Kms submodules

common/pom.xml

@@ -6,4 +6,34 @@
     <version>0.0.1-SNAPSHOT</version>
   </parent>
   <artifactId>common</artifactId>
+  <name>Common</name>
+  <description>General purpose utilities used across submodules</description>
+
+  <dependencies>
+    <dependency>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-api</artifactId>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-core</artifactId>
+        <scope>test</scope>
+    </dependency>
+    <dependency>
+        <groupId>org.apache.logging.log4j</groupId>
+        <artifactId>log4j-slf4j-impl</artifactId>
+        <scope>test</scope>
+    </dependency>   
+    <dependency>
+        <groupId>org.slf4j</groupId>
+        <artifactId>slf4j-api</artifactId>
+    </dependency>   
+    <dependency>
+        <groupId>junit</groupId>
+        <artifactId>junit</artifactId>
+        <scope>test</scope>
+    </dependency>
+  </dependencies>
+
 </project>

common/src/main/java/io/strimzi/kafka/topicenc/common/CryptoUtils.java

@@ -0,0 +1,82 @@
+/*
+ * Copyright Strimzi authors.
+ * License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html).
+ */
+package io.strimzi.kafka.topicenc.common;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.util.Base64;
+import java.util.Map;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Commonly general purpose cryptographic functions and definitions.
+ */
+public class CryptoUtils {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(CryptoUtils.class);
+
+    public static final String AES = "AES";
+    public static final String AES_GCM_PADDING = AES + "/GCM/PKCS5Padding";
+    public static final String AES256_GCM_NOPADDING = "AES_256/GCM/NoPadding";
+
+    /**
+     * Create an array of bytes with random bits, suitable for use as nonce or
+     * initialization vector.
+     *
+     * @param sizeBytes
+     * @return
+     */
+    public static byte[] createRandom(int numBytes) {
+        byte[] buf = new byte[numBytes];
+        new SecureRandom().nextBytes(buf);
+        return buf;
+    }
+
+    public static SecretKey generateKey(String algo, int keySize) throws NoSuchAlgorithmException {
+        KeyGenerator kgen = KeyGenerator.getInstance(algo);
+        kgen.init(keySize);
+        return kgen.generateKey();
+    }
+
+    public static SecretKey generateAesKey(int keySize) throws NoSuchAlgorithmException {
+        return generateKey(AES, keySize);
+    }
+
+    public static String base64Encode(SecretKey key) {
+        byte[] keyBuf = key.getEncoded();
+        return Base64.getEncoder().encodeToString(keyBuf);
+    }
+
+    public static SecretKey base64Decode(String key64) {
+        byte[] decodedKey = Base64.getDecoder().decode(key64);
+        // we assume AES
+        return createAesSecretKey(decodedKey);
+    }
+
+    public static SecretKey createAesSecretKey(byte[] decodedKey) {
+        return new SecretKeySpec(decodedKey, 0, decodedKey.length, AES);
+    }
+
+    public static void logCiphers() {
+        for (Provider provider : Security.getProviders()) {
+            LOGGER.debug("Cipher provider: {}", provider.getName());
+            for (Map.Entry<Object, Object> entry : provider.entrySet()) {
+                if (((String) entry.getValue()).contains("GCM")) {
+                    LOGGER.debug("key: [%s]  value: [%s]%n",
+                            entry.getKey(),
+                            entry.getValue());
+                }
+            }
+        }
+    }
+}

common/src/main/java/io/strimzi/kafka/topicenc/common/FileUtils.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright Strimzi authors. License: Apache License 2.0 (see the file LICENSE or
+ * http://apache.org/licenses/LICENSE-2.0.html).
+ */
+package io.strimzi.kafka.topicenc.common;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.nio.file.Paths;
+
+/**
+ * Common utility methods involving Files.
+ */
+public class FileUtils {
+
+    /**
+     * Returns a File instance for the filename, derived from the classpath.
+     * 
+     * @param hostObject the object whose classloader will be used to locate the
+     *                   file
+     * @param filename   the filename
+     * @return a File instance
+     * @throws IOException
+     * @throws URISyntaxException
+     */
+    public static File getFileFromClasspath(Object hostObject, String filename)
+            throws IOException, URISyntaxException {
+
+        URL url = hostObject.getClass().getClassLoader()
+                .getResource(filename);
+        if (url == null) {
+            throw new IOException("File not accessible from classpath: " + filename);
+        }
+        return Paths.get(url.toURI()).toFile();
+    }
+}

common/src/main/java/io/strimzi/kafka/topicenc/common/Strings.java

@@ -1,4 +1,4 @@
-//*
+/*
  * Copyright Strimzi authors. License: Apache License 2.0 (see the file LICENSE or
  * http://apache.org/licenses/LICENSE-2.0.html).
  */

common/src/test/java/io/strimzi/kafka/topicenc/common/CryptoUtilsTest.java

@@ -0,0 +1,52 @@
+package io.strimzi.kafka.topicenc.common;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.SecretKey;
+
+import org.junit.Test;
+
+public class CryptoUtilsTest {
+
+    /**
+     * Simply exercise the random number generation with different sizes.
+     */
+    @Test
+    public void testRandomNumGen() {
+        testRng(1);
+        testRng(10);
+        testRng(100);
+        testRng(1000);
+    }
+
+    /**
+     * Exercise base 64 encoding, decoding by round-tripping: AES key -> base 64 ->
+     * AES key.
+     */
+    @Test
+    public void testEncoding() {
+        SecretKey key;
+        try {
+            key = getTestKey();
+        } catch (Exception e) {
+            fail("Error retrieving test key: " + e.toString());
+            return;
+        }
+        String key64 = CryptoUtils.base64Encode(key);
+        SecretKey keyCopy = CryptoUtils.base64Decode(key64);
+
+        assertEquals("keys are not equal.", key, keyCopy);
+    }
+
+    private SecretKey getTestKey() throws NoSuchAlgorithmException {
+        return CryptoUtils.generateAesKey(256);
+    }
+
+    private void testRng(int bufLen) {
+        byte[] random = CryptoUtils.createRandom(bufLen);
+        assertEquals("createRandom returned buffer of unexpected length", random.length, bufLen);
+    }
+}

encmod/pom.xml

@@ -11,10 +11,39 @@
   <description>desc</description>
 
   <dependencies>
+	<dependency>
+	  <groupId>io.strimzi</groupId>
+	  <artifactId>common</artifactId>
+	  <version>${project.version}</version>
+	</dependency>
+	<dependency>
+	  <groupId>io.strimzi</groupId>
+	  <artifactId>kms</artifactId>
+	  <version>${project.version}</version>
+	</dependency>
+	<dependency>
+	  <groupId>io.strimzi</groupId>
+	  <artifactId>kms-test</artifactId>
+	  <version>${project.version}</version>
+	</dependency>
+	<dependency>
+	  <groupId>io.strimzi</groupId>
+	  <artifactId>kms-vault</artifactId>
+	  <version>${project.version}</version>
+	</dependency>
+	<dependency>
+	  <groupId>io.strimzi</groupId>
+	  <artifactId>kms-keyprotect</artifactId>
+	  <version>${project.version}</version>
+	</dependency>
   	<dependency>
   		<groupId>org.apache.kafka</groupId>
   		<artifactId>kafka-clients</artifactId>
   	</dependency>
+    <dependency>
+        <groupId>com.jayway.jsonpath</groupId>
+        <artifactId>json-path</artifactId>
+	</dependency>
     <dependency>
         <groupId>org.apache.logging.log4j</groupId>
         <artifactId>log4j-api</artifactId>
@@ -43,6 +72,18 @@
         <groupId>com.github.spotbugs</groupId>
         <artifactId>spotbugs-annotations</artifactId>
     </dependency>
+    <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-core</artifactId>
+    </dependency>
+    <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-annotations</artifactId>
+    </dependency>
+    <dependency>
+        <groupId>com.fasterxml.jackson.core</groupId>
+        <artifactId>jackson-databind</artifactId>
+    </dependency>
   </dependencies>
 
 </project>