Search in sources :

Example 6 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OSymmetricKeyCI method intercept.

/**
   * The usual password field should be a JSON representation.
   */
public void intercept(final String url, final String username, final String password) throws OSecurityException {
    if (username == null || username.isEmpty())
        throw new OSecurityException("OSymmetricKeyCI username is not valid!");
    if (password == null || password.isEmpty())
        throw new OSecurityException("OSymmetricKeyCI password is not valid!");
    this.username = username;
    // These are all used as defaults if the JSON document is missing any fields.
    // Defaults to "AES".
    String algorithm = OGlobalConfiguration.CLIENT_CI_KEYALGORITHM.getValueAsString();
    // Defaults to "AES/CBC/PKCS5Padding".
    String transform = OGlobalConfiguration.CLIENT_CI_CIPHERTRANSFORM.getValueAsString();
    String keystoreFile = OGlobalConfiguration.CLIENT_CI_KEYSTORE_FILE.getValueAsString();
    String keystorePassword = OGlobalConfiguration.CLIENT_CI_KEYSTORE_PASSWORD.getValueAsString();
    ODocument jsonDoc = null;
    try {
        jsonDoc = new ODocument().fromJSON(password, "noMap");
    } catch (Exception ex) {
        throw new OSecurityException("OSymmetricKeyCI.intercept() Exception: " + ex.getMessage());
    }
    // Override algorithm and transform, if they exist in the JSON document.
    if (jsonDoc.containsField("algorithm"))
        algorithm = jsonDoc.field("algorithm");
    if (jsonDoc.containsField("transform"))
        transform = jsonDoc.field("transform");
    // Just in case the default configuration gets changed, check it.
    if (transform == null || transform.isEmpty())
        throw new OSecurityException("OSymmetricKeyCI.intercept() cipher transformation is required");
    // then determine the algorithm from the cipher transformation.
    if (algorithm == null)
        algorithm = OSymmetricKey.separateAlgorithm(transform);
    OSymmetricKey key = null;
    // "key" has priority over "keyFile" and "keyStore".
    if (jsonDoc.containsField("key")) {
        final String base64Key = jsonDoc.field("key");
        key = OSymmetricKey.fromString(algorithm, base64Key);
        key.setDefaultCipherTransform(transform);
    } else // "keyFile" has priority over "keyStore".
    if (jsonDoc.containsField("keyFile")) {
        key = OSymmetricKey.fromFile(algorithm, (String) jsonDoc.field("keyFile"));
        key.setDefaultCipherTransform(transform);
    } else if (jsonDoc.containsField("keyStore")) {
        ODocument ksDoc = jsonDoc.field("keyStore");
        if (ksDoc.containsField("file"))
            keystoreFile = ksDoc.field("file");
        if (keystoreFile == null || keystoreFile.isEmpty())
            throw new OSecurityException("OSymmetricKeyCI.intercept() keystore file is required");
        // Specific to Keystore, but override if present in the JSON document.
        if (ksDoc.containsField("password"))
            keystorePassword = ksDoc.field("password");
        String keyAlias = ksDoc.field("keyAlias");
        if (keyAlias == null || keyAlias.isEmpty())
            throw new OSecurityException("OSymmetricKeyCI.intercept() keystore key alias is required");
        // keyPassword may be null.
        String keyPassword = ksDoc.field("keyPassword");
        // keystorePassword may be null.
        key = OSymmetricKey.fromKeystore(keystoreFile, keystorePassword, keyAlias, keyPassword);
        key.setDefaultCipherTransform(transform);
    } else {
        throw new OSecurityException("OSymmetricKeyCI.intercept() No suitable symmetric key property exists");
    }
    // This should never happen, but...
    if (key == null)
        throw new OSecurityException("OSymmetricKeyCI.intercept() OSymmetricKey is null");
    encodedJSON = key.encrypt(transform, username);
}
Also used : OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) LoginException(javax.security.auth.login.LoginException) URISyntaxException(java.net.URISyntaxException) ODocument(com.orientechnologies.orient.core.record.impl.ODocument)

Example 7 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OCompressionFactory method getCompression.

public OCompression getCompression(final String name, final String iOptions) {
    OCompression compression = compressions.get(name);
    if (compression == null) {
        final Class<? extends OCompression> compressionClass;
        if (name == null)
            compressionClass = ONothingCompression.class;
        else
            compressionClass = compressionClasses.get(name);
        if (compressionClass != null) {
            try {
                compression = compressionClass.newInstance();
                compression.configure(iOptions);
            } catch (Exception e) {
                throw OException.wrapException(new OSecurityException("Cannot instantiate compression algorithm '" + name + "'"), e);
            }
        } else
            throw new OSecurityException("Compression with name '" + name + "' is absent");
    }
    return compression;
}
Also used : ONothingCompression(com.orientechnologies.orient.core.compression.impl.ONothingCompression) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) OException(com.orientechnologies.common.exception.OException)

Example 8 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class ODESEncryption method configure.

public OEncryption configure(final String iOptions) {
    initialized = false;
    if (iOptions == null)
        throw new OSecurityException("DES encryption has been selected, but no key was found. Please configure it by passing the key as property at database create/open. The property key is: '" + OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey() + "'");
    try {
        final byte[] key = OBase64Utils.decode(iOptions);
        final DESKeySpec desKeySpec = new DESKeySpec(key);
        final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM_NAME);
        theKey = keyFactory.generateSecret(desKeySpec);
        cipher = Cipher.getInstance(TRANSFORMATION);
    } catch (Exception e) {
        throw OException.wrapException(new OInvalidStorageEncryptionKeyException("Cannot initialize DES encryption with current key. Assure the key is a BASE64 - 64 bits long"), e);
    }
    this.initialized = true;
    return this;
}
Also used : OInvalidStorageEncryptionKeyException(com.orientechnologies.orient.core.exception.OInvalidStorageEncryptionKeyException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) DESKeySpec(javax.crypto.spec.DESKeySpec) SecretKeyFactory(javax.crypto.SecretKeyFactory) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) OInvalidStorageEncryptionKeyException(com.orientechnologies.orient.core.exception.OInvalidStorageEncryptionKeyException) OException(com.orientechnologies.common.exception.OException)

Example 9 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OServer method loadDatabases.

/**
   * Opens all the available server's databases.
   */
protected void loadDatabases() {
    if (!OGlobalConfiguration.SERVER_OPEN_ALL_DATABASES_AT_STARTUP.getValueAsBoolean())
        return;
    final String dbPath = getDatabaseDirectory();
    for (Map.Entry<String, String> storageEntry : getAvailableStorageNames().entrySet()) {
        final String databaseName = storageEntry.getKey();
        OLogManager.instance().info(this, "Opening database '%s' at startup...", databaseName);
        final ODatabaseDocumentTx db = new ODatabaseDocumentTx("plocal:" + dbPath + databaseName);
        try {
            try {
                openDatabaseBypassingSecurity(db, null, "internal");
            } catch (OStorageException e) {
                if (e.getCause() instanceof OSecurityException) {
                    if (askForEncryptionKey(databaseName)) {
                        // RETRY IT
                        try {
                            openDatabaseBypassingSecurity(db, null, "internal");
                        } catch (Exception e2) {
                            // LOOK FOR A SECURITY EXCEPTION
                            Throwable nested = e2;
                            while (nested != null) {
                                if (nested instanceof OSecurityException) {
                                    OLogManager.instance().error(this, "Invalid key for database '%s'. Skip database opening", databaseName);
                                    return;
                                }
                                nested = nested.getCause();
                            }
                            OLogManager.instance().error(this, "Error on opening database '%s': %s", e, e.getMessage());
                        }
                    }
                }
            }
        } finally {
            db.activateOnCurrentThread();
            db.close();
        }
    }
}
Also used : OStorageException(com.orientechnologies.orient.core.exception.OStorageException) ODatabaseDocumentTx(com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) OException(com.orientechnologies.common.exception.OException) OStorageException(com.orientechnologies.orient.core.exception.OStorageException) InstanceAlreadyExistsException(javax.management.InstanceAlreadyExistsException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) NotCompliantMBeanException(javax.management.NotCompliantMBeanException) InvocationTargetException(java.lang.reflect.InvocationTargetException) MalformedObjectNameException(javax.management.MalformedObjectNameException) OConfigurationException(com.orientechnologies.orient.core.exception.OConfigurationException) MBeanRegistrationException(javax.management.MBeanRegistrationException) ODatabaseException(com.orientechnologies.orient.core.exception.ODatabaseException) IOException(java.io.IOException)

Example 10 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class ODESEncryptionTest method testCreatedDESEncryptedDatabase.

public void testCreatedDESEncryptedDatabase() {
    OFileUtils.deleteRecursively(new File("target/" + DBNAME_DATABASETEST));
    final ODatabase db = new ODatabaseDocumentTx("plocal:target/" + DBNAME_DATABASETEST);
    db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_METHOD.getKey(), "des");
    db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA==");
    db.create();
    try {
        db.command(new OCommandSQL("create class TestEncryption")).execute();
        db.command(new OCommandSQL("insert into TestEncryption set name = 'Jay'")).execute();
        List result = db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
        Assert.assertEquals(result.size(), 1);
        db.close();
        db.open("admin", "admin");
        db.close();
        Orient.instance().getStorage(DBNAME_DATABASETEST).close(true, false);
        db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA==");
        db.open("admin", "admin");
        result = db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
        Assert.assertEquals(result.size(), 1);
        db.close();
        Orient.instance().getStorage(DBNAME_DATABASETEST).close(true, false);
        db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "invalidPassword");
        try {
            db.open("admin", "admin");
            Assert.fail();
        } catch (OSecurityException e) {
            Assert.assertTrue(true);
        } finally {
            db.activateOnCurrentThread();
            db.close();
            Orient.instance().getStorage(DBNAME_DATABASETEST).close(true, false);
        }
        db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA=-");
        try {
            db.open("admin", "admin");
            Assert.fail();
        } catch (OSecurityException e) {
            Assert.assertTrue(true);
        } finally {
            db.activateOnCurrentThread();
            db.close();
            Orient.instance().getStorage(DBNAME_DATABASETEST).close(true, false);
        }
        db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA==");
        db.open("admin", "admin");
        result = db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
        Assert.assertEquals(result.size(), 1);
    } finally {
        db.activateOnCurrentThread();
        db.drop();
    }
}
Also used : OCommandSQL(com.orientechnologies.orient.core.sql.OCommandSQL) OSQLSynchQuery(com.orientechnologies.orient.core.sql.query.OSQLSynchQuery) ODatabaseDocumentTx(com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx) List(java.util.List) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) ODatabase(com.orientechnologies.orient.core.db.ODatabase) File(java.io.File) ODocument(com.orientechnologies.orient.core.record.impl.ODocument)

Aggregations

OSecurityException (com.orientechnologies.orient.core.exception.OSecurityException)24 OException (com.orientechnologies.common.exception.OException)13 ODocument (com.orientechnologies.orient.core.record.impl.ODocument)8 IOException (java.io.IOException)8 ODatabaseDocumentTx (com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)7 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 OCommandSQL (com.orientechnologies.orient.core.sql.OCommandSQL)6 OSQLSynchQuery (com.orientechnologies.orient.core.sql.query.OSQLSynchQuery)6 FileNotFoundException (java.io.FileNotFoundException)6 KeyStoreException (java.security.KeyStoreException)6 List (java.util.List)6 BadPaddingException (javax.crypto.BadPaddingException)6 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)6 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)6 ODatabase (com.orientechnologies.orient.core.db.ODatabase)5 File (java.io.File)5 ODatabaseDocumentInternal (com.orientechnologies.orient.core.db.ODatabaseDocumentInternal)4 OStorage (com.orientechnologies.orient.core.storage.OStorage)3 OConfigurationException (com.orientechnologies.orient.core.exception.OConfigurationException)2