Example #1
0
        protected internal virtual void Log(Response.Status status, Exception ex)
        {
            UserGroupInformation ugi = KMSMDCFilter.GetUgi();
            string method            = KMSMDCFilter.GetMethod();
            string url = KMSMDCFilter.GetURL();
            string msg = GetOneLineMessage(ex);

            Log.Warn("User:'******' Method:{} URL:{} Response:{}-{}", ugi, method, url, status, msg
                     , ex);
        }
Example #2
0
        public virtual Response CreateKey(IDictionary jsonKey)
        {
            KMSWebApp.GetAdminCallsMeter().Mark();
            UserGroupInformation user = HttpUserGroupInformation.Get();
            string name = (string)jsonKey[KMSRESTConstants.NameField];

            KMSClientProvider.CheckNotEmpty(name, KMSRESTConstants.NameField);
            AssertAccess(KMSACLs.Type.Create, user, KMS.KMSOp.CreateKey, name);
            string cipher   = (string)jsonKey[KMSRESTConstants.CipherField];
            string material = (string)jsonKey[KMSRESTConstants.MaterialField];
            int    length   = (jsonKey.Contains(KMSRESTConstants.LengthField)) ? (int)jsonKey[KMSRESTConstants
                                                                                              .LengthField] : 0;
            string description = (string)jsonKey[KMSRESTConstants.DescriptionField];
            IDictionary <string, string> attributes = (IDictionary <string, string>)jsonKey[KMSRESTConstants
                                                                                            .AttributesField];

            if (material != null)
            {
                AssertAccess(KMSACLs.Type.SetKeyMaterial, user, KMS.KMSOp.CreateKey, name);
            }
            KeyProvider.Options options = new KeyProvider.Options(KMSWebApp.GetConfiguration(
                                                                      ));
            if (cipher != null)
            {
                options.SetCipher(cipher);
            }
            if (length != 0)
            {
                options.SetBitLength(length);
            }
            options.SetDescription(description);
            options.SetAttributes(attributes);
            KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_132(
                                                              this, material, name, options));
            kmsAudit.Ok(user, KMS.KMSOp.CreateKey, name, "UserProvidedMaterial:" + (material
                                                                                    != null) + " Description:" + description);
            if (!KMSWebApp.GetACLs().HasAccess(KMSACLs.Type.Get, user))
            {
                keyVersion = RemoveKeyMaterial(keyVersion);
            }
            IDictionary json       = KMSServerJSONUtils.ToJSON(keyVersion);
            string      requestURL = KMSMDCFilter.GetURL();
            int         idx        = requestURL.LastIndexOf(KMSRESTConstants.KeysResource);

            requestURL = Runtime.Substring(requestURL, 0, idx);
            string keyURL = requestURL + KMSRESTConstants.KeyResource + "/" + name;

            return(Response.Created(GetKeyURI(name)).Type(MediaType.ApplicationJson).Header("Location"
                                                                                            , keyURL).Entity(json).Build());
        }
Example #3
0
        /// <summary>Maps different exceptions thrown by KMS to HTTP status codes.</summary>
        public virtual Response ToResponse(Exception exception)
        {
            Response.Status status;
            bool            doAudit   = true;
            Exception       throwable = exception;

            if (exception is ContainerException)
            {
                throwable = exception.InnerException;
            }
            if (throwable is SecurityException)
            {
                status = Response.Status.Forbidden;
            }
            else
            {
                if (throwable is AuthenticationException)
                {
                    status = Response.Status.Forbidden;
                    // we don't audit here because we did it already when checking access
                    doAudit = false;
                }
                else
                {
                    if (throwable is AuthorizationException)
                    {
                        status = Response.Status.Forbidden;
                        // we don't audit here because we did it already when checking access
                        doAudit = false;
                    }
                    else
                    {
                        if (throwable is AccessControlException)
                        {
                            status = Response.Status.Forbidden;
                        }
                        else
                        {
                            if (exception is IOException)
                            {
                                status = Response.Status.InternalServerError;
                            }
                            else
                            {
                                if (exception is NotSupportedException)
                                {
                                    status = Response.Status.BadRequest;
                                }
                                else
                                {
                                    if (exception is ArgumentException)
                                    {
                                        status = Response.Status.BadRequest;
                                    }
                                    else
                                    {
                                        status = Response.Status.InternalServerError;
                                    }
                                }
                            }
                        }
                    }
                }
            }
            if (doAudit)
            {
                KMSWebApp.GetKMSAudit().Error(KMSMDCFilter.GetUgi(), KMSMDCFilter.GetMethod(), KMSMDCFilter
                                              .GetURL(), GetOneLineMessage(exception));
            }
            return(CreateResponse(status, throwable));
        }