All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.github.nagyesta.lowkeyvault.service.key.impl.KeyRotationPolicy Maven / Gradle / Ivy

Go to download

Assembled application of Lowkey Vault.

The newest version!
package com.github.nagyesta.lowkeyvault.service.key.impl;

import com.github.nagyesta.lowkeyvault.model.v7_3.key.constants.LifetimeActionType;
import com.github.nagyesta.lowkeyvault.service.common.impl.BaseLifetimePolicy;
import com.github.nagyesta.lowkeyvault.service.key.LifetimeAction;
import com.github.nagyesta.lowkeyvault.service.key.LifetimeActionTrigger;
import com.github.nagyesta.lowkeyvault.service.key.RotationPolicy;
import com.github.nagyesta.lowkeyvault.service.key.constants.LifetimeActionTriggerType;
import com.github.nagyesta.lowkeyvault.service.key.id.KeyEntityId;
import lombok.NonNull;
import org.springframework.util.Assert;

import java.time.OffsetDateTime;
import java.time.Period;
import java.util.List;
import java.util.Map;

public class KeyRotationPolicy extends BaseLifetimePolicy implements RotationPolicy {
    private Period expiryTime;
    private Map lifetimeActions;

    public KeyRotationPolicy(@org.springframework.lang.NonNull final KeyEntityId keyEntityId,
                             @NonNull final Period expiryTime,
                             @NonNull final Map lifetimeActions) {
        super(keyEntityId);
        this.expiryTime = expiryTime;
        this.lifetimeActions = Map.copyOf(lifetimeActions);
    }

    @Override
    public Period getExpiryTime() {
        return expiryTime;
    }

    @Override
    public boolean isAutoRotate() {
        return lifetimeActions.containsKey(LifetimeActionType.ROTATE);
    }

    @Override
    public List missedRotations(@NonNull final OffsetDateTime keyCreation) {
        Assert.isTrue(isAutoRotate(), "Cannot have missed rotations without a \"rotate\" lifetime action.");
        final LifetimeActionTrigger trigger = lifetimeActions.get(LifetimeActionType.ROTATE).trigger();
        final OffsetDateTime startPoint = findTriggerTimeOffset(keyCreation, s -> trigger.rotateAfterDays(expiryTime));
        return collectMissedTriggerDays(s -> trigger.rotateAfterDays(expiryTime), startPoint);
    }

    @Override
    public Map getLifetimeActions() {
        return lifetimeActions;
    }

    @Override
    public void validate(final OffsetDateTime latestKeyVersionExpiry) {
        lifetimeActions.values().forEach(action -> {
            final Period triggerPeriod = action.trigger().timePeriod();
            final LifetimeActionTriggerType triggerType = action.trigger().triggerType();
            triggerType.validate(latestKeyVersionExpiry, expiryTime, triggerPeriod);
            Assert.isTrue(action.actionType() != LifetimeActionType.NOTIFY
                            || triggerType == LifetimeActionTriggerType.TIME_BEFORE_EXPIRY,
                    "Notify actions cannot be used with time after creation trigger.");
        });
    }

    @Override
    public void setExpiryTime(@NonNull final Period expiryTime) {
        this.expiryTime = expiryTime;
        this.markUpdate();
    }

    @Override
    public void setLifetimeActions(@NonNull final Map lifetimeActions) {
        Assert.isTrue(notifyIsNotRemoved(lifetimeActions), "Notify action cannot be removed.");
        this.lifetimeActions = Map.copyOf(lifetimeActions);
        this.markUpdate();
    }

    private boolean notifyIsNotRemoved(final Map lifetimeActions) {
        return !this.lifetimeActions.containsKey(LifetimeActionType.NOTIFY)
                || lifetimeActions.containsKey(LifetimeActionType.NOTIFY);
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy