/*
* Copyright 2015 herd contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.finra.herd.dao.credstash;
import java.util.Map;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient;
import com.amazonaws.services.kms.AWSKMSClient;
import com.jessecoyle.CredStashBouncyCastleCrypto;
import com.jessecoyle.JCredStash;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* A wrapper class for the JCredStash library
*/
public class JCredStashWrapper implements CredStash
{
private static final Logger LOGGER = LoggerFactory.getLogger(JCredStashWrapper.class);
private JCredStash credstash;
/**
* Constructor for the JCredStashWrapper
*
* @param region the aws region location of the KMS Client
* @param tableName name of the credentials table
* @param clientConfiguration the AWS client configuration
*/
public JCredStashWrapper(String region, String tableName, ClientConfiguration clientConfiguration)
{
AWSCredentialsProvider provider = new DefaultAWSCredentialsProviderChain();
AmazonDynamoDBClient ddb = new AmazonDynamoDBClient(provider, clientConfiguration).withRegion(Regions.fromName(region));
AWSKMSClient kms = new AWSKMSClient(provider, clientConfiguration).withRegion(Regions.fromName(region));
credstash = new JCredStash(tableName, ddb, kms, new CredStashBouncyCastleCrypto());
}
/**
* @param name Base name of the credential to retrieve
* @param context key value map
*
* @return The plaintext contents of the credential (most recent version)
* @throws Exception the runtime exception if the credential is not found
*/
public String getCredential(String name, Map<String, String> context) throws Exception
{
String credential = null;
try
{
credential = credstash.getSecret(name, context);
LOGGER.info("Retrieved contents of " + name);
}
catch (RuntimeException e)
{
// Credential not found
LOGGER.error("Credential " + name + " not found. ", e);
}
return credential;
}
}