This repository has been archived by the owner on Jan 12, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add command to add/rotate JWT secrets (#139)
- Loading branch information
1 parent
957a0cf
commit 2d95dda
Showing
11 changed files
with
361 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
src/main/java/com/nike/cerberus/command/core/AddJwtSecretCommand.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| /* | ||
| * Copyright (c) 2019 Nike, Inc. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package com.nike.cerberus.command.core; | ||
|
|
||
| import com.beust.jcommander.Parameter; | ||
| import com.beust.jcommander.Parameters; | ||
| import com.nike.cerberus.command.Command; | ||
| import com.nike.cerberus.operation.Operation; | ||
| import com.nike.cerberus.operation.core.AddJwtSecretOperation; | ||
|
|
||
| import static com.nike.cerberus.command.core.AddJwtSecretCommand.COMMAND_NAME; | ||
|
|
||
| /** | ||
| * Command for add/rotate JWT secret for CMS | ||
| */ | ||
| @Parameters(commandNames = COMMAND_NAME, commandDescription = "Add/rotate JWT secret for CMS") | ||
| public class AddJwtSecretCommand implements Command { | ||
|
|
||
| public static final String COMMAND_NAME = "add-jwt-secret"; | ||
| public static final String ACTIVATION_DELAY_LONG_ARG = "--activation-delay"; | ||
|
|
||
| @Override | ||
| public String getCommandName() { | ||
| return COMMAND_NAME; | ||
| } | ||
|
|
||
| @Parameter(names = ACTIVATION_DELAY_LONG_ARG, description = "delay in second before the secret can be used to sign JWT") | ||
| private long activationDelay = 5 * 60; | ||
|
|
||
| public long getActivationDelay() { | ||
| return activationDelay; | ||
| } | ||
|
|
||
| @Override | ||
| public Class<? extends Operation<?>> getOperationClass() { | ||
| return AddJwtSecretOperation.class; | ||
| } | ||
| } |
69 changes: 69 additions & 0 deletions
69
src/main/java/com/nike/cerberus/domain/environment/JwtSecret.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| /* | ||
| * Copyright (c) 2019 Nike, Inc. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package com.nike.cerberus.domain.environment; | ||
|
|
||
| public class JwtSecret { | ||
| private String id; | ||
|
|
||
| private String secret; | ||
|
|
||
| private String algorithm; | ||
|
|
||
| private long effectiveTs; | ||
|
|
||
| private long createdTs; | ||
|
|
||
| public String getId() { | ||
| return id; | ||
| } | ||
|
|
||
| public void setId(String id) { | ||
| this.id = id; | ||
| } | ||
|
|
||
| public String getSecret() { | ||
| return secret; | ||
| } | ||
|
|
||
| public void setSecret(String secret) { | ||
| this.secret = secret; | ||
| } | ||
|
|
||
| public long getEffectiveTs() { | ||
| return effectiveTs; | ||
| } | ||
|
|
||
| public void setEffectiveTs(long effectiveTs) { | ||
| this.effectiveTs = effectiveTs; | ||
| } | ||
|
|
||
| public long getCreatedTs() { | ||
| return createdTs; | ||
| } | ||
|
|
||
| public void setCreatedTs(long createdTs) { | ||
| this.createdTs = createdTs; | ||
| } | ||
|
|
||
| public String getAlgorithm() { | ||
| return algorithm; | ||
| } | ||
|
|
||
| public void setAlgorithm(String algorithm) { | ||
| this.algorithm = algorithm; | ||
| } | ||
| } |
32 changes: 32 additions & 0 deletions
32
src/main/java/com/nike/cerberus/domain/environment/JwtSecretData.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| /* | ||
| * Copyright (c) 2019 Nike, Inc. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package com.nike.cerberus.domain.environment; | ||
|
|
||
| import java.util.LinkedList; | ||
|
|
||
|
|
||
| public class JwtSecretData { | ||
| private LinkedList<JwtSecret> jwtSecrets = new LinkedList<>(); | ||
|
|
||
| public LinkedList<JwtSecret> getJwtSecrets() { | ||
| return jwtSecrets; | ||
| } | ||
|
|
||
| public void setJwtSecrets(LinkedList<JwtSecret> jwtSecrets) { | ||
| this.jwtSecrets = jwtSecrets; | ||
| } | ||
| } |
54 changes: 54 additions & 0 deletions
54
src/main/java/com/nike/cerberus/operation/core/AddJwtSecretOperation.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,54 @@ | ||
| /* | ||
| * Copyright (c) 2019 Nike, Inc. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package com.nike.cerberus.operation.core; | ||
|
|
||
| import com.nike.cerberus.command.core.AddJwtSecretCommand; | ||
| import com.nike.cerberus.operation.Operation; | ||
| import com.nike.cerberus.store.ConfigStore; | ||
| import org.slf4j.Logger; | ||
| import org.slf4j.LoggerFactory; | ||
|
|
||
| import javax.inject.Inject; | ||
|
|
||
| /** | ||
| * Operation for add/rotate JWT secrets. | ||
| */ | ||
| public class AddJwtSecretOperation implements Operation<AddJwtSecretCommand> { | ||
|
|
||
|
|
||
| private final Logger logger = LoggerFactory.getLogger(getClass()); | ||
|
|
||
| private final ConfigStore configStore; | ||
|
|
||
| @Inject | ||
| public AddJwtSecretOperation(ConfigStore configStore) { | ||
|
|
||
| this.configStore = configStore; | ||
| } | ||
|
|
||
| @Override | ||
| public void run(AddJwtSecretCommand command) { | ||
| long activationDelay = command.getActivationDelay(); | ||
| configStore.addJwtKey(activationDelay); | ||
|
|
||
| } | ||
|
|
||
| @Override | ||
| public boolean isRunnable(AddJwtSecretCommand command) { | ||
| return true; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| /* | ||
| * Copyright (c) 2019 Nike, Inc. | ||
| * | ||
| * Licensed under the Apache License, Version 2.0 (the "License"); | ||
| * you may not use this file except in compliance with the License. | ||
| * You may obtain a copy of the License at | ||
| * | ||
| * http://www.apache.org/licenses/LICENSE-2.0 | ||
| * | ||
| * Unless required by applicable law or agreed to in writing, software | ||
| * distributed under the License is distributed on an "AS IS" BASIS, | ||
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| * See the License for the specific language governing permissions and | ||
| * limitations under the License. | ||
| */ | ||
|
|
||
| package com.nike.cerberus.service; | ||
|
|
||
| import javax.crypto.SecretKey; | ||
| import java.security.NoSuchAlgorithmException; | ||
|
|
||
| /** | ||
| * Generate a key | ||
| */ | ||
| public class KeyGenerator { | ||
| public static final String HMACSHA512 = "HmacSHA512"; | ||
|
|
||
|
|
||
| public SecretKey generateKey(String algorithm) { | ||
| javax.crypto.KeyGenerator gen; | ||
| try { | ||
| gen = javax.crypto.KeyGenerator.getInstance(algorithm); | ||
| return gen.generateKey(); | ||
| } catch (NoSuchAlgorithmException e) { | ||
| throw new IllegalStateException("The " + algorithm + " algorithm is not available."); | ||
| } | ||
| } | ||
| } |
Oops, something went wrong.