diff --git a/.baseline/checkstyle/checkstyle.xml b/.baseline/checkstyle/checkstyle.xml
index 1a086c49..fd1fa389 100644
--- a/.baseline/checkstyle/checkstyle.xml
+++ b/.baseline/checkstyle/checkstyle.xml
@@ -43,7 +43,7 @@
-
+
@@ -402,7 +402,9 @@
-
+
+
+
diff --git a/build.gradle b/build.gradle
index ae8cf452..10ed82be 100644
--- a/build.gradle
+++ b/build.gradle
@@ -8,7 +8,7 @@ buildscript {
classpath 'com.palantir.javaformat:gradle-palantir-java-format:2.27.0'
classpath 'com.palantir.gradle.externalpublish:gradle-external-publish-plugin:1.11.0'
classpath 'com.palantir.gradle.docker:gradle-docker:0.27.0'
- classpath 'com.palantir.baseline:gradle-baseline-java:4.108.0'
+ classpath 'com.palantir.baseline:gradle-baseline-java:4.182.0'
classpath 'com.palantir.gradle.consistentversions:gradle-consistent-versions:2.11.0'
}
}
diff --git a/encrypted-config-value/build.gradle b/encrypted-config-value/build.gradle
index 6b9f2e67..460b2e71 100644
--- a/encrypted-config-value/build.gradle
+++ b/encrypted-config-value/build.gradle
@@ -9,6 +9,8 @@ dependencies {
implementation 'com.fasterxml.jackson.core:jackson-annotations'
implementation 'com.fasterxml.jackson.core:jackson-core'
implementation 'com.google.code.findbugs:jsr305'
+ implementation 'com.palantir.safe-logging:safe-logging'
+ implementation 'com.palantir.safe-logging:preconditions'
testImplementation 'org.hamcrest:hamcrest-all'
testImplementation 'junit:junit'
diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/EncryptedValue.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/EncryptedValue.java
index 8d861478..12595a84 100644
--- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/EncryptedValue.java
+++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/EncryptedValue.java
@@ -24,6 +24,7 @@
import com.google.common.io.BaseEncoding;
import com.palantir.config.crypto.algorithm.aes.AesEncryptedValue;
import com.palantir.config.crypto.algorithm.rsa.RsaEncryptedValue;
+import com.palantir.logsafe.exceptions.SafeRuntimeException;
import java.io.IOException;
/**
@@ -104,7 +105,7 @@ private static byte[] getJsonBytes(Object value) {
try {
return MAPPER.writeValueAsBytes(value);
} catch (JsonProcessingException e) {
- throw new RuntimeException(e);
+ throw new SafeRuntimeException(e);
}
}
}
diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyFileUtils.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyFileUtils.java
index c620104d..c5f70cf5 100644
--- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyFileUtils.java
+++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyFileUtils.java
@@ -16,12 +16,14 @@
package com.palantir.config.crypto;
+import com.palantir.logsafe.exceptions.SafeRuntimeException;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
+import java.util.Objects;
public final class KeyFileUtils {
public static final String KEY_PATH_PROPERTY = "palantir.config.key_path";
@@ -32,7 +34,7 @@ public static String decryptUsingDefaultKeys(EncryptedValue encryptedValue) {
try {
keyPair = keyPairFromDefaultPath();
} catch (IOException e) {
- throw new RuntimeException("Failed to read key", e);
+ throw new SafeRuntimeException("Failed to read key", e);
}
return encryptedValue.decrypt(keyPair.decryptionKey());
}
@@ -51,7 +53,7 @@ public static KeyPairFiles keyPairToFile(KeyPair keyPair, Path path) throws IOEx
keyWithTypeToFile(keyPair.encryptionKey(), path);
Path decryptionKeyPath = path;
- if (keyPair.encryptionKey() != keyPair.decryptionKey()) {
+ if (!Objects.equals(keyPair.encryptionKey(), keyPair.decryptionKey())) {
decryptionKeyPath = privatePath(path);
keyWithTypeToFile(keyPair.decryptionKey(), decryptionKeyPath);
}
diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyWithType.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyWithType.java
index 822c2625..71bd30c5 100644
--- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyWithType.java
+++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/KeyWithType.java
@@ -16,7 +16,7 @@
package com.palantir.config.crypto;
-import static com.google.common.base.Preconditions.checkArgument;
+import static com.palantir.logsafe.Preconditions.checkArgument;
import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonValue;
diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/KeyType.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/KeyType.java
index 04925be5..246697d4 100644
--- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/KeyType.java
+++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/KeyType.java
@@ -16,18 +16,22 @@
package com.palantir.config.crypto.algorithm;
-import static com.google.common.base.Preconditions.checkArgument;
+import static com.palantir.logsafe.Preconditions.checkArgument;
+import com.google.errorprone.annotations.CompileTimeConstant;
import com.palantir.config.crypto.Key;
import com.palantir.config.crypto.KeyWithType;
import com.palantir.config.crypto.algorithm.aes.AesKey;
import com.palantir.config.crypto.algorithm.rsa.RsaPrivateKey;
import com.palantir.config.crypto.algorithm.rsa.RsaPublicKey;
+import com.palantir.logsafe.Safe;
+import com.palantir.logsafe.SafeArg;
/**
* KeyType defines the universe of available key types. Each key type has a unique name and supports creating a new
* {@link KeyWithType} based on key bytes.
*/
+@Safe
public enum KeyType {
AES("AES", AesKey.AesKeyGenerator.INSTANCE, Algorithm.AES),
RSA_PUBLIC("RSA-PUB", RsaPublicKey.RsaPublicKeyGenerator.INSTANCE, Algorithm.RSA),
@@ -42,11 +46,13 @@ public static KeyType from(String name) {
throw new IllegalArgumentException("unrecognized key algorithm: " + name);
}
+ @Safe
private final String name;
+
private final KeyGenerator generator;
private final Algorithm algorithm;
- KeyType(String name, KeyGenerator generator, Algorithm algorithm) {
+ KeyType(@CompileTimeConstant String name, KeyGenerator generator, Algorithm algorithm) {
this.name = name;
this.generator = generator;
this.algorithm = algorithm;
@@ -66,11 +72,15 @@ public Algorithm getAlgorithm() {
}
public void checkKeyArgument(KeyWithType kwt, Class keyClazz) {
- checkArgument(kwt.getType().equals(this), "key must be for %s algorithm but was %s", this, kwt.getType());
+ checkArgument(
+ kwt.getType().equals(this),
+ "key type did not match expected type for algorithm",
+ SafeArg.of("algorithm", name),
+ SafeArg.of("type", kwt.getType()));
checkArgument(
keyClazz.isAssignableFrom(kwt.getKey().getClass()),
- "key must be of type %s but was %s",
- keyClazz,
- kwt.getKey().getClass());
+ "key type did not match expected type",
+ SafeArg.of("expected", keyClazz),
+ SafeArg.of("actual", kwt.getKey().getClass()));
}
}
diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/aes/AesKeyPair.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/aes/AesKeyPair.java
index 510c4302..32dd0780 100644
--- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/aes/AesKeyPair.java
+++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/aes/AesKeyPair.java
@@ -21,6 +21,7 @@
import com.palantir.config.crypto.KeyWithType;
import com.palantir.config.crypto.algorithm.Algorithm;
import com.palantir.config.crypto.algorithm.KeyType;
+import com.palantir.logsafe.exceptions.SafeRuntimeException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.SecretKey;
@@ -33,7 +34,7 @@ public static KeyPair newKeyPair() {
try {
keyGen = javax.crypto.KeyGenerator.getInstance(Algorithm.AES.toString());
} catch (NoSuchAlgorithmException e) {
- throw new RuntimeException(e);
+ throw new SafeRuntimeException(e);
}
keyGen.init(KEY_SIZE_BITS);
SecretKey secretKey = keyGen.generateKey();
diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaKeyPair.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaKeyPair.java
index 6f1d9454..8ad8e1c3 100644
--- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaKeyPair.java
+++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaKeyPair.java
@@ -21,6 +21,7 @@
import com.palantir.config.crypto.KeyWithType;
import com.palantir.config.crypto.algorithm.Algorithm;
import com.palantir.config.crypto.algorithm.KeyType;
+import com.palantir.logsafe.exceptions.SafeRuntimeException;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
@@ -33,7 +34,7 @@ public static KeyPair newKeyPair() {
try {
keyPairGenerator = KeyPairGenerator.getInstance(Algorithm.RSA.toString());
} catch (NoSuchAlgorithmException e) {
- throw new RuntimeException(e);
+ throw new SafeRuntimeException(e);
}
keyPairGenerator.initialize(KEY_SIZE_BITS);
diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaPrivateKey.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaPrivateKey.java
index 1ef916f1..47c424c1 100644
--- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaPrivateKey.java
+++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaPrivateKey.java
@@ -23,6 +23,7 @@
import com.palantir.config.crypto.algorithm.Algorithm;
import com.palantir.config.crypto.algorithm.KeyGenerator;
import com.palantir.config.crypto.algorithm.KeyType;
+import com.palantir.logsafe.exceptions.SafeRuntimeException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
@@ -56,7 +57,7 @@ public KeyWithType keyFromBytes(byte[] key) {
localPrivateKey =
KeyFactory.getInstance(Algorithm.RSA.toString()).generatePrivate(new PKCS8EncodedKeySpec(key));
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
- throw new RuntimeException(e);
+ throw new SafeRuntimeException(e);
}
return ImmutableKeyWithType.builder()
.type(KeyType.RSA_PRIVATE)
diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaPublicKey.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaPublicKey.java
index 9a39e28b..e485e3b5 100644
--- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaPublicKey.java
+++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/algorithm/rsa/RsaPublicKey.java
@@ -23,6 +23,7 @@
import com.palantir.config.crypto.algorithm.Algorithm;
import com.palantir.config.crypto.algorithm.KeyGenerator;
import com.palantir.config.crypto.algorithm.KeyType;
+import com.palantir.logsafe.exceptions.SafeRuntimeException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
@@ -56,7 +57,7 @@ public KeyWithType keyFromBytes(byte[] key) {
localPublicKey =
KeyFactory.getInstance(Algorithm.RSA.toString()).generatePublic(new X509EncodedKeySpec(key));
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
- throw new RuntimeException(e);
+ throw new SafeRuntimeException(e);
}
return ImmutableKeyWithType.builder()
.type(KeyType.RSA_PUBLIC)
diff --git a/encrypted-config-value/src/main/java/com/palantir/config/crypto/util/Suppliers.java b/encrypted-config-value/src/main/java/com/palantir/config/crypto/util/Suppliers.java
index 31a7e8bd..37c10339 100644
--- a/encrypted-config-value/src/main/java/com/palantir/config/crypto/util/Suppliers.java
+++ b/encrypted-config-value/src/main/java/com/palantir/config/crypto/util/Suppliers.java
@@ -17,7 +17,7 @@
package com.palantir.config.crypto.util;
import com.palantir.config.crypto.supplier.ThrowingSupplier;
-import java.io.IOException;
+import com.palantir.logsafe.exceptions.SafeRuntimeException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
@@ -37,24 +37,25 @@ public static T silently(ThrowingSupplier supplier) {
try {
return supplier.get();
} catch (AEADBadTagException e) {
- throw new RuntimeException(
+ throw new SafeRuntimeException(
"couldn't verify the message's authentication tag "
+ "- either the message was tampered with, or the key is invalid",
e);
} catch (InvalidKeyException | InvalidKeySpecException e) {
- throw new RuntimeException("the key was invalid", e);
+ throw new SafeRuntimeException("the key was invalid", e);
} catch (NoSuchPaddingException | BadPaddingException e) {
- throw new RuntimeException("the padding was invalid", e);
+ throw new SafeRuntimeException("the padding was invalid", e);
} catch (IllegalBlockSizeException e) {
- throw new RuntimeException("illegal block size", e);
+ throw new SafeRuntimeException("illegal block size", e);
} catch (NoSuchProviderException | NoSuchAlgorithmException e) {
- throw new RuntimeException("there was not a provider for the given algorithm", e);
+ throw new SafeRuntimeException("there was not a provider for the given algorithm", e);
} catch (InvalidAlgorithmParameterException e) {
- throw new RuntimeException("the algorithm parameter was invalid", e);
- } catch (IOException e) {
- throw new RuntimeException(e);
+ throw new SafeRuntimeException("the algorithm parameter was invalid", e);
+ } catch (InterruptedException e) {
+ Thread.currentThread().interrupt();
+ throw new SafeRuntimeException(e);
} catch (Exception e) {
- throw new RuntimeException(e);
+ throw new SafeRuntimeException(e);
}
}
}