/// <exception cref="System.Exception"/>
public Void Run()
{
KeyProvider.Options opt = TestKeyAuthorizationKeyProvider.NewOptions(conf);
IDictionary <string, string> m = new Dictionary <string, string>();
m["key.acl.name"] = "testKey";
opt.SetAttributes(m);
KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt);
kpExt.RollNewVersion(kv.GetName());
kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16));
KeyProviderCryptoExtension.EncryptedKeyVersion ekv = kpExt.GenerateEncryptedKey(kv
.GetName());
ekv = KeyProviderCryptoExtension.EncryptedKeyVersion.CreateForDecryption(ekv.GetEncryptionKeyName
() + "x", ekv.GetEncryptionKeyVersionName(), ekv.GetEncryptedKeyIv(), ekv.GetEncryptedKeyVersion
().GetMaterial());
kpExt.DecryptEncryptedKey(ekv);
return(null);
}
public static IDictionary ToJSON(KeyProvider.KeyVersion keyVersion)
{
IDictionary json = new LinkedHashMap();
if (keyVersion != null)
{
json[KMSRESTConstants.NameField] = keyVersion.GetName();
json[KMSRESTConstants.VersionNameField] = keyVersion.GetVersionName();
json[KMSRESTConstants.MaterialField] = Base64.EncodeBase64URLSafeString(keyVersion
.GetMaterial());
}
return(json);
}
/// <exception cref="System.Exception"/>
public Void Run()
{
KeyProvider.Options opt = TestKeyAuthorizationKeyProvider.NewOptions(conf);
IDictionary <string, string> m = new Dictionary <string, string>();
m["key.acl.name"] = "testKey";
opt.SetAttributes(m);
try
{
KeyProvider.KeyVersion kv = kpExt.CreateKey("foo", SecureRandom.GetSeed(16), opt);
kpExt.RollNewVersion(kv.GetName());
kpExt.RollNewVersion(kv.GetName(), SecureRandom.GetSeed(16));
KeyProviderCryptoExtension.EncryptedKeyVersion ekv = kpExt.GenerateEncryptedKey(kv
.GetName());
kpExt.DecryptEncryptedKey(ekv);
kpExt.DeleteKey(kv.GetName());
}
catch (IOException)
{
NUnit.Framework.Assert.Fail("User should be Allowed to do everything !!");
}
return(null);
}
/// <exception cref="System.IO.IOException"/>
public override KeyProvider.KeyVersion GetKeyVersion(string versionName)
{
readLock.Lock();
try
{
KeyProvider.KeyVersion keyVersion = provider.GetKeyVersion(versionName);
if (keyVersion != null)
{
DoAccessCheck(keyVersion.GetName(), KeyAuthorizationKeyProvider.KeyOpType.Read);
}
return(keyVersion);
}
finally
{
readLock.Unlock();
}
}
/// <exception cref="System.IO.IOException"/>
private void VerifyKeyVersionBelongsToKey(KeyProviderCryptoExtension.EncryptedKeyVersion
ekv)
{
string kn = ekv.GetEncryptionKeyName();
string kvn = ekv.GetEncryptionKeyVersionName();
KeyProvider.KeyVersion kv = provider.GetKeyVersion(kvn);
if (kv == null)
{
throw new ArgumentException(string.Format("'%s' not found", kvn));
}
if (!kv.GetName().Equals(kn))
{
throw new ArgumentException(string.Format("KeyVersion '%s' does not belong to the key '%s'"
, kvn, kn));
}
}
public virtual Response GetKeyVersion(string versionName)
{
UserGroupInformation user = HttpUserGroupInformation.Get();
KMSClientProvider.CheckNotEmpty(versionName, "versionName");
KMSWebApp.GetKeyCallsMeter().Mark();
AssertAccess(KMSACLs.Type.Get, user, KMS.KMSOp.GetKeyVersion);
KeyProvider.KeyVersion keyVersion = user.DoAs(new _PrivilegedExceptionAction_336(
this, versionName));
if (keyVersion != null)
{
kmsAudit.Ok(user, KMS.KMSOp.GetKeyVersion, keyVersion.GetName(), string.Empty);
}
object json = KMSServerJSONUtils.ToJSON(keyVersion);
return(Response.Ok().Type(MediaType.ApplicationJson).Entity(json).Build());
}
private static KeyProvider.KeyVersion RemoveKeyMaterial(KeyProvider.KeyVersion keyVersion
)
{
return(new KMSClientProvider.KMSKeyVersion(keyVersion.GetName(), keyVersion.GetVersionName
(), null));
}
