This repository has been archived by the owner on Nov 22, 2023. It is now read-only.
/
SecretController.java
160 lines (143 loc) · 5.44 KB
/
SecretController.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
/*
* Copyright (C) 2015 Square, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package keywhiz.service.daos;
import com.google.common.collect.ImmutableMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import keywhiz.api.model.SanitizedSecret;
import keywhiz.api.model.Secret;
import keywhiz.service.crypto.ContentCryptographer;
import keywhiz.service.crypto.SecretTransformer;
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
import static java.util.stream.Collectors.toList;
public class SecretController {
private final SecretTransformer transformer;
private final ContentCryptographer cryptographer;
private final SecretDAO secretDAO;
public SecretController(SecretTransformer transformer, ContentCryptographer cryptographer,
SecretDAO secretDAO) {
this.transformer = transformer;
this.cryptographer = cryptographer;
this.secretDAO = secretDAO;
}
/**
* @param secretId external secret series id to look up secrets by.
* @return Secret matching input parameters or Optional.absent().
*/
public Optional<Secret> getSecretByIdOne(long secretId) {
return secretDAO.getSecretByIdOne(secretId).map(transformer::transform);
}
/**
* @param name of secret series to look up secrets by.
* @return Secret matching input parameters or Optional.absent().
*/
public Optional<Secret> getSecretByNameOne(String name) {
return secretDAO.getSecretByNameOne(name).map(transformer::transform);
}
/** @return all existing sanitized secrets. */
public List<SanitizedSecret> getSanitizedSecrets() {
return secretDAO.getSecrets().stream()
.map(SanitizedSecret::fromSecretSeriesAndContent)
.collect(toList());
}
/** @return all existing sanitized secrets. */
public List<SanitizedSecret> getSecretsNameOnly() {
return secretDAO.getSecretsNameOnly()
.stream()
.map(s -> SanitizedSecret.of(s.getKey(), s.getValue()))
.collect(toList());
}
public SecretBuilder builder(String name, String secret, String creator, long expiry) {
checkArgument(!name.isEmpty());
checkArgument(!secret.isEmpty());
checkArgument(!creator.isEmpty());
String encryptedSecret = cryptographer.encryptionKeyDerivedFrom(name).encrypt(secret);
return new SecretBuilder(transformer, secretDAO, name, encryptedSecret, creator, expiry);
}
/** Builder to generate new secret series or versions with. */
public static class SecretBuilder {
private final SecretTransformer transformer;
private final SecretDAO secretDAO;
private final String name;
private final String encryptedSecret;
private final String creator;
private String description = "";
private Map<String, String> metadata = ImmutableMap.of();
private long expiry = 0;
private String type;
private Map<String, String> generationOptions = ImmutableMap.of();
/**
* @param transformer
* @param secretDAO
* @param name of secret series.
* @param encryptedSecret encrypted content of secret version
* @param creator username responsible for creating this secret version.
*/
private SecretBuilder(SecretTransformer transformer, SecretDAO secretDAO, String name, String encryptedSecret,
String creator, long expiry) {
this.transformer = transformer;
this.secretDAO = secretDAO;
this.name = name;
this.encryptedSecret = encryptedSecret;
this.creator = creator;
this.expiry = expiry;
}
/**
* Supply an optional description of the secret.
* @param description description of secret
* @return the builder
*/
public SecretBuilder withDescription(String description) {
this.description = checkNotNull(description);
return this;
}
/**
* Supply optional map of metadata properties for the secret.
* @param metadata metadata of secret
* @return the builder
*/
public SecretBuilder withMetadata(Map<String, String> metadata) {
this.metadata = checkNotNull(metadata);
return this;
}
/**
* Supply a secret type, otherwise the default '' is used.
* @param type type of secret
* @return the builder
*/
public SecretBuilder withType(String type) {
this.type = checkNotNull(type);
return this;
}
/**
* Finalizes creation of a new secret.
*
* @return an instance of the newly created secret.
*/
public Secret create() {
secretDAO.createSecret(name, encryptedSecret, creator, metadata, expiry, description, type,
generationOptions);
return transformer.transform(secretDAO.getSecretByNameOne(name).get());
}
public Secret createOrUpdate() {
secretDAO.createOrUpdateSecret(name, encryptedSecret, creator, metadata, expiry, description, type,
generationOptions);
return transformer.transform(secretDAO.getSecretByNameOne(name).get());
}
}
}