Java tutorial
/* * Copyright (C) 2015 Square, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package keywhiz; import com.codahale.metrics.MetricRegistry; import com.fasterxml.jackson.annotation.JsonProperty; import io.dropwizard.Configuration; import io.dropwizard.db.DataSourceFactory; import io.dropwizard.db.ManagedDataSource; import java.io.IOException; import java.time.Duration; import java.util.Optional; import javax.validation.Valid; import javax.validation.constraints.NotNull; import keywhiz.api.validation.ValidBase64; import keywhiz.auth.UserAuthenticatorFactory; import keywhiz.auth.cookie.CookieConfig; import keywhiz.service.config.KeyStoreConfig; import keywhiz.service.config.Templates; import org.hibernate.validator.constraints.Length; import org.hibernate.validator.constraints.NotEmpty; import static com.google.common.base.StandardSystemProperty.USER_NAME; /** * Keywhiz app-level configuration. Ensures validation of entire configuration at startup. */ public class KeywhizConfig extends Configuration { @NotEmpty @JsonProperty private String environment; @NotNull @JsonProperty private TemplatedDataSourceFactory database = new TemplatedDataSourceFactory(); @NotNull @JsonProperty private TemplatedDataSourceFactory readonlyDatabase = new TemplatedDataSourceFactory(); @Valid @NotNull @JsonProperty private UserAuthenticatorFactory userAuth; @JsonProperty private String alternateUiPath = null; @NotNull @JsonProperty private CookieConfig sessionCookie; @NotNull @JsonProperty private CookieConfig xsrfCookie; @NotNull @JsonProperty private String cookieKey; @NotNull @JsonProperty private KeyStoreConfig contentKeyStore; @NotNull @JsonProperty private String derivationProviderClass = "com.sun.crypto.provider.SunJCE"; @JsonProperty private String migrationsDir; @JsonProperty private String statusCacheExpiry; public String getEnvironment() { return environment; } /** * Customizes the database config when requested. If the username for the database is not set, the * current user is set as the username. * * @return DatabaseConfiguration for read/write database. */ public DataSourceFactory getDataSourceFactory() { if (database.getUser() == null) { database.setUser(USER_NAME.value()); } return database; } /** * Customizes the database config when requested. If the username for the database is not set, the * current user is set as the username. * * @return DatabaseConfiguration for readonly database. */ public DataSourceFactory getReadonlyDataSourceFactory() { if (readonlyDatabase.getUser() == null) { readonlyDatabase.setUser(USER_NAME.value()); } return readonlyDatabase; } /** * Customizes the migrations directory. * * The content of the directory might vary depending on the database engine. Having it * configurable is useful. * * @return path relative to the resources directory. */ public String getMigrationsDir() { if (migrationsDir == null) { return "db/migration"; } return migrationsDir; } public Duration getStatusCacheExpiry() { if ((statusCacheExpiry == null) || (statusCacheExpiry.isEmpty())) { // Default to 1 second return Duration.ofSeconds(1); } return Duration.parse(statusCacheExpiry); } /** @return LDAP configuration to authenticate admin users. Absent if fakeLdap is true. */ public UserAuthenticatorFactory getUserAuthenticatorFactory() { return userAuth; } /** @return Enables loading UI assets from a directory instead of resource. */ public Optional<String> getAlternateUiPath() { return Optional.ofNullable(alternateUiPath); } /** @return Configuration for authenticating session cookie provided by admin login. */ public CookieConfig getSessionCookieConfig() { return sessionCookie; } /** * @return Configuration for cross-site request forgery (XSRF) prevention cookie. * * Admin clients must set an XSRF header for requests with the value of this cookie. */ public CookieConfig getXsrfCookieConfig() { return xsrfCookie; } /** @return Base64-encoded key used to encrypt authenticating cookies. */ // 256-bit key = 44 base64 characters @NotNull @ValidBase64 @Length(min = 44, max = 44) @JsonProperty public String getCookieKey() { try { return Templates.evaluateTemplate(cookieKey); } catch (IOException e) { throw new RuntimeException("Failure resolving cookieKey template", e); } } public KeyStoreConfig getContentKeyStore() { return contentKeyStore; } public String getDerivationProviderClass() { return derivationProviderClass; } public static class TemplatedDataSourceFactory extends DataSourceFactory { @Override public String getPassword() { try { return Templates.evaluateTemplate(super.getPassword()); } catch (IOException e) { throw new RuntimeException("Failure resolving database password template", e); } } // Sets the evaluated password before calling the parent's create method. @Override public ManagedDataSource build(MetricRegistry metricRegistry, String name) { setPassword(getPassword()); return super.build(metricRegistry, name); } } }