diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-11-01 16:22:21 +0100 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-11-01 16:25:31 +0100 |
commit | 32c0d9eb1cce9fdf97137617f32c011fa7851363 (patch) | |
tree | 949e69a85da5645dc3761e239fff4a55b7e82724 /vespaclient-java/src/main | |
parent | 2e0be2e608099793b98bb008ca14c3d60595b64f (diff) |
Add simple token info dumping tool
Dumps key version, ID and HPKE components
Diffstat (limited to 'vespaclient-java/src/main')
3 files changed, 67 insertions, 3 deletions
diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/Main.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/Main.java index 7ca98e4b9ba..11bd8815d77 100644 --- a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/Main.java +++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/Main.java @@ -4,6 +4,7 @@ package com.yahoo.vespa.security.tool; import com.yahoo.vespa.security.tool.crypto.DecryptTool; import com.yahoo.vespa.security.tool.crypto.EncryptTool; import com.yahoo.vespa.security.tool.crypto.KeygenTool; +import com.yahoo.vespa.security.tool.crypto.TokenInfoTool; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLineParser; import org.apache.commons.cli.DefaultParser; @@ -44,7 +45,7 @@ public class Main { } private static final List<Tool> TOOLS = List.of( - new KeygenTool(), new EncryptTool(), new DecryptTool()); + new KeygenTool(), new EncryptTool(), new DecryptTool(), new TokenInfoTool()); private static Optional<Tool> toolFromCliArgs(String[] args) { if (args.length == 0) { diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/KeygenTool.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/KeygenTool.java index a0b9cce710b..d7885dc6455 100644 --- a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/KeygenTool.java +++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/KeygenTool.java @@ -64,8 +64,14 @@ public class KeygenTool implements Tool { OPTIONS); } - private void handleExistingFileIfAny(Path filePath, boolean allowOverwrite) throws IOException { - if (filePath.toFile().exists()) { + private static void verifyNotSameKeyPaths(Path privPath, Path pubPath) { + if (privPath.equals(pubPath)) { + throw new IllegalArgumentException("Private and public key output files must be different"); + } + } + + private static void handleExistingFileIfAny(Path filePath, boolean allowOverwrite) throws IOException { + if (Files.exists(filePath)) { if (!allowOverwrite) { throw new IllegalArgumentException(("Output file '%s' already exists. No keys written. " + "If you want to overwrite existing files, specify --%s.") @@ -83,6 +89,7 @@ public class KeygenTool implements Tool { var arguments = invocation.arguments(); var privOutPath = Paths.get(CliUtils.optionOrThrow(arguments, PRIVATE_OUT_FILE_OPTION)); var pubOutPath = Paths.get(CliUtils.optionOrThrow(arguments, PUBLIC_OUT_FILE_OPTION)); + verifyNotSameKeyPaths(privOutPath, pubOutPath); boolean allowOverwrite = arguments.hasOption(OVERWRITE_EXISTING_OPTION); handleExistingFileIfAny(privOutPath, allowOverwrite); diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/TokenInfoTool.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/TokenInfoTool.java new file mode 100644 index 00000000000..dc597e9301f --- /dev/null +++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/TokenInfoTool.java @@ -0,0 +1,56 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.vespa.security.tool.crypto; + +import com.yahoo.security.SealedSharedKey; +import com.yahoo.text.StringUtilities; +import com.yahoo.vespa.security.tool.Tool; +import com.yahoo.vespa.security.tool.ToolDescription; +import com.yahoo.vespa.security.tool.ToolInvocation; +import org.apache.commons.cli.Option; + +import java.util.List; + +import static com.yahoo.security.ArrayUtils.fromUtf8Bytes; +import static com.yahoo.security.ArrayUtils.hex; + +/** + * Tooling to dump the various components of a decryption token + * + * @author vekterli + */ +public class TokenInfoTool implements Tool { + + private static final List<Option> OPTIONS = List.of(); + + @Override + public String name() { + return "token-info"; + } + + @Override + public ToolDescription description() { + return new ToolDescription( + "<token string>", + "Dumps information about the various components of a token", + "Note: this is a BETA tool version; its interface may be changed at any time", + OPTIONS); + } + + @Override + public int invoke(ToolInvocation invocation) { + var arguments = invocation.arguments(); + var leftoverArgs = arguments.getArgs(); + if (leftoverArgs.length != 1) { + throw new IllegalArgumentException("Expected exactly 1 token string argument"); + } + var token = SealedSharedKey.fromTokenString(leftoverArgs[0]); + var stdOut = invocation.stdOut(); + + stdOut.format("Version: %d\n", token.tokenVersion()); + stdOut.format("Key ID: %s (%s)\n", StringUtilities.escape(fromUtf8Bytes(token.keyId())), hex(token.keyId())); + stdOut.format("HPKE enc: %s\n", hex(token.enc())); + stdOut.format("HPKE ciphertext: %s\n", hex(token.ciphertext())); + + return 0; + } +} |