use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.
the class OSecurityManager method getPbkdf2.
private byte[] getPbkdf2(final String iPassword, final byte[] salt, final int iterations, final int bytes, final String algorithm) {
String cacheKey = null;
final String hashedPassword = createSHA256(iPassword + new String(salt));
if (SALT_CACHE != null) {
// SEARCH IN CACHE FIRST
cacheKey = hashedPassword + "|" + Arrays.toString(salt) + "|" + iterations + "|" + bytes;
final byte[] encoded = SALT_CACHE.get(cacheKey);
if (encoded != null)
return encoded;
}
final PBEKeySpec spec = new PBEKeySpec(iPassword.toCharArray(), salt, iterations, bytes * 8);
final SecretKeyFactory skf;
try {
skf = SecretKeyFactory.getInstance(algorithm);
final byte[] encoded = skf.generateSecret(spec).getEncoded();
if (SALT_CACHE != null) {
// SAVE IT IN CACHE
SALT_CACHE.put(cacheKey, encoded);
}
return encoded;
} catch (Exception e) {
throw OException.wrapException(new OSecurityException("Cannot create a key with '" + algorithm + "' algorithm"), e);
}
}
use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.
the class OKerberosCredentialInterceptor method intercept.
public void intercept(final String url, final String principal, final String spn) throws OSecurityException {
// it may contain multiple principals.
if (principal == null || principal.isEmpty())
throw new OSecurityException("OKerberosCredentialInterceptor Principal cannot be null!");
this.principal = principal;
String actualSPN = spn;
// spn should be the SPN of the service.
if (spn == null || spn.isEmpty()) {
// OrientDB/host
if (url == null || url.isEmpty())
throw new OSecurityException("OKerberosCredentialInterceptor URL and SPN cannot both be null!");
try {
String tempURL = url;
// Without the // URI can't parse URLs correctly, so we add //.
if (tempURL.startsWith("remote:") && !tempURL.startsWith("remote://"))
tempURL = tempURL.replace("remote:", "remote://");
URI remoteURI = new URI(tempURL);
String host = remoteURI.getHost();
if (host == null)
throw new OSecurityException("OKerberosCredentialInterceptor Could not create SPN from URL: " + url);
actualSPN = "OrientDB/" + host;
} catch (URISyntaxException ex) {
throw new OSecurityException("OKerberosCredentialInterceptor Could not create SPN from URL: " + url);
}
}
// Defaults to the environment variable.
String config = System.getenv("KRB5_CONFIG");
String ckc = OGlobalConfiguration.CLIENT_KRB5_CONFIG.getValueAsString();
if (ckc != null)
config = ckc;
// Defaults to the environment variable.
String ccname = System.getenv("KRB5CCNAME");
String ccn = OGlobalConfiguration.CLIENT_KRB5_CCNAME.getValueAsString();
if (ccn != null)
ccname = ccn;
// Defaults to the environment variable.
String ktname = System.getenv("KRB5_CLIENT_KTNAME");
String ckn = OGlobalConfiguration.CLIENT_KRB5_KTNAME.getValueAsString();
if (ckn != null)
ktname = ckn;
if (config == null)
throw new OSecurityException("OKerberosCredentialInterceptor KRB5 Config cannot be null!");
if (ccname == null && ktname == null)
throw new OSecurityException("OKerberosCredentialInterceptor KRB5 Credential Cache and KeyTab cannot both be null!");
LoginContext lc = null;
try {
System.setProperty("java.security.krb5.conf", config);
OKrb5ClientLoginModuleConfig cfg = new OKrb5ClientLoginModuleConfig(principal, ccname, ktname);
lc = new LoginContext("ignore", null, null, cfg);
lc.login();
} catch (LoginException lie) {
OLogManager.instance().debug(this, "intercept() LoginException", lie);
throw new OSecurityException("OKerberosCredentialInterceptor Client Validation Exception!");
}
Subject subject = lc.getSubject();
// Assign the client's principal name.
// this.principal = getFirstPrincipal(subject);
// if(this.principal == null) throw new OSecurityException("OKerberosCredentialInterceptor Cannot obtain client principal!");
this.serviceTicket = getServiceTicket(subject, principal, actualSPN);
try {
lc.logout();
} catch (LoginException loe) {
OLogManager.instance().debug(this, "intercept() LogoutException", loe);
}
if (this.serviceTicket == null)
throw new OSecurityException("OKerberosCredentialInterceptor Cannot obtain the service ticket!");
}
use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.
the class OSymmetricKey method fromKeystore.
/**
* Creates an OSymmetricKey from a Java "JCEKS" KeyStore.
* @param is The InputStream used to load the KeyStore.
* @param password The password for the KeyStore. May be null.
* @param keyAlias The alias name of the key to be used from the KeyStore. Required.
* @param keyPassword The password of the key represented by keyAlias. May be null.
*/
public static OSymmetricKey fromKeystore(final InputStream is, final String password, final String keyAlias, final String keyPassword) {
OSymmetricKey sk = null;
try {
// JCEKS is required to hold SecretKey entries.
KeyStore ks = KeyStore.getInstance("JCEKS");
char[] ksPasswdChars = null;
if (password != null)
ksPasswdChars = password.toCharArray();
// ksPasswdChars may be null.
ks.load(is, ksPasswdChars);
char[] ksKeyPasswdChars = null;
if (keyPassword != null)
ksKeyPasswdChars = keyPassword.toCharArray();
// ksKeyPasswdChars may be null.
KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(ksKeyPasswdChars);
KeyStore.SecretKeyEntry skEntry = (KeyStore.SecretKeyEntry) ks.getEntry(keyAlias, protParam);
if (skEntry == null)
throw new OSecurityException("SecretKeyEntry is null for key alias: " + keyAlias);
SecretKey secretKey = skEntry.getSecretKey();
sk = new OSymmetricKey(secretKey);
} catch (Exception ex) {
throw new OSecurityException("OSymmetricKey.fromKeystore() Exception: " + ex.getMessage());
}
return sk;
}
use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.
the class OSymmetricKey method fromKeystore.
/**
* Creates an OSymmetricKey from a Java "JCEKS" KeyStore.
* @param path The location of the KeyStore file.
* @param password The password for the KeyStore. May be null.
* @param keyAlias The alias name of the key to be used from the KeyStore. Required.
* @param keyPassword The password of the key represented by keyAlias. May be null.
*/
public static OSymmetricKey fromKeystore(final String path, final String password, final String keyAlias, final String keyPassword) {
OSymmetricKey sk = null;
try {
// JCEKS is required to hold SecretKey entries.
KeyStore ks = KeyStore.getInstance("JCEKS");
java.io.FileInputStream fis = null;
try {
fis = new java.io.FileInputStream(OSystemVariableResolver.resolveSystemVariables(path));
return fromKeystore(fis, password, keyAlias, keyPassword);
} finally {
if (fis != null)
fis.close();
}
} catch (Exception ex) {
throw new OSecurityException("OSymmetricKey.fromKeystore() Exception: " + ex.getMessage());
}
}
use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.
the class OSymmetricKey method encrypt.
/**
* This method encrypts an array of bytes.
*
* @param transform The cipher transformation to use.
* @param bytes The array of bytes to be encrypted.
*
* @return The encrypted bytes as a Base64-encoded JSON document or null if unsuccessful.
*/
public String encrypt(final String transform, final byte[] bytes) {
String encodedJSON = null;
if (secretKey == null)
throw new OSecurityException("OSymmetricKey.encrypt() SecretKey is null");
if (transform == null)
throw new OSecurityException("OSymmetricKey.encrypt() Cannot determine cipher transformation");
try {
// Throws NoSuchAlgorithmException and NoSuchPaddingException.
Cipher cipher = Cipher.getInstance(transform);
// If the cipher transformation requires an initialization vector then init() will create a random one.
// (Use cipher.getIV() to retrieve the IV, if it exists.)
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
// If the cipher does not use an IV, this will be null.
byte[] initVector = cipher.getIV();
// byte[] initVector = encCipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV();
byte[] encrypted = cipher.doFinal(bytes);
encodedJSON = encodeJSON(encrypted, initVector);
} catch (Exception ex) {
throw new OSecurityException("OSymmetricKey.encrypt() Exception: " + ex.getMessage());
}
return encodedJSON;
}
Aggregations