From fe39ff6838d5e09aac2c37c7ae8f5fdba52e4d96 Mon Sep 17 00:00:00 2001 From: Colt Frederickson Date: Tue, 16 Apr 2024 13:52:49 -0600 Subject: [PATCH] Add TenantSecurityErrorCode for KMS_ACCOUNT_ISSUE. (#135) * Add TenantSecurityErrorCode for KMS_ACCOUNT_ISSUE. * Add changelog entry * Update wording on compatibility * Bump version to 7.2.0 --- CHANGELOG.md | 8 + pom.xml | 4 +- .../kms/v1/TenantSecurityErrorCodes.java | 2 +- .../kms/v1/TenantSecurityRequest.java | 2 +- .../kms/v1/ErrorResponseTest.java | 156 ++++++++++++++++++ .../tenantsecurity/kms/v1/KMSRequestTest.java | 134 --------------- 6 files changed, 168 insertions(+), 138 deletions(-) create mode 100644 src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/ErrorResponseTest.java diff --git a/CHANGELOG.md b/CHANGELOG.md index 9777d57..715470a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## v7.2.0 + +- Support TSP error code for KMS_ACCOUNT_ISSUE. + +### Compatibility + +KMS_ACCOUNT_ISSUE requires TSP 4.13.0+. If using TSC < 7.2.0 and TSP >= 4.13.0, these errors will come through as UNKNOWN_ERROR. + ## v7.1.0 - Send TSC language/version as headers on requests to the TSP. This will allow the TSP to report TSC versions along with its [metrics](https://ironcorelabs.com/docs/saas-shield/tenant-security-proxy/deployment/#metrics). diff --git a/pom.xml b/pom.xml index 44c7239..62c2fc5 100644 --- a/pom.xml +++ b/pom.xml @@ -8,7 +8,7 @@ com.ironcorelabs tenant-security-java jar - 7.1.0 + 7.2.0 tenant-security-java https://ironcorelabs.com/docs Java client library for the IronCore Labs Tenant Security Proxy. @@ -253,4 +253,4 @@ - \ No newline at end of file + diff --git a/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityErrorCodes.java b/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityErrorCodes.java index da034bd..4ca194f 100644 --- a/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityErrorCodes.java +++ b/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityErrorCodes.java @@ -30,7 +30,7 @@ public enum TenantSecurityErrorCodes { "Request to KMS failed because the key configuration was invalid or the necessary permissions for the operation were missing/revoked."), KMS_UNREACHABLE(208, "Request to KMS failed because KMS was unreachable."), KMS_THROTTLED(209, "Request to KMS failed because KMS throttled the Tenant Security Proxy."), - + KMS_ACCOUNT_ISSUE(210, "Request to KMS failed because of an issue with the KMS account."), // map to SecurityEventException SECURITY_EVENT_REJECTED(301, "Tenant Security Proxy could not accept the security event"), diff --git a/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityRequest.java b/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityRequest.java index 58bec81..8ea5f35 100644 --- a/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityRequest.java +++ b/src/main/java/com/ironcorelabs/tenantsecurity/kms/v1/TenantSecurityRequest.java @@ -55,7 +55,7 @@ final class TenantSecurityRequest implements Closeable { private final int timeout; // TSC version that will be sent to the TSP. - static final String sdkVersion = "7.1.0"; + static final String sdkVersion = "7.2.0"; TenantSecurityRequest(String tspDomain, String apiKey, int requestThreadSize, int timeout) { HttpHeaders headers = new HttpHeaders(); diff --git a/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/ErrorResponseTest.java b/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/ErrorResponseTest.java new file mode 100644 index 0000000..a1e3cea --- /dev/null +++ b/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/ErrorResponseTest.java @@ -0,0 +1,156 @@ +package com.ironcorelabs.tenantsecurity.kms.v1; + +import static org.testng.Assert.assertEquals; +import static org.testng.Assert.assertTrue; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.nio.ByteBuffer; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.stream.IntStream; +import org.testng.annotations.Test; +import com.ironcorelabs.tenantsecurity.kms.v1.exception.KmsException; +import com.ironcorelabs.tenantsecurity.kms.v1.exception.SecurityEventException; +import com.ironcorelabs.tenantsecurity.kms.v1.exception.TenantSecurityException; +import com.ironcorelabs.tenantsecurity.kms.v1.exception.TspServiceException; + +@Test(groups = {"unit"}) +public class ErrorResponseTest { + + public void exceptionFromErrorResponseTspServiceException() throws Exception { + final String staticMsg = "static message"; + final int staticHttpCode = 42; + + // TspServiceException + ErrorResponse unableToMakeReqError = + new ErrorResponse(TenantSecurityErrorCodes.UNABLE_TO_MAKE_REQUEST.getCode(), staticMsg); + TenantSecurityException unableToMakeReqException = + unableToMakeReqError.toTenantSecurityException(staticHttpCode); + assertTspServiceException(staticMsg, staticHttpCode, unableToMakeReqException, + TenantSecurityErrorCodes.UNABLE_TO_MAKE_REQUEST); + + ErrorResponse unknownErrResp = + new ErrorResponse(TenantSecurityErrorCodes.UNKNOWN_ERROR.getCode(), staticMsg); + TenantSecurityException unknownErrException = + unknownErrResp.toTenantSecurityException(staticHttpCode); + assertTspServiceException(staticMsg, staticHttpCode, unknownErrException, + TenantSecurityErrorCodes.UNKNOWN_ERROR); + + ErrorResponse invalidRequestBody = + new ErrorResponse(TenantSecurityErrorCodes.INVALID_REQUEST_BODY.getCode(), staticMsg); + TenantSecurityException invalidRequestException = + invalidRequestBody.toTenantSecurityException(staticHttpCode); + assertTspServiceException(staticMsg, staticHttpCode, invalidRequestException, + TenantSecurityErrorCodes.INVALID_REQUEST_BODY); + + ErrorResponse unauthorizedReqErrResp = + new ErrorResponse(TenantSecurityErrorCodes.UNAUTHORIZED_REQUEST.getCode(), staticMsg); + TenantSecurityException unauthorizedReqException = + unauthorizedReqErrResp.toTenantSecurityException(staticHttpCode); + assertTspServiceException(staticMsg, staticHttpCode, unauthorizedReqException, + TenantSecurityErrorCodes.UNAUTHORIZED_REQUEST); + + // KmsException + ErrorResponse noPrimaryKmsResp = new ErrorResponse( + TenantSecurityErrorCodes.NO_PRIMARY_KMS_CONFIGURATION.getCode(), staticMsg); + TenantSecurityException noPrimaryKmsException = + noPrimaryKmsResp.toTenantSecurityException(staticHttpCode); + assertKmsException(staticMsg, staticHttpCode, noPrimaryKmsException, + TenantSecurityErrorCodes.NO_PRIMARY_KMS_CONFIGURATION); + + ErrorResponse unknownTenantError = new ErrorResponse( + TenantSecurityErrorCodes.UNKNOWN_TENANT_OR_NO_ACTIVE_KMS_CONFIGURATIONS.getCode(), + staticMsg); + TenantSecurityException unknownTenantException = + unknownTenantError.toTenantSecurityException(staticHttpCode); + assertKmsException(staticMsg, staticHttpCode, unknownTenantException, + TenantSecurityErrorCodes.UNKNOWN_TENANT_OR_NO_ACTIVE_KMS_CONFIGURATIONS); + + ErrorResponse kmsCfgDisabledError = + new ErrorResponse(TenantSecurityErrorCodes.KMS_CONFIGURATION_DISABLED.getCode(), staticMsg); + TenantSecurityException kmsCfgDisabledException = + kmsCfgDisabledError.toTenantSecurityException(staticHttpCode); + assertKmsException(staticMsg, staticHttpCode, kmsCfgDisabledException, + TenantSecurityErrorCodes.KMS_CONFIGURATION_DISABLED); + + ErrorResponse invalidEdekErrResp = + new ErrorResponse(TenantSecurityErrorCodes.INVALID_PROVIDED_EDEK.getCode(), staticMsg); + TenantSecurityException invalidEdekException = + invalidEdekErrResp.toTenantSecurityException(staticHttpCode); + assertKmsException(staticMsg, staticHttpCode, invalidEdekException, + TenantSecurityErrorCodes.INVALID_PROVIDED_EDEK); + + ErrorResponse unwrapError = + new ErrorResponse(TenantSecurityErrorCodes.KMS_UNWRAP_FAILED.getCode(), staticMsg); + TenantSecurityException unwrapException = unwrapError.toTenantSecurityException(staticHttpCode); + assertKmsException(staticMsg, staticHttpCode, unwrapException, + TenantSecurityErrorCodes.KMS_UNWRAP_FAILED); + + ErrorResponse wrapError = + new ErrorResponse(TenantSecurityErrorCodes.KMS_WRAP_FAILED.getCode(), staticMsg); + TenantSecurityException kmsWrapException = wrapError.toTenantSecurityException(staticHttpCode); + assertKmsException(staticMsg, staticHttpCode, kmsWrapException, + TenantSecurityErrorCodes.KMS_WRAP_FAILED); + + ErrorResponse kmsAuthError = + new ErrorResponse(TenantSecurityErrorCodes.KMS_AUTHORIZATION_FAILED.getCode(), staticMsg); + TenantSecurityException kmsAuthException = + kmsAuthError.toTenantSecurityException(staticHttpCode); + assertKmsException(staticMsg, staticHttpCode, kmsAuthException, + TenantSecurityErrorCodes.KMS_AUTHORIZATION_FAILED); + + ErrorResponse kmsConfigInvalidError = + new ErrorResponse(TenantSecurityErrorCodes.KMS_CONFIGURATION_INVALID.getCode(), staticMsg); + TenantSecurityException kmsConfigInvalidException = + kmsConfigInvalidError.toTenantSecurityException(staticHttpCode); + assertKmsException(staticMsg, staticHttpCode, kmsConfigInvalidException, + TenantSecurityErrorCodes.KMS_CONFIGURATION_INVALID); + + ErrorResponse foo = + new ErrorResponse(TenantSecurityErrorCodes.KMS_ACCOUNT_ISSUE.getCode(), staticMsg); + TenantSecurityException fooException = foo.toTenantSecurityException(staticHttpCode); + assertKmsException(staticMsg, staticHttpCode, fooException, + TenantSecurityErrorCodes.KMS_ACCOUNT_ISSUE); + + ErrorResponse kmsUnreachableError = + new ErrorResponse(TenantSecurityErrorCodes.KMS_UNREACHABLE.getCode(), staticMsg); + TenantSecurityException kmsUnreachableException = + kmsUnreachableError.toTenantSecurityException(staticHttpCode); + assertKmsException(staticMsg, staticHttpCode, kmsUnreachableException, + TenantSecurityErrorCodes.KMS_UNREACHABLE); + + // SecurityEventException + ErrorResponse securityEventRejectedError = + new ErrorResponse(TenantSecurityErrorCodes.SECURITY_EVENT_REJECTED.getCode(), staticMsg); + TenantSecurityException securityEventRejectedException = + securityEventRejectedError.toTenantSecurityException(staticHttpCode); + assertSecurityEventException(staticMsg, staticHttpCode, securityEventRejectedException, + TenantSecurityErrorCodes.SECURITY_EVENT_REJECTED); + } + + private void assertTspServiceException(String expectedMsg, int expectedHttpStatusCode, + TenantSecurityException exception, TenantSecurityErrorCodes errorCode) { + assertTenantSecurityException(expectedMsg, expectedHttpStatusCode, exception, errorCode); + assertTrue(exception instanceof TspServiceException); + } + + private void assertSecurityEventException(String expectedMsg, int expectedHttpStatusCode, + TenantSecurityException exception, TenantSecurityErrorCodes errorCode) { + assertTenantSecurityException(expectedMsg, expectedHttpStatusCode, exception, errorCode); + assertTrue(exception instanceof SecurityEventException); + } + + private void assertKmsException(String expectedMsg, int expectedHttpStatusCode, + TenantSecurityException exception, TenantSecurityErrorCodes errorCode) { + assertTenantSecurityException(expectedMsg, expectedHttpStatusCode, exception, errorCode); + assertTrue(exception instanceof KmsException); + } + + private void assertTenantSecurityException(String expectedMsg, int expectedHttpStatusCode, + TenantSecurityException exception, TenantSecurityErrorCodes errorCode) { + assertEquals(errorCode, exception.getErrorCode()); + assertEquals(exception.getHttpResponseCode(), expectedHttpStatusCode); + assertEquals(exception.getMessage(), expectedMsg); + } + +} diff --git a/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/KMSRequestTest.java b/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/KMSRequestTest.java index 3d11d74..7aa805b 100644 --- a/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/KMSRequestTest.java +++ b/src/test/java/com/ironcorelabs/tenantsecurity/kms/v1/KMSRequestTest.java @@ -9,11 +9,7 @@ import java.util.Map; import java.util.concurrent.CompletableFuture; import java.util.concurrent.ExecutionException; - -import com.ironcorelabs.tenantsecurity.kms.v1.exception.KmsException; -import com.ironcorelabs.tenantsecurity.kms.v1.exception.SecurityEventException; import com.ironcorelabs.tenantsecurity.kms.v1.exception.TenantSecurityException; -import com.ironcorelabs.tenantsecurity.kms.v1.exception.TspServiceException; import org.testng.annotations.Test; @Test(groups = {"dev-integration"}) @@ -85,134 +81,4 @@ public void errorCodeWhenEdekFormatIsWrong() throws Exception { } } - public void exceptionFromErrorResponseTspServiceException() throws Exception { - final String staticMsg = "static message"; - final int staticHttpCode = 42; - - // TspServiceException - ErrorResponse unableToMakeReqError = - new ErrorResponse(TenantSecurityErrorCodes.UNABLE_TO_MAKE_REQUEST.getCode(), staticMsg); - TenantSecurityException unableToMakeReqException = - unableToMakeReqError.toTenantSecurityException(staticHttpCode); - assertTspServiceException(staticMsg, staticHttpCode, unableToMakeReqException, - TenantSecurityErrorCodes.UNABLE_TO_MAKE_REQUEST); - - ErrorResponse unknownErrResp = - new ErrorResponse(TenantSecurityErrorCodes.UNKNOWN_ERROR.getCode(), staticMsg); - TenantSecurityException unknownErrException = - unknownErrResp.toTenantSecurityException(staticHttpCode); - assertTspServiceException(staticMsg, staticHttpCode, unknownErrException, - TenantSecurityErrorCodes.UNKNOWN_ERROR); - - ErrorResponse invalidRequestBody = - new ErrorResponse(TenantSecurityErrorCodes.INVALID_REQUEST_BODY.getCode(), staticMsg); - TenantSecurityException invalidRequestException = - invalidRequestBody.toTenantSecurityException(staticHttpCode); - assertTspServiceException(staticMsg, staticHttpCode, invalidRequestException, - TenantSecurityErrorCodes.INVALID_REQUEST_BODY); - - ErrorResponse unauthorizedReqErrResp = - new ErrorResponse(TenantSecurityErrorCodes.UNAUTHORIZED_REQUEST.getCode(), staticMsg); - TenantSecurityException unauthorizedReqException = - unauthorizedReqErrResp.toTenantSecurityException(staticHttpCode); - assertTspServiceException(staticMsg, staticHttpCode, unauthorizedReqException, - TenantSecurityErrorCodes.UNAUTHORIZED_REQUEST); - - // KmsException - ErrorResponse noPrimaryKmsResp = new ErrorResponse( - TenantSecurityErrorCodes.NO_PRIMARY_KMS_CONFIGURATION.getCode(), staticMsg); - TenantSecurityException noPrimaryKmsException = - noPrimaryKmsResp.toTenantSecurityException(staticHttpCode); - assertKmsException(staticMsg, staticHttpCode, noPrimaryKmsException, - TenantSecurityErrorCodes.NO_PRIMARY_KMS_CONFIGURATION); - - ErrorResponse unknownTenantError = new ErrorResponse( - TenantSecurityErrorCodes.UNKNOWN_TENANT_OR_NO_ACTIVE_KMS_CONFIGURATIONS.getCode(), - staticMsg); - TenantSecurityException unknownTenantException = - unknownTenantError.toTenantSecurityException(staticHttpCode); - assertKmsException(staticMsg, staticHttpCode, unknownTenantException, - TenantSecurityErrorCodes.UNKNOWN_TENANT_OR_NO_ACTIVE_KMS_CONFIGURATIONS); - - ErrorResponse kmsCfgDisabledError = - new ErrorResponse(TenantSecurityErrorCodes.KMS_CONFIGURATION_DISABLED.getCode(), staticMsg); - TenantSecurityException kmsCfgDisabledException = - kmsCfgDisabledError.toTenantSecurityException(staticHttpCode); - assertKmsException(staticMsg, staticHttpCode, kmsCfgDisabledException, - TenantSecurityErrorCodes.KMS_CONFIGURATION_DISABLED); - - ErrorResponse invalidEdekErrResp = - new ErrorResponse(TenantSecurityErrorCodes.INVALID_PROVIDED_EDEK.getCode(), staticMsg); - TenantSecurityException invalidEdekException = - invalidEdekErrResp.toTenantSecurityException(staticHttpCode); - assertKmsException(staticMsg, staticHttpCode, invalidEdekException, - TenantSecurityErrorCodes.INVALID_PROVIDED_EDEK); - - ErrorResponse unwrapError = - new ErrorResponse(TenantSecurityErrorCodes.KMS_UNWRAP_FAILED.getCode(), staticMsg); - TenantSecurityException unwrapException = unwrapError.toTenantSecurityException(staticHttpCode); - assertKmsException(staticMsg, staticHttpCode, unwrapException, - TenantSecurityErrorCodes.KMS_UNWRAP_FAILED); - - ErrorResponse wrapError = - new ErrorResponse(TenantSecurityErrorCodes.KMS_WRAP_FAILED.getCode(), staticMsg); - TenantSecurityException kmsWrapException = wrapError.toTenantSecurityException(staticHttpCode); - assertKmsException(staticMsg, staticHttpCode, kmsWrapException, - TenantSecurityErrorCodes.KMS_WRAP_FAILED); - - ErrorResponse kmsAuthError = - new ErrorResponse(TenantSecurityErrorCodes.KMS_AUTHORIZATION_FAILED.getCode(), staticMsg); - TenantSecurityException kmsAuthException = - kmsAuthError.toTenantSecurityException(staticHttpCode); - assertKmsException(staticMsg, staticHttpCode, kmsAuthException, - TenantSecurityErrorCodes.KMS_AUTHORIZATION_FAILED); - - ErrorResponse kmsConfigInvalidError = - new ErrorResponse(TenantSecurityErrorCodes.KMS_CONFIGURATION_INVALID.getCode(), staticMsg); - TenantSecurityException kmsConfigInvalidException = - kmsConfigInvalidError.toTenantSecurityException(staticHttpCode); - assertKmsException(staticMsg, staticHttpCode, kmsConfigInvalidException, - TenantSecurityErrorCodes.KMS_CONFIGURATION_INVALID); - - ErrorResponse kmsUnreachableError = - new ErrorResponse(TenantSecurityErrorCodes.KMS_UNREACHABLE.getCode(), staticMsg); - TenantSecurityException kmsUnreachableException = - kmsUnreachableError.toTenantSecurityException(staticHttpCode); - assertKmsException(staticMsg, staticHttpCode, kmsUnreachableException, - TenantSecurityErrorCodes.KMS_UNREACHABLE); - - // SecurityEventException - ErrorResponse securityEventRejectedError = - new ErrorResponse(TenantSecurityErrorCodes.SECURITY_EVENT_REJECTED.getCode(), staticMsg); - TenantSecurityException securityEventRejectedException = - securityEventRejectedError.toTenantSecurityException(staticHttpCode); - assertSecurityEventException(staticMsg, staticHttpCode, securityEventRejectedException, - TenantSecurityErrorCodes.SECURITY_EVENT_REJECTED); - } - - private void assertTspServiceException(String expectedMsg, int expectedHttpStatusCode, - TenantSecurityException exception, TenantSecurityErrorCodes errorCode) { - assertTenantSecurityException(expectedMsg, expectedHttpStatusCode, exception, errorCode); - assertTrue(exception instanceof TspServiceException); - } - - private void assertSecurityEventException(String expectedMsg, int expectedHttpStatusCode, - TenantSecurityException exception, TenantSecurityErrorCodes errorCode) { - assertTenantSecurityException(expectedMsg, expectedHttpStatusCode, exception, errorCode); - assertTrue(exception instanceof SecurityEventException); - } - - private void assertKmsException(String expectedMsg, int expectedHttpStatusCode, - TenantSecurityException exception, TenantSecurityErrorCodes errorCode) { - assertTenantSecurityException(expectedMsg, expectedHttpStatusCode, exception, errorCode); - assertTrue(exception instanceof KmsException); - } - - private void assertTenantSecurityException(String expectedMsg, int expectedHttpStatusCode, - TenantSecurityException exception, TenantSecurityErrorCodes errorCode) { - assertEquals(errorCode, exception.getErrorCode()); - assertEquals(exception.getHttpResponseCode(), expectedHttpStatusCode); - assertEquals(exception.getMessage(), expectedMsg); - } - }