private void setupStandardMocks() throws Exception { Map<String, List<String>> externalGroups = new HashMap<>(); externalGroups.put( EzSecurityConstant.EZ_INTERNAL_PROJECT, Lists.newArrayList(EzSecurityConstant.EZ_INTERNAL_ADMIN_GROUP)); EzSecurityPrincipal principal = new EzSecurityPrincipal(); principal.setPrincipal(POC).setName(POC); expect( mockPool.getClient( InternalNameServiceConstants.SERVICE_NAME, InternalNameService.Client.class)) .andReturn(insClientMock) .anyTimes(); expect( mockPool.getClient( EzSecurityRegistrationConstants.SERVICE_NAME, EzSecurityRegistration.Client.class)) .andReturn(regClientMock) .anyTimes(); expect(mockPool.getSecurityId(EzSecurityRegistrationConstants.SERVICE_NAME)) .andReturn("") .anyTimes(); expect(mockPool.getSecurityId(EzDeployServiceConstants.SERVICE_NAME)).andReturn("").anyTimes(); expect(securityClientMock.fetchTokenForProxiedUser()).andReturn(ezTokenMock).anyTimes(); expect(securityClientMock.fetchTokenForProxiedUser("")).andReturn(ezTokenMock).anyTimes(); expect(insClientMock.getAppById("48454c4c4f-20-574f524c44", ezTokenMock)) .andReturn(getApplication()); expect(ezTokenMock.getExternalProjectGroups()).andReturn(externalGroups).anyTimes(); expect(ezTokenMock.getTokenPrincipal()).andReturn(principal).anyTimes(); mockPool.returnToPool(insClientMock); expectLastCall().anyTimes(); mockPool.returnToPool(regClientMock); expectLastCall().anyTimes(); }
protected Optional<SecureMessage> decrypt(String topic, SecureMessage message) throws IOException { RSAKeyCrypto crypto = topicKeys.get(topic); Optional<SecureMessage> decryptedPayload = Optional.absent(); try { if (message.isSetKey()) { if (crypto != null && crypto.hasPrivate()) { Visibility visibility = message.getVisibility(); EzSecurityTokenWrapper token = security.fetchAppToken(); if (PermissionUtils.getPermissions(token.getAuthorizations(), visibility, true) .contains(Permission.READ)) { // Decrypt the symmetric key byte[] symmetricKey = crypto.decrypt(message.getKey()); // Use the symmetric key to decrypt the message SecretKey key = new SecretKeySpec(symmetricKey, ALGO); Cipher cipher = Cipher.getInstance(ALGO); cipher.init(Cipher.DECRYPT_MODE, key); decryptedPayload = Optional.of( new SecureMessage( visibility, ByteBuffer.wrap(cipher.doFinal(message.getContent())))); } else { log.warn( "Pipeline is not authorized to read message with visibility of {}, dropping message.", visibility); } } else { String error = "No private key found for broadcaster topic [" + topic + "]. Cannot decrypt messages. Please re-initialize the broadcaster with a private key to receive messages."; log.error(error); throw new RuntimeException(error); } } else { log.debug("Message was not encrypted, or no key was set"); } } catch (IllegalBlockSizeException | InvalidKeyException | BadPaddingException e) { log.error("Encryption not set up properly, this error is fatal.", e); throw new RuntimeException(e); } catch (BadArgumentException e) { log.error( String.format( "Visibility string %s not valid, message cannot be decrypted.", message.getVisibility().getFormalVisibility()), e); throw new IOException(e); } catch (NoSuchAlgorithmException e) { log.error("Incorrect algorithm used to initialize crypto", e); throw new RuntimeException(e); } catch (NoSuchPaddingException e) { log.error("Incorrect padding used to initialize crypto", e); throw new RuntimeException(e); } catch (PKeyCryptoException e) { log.error("Invalid crypto object", e); throw new RuntimeException(e); } catch (EzSecurityTokenException e) { log.error("Could not retrieve token from security service", e); throw new RuntimeException(e); } return decryptedPayload; }