diff options
author | gjoranv <gjoranv@gmail.com> | 2024-03-08 18:10:26 +0100 |
---|---|---|
committer | gjoranv <gjoranv@gmail.com> | 2024-03-08 18:23:50 +0100 |
commit | a2dd8f0379bddb6cb0b61b9c245ae1b3940873d3 (patch) | |
tree | 3ef66f5387391195f1ad43cd2f673e99d523616c /container-disc | |
parent | a5660e570173fa11e7a52583e0b1202eddac516f (diff) |
Move typed secret store interface to open source.
Diffstat (limited to 'container-disc')
4 files changed, 123 insertions, 0 deletions
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Key.java b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Key.java new file mode 100644 index 00000000000..3de482b9cc6 --- /dev/null +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Key.java @@ -0,0 +1,41 @@ +package com.yahoo.container.jdisc.secret; + +import java.util.Objects; + +public class Key { + + private final String keyGroup; + private final String keyName; + + public Key(String keyGroup, String keyName) { + this.keyGroup = keyGroup; + this.keyName = keyName; + } + + public String keyGroup() { + return keyGroup; + } + + public String keyName() { + return keyName; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + Key that = (Key) o; + if ( ! (that.keyGroup.equals(keyGroup))) return false; + if ( ! (that.keyName.equals(keyName))) return false; + return true; + } + + @Override + public int hashCode() { + return Objects.hash(keyGroup, keyName); + } + + @Override + public String toString() { return "key group: " + keyGroup + ", key name: " + keyName; } + +} diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Secret.java b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Secret.java new file mode 100644 index 00000000000..fef0ba804eb --- /dev/null +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Secret.java @@ -0,0 +1,58 @@ +package com.yahoo.container.jdisc.secret; + +import com.yahoo.security.YBase64; +import com.yahoo.text.Utf8; + +import java.util.Arrays; +import java.util.Objects; + +public class Secret { + + private final Key key; + private final byte[] secret; + private final int version; + + public Secret(Key key, byte[] secret, int version) { + this.key = key; + this.secret = secret; + this.version = version; + } + + public String keyGroup() { + return key.keyGroup(); + } + + public String keyName() { + return key.keyName(); + } + + public byte[] secret() { + return secret; + } + + public String secretAsString() { return Utf8.toString(secret); } + + /** @return secret value for keys that are auto-rotated by CKMS */ + public byte[] secretAsYbase64Decoded() { return YBase64.decode(secret); } + + public int version() { + return version; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + Secret that = (Secret) o; + if ( ! (that.key.equals(key))) return false; + if ( ! (Arrays.equals(that.secret, secret))) return false; + if (that.version != (version)) return false; + return true; + } + + @Override + public int hashCode() { + return Objects.hash(key, version, Arrays.hashCode(secret)); + } + +} diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/secret/TypedSecretStore.java b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/TypedSecretStore.java new file mode 100644 index 00000000000..5bb00e836f5 --- /dev/null +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/TypedSecretStore.java @@ -0,0 +1,18 @@ +package com.yahoo.container.jdisc.secret; + +import com.yahoo.container.jdisc.secretstore.SecretStore; + +import java.util.List; + +public interface TypedSecretStore extends SecretStore { + + Secret getSecret(Key key); + + Secret getSecret(Key key, int version); + + /** Lists the existing versions of this secret (nonnegative integers) */ + default List<Secret> listSecretVersions(Key key) { + throw new UnsupportedOperationException("Secret store does not support listing versions"); + } + +} diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/secret/package-info.java b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/package-info.java new file mode 100644 index 00000000000..c80c6e66066 --- /dev/null +++ b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/package-info.java @@ -0,0 +1,6 @@ +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +@ExportPackage +package com.yahoo.container.jdisc.secret; + +import com.yahoo.osgi.annotation.ExportPackage; |