Artifact Encryption plug point (#1202)
* added ArtifactEncryption interface, injected it into SM creation UI module, added encryption metadata key generation upon SM creation, used encryptor during file upload Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * add default artifact encryption implementation based on gcm aes algorithm Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * changed ArtifactEncryptor interface to manage encryption secrets by itself Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * cleaned up stale code, fixed sonar Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * fixed software module encryption within transaction Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * added artifact encryption secrets store Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * extended ArtifactEncryption interface to allow decryption, secrets store provides removeSecret, added missing javadocs Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * intriduced DbArtifact interface, use EncryptionAwareDbArtifact for artifact decryption during download Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * introduced ArtifactEncryptionService to minimize duplications and unneccessary dependency injections Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * declared ArtifactEncryptionService as a bean Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * added persistant encryption flag to software module Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * further adptations for encryption flag persistence Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * added ArtifactEncryptionException, fixed encryption check in UI Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * added encryption error handling Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * added encrypted flag to DDI/DMF, adapted exception handling Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * adapted rest docs Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * Add test to verify artifact encryption is not given by default Signed-off-by: Florian Ruschbaschan <Florian.Ruschbaschan@bosch.io> * Add isEncrypted() to toString() of JpaSoftwareModule, fix typos Signed-off-by: Florian Ruschbaschan <Florian.Ruschbaschan@bosch.io> * Fix sql migration scripts Signed-off-by: Florian Ruschbaschan <Florian.Ruschbaschan@bosch.io> * Calculate encrypted artifact size by subtract encryption size overhead Signed-off-by: Florian Ruschbaschan <Florian.Ruschbaschan@bosch.io> * publish upload failed without waiting for interuption during UI file upload Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> * upgraded cron utils to 9.1.6 Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io> Co-authored-by: Florian Ruschbaschan <Florian.Ruschbaschan@bosch.io>
This commit is contained in:
@@ -35,6 +35,10 @@ public class DdiChunk {
|
||||
@NotNull
|
||||
private String name;
|
||||
|
||||
@JsonProperty("encrypted")
|
||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||
private Boolean encrypted;
|
||||
|
||||
@JsonProperty("artifacts")
|
||||
@JsonInclude(JsonInclude.Include.NON_NULL)
|
||||
private List<DdiArtifact> artifacts;
|
||||
@@ -56,16 +60,19 @@ public class DdiChunk {
|
||||
* of the artifact
|
||||
* @param name
|
||||
* of the artifact
|
||||
* @param encrypted
|
||||
* if artifacts are encrypted
|
||||
* @param artifacts
|
||||
* download information
|
||||
* @param metadata
|
||||
* optional as additional information for the target/device
|
||||
*/
|
||||
public DdiChunk(final String part, final String version, final String name, final List<DdiArtifact> artifacts,
|
||||
final List<DdiMetadata> metadata) {
|
||||
public DdiChunk(final String part, final String version, final String name, final Boolean encrypted,
|
||||
final List<DdiArtifact> artifacts, final List<DdiMetadata> metadata) {
|
||||
this.part = part;
|
||||
this.version = version;
|
||||
this.name = name;
|
||||
this.encrypted = encrypted;
|
||||
this.artifacts = artifacts;
|
||||
this.metadata = metadata;
|
||||
}
|
||||
@@ -82,6 +89,10 @@ public class DdiChunk {
|
||||
return name;
|
||||
}
|
||||
|
||||
public Boolean isEncrypted() {
|
||||
return encrypted;
|
||||
}
|
||||
|
||||
public List<DdiArtifact> getArtifacts() {
|
||||
if (artifacts == null) {
|
||||
return Collections.emptyList();
|
||||
|
||||
@@ -32,21 +32,21 @@ import io.qameta.allure.Story;
|
||||
@Story("Serializability of DDI api Models")
|
||||
public class DdiChunkTest {
|
||||
|
||||
private ObjectMapper mapper = new ObjectMapper();
|
||||
private final ObjectMapper mapper = new ObjectMapper();
|
||||
|
||||
@Test
|
||||
@Description("Verify the correct serialization and deserialization of the model")
|
||||
public void shouldSerializeAndDeserializeObject() throws IOException {
|
||||
// Setup
|
||||
String part = "1234";
|
||||
String version = "1.0";
|
||||
String name = "Dummy-Artifact";
|
||||
List<DdiArtifact> dummyArtifacts = Collections.emptyList();
|
||||
DdiChunk ddiChunk = new DdiChunk(part, version, name, dummyArtifacts, null);
|
||||
final String part = "1234";
|
||||
final String version = "1.0";
|
||||
final String name = "Dummy-Artifact";
|
||||
final List<DdiArtifact> dummyArtifacts = Collections.emptyList();
|
||||
final DdiChunk ddiChunk = new DdiChunk(part, version, name, null, dummyArtifacts, null);
|
||||
|
||||
// Test
|
||||
String serializedDdiChunk = mapper.writeValueAsString(ddiChunk);
|
||||
DdiChunk deserializedDdiChunk = mapper.readValue(serializedDdiChunk, DdiChunk.class);
|
||||
final String serializedDdiChunk = mapper.writeValueAsString(ddiChunk);
|
||||
final DdiChunk deserializedDdiChunk = mapper.readValue(serializedDdiChunk, DdiChunk.class);
|
||||
|
||||
assertThat(serializedDdiChunk).contains(part, version, name);
|
||||
assertThat(deserializedDdiChunk.getPart()).isEqualTo(part);
|
||||
@@ -59,10 +59,10 @@ public class DdiChunkTest {
|
||||
@Description("Verify the correct deserialization of a model with a additional unknown property")
|
||||
public void shouldDeserializeObjectWithUnknownProperty() throws IOException {
|
||||
// Setup
|
||||
String serializedDdiChunk = "{\"part\":\"1234\",\"version\":\"1.0\",\"name\":\"Dummy-Artifact\",\"artifacts\":[],\"unknownProperty\":\"test\"}";
|
||||
final String serializedDdiChunk = "{\"part\":\"1234\",\"version\":\"1.0\",\"name\":\"Dummy-Artifact\",\"artifacts\":[],\"unknownProperty\":\"test\"}";
|
||||
|
||||
// Test
|
||||
DdiChunk ddiChunk = mapper.readValue(serializedDdiChunk, DdiChunk.class);
|
||||
final DdiChunk ddiChunk = mapper.readValue(serializedDdiChunk, DdiChunk.class);
|
||||
|
||||
assertThat(ddiChunk.getPart()).isEqualTo("1234");
|
||||
assertThat(ddiChunk.getVersion()).isEqualTo("1.0");
|
||||
@@ -74,10 +74,10 @@ public class DdiChunkTest {
|
||||
@Description("Verify that deserialization fails for known properties with a wrong datatype")
|
||||
public void shouldFailForObjectWithWrongDataTypes() throws IOException {
|
||||
// Setup
|
||||
String serializedDdiChunk = "{\"part\":[\"1234\"],\"version\":\"1.0\",\"name\":\"Dummy-Artifact\",\"artifacts\":[]}";
|
||||
final String serializedDdiChunk = "{\"part\":[\"1234\"],\"version\":\"1.0\",\"name\":\"Dummy-Artifact\",\"artifacts\":[]}";
|
||||
|
||||
// Test
|
||||
assertThatExceptionOfType(MismatchedInputException.class).isThrownBy(
|
||||
() -> mapper.readValue(serializedDdiChunk, DdiChunk.class));
|
||||
assertThatExceptionOfType(MismatchedInputException.class)
|
||||
.isThrownBy(() -> mapper.readValue(serializedDdiChunk, DdiChunk.class));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user