GUACAMOLE-641: Add general service for retrieving data from Keeper records.

2025-09-06 13:17:41 +00:00 · 2022-01-21 15:23:41 -08:00
parent d0043e34dd
commit d0bd4b52d6
2 changed files with 126 additions and 0 deletions
--- a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/KsmAuthenticationProviderModule.java
+++ b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/KsmAuthenticationProviderModule.java
@@ -25,6 +25,7 @@ import org.apache.guacamole.vault.ksm.conf.KsmConfigurationService;
 import org.apache.guacamole.vault.ksm.secret.KsmSecretService;
 import org.apache.guacamole.vault.conf.VaultConfigurationService;
 import org.apache.guacamole.vault.ksm.secret.KsmClient;
+import org.apache.guacamole.vault.ksm.secret.KsmRecordService;
 import org.apache.guacamole.vault.secret.VaultSecretService;

 /**
@@ -49,6 +50,7 @@ public class KsmAuthenticationProviderModule

        // Bind services specific to Keeper Secrets Manager
        bind(KsmClient.class);
+        bind(KsmRecordService.class);
        bind(VaultConfigurationService.class).to(KsmConfigurationService.class);
        bind(VaultSecretService.class).to(KsmSecretService.class);
    }
--- a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmRecordService.java
+++ b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmRecordService.java
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.vault.ksm.secret;
+
+import com.google.inject.Singleton;
+import com.keepersecurity.secretsManager.core.KeeperRecord;
+import com.keepersecurity.secretsManager.core.KeeperRecordData;
+import com.keepersecurity.secretsManager.core.KeyPair;
+import com.keepersecurity.secretsManager.core.KeyPairs;
+import com.keepersecurity.secretsManager.core.Login;
+import java.util.List;
+
+/**
+ * Service for automatically parsing out secrets and data from Keeper records.
+ */
+@Singleton
+public class KsmRecordService {
+
+    /**
+     * Returns the single username associated with the given record. If the
+     * record has no associated username, or multiple usernames, null is
+     * returned. Usernames are retrieved from "Login" fields.
+     *
+     * @param record
+     *     The record to retrieve the username from.
+     *
+     * @return
+     *     The username associated with the given record, or null if the record
+     *     has no associated username or multiple usernames.
+     */
+    public String getUsername(KeeperRecord record) {
+
+        KeeperRecordData data = record.getData();
+
+        Login loginField = (Login) data.getField(Login.class);
+        if (loginField == null)
+            return null;
+
+        List<String> usernames = loginField.getValue();
+        if (usernames.size() != 1)
+            return null;
+
+        return usernames.get(0);
+
+    }
+
+    /**
+     * Returns the password associated with the given record, as dictated by
+     * the {@link KeeperRecord#getPassword()}.
+     *
+     * @param record
+     *     The record to retrieve the password from.
+     *
+     * @return
+     *     The password associated with the given record, or null if the record
+     *     has no associated password.
+     */
+    public String getPassword(KeeperRecord record) {
+        return record.getPassword();
+    }
+
+    /**
+     * Returns the private key associated with the given record. If the record
+     * has no associated private key, or multiple private keys, null is
+     * returned. Private keys are retrieved from "KeyPairs" fields.
+     *
+     * @param record
+     *     The record to retrieve the private key from.
+     *
+     * @return
+     *     The private key associated with the given record, or null if the
+     *     record has no associated private key or multiple private keys.
+     */
+    public String getPrivateKey(KeeperRecord record) {
+
+        KeeperRecordData data = record.getData();
+
+        KeyPairs keyPairsField = (KeyPairs) data.getField(KeyPairs.class);
+        if (keyPairsField == null)
+            return null;
+
+        List<KeyPair> keyPairs = keyPairsField.getValue();
+        if (keyPairs.size() != 1)
+            return null;
+
+        return keyPairs.get(0).getPrivateKey();
+
+    }
+
+    /**
+     * Returns the passphrase for the private key associated with the given
+     * record. Currently, this is simply dictated by {@link KeeperRecord#getPassword()},
+     * as there is no specific association between private keys and passphrases
+     * in the "KeyPairs" field type.
+     *
+     * @param record
+     *     The record to retrieve the passphrase from.
+     *
+     * @return
+     *     The passphrase for the private key associated with the given record,
+     *     or null if there is no such passphrase associated with the record.
+     */
+    public String getPassphrase(KeeperRecord record) {
+        return getPassword(record);
+    }
+
+}