keywhiz.utility.SecretTemplateCompiler.java Source code

Java tutorial

Introduction

Here is the source code for keywhiz.utility.SecretTemplateCompiler.java

Source

/*
 * Copyright (C) 2015 Square, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package keywhiz.utility;

import com.github.mustachejava.DefaultMustacheFactory;
import com.github.mustachejava.Mustache;
import com.github.mustachejava.MustacheException;
import com.github.mustachejava.MustacheFactory;
import com.github.mustachejava.TemplateFunction;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Range;
import com.google.common.io.BaseEncoding;
import com.google.common.math.IntMath;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.RoundingMode;
import java.security.SecureRandom;
import java.util.Map;
import org.apache.commons.lang3.RandomStringUtils;

import static com.google.common.base.Preconditions.checkArgument;

public class SecretTemplateCompiler {
    public static final Range<Integer> VALID_SECRET_LENGTH = Range.closed(10, 4096);
    private static final BaseEncoding HEX = BaseEncoding.base16().lowerCase();
    private static final String VALID_NAME_PATTERN = "^[a-zA-Z_0-9\\-.]+$";

    public static boolean validName(String name) {
        // "." is allowed at any position but the first.
        return !name.isEmpty() && !name.startsWith(".") && name.matches(VALID_NAME_PATTERN);
    }

    private boolean hasCompiledRandomness = false;
    private final SecureRandom secureRandom;

    TemplateFunction alphanumeric = new TemplateFunction() {
        @Override
        public String apply(String s) {
            Integer length = Integer.parseInt(s);
            checkArgument(VALID_SECRET_LENGTH.contains(length), "Secret length %s must be within %s.", length,
                    VALID_SECRET_LENGTH);

            hasCompiledRandomness = true;
            return RandomStringUtils.random(length, 0, 0, true, true, null, secureRandom);
        }
    };

    TemplateFunction hexadecimal = new TemplateFunction() {
        @Override
        public String apply(String s) {
            Integer length = Integer.parseInt(s);
            checkArgument(VALID_SECRET_LENGTH.contains(length), "Secret length %s must be within %s.", length,
                    VALID_SECRET_LENGTH);

            hasCompiledRandomness = true;
            // 2 hex chars per byte, so half the bytes
            byte[] random = new byte[IntMath.divide(length, 2, RoundingMode.CEILING)];
            secureRandom.nextBytes(random);
            return HEX.encode(random).substring(0, length); // trims to proper length if odd
        }
    };

    TemplateFunction numeric = new TemplateFunction() {
        @Override
        public String apply(String s) {
            Integer length = Integer.parseInt(s);
            checkArgument(VALID_SECRET_LENGTH.contains(length), "Secret length %s must be within %s.", length,
                    VALID_SECRET_LENGTH);

            hasCompiledRandomness = true;
            return RandomStringUtils.random(length, 0, 0, false, true, null, secureRandom);
        }
    };

    private final Map<String, TemplateFunction> functions = ImmutableMap.of("alphanumeric", alphanumeric,
            "hexadecimal", hexadecimal, "numeric", numeric);

    public SecretTemplateCompiler(SecureRandom secureRandom) {
        this.secureRandom = secureRandom;
    }

    public String compile(final String template) {
        StringWriter sw = new StringWriter();

        try {
            MustacheFactory mf = new DefaultMustacheFactory();
            Mustache mustache = mf.compile(new StringReader(template), null);
            mustache.execute(sw, functions).flush();
        } catch (NumberFormatException | IOException | MustacheException e) {
            throw new IllegalArgumentException(e);
        }

        // This means that no randomness was generated. This is not acceptable
        if (!hasCompiledRandomness) {
            throw new IllegalArgumentException();
        }

        return sw.toString();
    }
}