use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.
the class OSymmetricKeyCI method intercept.
/**
* The usual password field should be a JSON representation.
*/
public void intercept(final String url, final String username, final String password) throws OSecurityException {
if (username == null || username.isEmpty())
throw new OSecurityException("OSymmetricKeyCI username is not valid!");
if (password == null || password.isEmpty())
throw new OSecurityException("OSymmetricKeyCI password is not valid!");
this.username = username;
// These are all used as defaults if the JSON document is missing any fields.
// Defaults to "AES".
String algorithm = OGlobalConfiguration.CLIENT_CI_KEYALGORITHM.getValueAsString();
// Defaults to "AES/CBC/PKCS5Padding".
String transform = OGlobalConfiguration.CLIENT_CI_CIPHERTRANSFORM.getValueAsString();
String keystoreFile = OGlobalConfiguration.CLIENT_CI_KEYSTORE_FILE.getValueAsString();
String keystorePassword = OGlobalConfiguration.CLIENT_CI_KEYSTORE_PASSWORD.getValueAsString();
ODocument jsonDoc = null;
try {
jsonDoc = new ODocument().fromJSON(password, "noMap");
} catch (Exception ex) {
throw new OSecurityException("OSymmetricKeyCI.intercept() Exception: " + ex.getMessage());
}
// Override algorithm and transform, if they exist in the JSON document.
if (jsonDoc.containsField("algorithm"))
algorithm = jsonDoc.field("algorithm");
if (jsonDoc.containsField("transform"))
transform = jsonDoc.field("transform");
// Just in case the default configuration gets changed, check it.
if (transform == null || transform.isEmpty())
throw new OSecurityException("OSymmetricKeyCI.intercept() cipher transformation is required");
// then determine the algorithm from the cipher transformation.
if (algorithm == null)
algorithm = OSymmetricKey.separateAlgorithm(transform);
OSymmetricKey key = null;
// "key" has priority over "keyFile" and "keyStore".
if (jsonDoc.containsField("key")) {
final String base64Key = jsonDoc.field("key");
key = OSymmetricKey.fromString(algorithm, base64Key);
key.setDefaultCipherTransform(transform);
} else // "keyFile" has priority over "keyStore".
if (jsonDoc.containsField("keyFile")) {
key = OSymmetricKey.fromFile(algorithm, (String) jsonDoc.field("keyFile"));
key.setDefaultCipherTransform(transform);
} else if (jsonDoc.containsField("keyStore")) {
ODocument ksDoc = jsonDoc.field("keyStore");
if (ksDoc.containsField("file"))
keystoreFile = ksDoc.field("file");
if (keystoreFile == null || keystoreFile.isEmpty())
throw new OSecurityException("OSymmetricKeyCI.intercept() keystore file is required");
// Specific to Keystore, but override if present in the JSON document.
if (ksDoc.containsField("password"))
keystorePassword = ksDoc.field("password");
String keyAlias = ksDoc.field("keyAlias");
if (keyAlias == null || keyAlias.isEmpty())
throw new OSecurityException("OSymmetricKeyCI.intercept() keystore key alias is required");
// keyPassword may be null.
String keyPassword = ksDoc.field("keyPassword");
// keystorePassword may be null.
key = OSymmetricKey.fromKeystore(keystoreFile, keystorePassword, keyAlias, keyPassword);
key.setDefaultCipherTransform(transform);
} else {
throw new OSecurityException("OSymmetricKeyCI.intercept() No suitable symmetric key property exists");
}
// This should never happen, but...
if (key == null)
throw new OSecurityException("OSymmetricKeyCI.intercept() OSymmetricKey is null");
encodedJSON = key.encrypt(transform, username);
}
use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.
the class OCompressionFactory method getCompression.
public OCompression getCompression(final String name, final String iOptions) {
OCompression compression = compressions.get(name);
if (compression == null) {
final Class<? extends OCompression> compressionClass;
if (name == null)
compressionClass = ONothingCompression.class;
else
compressionClass = compressionClasses.get(name);
if (compressionClass != null) {
try {
compression = compressionClass.newInstance();
compression.configure(iOptions);
} catch (Exception e) {
throw OException.wrapException(new OSecurityException("Cannot instantiate compression algorithm '" + name + "'"), e);
}
} else
throw new OSecurityException("Compression with name '" + name + "' is absent");
}
return compression;
}
use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.
the class ODESEncryption method configure.
public OEncryption configure(final String iOptions) {
initialized = false;
if (iOptions == null)
throw new OSecurityException("DES encryption has been selected, but no key was found. Please configure it by passing the key as property at database create/open. The property key is: '" + OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey() + "'");
try {
final byte[] key = OBase64Utils.decode(iOptions);
final DESKeySpec desKeySpec = new DESKeySpec(key);
final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM_NAME);
theKey = keyFactory.generateSecret(desKeySpec);
cipher = Cipher.getInstance(TRANSFORMATION);
} catch (Exception e) {
throw OException.wrapException(new OInvalidStorageEncryptionKeyException("Cannot initialize DES encryption with current key. Assure the key is a BASE64 - 64 bits long"), e);
}
this.initialized = true;
return this;
}
use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.
the class OServer method loadDatabases.
/**
* Opens all the available server's databases.
*/
protected void loadDatabases() {
if (!OGlobalConfiguration.SERVER_OPEN_ALL_DATABASES_AT_STARTUP.getValueAsBoolean())
return;
final String dbPath = getDatabaseDirectory();
for (Map.Entry<String, String> storageEntry : getAvailableStorageNames().entrySet()) {
final String databaseName = storageEntry.getKey();
OLogManager.instance().info(this, "Opening database '%s' at startup...", databaseName);
final ODatabaseDocumentTx db = new ODatabaseDocumentTx("plocal:" + dbPath + databaseName);
try {
try {
openDatabaseBypassingSecurity(db, null, "internal");
} catch (OStorageException e) {
if (e.getCause() instanceof OSecurityException) {
if (askForEncryptionKey(databaseName)) {
// RETRY IT
try {
openDatabaseBypassingSecurity(db, null, "internal");
} catch (Exception e2) {
// LOOK FOR A SECURITY EXCEPTION
Throwable nested = e2;
while (nested != null) {
if (nested instanceof OSecurityException) {
OLogManager.instance().error(this, "Invalid key for database '%s'. Skip database opening", databaseName);
return;
}
nested = nested.getCause();
}
OLogManager.instance().error(this, "Error on opening database '%s': %s", e, e.getMessage());
}
}
}
}
} finally {
db.activateOnCurrentThread();
db.close();
}
}
}
use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.
the class ODESEncryptionTest method testCreatedDESEncryptedDatabase.
public void testCreatedDESEncryptedDatabase() {
OFileUtils.deleteRecursively(new File("target/" + DBNAME_DATABASETEST));
final ODatabase db = new ODatabaseDocumentTx("plocal:target/" + DBNAME_DATABASETEST);
db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_METHOD.getKey(), "des");
db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA==");
db.create();
try {
db.command(new OCommandSQL("create class TestEncryption")).execute();
db.command(new OCommandSQL("insert into TestEncryption set name = 'Jay'")).execute();
List result = db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
Assert.assertEquals(result.size(), 1);
db.close();
db.open("admin", "admin");
db.close();
Orient.instance().getStorage(DBNAME_DATABASETEST).close(true, false);
db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA==");
db.open("admin", "admin");
result = db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
Assert.assertEquals(result.size(), 1);
db.close();
Orient.instance().getStorage(DBNAME_DATABASETEST).close(true, false);
db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "invalidPassword");
try {
db.open("admin", "admin");
Assert.fail();
} catch (OSecurityException e) {
Assert.assertTrue(true);
} finally {
db.activateOnCurrentThread();
db.close();
Orient.instance().getStorage(DBNAME_DATABASETEST).close(true, false);
}
db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA=-");
try {
db.open("admin", "admin");
Assert.fail();
} catch (OSecurityException e) {
Assert.assertTrue(true);
} finally {
db.activateOnCurrentThread();
db.close();
Orient.instance().getStorage(DBNAME_DATABASETEST).close(true, false);
}
db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA==");
db.open("admin", "admin");
result = db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
Assert.assertEquals(result.size(), 1);
} finally {
db.activateOnCurrentThread();
db.drop();
}
}
Aggregations