Exemple #1
0
        public virtual Response RolloverKey(string name, IDictionary jsonMaterial)
        {
            KMSWebApp.GetAdminCallsMeter().Mark();
            UserGroupInformation user = HttpUserGroupInformation.Get();

            AssertAccess(KMSACLs.Type.Rollover, user, KMS.KMSOp.RollNewVersion, name);
            KMSClientProvider.CheckNotEmpty(name, "name");
            string material = (string)jsonMaterial[KMSRESTConstants.MaterialField];

            if (material != null)
            {
                AssertAccess(KMSACLs.Type.SetKeyMaterial, user, KMS.KMSOp.RollNewVersion, name);
            }
            KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_200(
                                                              this, material, name));
            kmsAudit.Ok(user, KMS.KMSOp.RollNewVersion, name, "UserProvidedMaterial:" + (material
                                                                                         != null) + " NewVersion:" + keyVersion.GetVersionName());
            if (!KMSWebApp.GetACLs().HasAccess(KMSACLs.Type.Get, user))
            {
                keyVersion = RemoveKeyMaterial(keyVersion);
            }
            IDictionary json = KMSServerJSONUtils.ToJSON(keyVersion);

            return(Response.Ok().Type(MediaType.ApplicationJson).Entity(json).Build());
        }
Exemple #2
0
 /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
 public virtual void AssertAccess(KMSACLs.Type aclType, UserGroupInformation ugi,
                                  KMS.KMSOp operation, string key)
 {
     if (!KMSWebApp.GetACLs().HasAccess(aclType, ugi))
     {
         KMSWebApp.GetUnauthorizedCallsMeter().Mark();
         KMSWebApp.GetKMSAudit().Unauthorized(ugi, operation, key);
         throw new AuthorizationException(string.Format((key != null) ? UnauthorizedMsgWithKey
                                  : UnauthorizedMsgWithoutKey, ugi.GetShortUserName(), operation, key));
     }
 }
Exemple #3
0
        public virtual Response CreateKey(IDictionary jsonKey)
        {
            KMSWebApp.GetAdminCallsMeter().Mark();
            UserGroupInformation user = HttpUserGroupInformation.Get();
            string name = (string)jsonKey[KMSRESTConstants.NameField];

            KMSClientProvider.CheckNotEmpty(name, KMSRESTConstants.NameField);
            AssertAccess(KMSACLs.Type.Create, user, KMS.KMSOp.CreateKey, name);
            string cipher   = (string)jsonKey[KMSRESTConstants.CipherField];
            string material = (string)jsonKey[KMSRESTConstants.MaterialField];
            int    length   = (jsonKey.Contains(KMSRESTConstants.LengthField)) ? (int)jsonKey[KMSRESTConstants
                                                                                              .LengthField] : 0;
            string description = (string)jsonKey[KMSRESTConstants.DescriptionField];
            IDictionary <string, string> attributes = (IDictionary <string, string>)jsonKey[KMSRESTConstants
                                                                                            .AttributesField];

            if (material != null)
            {
                AssertAccess(KMSACLs.Type.SetKeyMaterial, user, KMS.KMSOp.CreateKey, name);
            }
            KeyProvider.Options options = new KeyProvider.Options(KMSWebApp.GetConfiguration(
                                                                      ));
            if (cipher != null)
            {
                options.SetCipher(cipher);
            }
            if (length != 0)
            {
                options.SetBitLength(length);
            }
            options.SetDescription(description);
            options.SetAttributes(attributes);
            KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_132(
                                                              this, material, name, options));
            kmsAudit.Ok(user, KMS.KMSOp.CreateKey, name, "UserProvidedMaterial:" + (material
                                                                                    != null) + " Description:" + description);
            if (!KMSWebApp.GetACLs().HasAccess(KMSACLs.Type.Get, user))
            {
                keyVersion = RemoveKeyMaterial(keyVersion);
            }
            IDictionary json       = KMSServerJSONUtils.ToJSON(keyVersion);
            string      requestURL = KMSMDCFilter.GetURL();
            int         idx        = requestURL.LastIndexOf(KMSRESTConstants.KeysResource);

            requestURL = Runtime.Substring(requestURL, 0, idx);
            string keyURL = requestURL + KMSRESTConstants.KeyResource + "/" + name;

            return(Response.Created(GetKeyURI(name)).Type(MediaType.ApplicationJson).Header("Location"
                                                                                            , keyURL).Entity(json).Build());
        }
Exemple #4
0
 /// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/>
 private void AssertAccess(KMSACLs.Type aclType, UserGroupInformation ugi, KMS.KMSOp
                           operation, string key)
 {
     KMSWebApp.GetACLs().AssertAccess(aclType, ugi, operation, key);
 }