From a2dd8f0379bddb6cb0b61b9c245ae1b3940873d3 Mon Sep 17 00:00:00 2001
From: gjoranv <gjoranv@gmail.com>
Date: Fri, 8 Mar 2024 18:10:26 +0100
Subject: Move typed secret store interface to open source.

---
 .../java/com/yahoo/container/jdisc/secret/Key.java | 41 +++++++++++++++
 .../com/yahoo/container/jdisc/secret/Secret.java   | 58 ++++++++++++++++++++++
 .../container/jdisc/secret/TypedSecretStore.java   | 18 +++++++
 .../yahoo/container/jdisc/secret/package-info.java |  6 +++
 4 files changed, 123 insertions(+)
 create mode 100644 container-disc/src/main/java/com/yahoo/container/jdisc/secret/Key.java
 create mode 100644 container-disc/src/main/java/com/yahoo/container/jdisc/secret/Secret.java
 create mode 100644 container-disc/src/main/java/com/yahoo/container/jdisc/secret/TypedSecretStore.java
 create mode 100644 container-disc/src/main/java/com/yahoo/container/jdisc/secret/package-info.java

(limited to 'container-disc')

diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Key.java b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Key.java
new file mode 100644
index 00000000000..3de482b9cc6
--- /dev/null
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Key.java
@@ -0,0 +1,41 @@
+package com.yahoo.container.jdisc.secret;
+
+import java.util.Objects;
+
+public class Key {
+
+    private final String keyGroup;
+    private final String keyName;
+
+    public Key(String keyGroup, String keyName) {
+        this.keyGroup = keyGroup;
+        this.keyName = keyName;
+    }
+
+    public String keyGroup() {
+        return keyGroup;
+    }
+
+    public String keyName() {
+        return keyName;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        Key that = (Key) o;
+        if ( ! (that.keyGroup.equals(keyGroup))) return false;
+        if ( ! (that.keyName.equals(keyName))) return false;
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(keyGroup, keyName);
+    }
+
+    @Override
+    public String toString() { return "key group: " + keyGroup + ", key name: " + keyName; }
+
+}
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Secret.java b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Secret.java
new file mode 100644
index 00000000000..fef0ba804eb
--- /dev/null
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/Secret.java
@@ -0,0 +1,58 @@
+package com.yahoo.container.jdisc.secret;
+
+import com.yahoo.security.YBase64;
+import com.yahoo.text.Utf8;
+
+import java.util.Arrays;
+import java.util.Objects;
+
+public class Secret {
+
+    private final Key key;
+    private final byte[] secret;
+    private final int version;
+
+    public Secret(Key key, byte[] secret, int version) {
+        this.key = key;
+        this.secret = secret;
+        this.version = version;
+    }
+
+    public String keyGroup() {
+        return key.keyGroup();
+    }
+
+    public String keyName() {
+        return key.keyName();
+    }
+
+    public byte[] secret() {
+        return secret;
+    }
+
+    public String secretAsString() { return Utf8.toString(secret); }
+
+    /** @return secret value for keys that are auto-rotated by CKMS */
+    public byte[] secretAsYbase64Decoded() { return YBase64.decode(secret); }
+
+    public int version() {
+        return version;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        Secret that = (Secret) o;
+        if ( ! (that.key.equals(key))) return false;
+        if ( ! (Arrays.equals(that.secret, secret))) return false;
+        if (that.version != (version)) return false;
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(key, version, Arrays.hashCode(secret));
+    }
+
+}
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/secret/TypedSecretStore.java b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/TypedSecretStore.java
new file mode 100644
index 00000000000..5bb00e836f5
--- /dev/null
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/TypedSecretStore.java
@@ -0,0 +1,18 @@
+package com.yahoo.container.jdisc.secret;
+
+import com.yahoo.container.jdisc.secretstore.SecretStore;
+
+import java.util.List;
+
+public interface TypedSecretStore extends SecretStore {
+
+    Secret getSecret(Key key);
+
+    Secret getSecret(Key key, int version);
+
+    /** Lists the existing versions of this secret (nonnegative integers) */
+    default List<Secret> listSecretVersions(Key key) {
+        throw new UnsupportedOperationException("Secret store does not support listing versions");
+    }
+
+}
diff --git a/container-disc/src/main/java/com/yahoo/container/jdisc/secret/package-info.java b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/package-info.java
new file mode 100644
index 00000000000..c80c6e66066
--- /dev/null
+++ b/container-disc/src/main/java/com/yahoo/container/jdisc/secret/package-info.java
@@ -0,0 +1,6 @@
+// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+
+@ExportPackage
+package com.yahoo.container.jdisc.secret;
+
+import com.yahoo.osgi.annotation.ExportPackage;
-- 
cgit v1.2.3