Removed Encrypted Property Type and added Vault instead

This commit is contained in:
Luca Frosini 2023-02-27 15:30:11 +01:00
parent ddf162460a
commit a896d1fdc0
8 changed files with 213 additions and 81 deletions

View File

@ -10,6 +10,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
- Enabled array properties [#24225]
- Using delete in propagation contraint as action indication for delete operation [#24301]
- Fixed default value of propagation constraint of remove action for ConsistsOf to 'cascade' [#24223]
- Removed Encrypted Property Type and added Vault instead [#24655]
- Enhanced gcube-smartgears-bom version

View File

@ -75,6 +75,10 @@
<groupId>org.gcube.common</groupId>
<artifactId>gxHTTP</artifactId>
</dependency>
<dependency>
<groupId>org.gcube.core</groupId>
<artifactId>common-encryption</artifactId>
</dependency>
<!-- Jersey -->
<dependency>
<groupId>javax.ws.rs</groupId>

View File

@ -7,13 +7,13 @@ import java.util.Set;
import org.gcube.com.fasterxml.jackson.databind.JsonNode;
import org.gcube.com.fasterxml.jackson.databind.ObjectMapper;
import org.gcube.com.fasterxml.jackson.databind.node.ObjectNode;
import org.gcube.common.encryption.encrypter.StringEncrypter;
import org.gcube.informationsystem.base.reference.AccessType;
import org.gcube.informationsystem.base.reference.Element;
import org.gcube.informationsystem.base.reference.properties.PropertyElement;
import org.gcube.informationsystem.model.impl.properties.EncryptedImpl;
import org.gcube.informationsystem.model.reference.properties.Encrypted;
import org.gcube.informationsystem.model.reference.properties.Header;
import org.gcube.informationsystem.model.reference.properties.Property;
import org.gcube.informationsystem.model.reference.properties.Vault;
import org.gcube.informationsystem.resourceregistry.api.exceptions.ResourceRegistryException;
import org.gcube.informationsystem.resourceregistry.api.exceptions.types.SchemaException;
import org.gcube.informationsystem.resourceregistry.api.exceptions.types.SchemaNotFoundException;
@ -23,6 +23,7 @@ import org.gcube.informationsystem.resourceregistry.types.CachedType;
import org.gcube.informationsystem.resourceregistry.types.TypesCache;
import org.gcube.informationsystem.resourceregistry.utils.EncryptedOrient;
import org.gcube.informationsystem.resourceregistry.utils.HeaderUtility;
import org.gcube.informationsystem.resourceregistry.utils.VaultOrient;
import org.gcube.informationsystem.types.reference.properties.PropertyType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -89,7 +90,7 @@ public class PropertyElementManagement {
* Resource Registry must decrypt the value with the Context Key and Encrypt it with DB key.
* The opposite operation is done when the value is read by clients.
*/
if(oClass.isSubClassOf(Encrypted.NAME)) {
if(oClass.isSubClassOf(EncryptedOrient.NAME)) {
EncryptedOrient encrypted = new EncryptedOrient();
oDocument = encrypted;
oDocument.fromJSON(jsonNode.toString());
@ -97,11 +98,29 @@ public class PropertyElementManagement {
String contextEncryptedValue = encrypted.getEncryptedValue();
// Decrypting with Context Key (default key)
String decryptedValue = EncryptedImpl.decrypt(contextEncryptedValue);
String decryptedValue = StringEncrypter.getEncrypter().decrypt(contextEncryptedValue);
encrypted.setDecryptedValue(decryptedValue, false);
} catch(Exception e) {
throw new ResourceRegistryException("Unable to manage "+Encrypted.NAME+" "+org.gcube.informationsystem.model.reference.properties.Property.NAME);
throw new ResourceRegistryException("Unable to manage " + EncryptedOrient.NAME + " " + org.gcube.informationsystem.model.reference.properties.Property.NAME);
}
return oDocument;
}
if(oClass.isSubClassOf(Vault.NAME)) {
VaultOrient vault = new VaultOrient();
oDocument = vault;
oDocument.fromJSON(jsonNode.toString());
try {
String contextEncryptedValue = vault.getValue();
// Decrypting with Context Key (default key)
String decryptedValue = StringEncrypter.getEncrypter().decrypt(contextEncryptedValue);
vault.setDecryptedValue(decryptedValue, false);
} catch(Exception e) {
throw new ResourceRegistryException("Unable to manage " + Vault.NAME + " " + org.gcube.informationsystem.model.reference.properties.Property.NAME);
}
return oDocument;
}
@ -141,17 +160,16 @@ public class PropertyElementManagement {
* The opposite operation is done when the value is set from clients.
* see {@link PropertyManagement#getPropertyDocument(JsonNode) getPropertyDocument()}
*/
if(oClass.isSubClassOf(Encrypted.NAME)) {
if(oClass.isSubClassOf(EncryptedOrient.NAME)) {
try {
EncryptedOrient encrypted = null;
String encryptedValue = (String) oDocument.getProperty(Encrypted.VALUE);
String encryptedValue = (String) oDocument.getProperty(EncryptedOrient.VALUE);
if(oDocument instanceof EncryptedOrient) {
encrypted = (EncryptedOrient) oDocument;
if(encrypted.getDbEncryptedValue().compareTo(encryptedValue)==0) {
// encrypted.setEncryptedValue(encrypted.getContextEncryptedValue());
((ObjectNode) jsonNode).put(Encrypted.VALUE, encrypted.getContextEncryptedValue());
((ObjectNode) jsonNode).put(EncryptedOrient.VALUE, encrypted.getContextEncryptedValue());
}
}else {
encrypted = new EncryptedOrient();
@ -159,20 +177,49 @@ public class PropertyElementManagement {
// Decrypting with DB Key
Key databaseKey = DatabaseEnvironment.getDatabaseKey();
String decryptedValue = EncryptedImpl.decrypt(encryptedValue, databaseKey);
// encrypted.setDecryptedValue(decryptedValue, true);
String decryptedValue = StringEncrypter.getEncrypter().decrypt(encryptedValue, databaseKey);
// Encrypting with Context Key (default key)
String contextEncryptedValue = EncryptedImpl.encrypt(decryptedValue);
String contextEncryptedValue = StringEncrypter.getEncrypter().encrypt(decryptedValue);
// Setting the value encrypted with DB key
//encrypted.setEncryptedValue(contextEncryptedValue);
((ObjectNode) jsonNode).put(Encrypted.VALUE, contextEncryptedValue);
((ObjectNode) jsonNode).put(EncryptedOrient.VALUE, contextEncryptedValue);
}
}catch (Exception e) {
throw new ResourceRegistryException("Errror while managing " + Encrypted.NAME+ " "+ Property.NAME, e);
throw new ResourceRegistryException("Errror while managing " + EncryptedOrient.NAME+ " "+ Property.NAME, e);
}
}
if(oClass.isSubClassOf(Vault.NAME)) {
try {
VaultOrient vaultOrient = null;
String encryptedValue = (String) oDocument.getProperty(Vault.VALUE);
if(oDocument instanceof VaultOrient) {
vaultOrient = (VaultOrient) oDocument;
if(vaultOrient.getDbEncryptedValue().compareTo(encryptedValue)==0) {
((ObjectNode) jsonNode).put(Vault.VALUE, vaultOrient.getContextEncryptedValue());
}
}else {
vaultOrient = new VaultOrient();
oDocument = (ODocument) vaultOrient;
// Decrypting with DB Key
Key databaseKey = DatabaseEnvironment.getDatabaseKey();
String decryptedValue = StringEncrypter.getEncrypter().decrypt(encryptedValue, databaseKey);
// Encrypting with Context Key (default key)
String contextEncryptedValue = StringEncrypter.getEncrypter().encrypt(decryptedValue);
// Setting the value encrypted with DB key
((ObjectNode) jsonNode).put(Vault.VALUE, contextEncryptedValue);
}
}catch (Exception e) {
throw new ResourceRegistryException("Errror while managing " + EncryptedOrient.NAME+ " "+ Property.NAME, e);
}
}

View File

@ -1,10 +1,8 @@
package org.gcube.informationsystem.resourceregistry.utils;
import java.security.Key;
import java.util.Map;
import org.gcube.informationsystem.model.impl.properties.EncryptedImpl;
import org.gcube.informationsystem.model.reference.properties.Encrypted;
import org.gcube.common.encryption.encrypter.StringEncrypter;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import com.orientechnologies.orient.core.record.impl.ODocument;
@ -12,28 +10,29 @@ import com.orientechnologies.orient.core.record.impl.ODocument;
/**
* @author Luca Frosini (ISTI - CNR)
*/
public class EncryptedOrient extends ODocument implements org.gcube.informationsystem.model.reference.properties.Encrypted {
public class EncryptedOrient extends ODocument {
public static final String NAME = "Encrypted";
public static final String VALUE = "value";
protected String decryptedValue;
protected String dbEncryptedValue;
protected String contextEncryptedValue;
public EncryptedOrient() {
super(Encrypted.NAME);
super(EncryptedOrient.NAME);
}
protected EncryptedOrient(String iClassName) {
super(iClassName);
}
@Override
public String getEncryptedValue() {
return this.field(Encrypted.VALUE);
return this.field(EncryptedOrient.VALUE);
}
@Override
public void setEncryptedValue(String encryptedValue) {
this.field(Encrypted.VALUE, encryptedValue);
this.field(EncryptedOrient.VALUE, encryptedValue);
}
@Override
@ -59,10 +58,10 @@ public class EncryptedOrient extends ODocument implements org.gcube.informations
// Encrypting with DB Key
Key databaseKey = DatabaseEnvironment.getDatabaseKey();
this.dbEncryptedValue = EncryptedImpl.encrypt(decryptedValue, databaseKey);
this.dbEncryptedValue = StringEncrypter.getEncrypter().encrypt(decryptedValue, databaseKey);
// Encrypting with Context Key (default key)
this.contextEncryptedValue = EncryptedImpl.encrypt(decryptedValue);
this.contextEncryptedValue = StringEncrypter.getEncrypter().encrypt(decryptedValue);
if(setEncryptedForContext) {
@ -73,27 +72,4 @@ public class EncryptedOrient extends ODocument implements org.gcube.informations
}
@Override
public Map<String, Object> getAdditionalProperties() {
// TODO Auto-generated method stub
return null;
}
@Override
public void setAdditionalProperties(Map<String, Object> additionalProperties) {
// TODO Auto-generated method stub
}
@Override
public Object getAdditionalProperty(String key) {
// TODO Auto-generated method stub
return null;
}
@Override
public void setAdditionalProperty(String key, Object value) {
// TODO Auto-generated method stub
}
}

View File

@ -0,0 +1,96 @@
package org.gcube.informationsystem.resourceregistry.utils;
import java.security.Key;
import java.util.Map;
import org.gcube.common.encryption.encrypter.StringEncrypter;
import org.gcube.informationsystem.model.reference.properties.Vault;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import com.orientechnologies.orient.core.record.impl.ODocument;
/**
* @author Luca Frosini (ISTI - CNR)
*/
public class VaultOrient extends ODocument implements org.gcube.informationsystem.model.reference.properties.Vault {
protected String decryptedValue;
protected String dbEncryptedValue;
protected String contextEncryptedValue;
public VaultOrient() {
super(Vault.NAME);
}
protected VaultOrient(String iClassName) {
super(iClassName);
}
@Override
public String getValue() {
return this.field(Vault.VALUE);
}
@Override
public void setValue(String value) {
this.field(Vault.VALUE, value);
}
@Override
public String toJSON(String iFormat) {
return super.toJSON(iFormat);
}
public String getDecryptedValue() {
return decryptedValue;
}
public String getDbEncryptedValue() {
return dbEncryptedValue;
}
public String getContextEncryptedValue() {
return contextEncryptedValue;
}
public void setDecryptedValue(String decryptedValue, boolean setEncryptedForContext) throws Exception {
this.decryptedValue = decryptedValue;
// Encrypting with DB Key
Key databaseKey = DatabaseEnvironment.getDatabaseKey();
this.dbEncryptedValue = StringEncrypter.getEncrypter().encrypt(decryptedValue, databaseKey);
// Encrypting with Context Key (default key)
this.contextEncryptedValue = StringEncrypter.getEncrypter().encrypt(decryptedValue);
if(setEncryptedForContext) {
setValue(contextEncryptedValue);
}else {
setValue(dbEncryptedValue);
}
}
@Override
public Map<String, Object> getAdditionalProperties() {
return null;
}
@Override
public void setAdditionalProperties(Map<String, Object> additionalProperties) {
}
@Override
public Object getAdditionalProperty(String key) {
return null;
}
@Override
public void setAdditionalProperty(String key, Object value) {
}
}

View File

@ -12,19 +12,20 @@ import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.gcube.common.encryption.encrypter.StringEncrypter;
import org.gcube.informationsystem.base.reference.Element;
import org.gcube.informationsystem.base.reference.IdentifiableElement;
import org.gcube.informationsystem.model.impl.properties.EncryptedImpl;
import org.gcube.informationsystem.model.impl.properties.PropagationConstraintImpl;
import org.gcube.informationsystem.model.impl.properties.VaultImpl;
import org.gcube.informationsystem.model.impl.relations.ConsistsOfImpl;
import org.gcube.informationsystem.model.reference.entities.Facet;
import org.gcube.informationsystem.model.reference.entities.Resource;
import org.gcube.informationsystem.model.reference.properties.Encrypted;
import org.gcube.informationsystem.model.reference.properties.Header;
import org.gcube.informationsystem.model.reference.properties.PropagationConstraint;
import org.gcube.informationsystem.model.reference.properties.PropagationConstraint.AddConstraint;
import org.gcube.informationsystem.model.reference.properties.PropagationConstraint.DeleteConstraint;
import org.gcube.informationsystem.model.reference.properties.PropagationConstraint.RemoveConstraint;
import org.gcube.informationsystem.model.reference.properties.Vault;
import org.gcube.informationsystem.model.reference.relations.ConsistsOf;
import org.gcube.informationsystem.model.reference.relations.IsRelatedTo;
import org.gcube.informationsystem.resourceregistry.ContextTest;
@ -569,12 +570,12 @@ public class ERManagementTest extends ContextTest {
String additionlaPropertyValue = "MyTest";
accessPointFacet.setAdditionalProperty(additionlaPropertyKey, additionlaPropertyValue);
Encrypted encrypted = new EncryptedImpl();
Vault vault = new VaultImpl();
String plainValue = "Encrypted";
String encryptedValue = EncryptedImpl.encrypt(plainValue);
encrypted.setEncryptedValue(encryptedValue);
String encryptedValue = StringEncrypter.getEncrypter().encrypt(plainValue);
vault.setValue(encryptedValue);
String encryptedKey = "Enc";
accessPointFacet.setAdditionalProperty(encryptedKey, encrypted);
accessPointFacet.setAdditionalProperty(encryptedKey, vault);
configuration.addFacet(accessPointFacet);
@ -586,11 +587,11 @@ public class ERManagementTest extends ContextTest {
AccessPointFacet apf = configuration.getFacets(AccessPointFacet.class).get(0);
Assert.assertTrue(apf.getAuthorization() instanceof ValueSchema);
Assert.assertTrue(apf.getAdditionalProperty(encryptedKey) instanceof Encrypted);
Encrypted enc = (Encrypted) apf.getAdditionalProperty(encryptedKey);
String encValue = enc.getEncryptedValue();
Assert.assertTrue(apf.getAdditionalProperty(encryptedKey) instanceof Vault);
Vault vlt = (Vault) apf.getAdditionalProperty(encryptedKey);
String encValue = vlt.getValue();
Assert.assertTrue(encValue.compareTo(encryptedValue) == 0);
String decryptedValue = EncryptedImpl.decrypt(encValue);
String decryptedValue = StringEncrypter.getEncrypter().decrypt(encValue);
Assert.assertTrue(decryptedValue.compareTo(plainValue) == 0);
Assert.assertTrue(((String) apf.getAdditionalProperty(additionlaPropertyKey)).compareTo(additionlaPropertyValue) == 0);

View File

@ -2,8 +2,9 @@ package org.gcube.informationsystem.resourceregistry.instances;
import java.security.Key;
import org.gcube.informationsystem.model.impl.properties.EncryptedImpl;
import org.gcube.informationsystem.model.reference.properties.Encrypted;
import org.gcube.common.encryption.encrypter.StringEncrypter;
import org.gcube.informationsystem.model.impl.properties.VaultImpl;
import org.gcube.informationsystem.model.reference.properties.Vault;
import org.gcube.informationsystem.resourceregistry.dbinitialization.DatabaseEnvironment;
import org.gcube.informationsystem.resourceregistry.instances.model.entities.ResourceManagement;
import org.gcube.informationsystem.serialization.ElementMapper;
@ -20,32 +21,38 @@ public class EncryptionTest extends ERManagementTest {
public static final String PLAIN_VALUE = "plain-value";
// @Test
// public void decryptPwd() throws Exception {
// String pwd = StringEncrypter.getEncrypter().decrypt("");
// Assert.assertTrue(true);
// }
@Test
public void test() throws Exception {
Encrypted encrypted = new EncryptedImpl();
String contextEncryptedValue = EncryptedImpl.encrypt(PLAIN_VALUE);
encrypted.setEncryptedValue(contextEncryptedValue);
Vault vault = new VaultImpl();
String contextEncryptedValue = StringEncrypter.getEncrypter().encrypt(PLAIN_VALUE);
vault.setValue(contextEncryptedValue);
String getContextEncryptedValue = encrypted.getEncryptedValue();
String getContextEncryptedValue = vault.getValue();
Assert.assertTrue(getContextEncryptedValue.compareTo(getContextEncryptedValue)==0);
// Decrypting with Context Key (default key)
String decryptedValue = EncryptedImpl.decrypt(contextEncryptedValue);
String decryptedValue = StringEncrypter.getEncrypter().decrypt(contextEncryptedValue);
Assert.assertTrue(decryptedValue.compareTo(PLAIN_VALUE)==0);
// Encrypting with DB Key
Key databaseKey = DatabaseEnvironment.getDatabaseKey();
String dbEncryptedValue = EncryptedImpl.encrypt(decryptedValue, databaseKey);
String dbEncryptedValue = StringEncrypter.getEncrypter().encrypt(decryptedValue, databaseKey);
// Setting the value encrypted with DB key
encrypted.setEncryptedValue(dbEncryptedValue);
vault.setValue(dbEncryptedValue);
String getDBEncryptedValue = encrypted.getEncryptedValue();
String getDBEncryptedValue = vault.getValue();
Assert.assertTrue(getDBEncryptedValue.compareTo(dbEncryptedValue)==0);
decryptedValue = EncryptedImpl.decrypt(getDBEncryptedValue, databaseKey);
decryptedValue = StringEncrypter.getEncrypter().decrypt(getDBEncryptedValue, databaseKey);
Assert.assertTrue(decryptedValue.compareTo(PLAIN_VALUE)==0);
}
@ -62,11 +69,11 @@ public class EncryptionTest extends ERManagementTest {
cpuFacet.setClockSpeed("1 GHz");
cpuFacet.setModel("Opteron");
cpuFacet.setVendor("AMD");
Encrypted encrypted = new EncryptedImpl();
String encryptedValue = EncryptedImpl.encrypt(PLAIN_VALUE);
encrypted.setEncryptedValue(encryptedValue);
Vault vault = new VaultImpl();
String encryptedValue = StringEncrypter.getEncrypter().encrypt(PLAIN_VALUE);
vault.setValue(encryptedValue);
String additionalKey = "test";
cpuFacet.setAdditionalProperty(additionalKey, encrypted);
cpuFacet.setAdditionalProperty(additionalKey, vault);
configuration.addFacet(cpuFacet);
ResourceManagement resourceManagement = new ResourceManagement();
@ -79,9 +86,9 @@ public class EncryptionTest extends ERManagementTest {
Configuration createdConfiguration = ElementMapper.unmarshal(Configuration.class, configurationJsonString);
CPUFacet readCpuFacet = createdConfiguration.getFacets(CPUFacet.class).get(0);
String gotEncryptedValue = ((Encrypted) readCpuFacet.getAdditionalProperty(additionalKey)).getEncryptedValue();
String gotEncryptedValue = ((Vault) readCpuFacet.getAdditionalProperty(additionalKey)).getValue();
Assert.assertTrue(gotEncryptedValue.compareTo(encryptedValue) == 0);
String gotPlainValue = EncryptedImpl.decrypt(gotEncryptedValue);
String gotPlainValue = StringEncrypter.getEncrypter().decrypt(gotEncryptedValue);
Assert.assertTrue(gotPlainValue.compareTo(PLAIN_VALUE) == 0);
resourceManagement.delete();

View File

@ -13,10 +13,10 @@ import org.gcube.informationsystem.contexts.reference.entities.Context;
import org.gcube.informationsystem.model.reference.entities.Entity;
import org.gcube.informationsystem.model.reference.entities.Facet;
import org.gcube.informationsystem.model.reference.entities.Resource;
import org.gcube.informationsystem.model.reference.properties.Encrypted;
import org.gcube.informationsystem.model.reference.properties.Header;
import org.gcube.informationsystem.model.reference.properties.PropagationConstraint;
import org.gcube.informationsystem.model.reference.properties.Property;
import org.gcube.informationsystem.model.reference.properties.Vault;
import org.gcube.informationsystem.model.reference.relations.ConsistsOf;
import org.gcube.informationsystem.model.reference.relations.IsRelatedTo;
import org.gcube.informationsystem.model.reference.relations.Relation;
@ -243,8 +243,8 @@ public class SchemaManagementImplTest extends ContextTest {
}
@Test(expected=SchemaAlreadyPresentException.class)
public void createEncryptedType() throws Exception {
create(Encrypted.class);
public void createVaultType() throws Exception {
create(Vault.class);
}
@Test(expected=SchemaAlreadyPresentException.class)