Search in sources :

Example 6 with SecurityException

use of com.emc.storageos.security.exceptions.SecurityException in project coprhd-controller by CoprHD.

the class KeystoreTest method testZookeeperKeystore.

@Test
public void testZookeeperKeystore() throws IOException {
    DistributedKeyStore zookeeperKeystore = new DistributedKeyStoreImpl();
    boolean exceptionThrown = false;
    try {
        zookeeperKeystore.init(invalidLoadStoreParam);
    } catch (SecurityException e) {
        exceptionThrown = true;
    }
    Assert.assertTrue(exceptionThrown);
    zookeeperKeystore.init(loadStoreParam);
    // this is in case this test was run previously
    zookeeperKeystore.setTrustedCertificates(null);
    KeyCertificateEntry origEntry = gen.generateKeyCertificatePair();
    origEntry.setCreationDate(new Date());
    zookeeperKeystore.setKeyCertificatePair(origEntry);
    KeyCertificateEntry storedEntry = zookeeperKeystore.getKeyCertificatePair();
    assertKeyCertificateEntriesEquals(origEntry, storedEntry);
    origEntry = gen.generateKeyCertificatePair();
    TrustedCertificateEntry origCertEntry = new TrustedCertificateEntry(origEntry.getCertificateChain()[0], new Date());
    Map<String, TrustedCertificateEntry> origCertEntries = new HashMap<String, TrustedCertificateEntry>();
    origCertEntries.put("trustedCert1", origCertEntry);
    zookeeperKeystore.addTrustedCertificate("trustedCert1", origCertEntry);
    origEntry = gen.generateKeyCertificatePair();
    origCertEntry = new TrustedCertificateEntry(origEntry.getCertificateChain()[0], new Date());
    origCertEntries.put("trustedCert2", origCertEntry);
    zookeeperKeystore.addTrustedCertificate("trustedCert2", origCertEntry);
    assertTrustedCertsEquals(origCertEntries, zookeeperKeystore.getTrustedCertificates());
    origEntry = gen.generateKeyCertificatePair();
    origCertEntry = new TrustedCertificateEntry(origEntry.getCertificateChain()[0], new Date());
    origCertEntries.put("trustedCert3", origCertEntry);
    zookeeperKeystore.setTrustedCertificates(origCertEntries);
    assertTrustedCertsEquals(origCertEntries, zookeeperKeystore.getTrustedCertificates());
    origCertEntries.remove("trustedCert3");
    zookeeperKeystore.setTrustedCertificates(origCertEntries);
    assertTrustedCertsEquals(origCertEntries, zookeeperKeystore.getTrustedCertificates());
    origCertEntries.remove("trustedCert2");
    zookeeperKeystore.removeTrustedCertificate("trustedCert2");
    assertTrustedCertsEquals(origCertEntries, zookeeperKeystore.getTrustedCertificates());
    zookeeperKeystore.removeTrustedCertificate("trustedCert10");
}
Also used : DistributedKeyStoreImpl(com.emc.storageos.security.keystore.impl.DistributedKeyStoreImpl) HashMap(java.util.HashMap) SecurityException(com.emc.storageos.security.exceptions.SecurityException) KeyCertificateEntry(com.emc.storageos.security.keystore.impl.KeyCertificateEntry) Date(java.util.Date) TrustedCertificateEntry(com.emc.storageos.security.keystore.impl.TrustedCertificateEntry) Test(org.junit.Test)

Example 7 with SecurityException

use of com.emc.storageos.security.exceptions.SecurityException in project coprhd-controller by CoprHD.

the class CassandraTokenManager method getProxyToken.

/**
 * Gets a proxy token for the given user
 * If a proxy token for the given user already exists, it will be reused
 *
 * @return proxy-token
 */
@Override
public String getProxyToken(StorageOSUserDAO userDAO) {
    InterProcessLock userLock = null;
    try {
        userLock = _coordinator.getLock(userDAO.getUserName());
        if (userLock == null) {
            _log.error("Could not acquire lock for user: {}", userDAO.getUserName());
            throw SecurityException.fatals.couldNotAcquireLockForUser(userDAO.getUserName());
        }
        userLock.acquire();
        // Look for proxy tokens based on that username.
        // If any is found, use that. Else, create a new one.
        ProxyToken proxyToken = getProxyTokenForUserName(userDAO.getUserName());
        if (proxyToken != null) {
            _log.debug("Found proxy token {} for user {}.  Reusing...", proxyToken.getId(), userDAO.getUserName());
            return _tokenEncoder.encode(TokenOnWire.createTokenOnWire(proxyToken));
        }
        // No proxy token found for this user. Create a new one.
        // Create the actual proxy token
        ProxyToken pToken = new ProxyToken();
        pToken.setId(URIUtil.createId(ProxyToken.class));
        pToken.addKnownId(userDAO.getId());
        pToken.setUserName(userDAO.getUserName());
        // for now
        pToken.setZoneId("zone1");
        pToken.setIssuedTime(getCurrentTimeInMins());
        pToken.setLastValidatedTime(getCurrentTimeInMins());
        _dbClient.persistObject(pToken);
        return _tokenEncoder.encode(TokenOnWire.createTokenOnWire(pToken));
    } catch (DatabaseException ex) {
        _log.error("DatabaseException while persisting proxy token", ex);
    } catch (SecurityException ex) {
        _log.error("Proxy Token encoding exception. ", ex);
    } catch (Exception ex) {
        _log.error("Could not acquire lock while trying to get a proxy token.", ex);
    } finally {
        try {
            if (userLock != null) {
                userLock.release();
            }
        } catch (Exception ex) {
            _log.error("Unable to release proxytoken creation lock", ex);
        }
    }
    return null;
}
Also used : ProxyToken(com.emc.storageos.db.client.model.ProxyToken) InterProcessLock(org.apache.curator.framework.recipes.locks.InterProcessLock) SecurityException(com.emc.storageos.security.exceptions.SecurityException) DatabaseException(com.emc.storageos.db.exceptions.DatabaseException) APIException(com.emc.storageos.svcs.errorhandling.resources.APIException) DatabaseException(com.emc.storageos.db.exceptions.DatabaseException) SecurityException(com.emc.storageos.security.exceptions.SecurityException)

Example 8 with SecurityException

use of com.emc.storageos.security.exceptions.SecurityException in project coprhd-controller by CoprHD.

the class CassandraTokenManager method deleteToken.

/**
 * Remove token from database if valid.
 */
@Override
public void deleteToken(String tokenIn) {
    try {
        if (tokenIn == null) {
            _log.error("Null token passed for deletion");
            return;
        }
        URI tkId = _tokenEncoder.decode(tokenIn).getTokenId();
        Token verificationToken = _dbClient.queryObject(Token.class, tkId);
        if (verificationToken == null) {
            _log.error("Could not fetch token from the database: {}", tkId);
            return;
        }
        deleteTokenInternal(verificationToken);
    } catch (DatabaseException ex) {
        throw SecurityException.fatals.databseExceptionDuringTokenDeletion(tokenIn, ex);
    } catch (SecurityException e) {
        _log.error("Token decoding exception during deleteToken.", e);
    }
}
Also used : ProxyToken(com.emc.storageos.db.client.model.ProxyToken) Token(com.emc.storageos.db.client.model.Token) SecurityException(com.emc.storageos.security.exceptions.SecurityException) URI(java.net.URI) DatabaseException(com.emc.storageos.db.exceptions.DatabaseException)

Aggregations

SecurityException (com.emc.storageos.security.exceptions.SecurityException)8 ProxyToken (com.emc.storageos.db.client.model.ProxyToken)3 DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)3 KeyCertificateEntry (com.emc.storageos.security.keystore.impl.KeyCertificateEntry)3 Test (org.junit.Test)3 Token (com.emc.storageos.db.client.model.Token)2 DistributedKeyStoreImpl (com.emc.storageos.security.keystore.impl.DistributedKeyStoreImpl)2 TrustedCertificateEntry (com.emc.storageos.security.keystore.impl.TrustedCertificateEntry)2 APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)2 URI (java.net.URI)2 Date (java.util.Date)2 DecommissionedConstraint (com.emc.storageos.db.client.constraint.DecommissionedConstraint)1 StorageOSUserDAO (com.emc.storageos.db.client.model.StorageOSUserDAO)1 KeyCertificatePairGenerator (com.emc.storageos.security.keystore.impl.KeyCertificatePairGenerator)1 SecurityProvider (com.emc.storageos.security.keystore.impl.SecurityProvider)1 BadRequestException (com.emc.storageos.svcs.errorhandling.resources.BadRequestException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyStore (java.security.KeyStore)1 PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)1 KeyStoreException (java.security.KeyStoreException)1