Java Code Examples for com.netflix.spinnaker.kork.secrets.EncryptedSecret#isEncryptedSecret()

The following examples show how to use com.netflix.spinnaker.kork.secrets.EncryptedSecret#isEncryptedSecret() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: LocalFileConverter.java    From halyard with Apache License 2.0 6 votes vote down vote up 
@Override
public String convert(String value) {
  if (EncryptedSecret.isEncryptedSecret(value) || isConfigServerResource(value)) {
    return value;
  }

  if (GlobalApplicationOptions.getInstance().isUseRemoteDaemon()) {
    try {
      return FileUtil.readAsString(new File(value));
    } catch (IOException e) {
      throw new HalException(
          Problem.Severity.FATAL,
          "Was passed parameter " + value + " to unreadable file: " + e.getMessage());
    }
  }
  return new File(value).getAbsolutePath();
}
Example 2
Source File: DecryptingObjectMapper.java    From halyard with Apache License 2.0 6 votes vote down vote up 
protected StdScalarSerializer<Object> getSecretSerializer() {
  return new StdScalarSerializer<Object>(String.class, false) {
    @Override
    public void serialize(Object value, JsonGenerator gen, SerializerProvider provider)
        throws IOException {
      if (value != null) {
        String sValue = value.toString();
        if (EncryptedSecret.isEncryptedSecret(sValue)) {
          gen.writeString(secretSessionManager.decrypt(sValue));
        } else {
          gen.writeString(sValue);
        }
      }
    }
  };
}
Example 3
Source File: DecryptingObjectMapper.java    From halyard with Apache License 2.0 6 votes vote down vote up 
protected StdScalarSerializer<Object> getSecretFileSerializer(
    BeanPropertyWriter beanPropertyWriter, SecretFile annotation, boolean shouldDecrypt) {
  return new StdScalarSerializer<Object>(String.class, false) {
    @Override
    public void serialize(Object value, JsonGenerator gen, SerializerProvider provider)
        throws IOException {
      if (value != null) {
        String sValue = value.toString();
        if (!EncryptedSecret.isEncryptedSecret(sValue) && !isURL(sValue)) {
          // metadataUrl is either a URL or a filepath, so only add prefix if it's a path
          sValue = annotation.prefix() + sValue;
        }
        if (EncryptedSecret.isEncryptedSecret(sValue) && shouldDecrypt) {
          // Decrypt the content of the file and store on the profile under a random
          // generated file name
          String name = newRandomFilePath(beanPropertyWriter.getName());
          byte[] bytes = secretSessionManager.decryptAsBytes(sValue);
          profile.getDecryptedFiles().put(name, bytes);
          sValue = annotation.prefix() + getCompleteFilePath(name);
        }
        gen.writeString(sValue);
      }
    }
  };
}
Example 4
Source File: Node.java    From halyard with Apache License 2.0 5 votes vote down vote up 
private boolean isSecretFile(Field field) {
  if (field.getDeclaredAnnotation(SecretFile.class) != null) {
    try {
      field.setAccessible(true);
      String val = (String) field.get(this);
      return EncryptedSecret.isEncryptedSecret(val);
    } catch (IllegalAccessException e) {
      return false;
    }
  }
  return false;
}
Example 5
Source File: FileService.java    From halyard with Apache License 2.0 5 votes vote down vote up 
/**
 * Returns an absolute file path in the local file system resolved by this file reference,
 * retrieving the file from external systems if necessary.
 *
 * @param fileReference a file reference can be a secret, a config server resource or a path in
 *     the local file system.
 * @return an absolute path to the file, or null if the reference cannot be resolved to a local
 *     path.
 */
public Path getLocalFilePath(String fileReference) {
  if (StringUtils.isEmpty(fileReference)) {
    return null;
  }
  if (CloudConfigResourceService.isCloudConfigResource(fileReference)) {
    return Paths.get(cloudConfigResourceService.getLocalPath(fileReference));
  }
  if (EncryptedSecret.isEncryptedSecret(fileReference)) {
    return Paths.get(secretSessionManager.decryptAsFile(fileReference));
  }

  return absolutePath(fileReference);
}
Example 6
Source File: FileService.java    From halyard with Apache License 2.0 5 votes vote down vote up 
/**
 * Return the contents of a file as a byte array.
 *
 * @param fileReference a file reference can be a secret, a config server resource or a path in
 *     the local file system.
 * @return file contents as bytes.
 */
public byte[] getFileContentBytes(String fileReference) throws IOException {
  if (CloudConfigResourceService.isCloudConfigResource(fileReference)) {
    String localPath = cloudConfigResourceService.getLocalPath(fileReference);
    return configFileService.getContents(localPath).getBytes();
  }
  if (EncryptedSecret.isEncryptedSecret(fileReference)) {
    return secretSessionManager.decryptAsBytes(fileReference);
  }

  return readFromLocalFilesystem(fileReference);
}
Example 7
Source File: BindingsSecretDecrypter.java    From halyard with Apache License 2.0 5 votes vote down vote up 
public String trackSecretFile(Profile profile, Path outputDir, String value, String fieldName) {
  if (!EncryptedSecret.isEncryptedSecret(value)) {
    return value;
  }
  String decryptedFilename = newRandomFileName(fieldName);
  profile.getDecryptedFiles().put(decryptedFilename, secretSessionManager.decryptAsBytes(value));
  return outputDir.resolve(decryptedFilename).toString();
}
Example 8
Source File: ApachePassphraseProfileFactory.java    From halyard with Apache License 2.0 5 votes vote down vote up 
@Override
protected Map<String, Object> getBindings(
    DeploymentConfiguration deploymentConfiguration,
    Profile profile,
    SpinnakerRuntimeSettings endpoints) {
  Map<String, Object> bindings = new HashMap<>();
  ApacheSsl ssl = deploymentConfiguration.getSecurity().getUiSecurity().getSsl();
  if (EncryptedSecret.isEncryptedSecret(ssl.getSslCertificatePassphrase())
      && !supportsSecretDecryption(deploymentConfiguration.getName())) {
    bindings.put("passphrase", secretSessionManager.decrypt(ssl.getSslCertificatePassphrase()));
  } else {
    bindings.put("passphrase", ssl.getSslCertificatePassphrase());
  }
  return bindings;
}
Example 9
Source File: SecretSessionManager.java    From halyard with Apache License 2.0 3 votes vote down vote up 
/**
 * Takes an encrypted string or path to an encrypted file, calls SecretManager to decrypt the
 * contents and return the path to the decrypted temporary file.
 *
 * <p>Format for Encrypted Secrets:
 *
 * <p>encrypted:&lt;engine-identifier&gt;!&lt;param-name_1&gt;:&lt;param-value_1&gt;!..!&lt;param-name_n&gt;:&lt;param-value_n&gt;
 *
 * <p>Note: Valid param-names match the regex: `[a-zA-Z0-9]+` Note: secret-params may contain ':'
 * Note: `encrypted` cannot be a param-name Note: There must be at least one
 * &lt;param-name&gt;:&lt;param-value&gt; pair Named parameters are used to allow for adding
 * additional options in the future.
 *
 * @param filePath the encrypted string in the format above defined by EncryptedSecret
 * @return path to the decrypted temporary file
 */
public String decryptAsFile(String filePath) {
  if (!EncryptedSecret.isEncryptedSecret(filePath)) {
    return filePath;
  }

  SecretSession session = getSession();
  Path decryptedFilePath = session.decryptAsFile(filePath);

  if (decryptedFilePath != null) {
    return decryptedFilePath.toString();
  } else {
    return null;
  }
}