public virtual Response DecryptEncryptedKey(string versionName, string eekOp, IDictionary jsonPayload) { UserGroupInformation user = HttpUserGroupInformation.Get(); KMSClientProvider.CheckNotEmpty(versionName, "versionName"); KMSClientProvider.CheckNotNull(eekOp, "eekOp"); string keyName = (string)jsonPayload[KMSRESTConstants.NameField]; string ivStr = (string)jsonPayload[KMSRESTConstants.IvField]; string encMaterialStr = (string)jsonPayload[KMSRESTConstants.MaterialField]; object retJSON; if (eekOp.Equals(KMSRESTConstants.EekDecrypt)) { AssertAccess(KMSACLs.Type.DecryptEek, user, KMS.KMSOp.DecryptEek, keyName); KMSClientProvider.CheckNotNull(ivStr, KMSRESTConstants.IvField); byte[] iv = Base64.DecodeBase64(ivStr); KMSClientProvider.CheckNotNull(encMaterialStr, KMSRESTConstants.MaterialField); byte[] encMaterial = Base64.DecodeBase64(encMaterialStr); KeyProvider.KeyVersion retKeyVersion = user.DoAs(new _PrivilegedExceptionAction_433 (this, keyName, versionName, iv, encMaterial)); retJSON = KMSServerJSONUtils.ToJSON(retKeyVersion); kmsAudit.Ok(user, KMS.KMSOp.DecryptEek, keyName, string.Empty); } else { throw new ArgumentException("Wrong " + KMSRESTConstants.EekOp + " value, it must be " + KMSRESTConstants.EekGenerate + " or " + KMSRESTConstants.EekDecrypt); } KMSWebApp.GetDecryptEEKCallsMeter().Mark(); return(Response.Ok().Type(MediaType.ApplicationJson).Entity(retJSON).Build()); }
public virtual Response RolloverKey(string name, IDictionary jsonMaterial) { KMSWebApp.GetAdminCallsMeter().Mark(); UserGroupInformation user = HttpUserGroupInformation.Get(); AssertAccess(KMSACLs.Type.Rollover, user, KMS.KMSOp.RollNewVersion, name); KMSClientProvider.CheckNotEmpty(name, "name"); string material = (string)jsonMaterial[KMSRESTConstants.MaterialField]; if (material != null) { AssertAccess(KMSACLs.Type.SetKeyMaterial, user, KMS.KMSOp.RollNewVersion, name); } KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_200( this, material, name)); kmsAudit.Ok(user, KMS.KMSOp.RollNewVersion, name, "UserProvidedMaterial:" + (material != null) + " NewVersion:" + keyVersion.GetVersionName()); if (!KMSWebApp.GetACLs().HasAccess(KMSACLs.Type.Get, user)) { keyVersion = RemoveKeyMaterial(keyVersion); } IDictionary json = KMSServerJSONUtils.ToJSON(keyVersion); return(Response.Ok().Type(MediaType.ApplicationJson).Entity(json).Build()); }
public virtual Response DeleteKey(string name) { KMSWebApp.GetAdminCallsMeter().Mark(); UserGroupInformation user = HttpUserGroupInformation.Get(); AssertAccess(KMSACLs.Type.Delete, user, KMS.KMSOp.DeleteKey, name); KMSClientProvider.CheckNotEmpty(name, "name"); user.DoAs(new _PrivilegedExceptionAction_168(this, name)); kmsAudit.Ok(user, KMS.KMSOp.DeleteKey, name, string.Empty); return(Response.Ok().Build()); }
public virtual Response CreateKey(IDictionary jsonKey) { KMSWebApp.GetAdminCallsMeter().Mark(); UserGroupInformation user = HttpUserGroupInformation.Get(); string name = (string)jsonKey[KMSRESTConstants.NameField]; KMSClientProvider.CheckNotEmpty(name, KMSRESTConstants.NameField); AssertAccess(KMSACLs.Type.Create, user, KMS.KMSOp.CreateKey, name); string cipher = (string)jsonKey[KMSRESTConstants.CipherField]; string material = (string)jsonKey[KMSRESTConstants.MaterialField]; int length = (jsonKey.Contains(KMSRESTConstants.LengthField)) ? (int)jsonKey[KMSRESTConstants .LengthField] : 0; string description = (string)jsonKey[KMSRESTConstants.DescriptionField]; IDictionary <string, string> attributes = (IDictionary <string, string>)jsonKey[KMSRESTConstants .AttributesField]; if (material != null) { AssertAccess(KMSACLs.Type.SetKeyMaterial, user, KMS.KMSOp.CreateKey, name); } KeyProvider.Options options = new KeyProvider.Options(KMSWebApp.GetConfiguration( )); if (cipher != null) { options.SetCipher(cipher); } if (length != 0) { options.SetBitLength(length); } options.SetDescription(description); options.SetAttributes(attributes); KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_132( this, material, name, options)); kmsAudit.Ok(user, KMS.KMSOp.CreateKey, name, "UserProvidedMaterial:" + (material != null) + " Description:" + description); if (!KMSWebApp.GetACLs().HasAccess(KMSACLs.Type.Get, user)) { keyVersion = RemoveKeyMaterial(keyVersion); } IDictionary json = KMSServerJSONUtils.ToJSON(keyVersion); string requestURL = KMSMDCFilter.GetURL(); int idx = requestURL.LastIndexOf(KMSRESTConstants.KeysResource); requestURL = Runtime.Substring(requestURL, 0, idx); string keyURL = requestURL + KMSRESTConstants.KeyResource + "/" + name; return(Response.Created(GetKeyURI(name)).Type(MediaType.ApplicationJson).Header("Location" , keyURL).Entity(json).Build()); }
public virtual Response GetKeyVersions(string name) { UserGroupInformation user = HttpUserGroupInformation.Get(); KMSClientProvider.CheckNotEmpty(name, "name"); KMSWebApp.GetKeyCallsMeter().Mark(); AssertAccess(KMSACLs.Type.Get, user, KMS.KMSOp.GetKeyVersions, name); IList <KeyProvider.KeyVersion> ret = user.DoAs(new _PrivilegedExceptionAction_469( this, name)); object json = KMSServerJSONUtils.ToJSON(ret); kmsAudit.Ok(user, KMS.KMSOp.GetKeyVersions, name, string.Empty); return(Response.Ok().Type(MediaType.ApplicationJson).Entity(json).Build()); }
public virtual Response GetKeyVersion(string versionName) { UserGroupInformation user = HttpUserGroupInformation.Get(); KMSClientProvider.CheckNotEmpty(versionName, "versionName"); KMSWebApp.GetKeyCallsMeter().Mark(); AssertAccess(KMSACLs.Type.Get, user, KMS.KMSOp.GetKeyVersion); KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_336( this, versionName)); if (keyVersion != null) { kmsAudit.Ok(user, KMS.KMSOp.GetKeyVersion, keyVersion.GetName(), string.Empty); } object json = KMSServerJSONUtils.ToJSON(keyVersion); return(Response.Ok().Type(MediaType.ApplicationJson).Entity(json).Build()); }
public virtual Response GenerateEncryptedKeys(string name, string edekOp, int numKeys ) { UserGroupInformation user = HttpUserGroupInformation.Get(); KMSClientProvider.CheckNotEmpty(name, "name"); KMSClientProvider.CheckNotNull(edekOp, "eekOp"); object retJSON; if (edekOp.Equals(KMSRESTConstants.EekGenerate)) { AssertAccess(KMSACLs.Type.GenerateEek, user, KMS.KMSOp.GenerateEek, name); IList <KeyProviderCryptoExtension.EncryptedKeyVersion> retEdeks = new List <KeyProviderCryptoExtension.EncryptedKeyVersion >(); try { user.DoAs(new _PrivilegedExceptionAction_375(this, numKeys, retEdeks, name)); } catch (Exception e) { throw new IOException(e); } kmsAudit.Ok(user, KMS.KMSOp.GenerateEek, name, string.Empty); retJSON = new ArrayList(); foreach (KeyProviderCryptoExtension.EncryptedKeyVersion edek in retEdeks) { ((ArrayList)retJSON).AddItem(KMSServerJSONUtils.ToJSON(edek)); } } else { throw new ArgumentException("Wrong " + KMSRESTConstants.EekOp + " value, it must be " + KMSRESTConstants.EekGenerate + " or " + KMSRESTConstants.EekDecrypt); } KMSWebApp.GetGenerateEEKCallsMeter().Mark(); return(Response.Ok().Type(MediaType.ApplicationJson).Entity(retJSON).Build()); }