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion
                                                                  encryptedKeyVersion)
        {
            CheckNotNull(encryptedKeyVersion.GetEncryptionKeyVersionName(), "versionName");
            CheckNotNull(encryptedKeyVersion.GetEncryptedKeyIv(), "iv");
            Preconditions.CheckArgument(encryptedKeyVersion.GetEncryptedKeyVersion().GetVersionName
                                            ().Equals(KeyProviderCryptoExtension.Eek), "encryptedKey version name must be '%s', is '%s'"
                                        , KeyProviderCryptoExtension.Eek, encryptedKeyVersion.GetEncryptedKeyVersion().GetVersionName
                                            ());
            CheckNotNull(encryptedKeyVersion.GetEncryptedKeyVersion(), "encryptedKey");
            IDictionary <string, string> @params = new Dictionary <string, string>();

            @params[KMSRESTConstants.EekOp] = KMSRESTConstants.EekDecrypt;
            IDictionary <string, object> jsonPayload = new Dictionary <string, object>();

            jsonPayload[KMSRESTConstants.NameField] = encryptedKeyVersion.GetEncryptionKeyName
                                                          ();
            jsonPayload[KMSRESTConstants.IvField] = Base64.EncodeBase64String(encryptedKeyVersion
                                                                              .GetEncryptedKeyIv());
            jsonPayload[KMSRESTConstants.MaterialField] = Base64.EncodeBase64String(encryptedKeyVersion
                                                                                    .GetEncryptedKeyVersion().GetMaterial());
            Uri url = CreateURL(KMSRESTConstants.KeyVersionResource, encryptedKeyVersion.GetEncryptionKeyVersionName
                                    (), KMSRESTConstants.EekSubResource, @params);
            HttpURLConnection conn = CreateConnection(url, HttpPost);

            conn.SetRequestProperty(ContentType, ApplicationJsonMime);
            IDictionary response = Call <IDictionary>(conn, jsonPayload, HttpURLConnection.HttpOk
                                                      );

            return(ParseJSONKeyVersion(response));
        }
Example #2
0
 public _PrivilegedExceptionAction_173(KeyProviderCryptoExtension kpExt, KeyProvider.KeyVersion
                                       barKv, KeyProviderCryptoExtension.EncryptedKeyVersion barEKv)
 {
     this.kpExt  = kpExt;
     this.barKv  = barKv;
     this.barEKv = barEKv;
 }
Example #3
0
 /// <exception cref="System.IO.IOException"/>
 /// <exception cref="GeneralSecurityException"/>
 public virtual KeyProvider.KeyVersion DecryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion
                                                           encryptedKeyVersion)
 {
     try
     {
         return(DoOp(new _ProviderCallable_181(encryptedKeyVersion), NextIdx()));
     }
     catch (LoadBalancingKMSClientProvider.WrapperException we)
     {
         throw (GeneralSecurityException)we.InnerException;
     }
 }
Example #4
0
        public static IDictionary ToJSON(KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion
                                         )
        {
            IDictionary json = new LinkedHashMap();

            if (encryptedKeyVersion != null)
            {
                json[KMSRESTConstants.VersionNameField] = encryptedKeyVersion.GetEncryptionKeyVersionName
                                                              ();
                json[KMSRESTConstants.IvField] = Base64.EncodeBase64URLSafeString(encryptedKeyVersion
                                                                                  .GetEncryptedKeyIv());
                json[KMSRESTConstants.EncryptedKeyVersionField] = ToJSON(encryptedKeyVersion.GetEncryptedKeyVersion
                                                                             ());
            }
            return(json);
        }
Example #5
0
 /// <exception cref="System.IO.IOException"/>
 /// <exception cref="GeneralSecurityException"/>
 public override KeyProvider.KeyVersion DecryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion
                                                            encryptedKeyVersion)
 {
     readLock.Lock();
     try
     {
         VerifyKeyVersionBelongsToKey(encryptedKeyVersion);
         DoAccessCheck(encryptedKeyVersion.GetEncryptionKeyName(), KeyAuthorizationKeyProvider.KeyOpType
                       .DecryptEek);
         return(provider.DecryptEncryptedKey(encryptedKeyVersion));
     }
     finally
     {
         readLock.Unlock();
     }
 }
Example #6
0
        /// <exception cref="System.IO.IOException"/>
        private void VerifyKeyVersionBelongsToKey(KeyProviderCryptoExtension.EncryptedKeyVersion
                                                  ekv)
        {
            string kn  = ekv.GetEncryptionKeyName();
            string kvn = ekv.GetEncryptionKeyVersionName();

            KeyProvider.KeyVersion kv = provider.GetKeyVersion(kvn);
            if (kv == null)
            {
                throw new ArgumentException(string.Format("'%s' not found", kvn));
            }
            if (!kv.GetName().Equals(kn))
            {
                throw new ArgumentException(string.Format("KeyVersion '%s' does not belong to the key '%s'"
                                                          , kvn, kn));
            }
        }
Example #7
0
            /// <exception cref="System.Exception"/>
            public Void Run()
            {
                KeyProvider.Options          opt = TestKeyAuthorizationKeyProvider.NewOptions(conf);
                IDictionary <string, string> m   = new Dictionary <string, string>();

                m["key.acl.name"] = "testKey";
                opt.SetAttributes(m);
                KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt);
                kpExt.RollNewVersion(kv.GetName());
                kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16));
                KeyProviderCryptoExtension.EncryptedKeyVersion ekv = kpExt.GenerateEncryptedKey(kv
                                                                                                .GetName());
                ekv = KeyProviderCryptoExtension.EncryptedKeyVersion.CreateForDecryption(ekv.GetEncryptionKeyName
                                                                                             () + "x", ekv.GetEncryptionKeyVersionName(), ekv.GetEncryptedKeyIv(), ekv.GetEncryptedKeyVersion
                                                                                             ().GetMaterial());
                kpExt.DecryptEncryptedKey(ekv);
                return(null);
            }
Example #8
0
        public virtual void TestOpsWhenACLAttributeExists()
        {
            Configuration conf = new Configuration();
            KeyProvider   kp   = new UserProvider.Factory().CreateProvider(new URI("user:///"), conf
                                                                           );

            KeyAuthorizationKeyProvider.KeyACLs mock = Org.Mockito.Mockito.Mock <KeyAuthorizationKeyProvider.KeyACLs
                                                                                 >();
            Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
                                                       .Management)).ThenReturn(true);
            Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
                                                       .GenerateEek)).ThenReturn(true);
            Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
                                                       .DecryptEek)).ThenReturn(true);
            Org.Mockito.Mockito.When(mock.IsACLPresent("testKey", KeyAuthorizationKeyProvider.KeyOpType
                                                       .All)).ThenReturn(true);
            UserGroupInformation u1   = UserGroupInformation.CreateRemoteUser("u1");
            UserGroupInformation u2   = UserGroupInformation.CreateRemoteUser("u2");
            UserGroupInformation u3   = UserGroupInformation.CreateRemoteUser("u3");
            UserGroupInformation sudo = UserGroupInformation.CreateRemoteUser("sudo");

            Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u1, KeyAuthorizationKeyProvider.KeyOpType
                                                         .Management)).ThenReturn(true);
            Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u2, KeyAuthorizationKeyProvider.KeyOpType
                                                         .GenerateEek)).ThenReturn(true);
            Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", u3, KeyAuthorizationKeyProvider.KeyOpType
                                                         .DecryptEek)).ThenReturn(true);
            Org.Mockito.Mockito.When(mock.HasAccessToKey("testKey", sudo, KeyAuthorizationKeyProvider.KeyOpType
                                                         .All)).ThenReturn(true);
            KeyProviderCryptoExtension kpExt = new KeyAuthorizationKeyProvider(KeyProviderCryptoExtension
                                                                               .CreateKeyProviderCryptoExtension(kp), mock);

            KeyProvider.KeyVersion barKv = u1.DoAs(new _PrivilegedExceptionAction_127(conf, kpExt
                                                                                      ));
            KeyProviderCryptoExtension.EncryptedKeyVersion barEKv = u2.DoAs(new _PrivilegedExceptionAction_159
                                                                                (kpExt, barKv));
            u3.DoAs(new _PrivilegedExceptionAction_173(kpExt, barKv, barEKv));
            sudo.DoAs(new _PrivilegedExceptionAction_187(conf, kpExt));
        }
Example #9
0
            /// <exception cref="System.Exception"/>
            public Void Run()
            {
                KeyProvider.Options          opt = TestKeyAuthorizationKeyProvider.NewOptions(conf);
                IDictionary <string, string> m   = new Dictionary <string, string>();

                m["key.acl.name"] = "testKey";
                opt.SetAttributes(m);
                try
                {
                    KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt);
                    kpExt.RollNewVersion(kv.GetName());
                    kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16));
                    KeyProviderCryptoExtension.EncryptedKeyVersion ekv = kpExt.GenerateEncryptedKey(kv
                                                                                                    .GetName());
                    kpExt.DecryptEncryptedKey(ekv);
                    kpExt.DeleteKey(kv.GetName());
                }
                catch (IOException)
                {
                    NUnit.Framework.Assert.Fail("User should be Allowed to do everything !!");
                }
                return(null);
            }
Example #10
0
 public _ProviderCallable_181(KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion
                              )
 {
     this.encryptedKeyVersion = encryptedKeyVersion;
 }
Example #11
0
 /// <exception cref="System.IO.IOException"/>
 /// <exception cref="GeneralSecurityException"/>
 public virtual KeyProvider.KeyVersion DecryptEncryptedKey(KeyProviderCryptoExtension.EncryptedKeyVersion
                                                           encryptedKeyVersion)
 {
     return(keyProviderCryptoExtension.DecryptEncryptedKey(encryptedKeyVersion));
 }