public _ProviderCallable_256(string name, byte[] material, KeyProvider.Options options ) { this.name = name; this.material = material; this.options = options; }
/// <exception cref="System.Exception"/> public KeyProvider.KeyVersion Run() { KeyProvider.Options opt = TestKeyAuthorizationKeyProvider.NewOptions(conf); IDictionary <string, string> m = new Dictionary <string, string>(); m["key.acl.name"] = "testKey"; opt.SetAttributes(m); try { KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt); kpExt.RollNewVersion(kv.GetName()); kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16)); kpExt.DeleteKey(kv.GetName()); } catch (IOException) { NUnit.Framework.Assert.Fail("User should be Authorized !!"); } KeyProvider.KeyVersion retkv = null; try { retkv = kpExt.CreateKey("bar", SecureRandom.GetSeed(16), opt); kpExt.GenerateEncryptedKey(retkv.GetName()); NUnit.Framework.Assert.Fail("User should NOT be Authorized to generate EEK !!"); } catch (IOException) { } NUnit.Framework.Assert.IsNotNull(retkv); return(retkv); }
private static KeyProvider.Options NewOptions(Configuration conf) { KeyProvider.Options options = new KeyProvider.Options(conf); options.SetCipher(Cipher); options.SetBitLength(128); return(options); }
/* Helper function to create a key in the Key Provider. */ /// <exception cref="Sharpen.NoSuchAlgorithmException"/> /// <exception cref="System.IO.IOException"/> private void CreateAKey(string keyName, Configuration conf) { KeyProvider provider = dfsCluster.GetNameNode().GetNamesystem().GetProvider(); KeyProvider.Options options = KeyProvider.Options(conf); provider.CreateKey(keyName, options); provider.Flush(); }
public _PrivilegedExceptionAction_132(KMS _enclosing, string material, string name , KeyProvider.Options options) { this._enclosing = _enclosing; this.material = material; this.name = name; this.options = options; }
/// <exception cref="NoSuchAlgorithmException"/> /// <exception cref="System.IO.IOException"/> public override KeyProvider.KeyVersion CreateKey(string name, KeyProvider.Options options) { try { return(DoOp(new _ProviderCallable_268(name, options), NextIdx())); } catch (LoadBalancingKMSClientProvider.WrapperException e) { throw (NoSuchAlgorithmException)e.InnerException; } }
/// <exception cref="NoSuchAlgorithmException"/> /// <exception cref="System.IO.IOException"/> public override KeyProvider.KeyVersion CreateKey(string name, KeyProvider.Options options) { writeLock.Lock(); try { AuthorizeCreateKey(name, options, GetUser()); return(provider.CreateKey(name, options)); } finally { writeLock.Unlock(); } }
public virtual Response CreateKey(IDictionary jsonKey) { KMSWebApp.GetAdminCallsMeter().Mark(); UserGroupInformation user = HttpUserGroupInformation.Get(); string name = (string)jsonKey[KMSRESTConstants.NameField]; KMSClientProvider.CheckNotEmpty(name, KMSRESTConstants.NameField); AssertAccess(KMSACLs.Type.Create, user, KMS.KMSOp.CreateKey, name); string cipher = (string)jsonKey[KMSRESTConstants.CipherField]; string material = (string)jsonKey[KMSRESTConstants.MaterialField]; int length = (jsonKey.Contains(KMSRESTConstants.LengthField)) ? (int)jsonKey[KMSRESTConstants .LengthField] : 0; string description = (string)jsonKey[KMSRESTConstants.DescriptionField]; IDictionary <string, string> attributes = (IDictionary <string, string>)jsonKey[KMSRESTConstants .AttributesField]; if (material != null) { AssertAccess(KMSACLs.Type.SetKeyMaterial, user, KMS.KMSOp.CreateKey, name); } KeyProvider.Options options = new KeyProvider.Options(KMSWebApp.GetConfiguration( )); if (cipher != null) { options.SetCipher(cipher); } if (length != 0) { options.SetBitLength(length); } options.SetDescription(description); options.SetAttributes(attributes); KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_132( this, material, name, options)); kmsAudit.Ok(user, KMS.KMSOp.CreateKey, name, "UserProvidedMaterial:" + (material != null) + " Description:" + description); if (!KMSWebApp.GetACLs().HasAccess(KMSACLs.Type.Get, user)) { keyVersion = RemoveKeyMaterial(keyVersion); } IDictionary json = KMSServerJSONUtils.ToJSON(keyVersion); string requestURL = KMSMDCFilter.GetURL(); int idx = requestURL.LastIndexOf(KMSRESTConstants.KeysResource); requestURL = Runtime.Substring(requestURL, 0, idx); string keyURL = requestURL + KMSRESTConstants.KeyResource + "/" + name; return(Response.Created(GetKeyURI(name)).Type(MediaType.ApplicationJson).Header("Location" , keyURL).Entity(json).Build()); }
/// <exception cref="System.Exception"/> public Void Run() { KeyProvider.Options opt = TestKeyAuthorizationKeyProvider.NewOptions(conf); IDictionary <string, string> m = new Dictionary <string, string>(); m["key.acl.name"] = "testKey"; opt.SetAttributes(m); KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt); kpExt.RollNewVersion(kv.GetName()); kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16)); KeyProviderCryptoExtension.EncryptedKeyVersion ekv = kpExt.GenerateEncryptedKey(kv .GetName()); ekv = KeyProviderCryptoExtension.EncryptedKeyVersion.CreateForDecryption(ekv.GetEncryptionKeyName () + "x", ekv.GetEncryptionKeyVersionName(), ekv.GetEncryptedKeyIv(), ekv.GetEncryptedKeyVersion ().GetMaterial()); kpExt.DecryptEncryptedKey(ekv); return(null); }
/// <exception cref="System.Exception"/> public Void Run() { KeyProvider.Options opt = TestKeyAuthorizationKeyProvider.NewOptions(conf); IDictionary <string, string> m = new Dictionary <string, string>(); m["key.acl.name"] = "testKey"; opt.SetAttributes(m); try { KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt); kpExt.RollNewVersion(kv.GetName()); kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16)); KeyProviderCryptoExtension.EncryptedKeyVersion ekv = kpExt.GenerateEncryptedKey(kv .GetName()); kpExt.DecryptEncryptedKey(ekv); kpExt.DeleteKey(kv.GetName()); } catch (IOException) { NUnit.Framework.Assert.Fail("User should be Allowed to do everything !!"); } return(null); }
// This method first checks if "key.acl.name" attribute is present as an // attribute in the provider Options. If yes, use the aclName for any // subsequent access checks, else use the keyName as the aclName and set it // as the value of the "key.acl.name" in the key's metadata. /// <exception cref="System.IO.IOException"/> private void AuthorizeCreateKey(string keyName, KeyProvider.Options options, UserGroupInformation ugi) { Preconditions.CheckNotNull(ugi, "UserGroupInformation cannot be null"); IDictionary <string, string> attributes = options.GetAttributes(); string aclName = attributes[KeyAclName]; bool success = false; if (Strings.IsNullOrEmpty(aclName)) { if (acls.IsACLPresent(keyName, KeyAuthorizationKeyProvider.KeyOpType.Management)) { options.SetAttributes(ImmutableMap.Builder <string, string>().PutAll(attributes).Put (KeyAclName, keyName).Build()); success = acls.HasAccessToKey(keyName, ugi, KeyAuthorizationKeyProvider.KeyOpType .Management) || acls.HasAccessToKey(keyName, ugi, KeyAuthorizationKeyProvider.KeyOpType .All); } else { success = false; } } else { success = acls.IsACLPresent(aclName, KeyAuthorizationKeyProvider.KeyOpType.Management ) && (acls.HasAccessToKey(aclName, ugi, KeyAuthorizationKeyProvider.KeyOpType.Management ) || acls.HasAccessToKey(aclName, ugi, KeyAuthorizationKeyProvider.KeyOpType.All )); } if (!success) { throw new AuthorizationException(string.Format("User [%s] is not" + " authorized to create key !!" , ugi.GetShortUserName())); } }
/// <exception cref="System.IO.IOException"/> public override KeyProvider.KeyVersion CreateKey(string name, byte[] material, KeyProvider.Options options) { return(null); }
/// <exception cref="NoSuchAlgorithmException"/> /// <exception cref="System.IO.IOException"/> private KeyProvider.KeyVersion CreateKeyInternal(string name, byte[] material, KeyProvider.Options options) { CheckNotEmpty(name, "name"); CheckNotNull(options, "options"); IDictionary <string, object> jsonKey = new Dictionary <string, object>(); jsonKey[KMSRESTConstants.NameField] = name; jsonKey[KMSRESTConstants.CipherField] = options.GetCipher(); jsonKey[KMSRESTConstants.LengthField] = options.GetBitLength(); if (material != null) { jsonKey[KMSRESTConstants.MaterialField] = Base64.EncodeBase64String(material); } if (options.GetDescription() != null) { jsonKey[KMSRESTConstants.DescriptionField] = options.GetDescription(); } if (options.GetAttributes() != null && !options.GetAttributes().IsEmpty()) { jsonKey[KMSRESTConstants.AttributesField] = options.GetAttributes(); } Uri url = CreateURL(KMSRESTConstants.KeysResource, null, null, null); HttpURLConnection conn = CreateConnection(url, HttpPost); conn.SetRequestProperty(ContentType, ApplicationJsonMime); IDictionary response = Call <IDictionary>(conn, jsonKey, HttpURLConnection.HttpCreated ); return(ParseJSONKeyVersion(response)); }
/// <exception cref="NoSuchAlgorithmException"/> /// <exception cref="System.IO.IOException"/> public override KeyProvider.KeyVersion CreateKey(string name, KeyProvider.Options options) { return(CreateKeyInternal(name, null, options)); }
public _ProviderCallable_268(string name, KeyProvider.Options options) { this.name = name; this.options = options; }
/// <exception cref="System.IO.IOException"/> public override KeyProvider.KeyVersion CreateKey(string name, byte[] material, KeyProvider.Options options) { CheckNotNull(material, "material"); try { return(CreateKeyInternal(name, material, options)); } catch (NoSuchAlgorithmException ex) { throw new RuntimeException("It should not happen", ex); } }
/// <exception cref="System.IO.IOException"/> public override KeyProvider.KeyVersion CreateKey(string name, byte[] material, KeyProvider.Options options) { return(DoOp(new _ProviderCallable_256(name, material, options), NextIdx())); }