Encrypted Flow - refactor encryption, use shared local datastore based on Google store, add debugging #61
Conversation
… and api are running in different process
… and api are running in different process
… and api are running in different process
…into local-datastore
|
This is ready for review. I did a pull with a rebase to merge the latest and it forced me to do several merges. Sorry for the noise. |
| @@ -1,10 +1,11 @@ | |||
| env: LOCAL | |||
| cloud: LOCAL | |||
| encryptedFlow: true | |||
There was a problem hiding this comment.
Do we want to turn this on by default for local dev? If so, we should update the documentation on how run locally.
There was a problem hiding this comment.
Reverting. Yes, I thought in a follow up I'll enable and do the documentation, maybe once ported, unsure yet.
| @@ -35,7 +35,7 @@ | |||
| import java.util.concurrent.TimeUnit; | |||
| import org.dataportabilityproject.cloud.interfaces.JobDataCache; | |||
|
|
|||
There was a problem hiding this comment.
Nit: while we're in here, can we add a class comment ?
| @@ -35,18 +37,13 @@ | |||
| import java.util.Map.Entry; | |||
| import org.dataportabilityproject.cloud.interfaces.PersistentKeyValueStore; | |||
|
|
|||
| import com.google.common.base.Supplier; | ||
| import com.google.common.base.Suppliers; | ||
| import com.google.common.cache.CacheBuilder; | ||
| import com.google.common.cache.CacheLoader; | ||
| import com.google.common.cache.LoadingCache; | ||
| <<<<<<< HEAD |
| @@ -0,0 +1,38 @@ | |||
| package org.dataportabilityproject.job; | |||
| @@ -35,14 +36,19 @@ public String encrypt(String data) { | |||
| byte[] encrypted = cipher.doFinal(data.getBytes(Charsets.UTF_8)); | |||
| return BaseEncoding.base64Url().encode(encrypted); | |||
| } catch (BadPaddingException e) { | |||
| logger.error("BadPaddingException for data, length: {}", data.length(), e); | |||
There was a problem hiding this comment.
Out of curiosity, since we don't do anything different for these, (aside from the name of the exception), can we put them all in one catch?
There was a problem hiding this comment.
Good point. Done.
| @@ -61,14 +67,19 @@ public String decrypt(String encrypted) { | |||
| System.arraycopy(decrypted, 8, data, 0, data.length); | |||
| return new String(data, Charsets.UTF_8); | |||
| } catch (BadPaddingException e) { | |||
| logger.error("BadPaddingException for data, length: {}", encrypted.length(), e); | |||
There was a problem hiding this comment.
Same here - can we put these in one catch?
| @@ -19,8 +19,11 @@ | |||
| import com.google.api.services.calendar.CalendarScopes; | |||
There was a problem hiding this comment.
Looks like these changes were introduced from my merge.
| @@ -53,15 +52,15 @@ | |||
| * Serialize and encrypt the given {@code authData} with the session key. | |||
There was a problem hiding this comment.
worker instance public key, not session key?
There was a problem hiding this comment.
Done. Added more documentation and refactored to remove the public key encryption and just have the StartCopyHandler use it directly.
| /** Constructs instances of the {@link Crypter} for different key types. */ | ||
| public class CrypterFactory { | ||
|
|
||
| public static Crypter createCrypterForSecretKey(SecretKey key) { |
There was a problem hiding this comment.
Can you document that SecretKey is for symmetric keys?
| import com.google.inject.Guice; | ||
| import com.google.inject.Injector; | ||
|
|
||
| public class PortabilityApiMain { | ||
| public static void main(String args[]) throws Exception { | ||
| Thread.setDefaultUncaughtExceptionHandler(UncaughtExceptionHandlers.systemExit()); |
There was a problem hiding this comment.
do we want to do this in prod? won't it disrupt other jobs being handled by this API instance, especially if they are in the API polling stage?
There was a problem hiding this comment.
Good point. I was debugging but in prod, we certainly don't want to exit. Added a warning message instead.
| cryptoHelper.encryptAuthData(publicKey, importAuthCookie)); | ||
| logger.debug("Found publicKey: {}", publicKey.getEncoded().length); | ||
|
|
||
| String encryptedExportAuthData = cryptoHelper.encryptAuthData(publicKey, exportAuthCookie); |
There was a problem hiding this comment.
at this point is it the whole cookie or just credential that we're encrypting?
There was a problem hiding this comment.
Good point, I clarified the variable name. It's just the cookie value, not the whole cookie.
| Suppliers.memoize(InMemoryPersistentKeyValueStore::new); | ||
| // Google DataStore emulator is used for local development | ||
| private static final Datastore datastore = DatastoreOptions.newBuilder() | ||
| .setHost("http://localhost:8081") |
There was a problem hiding this comment.
should all ports be moved to yaml so we avoid conflicts?
| @@ -46,21 +61,35 @@ public JobDataCache load(String service) throws Exception { | |||
| } | |||
| }); | |||
|
|
|||
| private static final Supplier<PersistentKeyValueStore> KEY_VALUE_SUPPLIER = | |||
| Suppliers.memoize(InMemoryPersistentKeyValueStore::new); | |||
| // Google DataStore emulator is used for local development | |||
There was a problem hiding this comment.
Nice find on the local data store! Does the code here check if it's running and print an error if not?
There was a problem hiding this comment.
The database client code gives an error on startup if one isn't running.
| import org.slf4j.Logger; | ||
| import org.slf4j.LoggerFactory; | ||
|
|
||
| final class WorkerImpl { | ||
| private final Logger logger = LoggerFactory.getLogger(WorkerImpl.class); | ||
| private static final Logger logger = LoggerFactory.getLogger(WorkerImpl.class); | ||
| private static final Gson GSON = new Gson(); |
There was a problem hiding this comment.
Do you think we should switch to Jackson since we are using that elsewhere?
There was a problem hiding this comment.
I added a TODO for now to use the Jackson-based AuthData when it's checked in.
…ion by calling it directly from the StartCopyHandler.
| if(true) { | ||
| logger.info("Exiting before copy, job: {}", job); | ||
| // TODO: Enable worker-based copying | ||
| logger.warn("Exiting before copy, job: {}", job); |
There was a problem hiding this comment.
Sorry if I missed this, could you explain why we cant enable this yet? iiuc, this causes us to skip the use of PortabilityCopier below right?
There was a problem hiding this comment.
Done. It was mostly for debugging easily.
Encrypted Flow related major fixes #3