Skip to content

Commit

Permalink
Merge pull request #124 from isururanawaka/vault_ssl
Browse files Browse the repository at this point in the history 
Support ssh,password external token string
  • Loading branch information
@isururanawaka
isururanawaka committed Nov 16, 2020
2 parents a299375 + beb8455 commit 994f7b2
Show file tree
Hide file tree
Showing 10 changed files with 249 additions and 90 deletions.
Binary file modified ...core-services/iam-admin-core-service/src/main/resources/keycloak-client-truststore.pkcs12
View file
Binary file not shown.
Binary file modified ...-core-services/identity-core-service/src/main/resources/keycloak-client-truststore.pkcs12
View file
Binary file not shown.
139 changes: 96 additions & 43 deletions ...main/java/org/apache/custos/resource/secret/manager/adaptor/inbound/CredentialReader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,36 +61,47 @@ public class CredentialReader {
*/
public SSHCredential getSSHCredential(long tenantId, String token) {

Optional<Secret> secret = repository.findById(token);
Secret secret = null;

if (token != null && !token.trim().equals("")) {
Optional<Secret> exSecret = repository.findById(token);
if (exSecret.isPresent()){
secret = exSecret.get();
}
}
if (secret == null) {
List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token, tenantId);
if (secrets != null && !secrets.isEmpty()) {
secret = secrets.get(0);
}
}

if (secret.isEmpty()) {
if (secret == null) {
return null;
}

Secret exSec = secret.get();

String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + exSec.getOwnerId() +
"/" + Constants.SSH_CREDENTIALS + "/" + token;

String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId() +
"/" + Constants.SSH_CREDENTIALS + "/" + secret.getId();

VaultResponseSupport<SSHCredentialSecrets> response = vaultTemplate.read(vaultPath, SSHCredentialSecrets.class);

if (response == null || response.getData() == null && response.getData().getPrivateKey() == null) {
repository.delete(exSec);
repository.delete(secret);
return null;
}

SSHCredentialSecrets sshCredentialSecrets = response.getData();

SecretMetadata metadata = SecretMetadata.newBuilder()
.setOwnerId(exSec.getOwnerId())
.setOwnerId(secret.getOwnerId())
.setTenantId(tenantId)
.setPersistedTime(exSec.getCreatedAt().getTime())
.setDescription(exSec.getDiscription())
.setPersistedTime(secret.getCreatedAt().getTime())
.setDescription(secret.getDiscription())
.setResourceType(ResourceType.VAULT_CREDENTIAL)
.setSource(ResourceSource.EXTERNAL)
.setToken(token)
.setToken(
(secret.getExternalId() != null &&
!secret.getExternalId().trim().equals(""))? secret.getExternalId(): secret.getId())
.build();

SSHCredential credential = SSHCredential.newBuilder()
Expand All @@ -112,37 +123,50 @@ public SSHCredential getSSHCredential(long tenantId, String token) {
* @param token
* @return
*/
public org.apache.custos.resource.secret.service.PasswordCredential getPasswordCredential(long tenantId, String token) {
Optional<Secret> secret = repository.findById(token);

public org.apache.custos.resource.secret.service.PasswordCredential getPasswordCredential(long tenantId,
String token) {
Secret secret = null;

if (token != null && !token.trim().equals("")) {
Optional<Secret> exSecret = repository.findById(token);
if (exSecret.isPresent()){
secret = exSecret.get();
}
} if (secret == null ) {
List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token, tenantId);
if (secrets != null && !secrets.isEmpty()) {
secret = secrets.get(0);
}
}

if (secret.isEmpty()) {
if (secret == null) {
return null;
}

Secret exSec = secret.get();

String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + exSec.getOwnerId() +
"/" + Constants.PASSWORD + "/" + token;
String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId() +
"/" + Constants.PASSWORD + "/" + secret.getId();


VaultResponseSupport<PasswordSecret> response = vaultTemplate.read(vaultPath, PasswordSecret.class);

if (response == null || response.getData() == null && response.getData().getPassword() == null) {
repository.delete(exSec);
repository.delete(secret);
return null;
}

PasswordSecret passwordSecret = response.getData();

SecretMetadata metadata = SecretMetadata.newBuilder()
.setOwnerId(exSec.getOwnerId())
.setOwnerId(secret.getOwnerId())
.setTenantId(tenantId)
.setPersistedTime(exSec.getCreatedAt().getTime())
.setDescription(exSec.getDiscription())
.setPersistedTime(secret.getCreatedAt().getTime())
.setDescription(secret.getDiscription())
.setResourceType(ResourceType.VAULT_CREDENTIAL)
.setSource(ResourceSource.EXTERNAL)
.setToken(token)
.setType(ResourceSecretType.PASSWORD)
.setToken(
(secret.getExternalId() != null ||
!secret.getExternalId().trim().equals(""))? secret.getExternalId(): secret.getId())
.build();

org.apache.custos.resource.secret.service.PasswordCredential credential =
Expand All @@ -164,34 +188,48 @@ public org.apache.custos.resource.secret.service.PasswordCredential getPasswordC
* @return
*/
public CertificateCredential getCertificateCredential(long tenantId, String token) {
Optional<Secret> secret = repository.findById(token);
Secret secret = null;

if (token != null && !token.trim().equals("")) {
Optional<Secret> exSecret = repository.findById(token);
if (exSecret.isPresent()){
secret = exSecret.get();
}
} if (secret == null) {
List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token, tenantId);
if (secrets != null && !secrets.isEmpty()) {
secret = secrets.get(0);
}
}

if (secret.isEmpty()) {
if (secret == null) {
return null;
}

Secret exSec = secret.get();

String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + exSec.getOwnerId() +
"/" + Constants.PASSWORD + "/" + token;
String vaultPath = Constants.VAULT_RESOURCE_SECRETS_PATH + tenantId + "/" + secret.getOwnerId() +
"/" + Constants.PASSWORD + "/" + secret.getId();

VaultResponseSupport<Certificate> response = vaultTemplate.read(vaultPath, Certificate.class);

if (response == null || response.getData() == null && response.getData().getCertificate() == null) {
repository.delete(exSec);
repository.delete(secret);
return null;
}

Certificate certificate = response.getData();

SecretMetadata metadata = SecretMetadata.newBuilder()
.setOwnerId(exSec.getOwnerId())
.setOwnerId(secret.getOwnerId())
.setTenantId(tenantId)
.setPersistedTime(exSec.getCreatedAt().getTime())
.setDescription(exSec.getDiscription())
.setPersistedTime(secret.getCreatedAt().getTime())
.setDescription(secret.getDiscription())
.setResourceType(ResourceType.VAULT_CREDENTIAL)
.setSource(ResourceSource.EXTERNAL)
.setToken(token)
.setType(ResourceSecretType.X509_CERTIFICATE)
.setToken(
(secret.getExternalId() != null &&
!secret.getExternalId().trim().equals(""))? secret.getExternalId(): secret.getId())
.build();

CertificateCredential certificateCredential = CertificateCredential.newBuilder()
Expand All @@ -216,16 +254,29 @@ public CertificateCredential getCertificateCredential(long tenantId, String toke
*/
public SecretMetadata getCredentialSummary(long tenantId, String token) {

Optional<Secret> exSec = repository.findById(token);
Secret secret = null;

if (exSec.isEmpty()) {
return null;
if (token != null && !token.trim().equals("")) {
Optional<Secret> exSecret = repository.findById(token);
if (exSecret.isPresent()){
secret = exSecret.get();
}
}
if (secret == null) {
List<Secret> secrets = repository.findAllByExternalIdAndTenantId(token, tenantId);
if (secrets != null && !secrets.isEmpty()) {
secret = secrets.get(0);
}
}

Secret secret = exSec.get();
if (secret == null) {
return null;
}

return SecretMetadata.newBuilder()
.setToken(token)
.setToken(
(secret.getExternalId() != null &&
!secret.getExternalId().trim().equals(""))? secret.getExternalId(): secret.getId())
.setTenantId(tenantId)
.setDescription(secret.getDiscription())
.setPersistedTime(secret.getCreatedAt().getTime())
Expand All @@ -246,15 +297,17 @@ public SecretMetadata getCredentialSummary(long tenantId, String token) {
*/
public List<SecretMetadata> getAllCredentialSummaries(long tenantId, List<String> tokens) {

List<Secret> secrets = repository.findAllById(tokens);
List<Secret> secrets = repository.getAllSecretsByIdOrExternalId(tenantId, tokens, tokens);
List<SecretMetadata> metadata = new ArrayList<>();

if (secrets != null && !secrets.isEmpty()) {


secrets.forEach(secret -> {
metadata.add(SecretMetadata.newBuilder()
.setToken(secret.getId())
.setToken(
(secret.getExternalId() != null &&
!secret.getExternalId().trim().equals(""))? secret.getExternalId(): secret.getId())
.setTenantId(tenantId)
.setDescription(secret.getDiscription())
.setPersistedTime(secret.getCreatedAt().getTime())
Expand Down Expand Up @@ -318,7 +371,7 @@ public KVCredential getKVSecretByToken(String token, long tenantId, String owner

public KVCredential getKVSecretByKey(String key, long tenantId, String ownerId) {

List<Secret> secrets = repository.findAllByExternalIdAndOwnerId(key, ownerId);
List<Secret> secrets = repository.findAllByExternalIdAndOwnerIdAndTenantId(key, ownerId, tenantId);

if (secrets != null && secrets.isEmpty()) {
return null;
Expand Down
1 change: 1 addition & 0 deletions ...ava/org/apache/custos/resource/secret/manager/adaptor/outbound/CertificateCredential.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ public class CertificateCredential extends ResourceCredential {
private String privateKey;



public CertificateCredential(GeneratedMessageV3 message) throws CertificateException {
super(message);
if (message instanceof org.apache.custos.resource.secret.service.CertificateCredential) {
Expand Down
Loading

0 comments on commit 994f7b2

Please sign in to comment.