Artifact Encryption plug point (#1202)
* added ArtifactEncryption interface, injected it into SM creation UI module, added encryption metadata key generation upon SM creation, used encryptor during file upload Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * add default artifact encryption implementation based on gcm aes algorithm Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * changed ArtifactEncryptor interface to manage encryption secrets by itself Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * cleaned up stale code, fixed sonar Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * fixed software module encryption within transaction Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * added artifact encryption secrets store Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * extended ArtifactEncryption interface to allow decryption, secrets store provides removeSecret, added missing javadocs Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * intriduced DbArtifact interface, use EncryptionAwareDbArtifact for artifact decryption during download Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * introduced ArtifactEncryptionService to minimize duplications and unneccessary dependency injections Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * declared ArtifactEncryptionService as a bean Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * added persistant encryption flag to software module Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * further adptations for encryption flag persistence Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * added ArtifactEncryptionException, fixed encryption check in UI Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * added encryption error handling Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * added encrypted flag to DDI/DMF, adapted exception handling Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * adapted rest docs Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * Add test to verify artifact encryption is not given by default Signed-off-by: Florian Ruschbaschan <Florian.Ruschbaschan@bosch.io> * Add isEncrypted() to toString() of JpaSoftwareModule, fix typos Signed-off-by: Florian Ruschbaschan <Florian.Ruschbaschan@bosch.io> * Fix sql migration scripts Signed-off-by: Florian Ruschbaschan <Florian.Ruschbaschan@bosch.io> * Calculate encrypted artifact size by subtract encryption size overhead Signed-off-by: Florian Ruschbaschan <Florian.Ruschbaschan@bosch.io> * publish upload failed without waiting for interuption during UI file upload Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * upgraded cron utils to 9.1.6 Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> Co-authored-by: Florian Ruschbaschan <Florian.Ruschbaschan@bosch.io>
This commit is contained in:
@@ -8,15 +8,13 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.artifact.repository.model;
|
||||
|
||||
import java.io.InputStream;
|
||||
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
* Database representation of artifact.
|
||||
*
|
||||
*/
|
||||
public abstract class AbstractDbArtifact {
|
||||
public abstract class AbstractDbArtifact implements DbArtifact {
|
||||
|
||||
private final String artifactId;
|
||||
private final long size;
|
||||
@@ -34,46 +32,33 @@ public abstract class AbstractDbArtifact {
|
||||
this.contentType = contentType;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return ID of the artifact
|
||||
*/
|
||||
@Override
|
||||
public String getArtifactId() {
|
||||
return artifactId;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return hashes of the artifact
|
||||
*/
|
||||
@Override
|
||||
public DbArtifactHash getHashes() {
|
||||
return hashes;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set hashes of the artifact
|
||||
*
|
||||
* @param hashes
|
||||
* artifact hashes
|
||||
*/
|
||||
public void setHashes(final DbArtifactHash hashes) {
|
||||
this.hashes = hashes;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return site of the artifact in bytes
|
||||
*/
|
||||
@Override
|
||||
public long getSize() {
|
||||
return size;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return content-type if known by the repository or <code>null</code>
|
||||
*/
|
||||
@Override
|
||||
public String getContentType() {
|
||||
return contentType;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates an {@link InputStream} on this artifact. Caller has to take care of
|
||||
* closing the stream. Repeatable calls open a new {@link InputStream}.
|
||||
*
|
||||
* @return {@link InputStream} to read from artifact.
|
||||
*/
|
||||
public abstract InputStream getFileInputStream();
|
||||
}
|
||||
|
||||
@@ -0,0 +1,45 @@
|
||||
/**
|
||||
* Copyright (c) 2021 Bosch.IO GmbH and others.
|
||||
*
|
||||
* All rights reserved. This program and the accompanying materials
|
||||
* are made available under the terms of the Eclipse Public License v1.0
|
||||
* which accompanies this distribution, and is available at
|
||||
* http://www.eclipse.org/legal/epl-v10.html
|
||||
*/
|
||||
package org.eclipse.hawkbit.artifact.repository.model;
|
||||
|
||||
import java.io.InputStream;
|
||||
|
||||
/**
|
||||
* Interface definition for artifact binary.
|
||||
*/
|
||||
public interface DbArtifact {
|
||||
|
||||
/**
|
||||
* @return ID of the artifact
|
||||
*/
|
||||
String getArtifactId();
|
||||
|
||||
/**
|
||||
* @return hashes of the artifact
|
||||
*/
|
||||
DbArtifactHash getHashes();
|
||||
|
||||
/**
|
||||
* @return size of the artifact in bytes
|
||||
*/
|
||||
long getSize();
|
||||
|
||||
/**
|
||||
* @return content-type if known by the repository or <code>null</code>
|
||||
*/
|
||||
String getContentType();
|
||||
|
||||
/**
|
||||
* Creates an {@link InputStream} on this artifact. Caller has to take care of
|
||||
* closing the stream. Repeatable calls open a new {@link InputStream}.
|
||||
*
|
||||
* @return {@link InputStream} to read from artifact.
|
||||
*/
|
||||
InputStream getFileInputStream();
|
||||
}
|
||||
@@ -97,6 +97,18 @@ public enum SpServerError {
|
||||
SP_ARTIFACT_UPLOAD_FAILED("hawkbit.server.error.artifact.uploadFailed",
|
||||
"Upload of artifact failed with internal server error."),
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
SP_ARTIFACT_ENCRYPTION_NOT_SUPPORTED("hawkbit.server.error.artifact.encryptionNotSupported",
|
||||
"Artifact encryption is not supported."),
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
SP_ARTIFACT_ENCRYPTION_FAILED("hawkbit.server.error.artifact.encryptionFailed",
|
||||
"Artifact encryption operation failed."),
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
@@ -161,15 +173,15 @@ public enum SpServerError {
|
||||
"Storage quota will be exceeded if file is uploaded."),
|
||||
|
||||
/**
|
||||
* error message, which describes that the action can not be canceled cause the
|
||||
* action is inactive.
|
||||
* error message, which describes that the action can not be canceled cause
|
||||
* the action is inactive.
|
||||
*/
|
||||
SP_ACTION_NOT_CANCELABLE("hawkbit.server.error.action.notcancelable",
|
||||
"Only active actions which are in status pending are cancelable."),
|
||||
|
||||
/**
|
||||
* error message, which describes that the action can not be force quit cause
|
||||
* the action is inactive.
|
||||
* error message, which describes that the action can not be force quit
|
||||
* cause the action is inactive.
|
||||
*/
|
||||
SP_ACTION_NOT_FORCE_QUITABLE("hawkbit.server.error.action.notforcequitable",
|
||||
"Only active actions which are in status pending can be force quit."),
|
||||
@@ -250,7 +262,8 @@ public enum SpServerError {
|
||||
"Information for schedule, duration or timezone is missing; or there is no valid maintenance window available in future."),
|
||||
|
||||
/**
|
||||
* Error message informing that the action type for auto-assignment is invalid.
|
||||
* Error message informing that the action type for auto-assignment is
|
||||
* invalid.
|
||||
*/
|
||||
SP_AUTO_ASSIGN_ACTION_TYPE_INVALID("hawkbit.server.error.repo.invalidAutoAssignActionType",
|
||||
"The given action type for auto-assignment is invalid: allowed values are ['forced', 'soft', 'downloadonly']"),
|
||||
|
||||
Reference in New Issue
Block a user