-
Notifications
You must be signed in to change notification settings - Fork 217
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
credentials in connections are encrypted when written to the db
Signed-off-by: Stanchev Aleksandar <aleksandar.stanchev@bosch.io>
- Loading branch information
Aleksandar Stanchev
committed
Dec 6, 2022
1 parent
40983c2
commit aeead4d
Showing
12 changed files
with
892 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
92 changes: 92 additions & 0 deletions
92
...ain/java/org/eclipse/ditto/connectivity/service/config/DefaultFieldsEncryptionConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
/* | ||
* Copyright (c) 2022 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License 2.0 which is available at | ||
* http://www.eclipse.org/legal/epl-2.0 | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
*/ | ||
|
||
package org.eclipse.ditto.connectivity.service.config; | ||
|
||
import java.util.*; | ||
|
||
import javax.annotation.concurrent.Immutable; | ||
|
||
import org.eclipse.ditto.internal.utils.config.ConfigWithFallback; | ||
|
||
import com.typesafe.config.Config; | ||
|
||
/** | ||
* Default implementation of {@link FieldsEncryptionConfig}. | ||
*/ | ||
@Immutable | ||
public class DefaultFieldsEncryptionConfig implements FieldsEncryptionConfig { | ||
|
||
private static final String CONFIG_PATH = "encryption"; | ||
private final boolean enabled; | ||
private final String symmetricalKey; | ||
private final List<String> jsonPointers; | ||
|
||
|
||
private DefaultFieldsEncryptionConfig(final ConfigWithFallback config) { | ||
this.enabled = config.getBoolean(ConfigValue.ENABLED.getConfigPath()); | ||
this.symmetricalKey = config.getString(ConfigValue.SYMMETRICAL_KEY.getConfigPath()); | ||
this.jsonPointers = Collections.unmodifiableList( | ||
new ArrayList<>(config.getStringList(ConfigValue.JSON_POINTERS.getConfigPath()))); | ||
} | ||
|
||
public static DefaultFieldsEncryptionConfig of(final Config config) { | ||
final var fieldEncryptionConfig = | ||
ConfigWithFallback.newInstance(config, CONFIG_PATH, FieldsEncryptionConfig.ConfigValue.values()); | ||
|
||
return new DefaultFieldsEncryptionConfig(fieldEncryptionConfig); | ||
} | ||
|
||
@Override | ||
public boolean isEnabled() { | ||
return this.enabled; | ||
} | ||
|
||
@Override | ||
public String getSymmetricalKey() { | ||
return this.symmetricalKey; | ||
} | ||
|
||
@Override | ||
public Collection<String> getJsonPointers() { | ||
return Collections.unmodifiableList(new ArrayList<>(this.jsonPointers)); | ||
} | ||
|
||
@Override | ||
public boolean equals(final Object o) { | ||
if (this == o) { | ||
return true; | ||
} | ||
if (o == null || getClass() != o.getClass()) { | ||
return false; | ||
} | ||
final DefaultFieldsEncryptionConfig that = (DefaultFieldsEncryptionConfig) o; | ||
return enabled == that.enabled && | ||
Objects.equals(symmetricalKey, that.symmetricalKey) && | ||
Objects.equals(jsonPointers, that.jsonPointers); | ||
} | ||
|
||
@Override | ||
public int hashCode() { | ||
return Objects.hash(enabled, symmetricalKey, jsonPointers); | ||
} | ||
|
||
@Override | ||
public String toString() { | ||
return getClass().getSimpleName() + "[" + | ||
"enabled=" + enabled + | ||
", symmetricalKey='" + symmetricalKey + '\'' + | ||
", jsonPointers=" + jsonPointers + | ||
']'; | ||
} | ||
} |
97 changes: 97 additions & 0 deletions
97
...e/src/main/java/org/eclipse/ditto/connectivity/service/config/FieldsEncryptionConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
/* | ||
* Copyright (c) 2022 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License 2.0 which is available at | ||
* http://www.eclipse.org/legal/epl-2.0 | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
*/ | ||
|
||
package org.eclipse.ditto.connectivity.service.config; | ||
|
||
import org.eclipse.ditto.internal.utils.config.KnownConfigValue; | ||
|
||
import java.util.Collection; | ||
import java.util.List; | ||
|
||
/** | ||
* Provides configuration settings for encrypting json field values in Connections. | ||
*/ | ||
public interface FieldsEncryptionConfig { | ||
|
||
|
||
/** | ||
* Indicates whether encryption of connection fields should be enabled. | ||
* | ||
* @return {@code true} if connection fields encryption should be enabled. | ||
*/ | ||
boolean isEnabled(); | ||
|
||
|
||
/** | ||
* Returns the symmetricalKey used for encryption. | ||
* @return the symmetricalKey | ||
*/ | ||
String getSymmetricalKey(); | ||
|
||
|
||
/** | ||
* Returns string json pointers to the values of json fields to be encrypted. | ||
* "uri" has a special handling in which only the password of the uri is encrypted. | ||
* | ||
* @return pointers list | ||
*/ | ||
Collection<String> getJsonPointers(); | ||
|
||
|
||
|
||
/** | ||
* An enumeration of the known config path expressions and their associated default values for {@code FieldsEncryptionConfig}. | ||
*/ | ||
enum ConfigValue implements KnownConfigValue { | ||
|
||
/** | ||
* Determines whether json value encryption is enabled. | ||
*/ | ||
ENABLED("enabled", false), | ||
/** | ||
* The symmetrical key used for encryption. | ||
*/ | ||
SYMMETRICAL_KEY("symmetrical-key", ""), | ||
|
||
/** | ||
* The pointer to the json values to be encrypted. | ||
*/ | ||
JSON_POINTERS("json-pointers", List.of( | ||
"/uri", | ||
"/credentials/key", | ||
"/sshTunnel/credentials/password", | ||
"/sshTunnel/credentials/privateKey", | ||
"/credentials/parameters/accessKey", | ||
"/credentials/parameters/secretKey", | ||
"/credentials/parameters/sharedKey", | ||
"/credentials/clientSecret")); | ||
|
||
private final String configPath; | ||
private final Object defaultValue; | ||
|
||
ConfigValue(final String theConfigPath, final Object theDefaultValue) { | ||
configPath = theConfigPath; | ||
defaultValue = theDefaultValue; | ||
} | ||
|
||
@Override | ||
public Object getDefaultValue() { | ||
return defaultValue; | ||
} | ||
|
||
@Override | ||
public String getConfigPath() { | ||
return configPath; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.