private void setupStandardMocks() throws Exception {
Map<String, List<String>> externalGroups = new HashMap<>();
externalGroups.put(
EzSecurityConstant.EZ_INTERNAL_PROJECT,
Lists.newArrayList(EzSecurityConstant.EZ_INTERNAL_ADMIN_GROUP));
EzSecurityPrincipal principal = new EzSecurityPrincipal();
principal.setPrincipal(POC).setName(POC);
expect(
mockPool.getClient(
InternalNameServiceConstants.SERVICE_NAME, InternalNameService.Client.class))
.andReturn(insClientMock)
.anyTimes();
expect(
mockPool.getClient(
EzSecurityRegistrationConstants.SERVICE_NAME, EzSecurityRegistration.Client.class))
.andReturn(regClientMock)
.anyTimes();
expect(mockPool.getSecurityId(EzSecurityRegistrationConstants.SERVICE_NAME))
.andReturn("")
.anyTimes();
expect(mockPool.getSecurityId(EzDeployServiceConstants.SERVICE_NAME)).andReturn("").anyTimes();
expect(securityClientMock.fetchTokenForProxiedUser()).andReturn(ezTokenMock).anyTimes();
expect(securityClientMock.fetchTokenForProxiedUser("")).andReturn(ezTokenMock).anyTimes();
expect(insClientMock.getAppById("48454c4c4f-20-574f524c44", ezTokenMock))
.andReturn(getApplication());
expect(ezTokenMock.getExternalProjectGroups()).andReturn(externalGroups).anyTimes();
expect(ezTokenMock.getTokenPrincipal()).andReturn(principal).anyTimes();
mockPool.returnToPool(insClientMock);
expectLastCall().anyTimes();
mockPool.returnToPool(regClientMock);
expectLastCall().anyTimes();
}
protected Optional<SecureMessage> decrypt(String topic, SecureMessage message)
throws IOException {
RSAKeyCrypto crypto = topicKeys.get(topic);
Optional<SecureMessage> decryptedPayload = Optional.absent();
try {
if (message.isSetKey()) {
if (crypto != null && crypto.hasPrivate()) {
Visibility visibility = message.getVisibility();
EzSecurityTokenWrapper token = security.fetchAppToken();
if (PermissionUtils.getPermissions(token.getAuthorizations(), visibility, true)
.contains(Permission.READ)) {
// Decrypt the symmetric key
byte[] symmetricKey = crypto.decrypt(message.getKey());
// Use the symmetric key to decrypt the message
SecretKey key = new SecretKeySpec(symmetricKey, ALGO);
Cipher cipher = Cipher.getInstance(ALGO);
cipher.init(Cipher.DECRYPT_MODE, key);
decryptedPayload =
Optional.of(
new SecureMessage(
visibility, ByteBuffer.wrap(cipher.doFinal(message.getContent()))));
} else {
log.warn(
"Pipeline is not authorized to read message with visibility of {}, dropping message.",
visibility);
}
} else {
String error =
"No private key found for broadcaster topic ["
+ topic
+ "]. Cannot decrypt messages. Please re-initialize the broadcaster with a private key to receive messages.";
log.error(error);
throw new RuntimeException(error);
}
} else {
log.debug("Message was not encrypted, or no key was set");
}
} catch (IllegalBlockSizeException | InvalidKeyException | BadPaddingException e) {
log.error("Encryption not set up properly, this error is fatal.", e);
throw new RuntimeException(e);
} catch (BadArgumentException e) {
log.error(
String.format(
"Visibility string %s not valid, message cannot be decrypted.",
message.getVisibility().getFormalVisibility()),
e);
throw new IOException(e);
} catch (NoSuchAlgorithmException e) {
log.error("Incorrect algorithm used to initialize crypto", e);
throw new RuntimeException(e);
} catch (NoSuchPaddingException e) {
log.error("Incorrect padding used to initialize crypto", e);
throw new RuntimeException(e);
} catch (PKeyCryptoException e) {
log.error("Invalid crypto object", e);
throw new RuntimeException(e);
} catch (EzSecurityTokenException e) {
log.error("Could not retrieve token from security service", e);
throw new RuntimeException(e);
}
return decryptedPayload;
}
