com.github.nagyesta.lowkeyvault.service.key.impl.KeyRotationPolicy Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of lowkey-vault-app Show documentation
Show all versions of lowkey-vault-app Show documentation
Assembled application of Lowkey Vault.
package com.github.nagyesta.lowkeyvault.service.key.impl;
import com.github.nagyesta.lowkeyvault.model.v7_3.key.constants.LifetimeActionType;
import com.github.nagyesta.lowkeyvault.service.common.impl.BaseLifetimePolicy;
import com.github.nagyesta.lowkeyvault.service.key.LifetimeAction;
import com.github.nagyesta.lowkeyvault.service.key.LifetimeActionTrigger;
import com.github.nagyesta.lowkeyvault.service.key.RotationPolicy;
import com.github.nagyesta.lowkeyvault.service.key.constants.LifetimeActionTriggerType;
import com.github.nagyesta.lowkeyvault.service.key.id.KeyEntityId;
import lombok.NonNull;
import org.springframework.util.Assert;
import java.time.OffsetDateTime;
import java.time.Period;
import java.util.List;
import java.util.Map;
public class KeyRotationPolicy extends BaseLifetimePolicy implements RotationPolicy {
private Period expiryTime;
private Map lifetimeActions;
public KeyRotationPolicy(@org.springframework.lang.NonNull final KeyEntityId keyEntityId,
@NonNull final Period expiryTime,
@NonNull final Map lifetimeActions) {
super(keyEntityId);
this.expiryTime = expiryTime;
this.lifetimeActions = Map.copyOf(lifetimeActions);
}
@Override
public Period getExpiryTime() {
return expiryTime;
}
@Override
public boolean isAutoRotate() {
return lifetimeActions.containsKey(LifetimeActionType.ROTATE);
}
@Override
public List missedRotations(@NonNull final OffsetDateTime keyCreation) {
Assert.isTrue(isAutoRotate(), "Cannot have missed rotations without a \"rotate\" lifetime action.");
final LifetimeActionTrigger trigger = lifetimeActions.get(LifetimeActionType.ROTATE).trigger();
final OffsetDateTime startPoint = findTriggerTimeOffset(keyCreation, s -> trigger.rotateAfterDays(expiryTime));
return collectMissedTriggerDays(s -> trigger.rotateAfterDays(expiryTime), startPoint);
}
@Override
public Map getLifetimeActions() {
return lifetimeActions;
}
@Override
public void validate(final OffsetDateTime latestKeyVersionExpiry) {
lifetimeActions.values().forEach(action -> {
final Period triggerPeriod = action.trigger().timePeriod();
final LifetimeActionTriggerType triggerType = action.trigger().triggerType();
triggerType.validate(latestKeyVersionExpiry, expiryTime, triggerPeriod);
Assert.isTrue(action.actionType() != LifetimeActionType.NOTIFY
|| triggerType == LifetimeActionTriggerType.TIME_BEFORE_EXPIRY,
"Notify actions cannot be used with time after creation trigger.");
});
}
@Override
public void setExpiryTime(@NonNull final Period expiryTime) {
this.expiryTime = expiryTime;
this.markUpdate();
}
@Override
public void setLifetimeActions(@NonNull final Map lifetimeActions) {
Assert.isTrue(notifyIsNotRemoved(lifetimeActions), "Notify action cannot be removed.");
this.lifetimeActions = Map.copyOf(lifetimeActions);
this.markUpdate();
}
private boolean notifyIsNotRemoved(final Map lifetimeActions) {
return !this.lifetimeActions.containsKey(LifetimeActionType.NOTIFY)
|| lifetimeActions.containsKey(LifetimeActionType.NOTIFY);
}
}