Search in sources :

Example 1 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OSecurityManager method getPbkdf2.

private byte[] getPbkdf2(final String iPassword, final byte[] salt, final int iterations, final int bytes, final String algorithm) {
    String cacheKey = null;
    final String hashedPassword = createSHA256(iPassword + new String(salt));
    if (SALT_CACHE != null) {
        // SEARCH IN CACHE FIRST
        cacheKey = hashedPassword + "|" + Arrays.toString(salt) + "|" + iterations + "|" + bytes;
        final byte[] encoded = SALT_CACHE.get(cacheKey);
        if (encoded != null)
            return encoded;
    }
    final PBEKeySpec spec = new PBEKeySpec(iPassword.toCharArray(), salt, iterations, bytes * 8);
    final SecretKeyFactory skf;
    try {
        skf = SecretKeyFactory.getInstance(algorithm);
        final byte[] encoded = skf.generateSecret(spec).getEncoded();
        if (SALT_CACHE != null) {
            // SAVE IT IN CACHE
            SALT_CACHE.put(cacheKey, encoded);
        }
        return encoded;
    } catch (Exception e) {
        throw OException.wrapException(new OSecurityException("Cannot create a key with '" + algorithm + "' algorithm"), e);
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) SecretKeyFactory(javax.crypto.SecretKeyFactory) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) OConfigurationException(com.orientechnologies.orient.core.exception.OConfigurationException) OException(com.orientechnologies.common.exception.OException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 2 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OKerberosCredentialInterceptor method intercept.

public void intercept(final String url, final String principal, final String spn) throws OSecurityException {
    // it may contain multiple principals.
    if (principal == null || principal.isEmpty())
        throw new OSecurityException("OKerberosCredentialInterceptor Principal cannot be null!");
    this.principal = principal;
    String actualSPN = spn;
    // spn should be the SPN of the service.
    if (spn == null || spn.isEmpty()) {
        //		OrientDB/host
        if (url == null || url.isEmpty())
            throw new OSecurityException("OKerberosCredentialInterceptor URL and SPN cannot both be null!");
        try {
            String tempURL = url;
            // Without the // URI can't parse URLs correctly, so we add //.
            if (tempURL.startsWith("remote:") && !tempURL.startsWith("remote://"))
                tempURL = tempURL.replace("remote:", "remote://");
            URI remoteURI = new URI(tempURL);
            String host = remoteURI.getHost();
            if (host == null)
                throw new OSecurityException("OKerberosCredentialInterceptor Could not create SPN from URL: " + url);
            actualSPN = "OrientDB/" + host;
        } catch (URISyntaxException ex) {
            throw new OSecurityException("OKerberosCredentialInterceptor Could not create SPN from URL: " + url);
        }
    }
    // Defaults to the environment variable.
    String config = System.getenv("KRB5_CONFIG");
    String ckc = OGlobalConfiguration.CLIENT_KRB5_CONFIG.getValueAsString();
    if (ckc != null)
        config = ckc;
    // Defaults to the environment variable.
    String ccname = System.getenv("KRB5CCNAME");
    String ccn = OGlobalConfiguration.CLIENT_KRB5_CCNAME.getValueAsString();
    if (ccn != null)
        ccname = ccn;
    // Defaults to the environment variable.
    String ktname = System.getenv("KRB5_CLIENT_KTNAME");
    String ckn = OGlobalConfiguration.CLIENT_KRB5_KTNAME.getValueAsString();
    if (ckn != null)
        ktname = ckn;
    if (config == null)
        throw new OSecurityException("OKerberosCredentialInterceptor KRB5 Config cannot be null!");
    if (ccname == null && ktname == null)
        throw new OSecurityException("OKerberosCredentialInterceptor KRB5 Credential Cache and KeyTab cannot both be null!");
    LoginContext lc = null;
    try {
        System.setProperty("java.security.krb5.conf", config);
        OKrb5ClientLoginModuleConfig cfg = new OKrb5ClientLoginModuleConfig(principal, ccname, ktname);
        lc = new LoginContext("ignore", null, null, cfg);
        lc.login();
    } catch (LoginException lie) {
        OLogManager.instance().debug(this, "intercept() LoginException", lie);
        throw new OSecurityException("OKerberosCredentialInterceptor Client Validation Exception!");
    }
    Subject subject = lc.getSubject();
    // Assign the client's principal name.
    //		this.principal = getFirstPrincipal(subject);
    //		if(this.principal == null) throw new OSecurityException("OKerberosCredentialInterceptor Cannot obtain client principal!");
    this.serviceTicket = getServiceTicket(subject, principal, actualSPN);
    try {
        lc.logout();
    } catch (LoginException loe) {
        OLogManager.instance().debug(this, "intercept() LogoutException", loe);
    }
    if (this.serviceTicket == null)
        throw new OSecurityException("OKerberosCredentialInterceptor Cannot obtain the service ticket!");
}
Also used : LoginContext(javax.security.auth.login.LoginContext) LoginException(javax.security.auth.login.LoginException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) Subject(javax.security.auth.Subject)

Example 3 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OSymmetricKey method fromKeystore.

/**
   * Creates an OSymmetricKey from a Java "JCEKS" KeyStore.
   * @param is The InputStream used to load the KeyStore.
   * @param password The password for the KeyStore.  May be null.
   * @param keyAlias The alias name of the key to be used from the KeyStore.  Required.
   * @param keyPassword The password of the key represented by keyAlias.  May be null.
   */
public static OSymmetricKey fromKeystore(final InputStream is, final String password, final String keyAlias, final String keyPassword) {
    OSymmetricKey sk = null;
    try {
        // JCEKS is required to hold SecretKey entries.
        KeyStore ks = KeyStore.getInstance("JCEKS");
        char[] ksPasswdChars = null;
        if (password != null)
            ksPasswdChars = password.toCharArray();
        // ksPasswdChars may be null.
        ks.load(is, ksPasswdChars);
        char[] ksKeyPasswdChars = null;
        if (keyPassword != null)
            ksKeyPasswdChars = keyPassword.toCharArray();
        // ksKeyPasswdChars may be null.
        KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(ksKeyPasswdChars);
        KeyStore.SecretKeyEntry skEntry = (KeyStore.SecretKeyEntry) ks.getEntry(keyAlias, protParam);
        if (skEntry == null)
            throw new OSecurityException("SecretKeyEntry is null for key alias: " + keyAlias);
        SecretKey secretKey = skEntry.getSecretKey();
        sk = new OSymmetricKey(secretKey);
    } catch (Exception ex) {
        throw new OSecurityException("OSymmetricKey.fromKeystore() Exception: " + ex.getMessage());
    }
    return sk;
}
Also used : SecretKey(javax.crypto.SecretKey) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) KeyStore(java.security.KeyStore) OException(com.orientechnologies.common.exception.OException) KeyStoreException(java.security.KeyStoreException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 4 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OSymmetricKey method fromKeystore.

/**
   * Creates an OSymmetricKey from a Java "JCEKS" KeyStore.
   * @param path The location of the KeyStore file.
   * @param password The password for the KeyStore.  May be null.
   * @param keyAlias The alias name of the key to be used from the KeyStore.  Required.
   * @param keyPassword The password of the key represented by keyAlias.  May be null.
   */
public static OSymmetricKey fromKeystore(final String path, final String password, final String keyAlias, final String keyPassword) {
    OSymmetricKey sk = null;
    try {
        // JCEKS is required to hold SecretKey entries.
        KeyStore ks = KeyStore.getInstance("JCEKS");
        java.io.FileInputStream fis = null;
        try {
            fis = new java.io.FileInputStream(OSystemVariableResolver.resolveSystemVariables(path));
            return fromKeystore(fis, password, keyAlias, keyPassword);
        } finally {
            if (fis != null)
                fis.close();
        }
    } catch (Exception ex) {
        throw new OSecurityException("OSymmetricKey.fromKeystore() Exception: " + ex.getMessage());
    }
}
Also used : OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) FileInputStream(java.io.FileInputStream) KeyStore(java.security.KeyStore) OException(com.orientechnologies.common.exception.OException) KeyStoreException(java.security.KeyStoreException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 5 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OSymmetricKey method encrypt.

/**
   * This method encrypts an array of bytes.
   *
   * @param transform The cipher transformation to use.
   * @param bytes The array of bytes to be encrypted.
   *
   * @return The encrypted bytes as a Base64-encoded JSON document or null if unsuccessful.
   */
public String encrypt(final String transform, final byte[] bytes) {
    String encodedJSON = null;
    if (secretKey == null)
        throw new OSecurityException("OSymmetricKey.encrypt() SecretKey is null");
    if (transform == null)
        throw new OSecurityException("OSymmetricKey.encrypt() Cannot determine cipher transformation");
    try {
        // Throws NoSuchAlgorithmException and NoSuchPaddingException.
        Cipher cipher = Cipher.getInstance(transform);
        // If the cipher transformation requires an initialization vector then init() will create a random one.
        // (Use cipher.getIV() to retrieve the IV, if it exists.)
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
        // If the cipher does not use an IV, this will be null.
        byte[] initVector = cipher.getIV();
        //      byte[] initVector = encCipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV();
        byte[] encrypted = cipher.doFinal(bytes);
        encodedJSON = encodeJSON(encrypted, initVector);
    } catch (Exception ex) {
        throw new OSecurityException("OSymmetricKey.encrypt() Exception: " + ex.getMessage());
    }
    return encodedJSON;
}
Also used : OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) Cipher(javax.crypto.Cipher) OException(com.orientechnologies.common.exception.OException) KeyStoreException(java.security.KeyStoreException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Aggregations

OSecurityException (com.orientechnologies.orient.core.exception.OSecurityException)24 OException (com.orientechnologies.common.exception.OException)13 ODocument (com.orientechnologies.orient.core.record.impl.ODocument)8 IOException (java.io.IOException)8 ODatabaseDocumentTx (com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)7 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 OCommandSQL (com.orientechnologies.orient.core.sql.OCommandSQL)6 OSQLSynchQuery (com.orientechnologies.orient.core.sql.query.OSQLSynchQuery)6 FileNotFoundException (java.io.FileNotFoundException)6 KeyStoreException (java.security.KeyStoreException)6 List (java.util.List)6 BadPaddingException (javax.crypto.BadPaddingException)6 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)6 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)6 ODatabase (com.orientechnologies.orient.core.db.ODatabase)5 File (java.io.File)5 ODatabaseDocumentInternal (com.orientechnologies.orient.core.db.ODatabaseDocumentInternal)4 OStorage (com.orientechnologies.orient.core.storage.OStorage)3 OConfigurationException (com.orientechnologies.orient.core.exception.OConfigurationException)2