Example 1 with GeneralSecurityException
use of java.security.GeneralSecurityException in project hbase by apache.
the class FanOutOneBlockAsyncDFSOutputSaslHelper method createTransparentCryptoHelper.
private static TransparentCryptoHelper createTransparentCryptoHelper() throws NoSuchMethodException {
Method decryptEncryptedDataEncryptionKeyMethod = DFSClient.class.getDeclaredMethod("decryptEncryptedDataEncryptionKey", FileEncryptionInfo.class);
decryptEncryptedDataEncryptionKeyMethod.setAccessible(true);
return new TransparentCryptoHelper() {
@Override
public Encryptor createEncryptor(Configuration conf, FileEncryptionInfo feInfo, DFSClient client) throws IOException {
try {
KeyVersion decryptedKey = (KeyVersion) decryptEncryptedDataEncryptionKeyMethod.invoke(client, feInfo);
CryptoCodec cryptoCodec = CryptoCodec.getInstance(conf, feInfo.getCipherSuite());
Encryptor encryptor = cryptoCodec.createEncryptor();
encryptor.init(decryptedKey.getMaterial(), feInfo.getIV());
return encryptor;
} catch (InvocationTargetException e) {
Throwables.propagateIfPossible(e.getTargetException(), IOException.class);
throw new RuntimeException(e.getTargetException());
} catch (GeneralSecurityException e) {
throw new IOException(e);
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
}
}
};
}
Also used :
DFSClient(org.apache.hadoop.hdfs.DFSClient)
Configuration(org.apache.hadoop.conf.Configuration)
KeyVersion(org.apache.hadoop.crypto.key.KeyProvider.KeyVersion)
GeneralSecurityException(java.security.GeneralSecurityException)
Encryptor(org.apache.hadoop.crypto.Encryptor)
Method(java.lang.reflect.Method)
IOException(java.io.IOException)
FileEncryptionInfo(org.apache.hadoop.fs.FileEncryptionInfo)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
CryptoCodec(org.apache.hadoop.crypto.CryptoCodec)
Example 2 with GeneralSecurityException
use of java.security.GeneralSecurityException in project zeppelin by apache.
the class Authentication method decrypt.
private String decrypt(String value, String initVector) {
LOG.debug("IV is {}, IV length is {}", initVector, initVector.length());
if (StringUtils.isBlank(value) || StringUtils.isBlank(initVector)) {
LOG.error("String to decode or salt is not provided");
return StringUtils.EMPTY;
}
try {
IvParameterSpec iv = generateIV(initVector);
Key key = generateKey();
Cipher cipher = Cipher.getInstance(CIPHER_MODE);
cipher.init(Cipher.DECRYPT_MODE, key, iv);
byte[] decryptedString = Base64.decodeBase64(toBytes(value));
decryptedString = cipher.doFinal(decryptedString);
return new String(decryptedString);
} catch (GeneralSecurityException e) {
LOG.error("Error when decrypting", e);
return StringUtils.EMPTY;
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
Cipher(javax.crypto.Cipher)
Key(java.security.Key)
Example 3 with GeneralSecurityException
use of java.security.GeneralSecurityException in project Openfire by igniterealtime.
the class CertificateManager method createX509V3Certificate.
/**
* Creates an X509 version3 certificate.
*
* @param kp KeyPair that keeps the public and private keys for the new certificate.
* @param days time to live
* @param issuerBuilder IssuerDN builder
* @param subjectBuilder SubjectDN builder
* @param domain Domain of the server.
* @param signAlgoritm Signature algorithm. This can be either a name or an OID.
* @return X509 V3 Certificate
* @throws GeneralSecurityException
* @throws IOException
*/
public static synchronized X509Certificate createX509V3Certificate(KeyPair kp, int days, X500NameBuilder issuerBuilder, X500NameBuilder subjectBuilder, String domain, String signAlgoritm) throws GeneralSecurityException, IOException {
PublicKey pubKey = kp.getPublic();
PrivateKey privKey = kp.getPrivate();
byte[] serno = new byte[8];
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
random.setSeed((new Date().getTime()));
random.nextBytes(serno);
BigInteger serial = (new java.math.BigInteger(serno)).abs();
X500Name issuerDN = issuerBuilder.build();
X500Name subjectDN = subjectBuilder.build();
// builder
JcaX509v3CertificateBuilder certBuilder = new //
JcaX509v3CertificateBuilder(//
issuerDN, //
serial, //
new Date(), //
new Date(System.currentTimeMillis() + days * (1000L * 60 * 60 * 24)), //
subjectDN, //
pubKey);
// add subjectAlternativeName extension
boolean critical = subjectDN.getRDNs().length == 0;
ASN1Sequence othernameSequence = new DERSequence(new ASN1Encodable[] { new ASN1ObjectIdentifier("1.3.6.1.5.5.7.8.5"), new DERUTF8String(domain) });
GeneralName othernameGN = new GeneralName(GeneralName.otherName, othernameSequence);
GeneralNames subjectAltNames = new GeneralNames(new GeneralName[] { othernameGN });
certBuilder.addExtension(Extension.subjectAlternativeName, critical, subjectAltNames);
// add keyIdentifiers extensions
JcaX509ExtensionUtils utils = new JcaX509ExtensionUtils();
certBuilder.addExtension(Extension.subjectKeyIdentifier, false, utils.createSubjectKeyIdentifier(pubKey));
certBuilder.addExtension(Extension.authorityKeyIdentifier, false, utils.createAuthorityKeyIdentifier(pubKey));
try {
// build the certificate
ContentSigner signer = new JcaContentSignerBuilder(signAlgoritm).build(privKey);
X509CertificateHolder cert = certBuilder.build(signer);
// verify the validity
if (!cert.isValidOn(new Date())) {
throw new GeneralSecurityException("Certificate validity not valid");
}
// verify the signature (self-signed)
ContentVerifierProvider verifierProvider = new JcaContentVerifierProviderBuilder().build(pubKey);
if (!cert.isSignatureValid(verifierProvider)) {
throw new GeneralSecurityException("Certificate signature not valid");
}
return new JcaX509CertificateConverter().getCertificate(cert);
} catch (OperatorCreationException | CertException e) {
throw new GeneralSecurityException(e);
}
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
PrivateKey(java.security.PrivateKey)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
X500Name(org.bouncycastle.asn1.x500.X500Name)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
ContentVerifierProvider(org.bouncycastle.operator.ContentVerifierProvider)
PublicKey(java.security.PublicKey)
GeneralSecurityException(java.security.GeneralSecurityException)
ContentSigner(org.bouncycastle.operator.ContentSigner)
SecureRandom(java.security.SecureRandom)
CertException(org.bouncycastle.cert.CertException)
Date(java.util.Date)
JcaContentVerifierProviderBuilder(org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder)
GeneralNames(org.bouncycastle.asn1.x509.GeneralNames)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
BigInteger(java.math.BigInteger)
GeneralName(org.bouncycastle.asn1.x509.GeneralName)
Example 4 with GeneralSecurityException
use of java.security.GeneralSecurityException in project k-9 by k9mail.
the class ImapConnection method connect.
private Socket connect() throws GeneralSecurityException, MessagingException, IOException {
Exception connectException = null;
InetAddress[] inetAddresses = InetAddress.getAllByName(settings.getHost());
for (InetAddress address : inetAddresses) {
try {
return connectToAddress(address);
} catch (IOException e) {
Log.w(LOG_TAG, "Could not connect to " + address, e);
connectException = e;
}
}
throw new MessagingException("Cannot connect to host", connectException);
}
Also used :
MessagingException(com.fsck.k9.mail.MessagingException)
IOException(java.io.IOException)
InetAddress(java.net.InetAddress)
CertificateValidationException(com.fsck.k9.mail.CertificateValidationException)
GeneralSecurityException(java.security.GeneralSecurityException)
KeyManagementException(java.security.KeyManagementException)
SSLException(javax.net.ssl.SSLException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SocketException(java.net.SocketException)
ConnectException(java.net.ConnectException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
MessagingException(com.fsck.k9.mail.MessagingException)
AuthenticationFailedException(com.fsck.k9.mail.AuthenticationFailedException)
Example 5 with GeneralSecurityException
use of java.security.GeneralSecurityException in project hadoop by apache.
the class Fetcher method openConnection.
@VisibleForTesting
protected synchronized void openConnection(URL url) throws IOException {
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
if (sslShuffle) {
HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
try {
httpsConn.setSSLSocketFactory(sslFactory.createSSLSocketFactory());
} catch (GeneralSecurityException ex) {
throw new IOException(ex);
}
httpsConn.setHostnameVerifier(sslFactory.getHostnameVerifier());
}
connection = conn;
}
Also used :
HttpURLConnection(java.net.HttpURLConnection)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
HttpsURLConnection(javax.net.ssl.HttpsURLConnection)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Aggregations
GeneralSecurityException (java.security.GeneralSecurityException)1197
IOException (java.io.IOException)448
Cipher (javax.crypto.Cipher)148
Test (org.junit.Test)136
X509Certificate (java.security.cert.X509Certificate)130
KeyStore (java.security.KeyStore)98
SSLContext (javax.net.ssl.SSLContext)86
SecretKeySpec (javax.crypto.spec.SecretKeySpec)82
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)77
ArrayList (java.util.ArrayList)75
File (java.io.File)64
InputStream (java.io.InputStream)63
Certificate (java.security.cert.Certificate)61
PublicKey (java.security.PublicKey)56
FileInputStream (java.io.FileInputStream)54
PrivateKey (java.security.PrivateKey)51
BigInteger (java.math.BigInteger)50
SecretKey (javax.crypto.SecretKey)48
IvParameterSpec (javax.crypto.spec.IvParameterSpec)47
KeyPair (java.security.KeyPair)45
