Skip to content

Commit

Permalink
Merge pull request #141 from scality/improvement/OSIS-147-stop-osis-f…
Browse files Browse the repository at this point in the history
…ailure-on-decryption

Improvement: osis 147 stop osis failure on decryption
  • Loading branch information
anurag4DSB authored May 22, 2024
2 parents ea5000f + 4e97906 commit 357f00e
Show file tree
Hide file tree
Showing 3 changed files with 33 additions and 8 deletions.
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
buildscript {
ext {
osisVersion = '2.2.2'
osisVersion = '2.2.3'
vaultclientVersion = '1.1.2'
springBootVersion = '2.7.6'
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1406,14 +1406,19 @@ private String retrieveSecretKey(String repoKey) throws Exception {
String secretKey = null;

if (repoVal != null) {
try {
// Using `repoKey` for Associated Data during decryption
secretKey = cipherFactory.getCipherByID(repoVal.getKeyID())
.decrypt(repoVal,
cipherFactory.getSecretCipherKeyByID(repoVal.getKeyID()),
repoKey);

// Using `repoKey` for Associated Data during encryption
secretKey = cipherFactory.getCipherByID(repoVal.getKeyID())
.decrypt(repoVal,
cipherFactory.getSecretCipherKeyByID(repoVal.getKeyID()),
repoKey);

logger.debug("[Cache] Retrieve Secret Key successful");
logger.debug("[Cache] Retrieve Secret Key successful");
} catch (Exception e) {
logger.error("Error: Unable to decrypt secret key data for Redis key: {}. Error details: {}", repoKey, e.getMessage());
logger.debug("Full stack trace:", e);
deleteSecretKey(repoKey);
}
}
return secretKey;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,10 @@
import org.mockito.stubbing.Answer;
import org.springframework.http.HttpStatus;

import javax.crypto.AEADBadTagException;
import java.util.Collections;
import java.util.Date;
import java.util.List;

import static com.scality.osis.utils.ScalityConstants.*;
import static com.scality.osis.utils.ScalityTestUtils.*;
Expand Down Expand Up @@ -451,6 +453,15 @@ void testGetS3CredentialWithNullTenantIdAndUserId() {
assertTrue(result.getActive());
}

@Test
void testGetS3CredentialsKeyPresentInRedisUnableToDecrypt() throws Exception {
when(baseCipherMock.decrypt(any(), any(), any())).thenThrow(new AEADBadTagException("Decryption failed"));
final OsisS3Credential result = scalityOsisServiceUnderTest.getS3Credential(SAMPLE_TENANT_ID, TEST_USER_ID, TEST_ACCESS_KEY);
// When decryption fails, the API call should succeed, and we should return the result with secret key listed as
// "Not Available"
assertEquals("Not Available", result.getSecretKey());
}

@Test
void testListS3Credentials() {
// Setup
Expand Down Expand Up @@ -526,6 +537,15 @@ void testListS3CredentialsWithNoKeyOnRedis() {

}

@Test
void testListS3CredentialsKeyPresentInRedisUnableToDecrypt() throws Exception {
when(baseCipherMock.decrypt(any(), any(), any())).thenThrow(new AEADBadTagException("Decryption failed"));
final List<OsisS3Credential> result = scalityOsisServiceUnderTest.listS3Credentials(TEST_TENANT_ID,
TEST_USER_ID, 0L, 1000L).getItems();
// When decryption fails, the API call should succeed, and we should get a new access key in the result
assertEquals(2, result.size());
}

@Test
void testListS3CredentialsErr() {
// Setup
Expand Down

0 comments on commit 357f00e

Please sign in to comment.