Search in sources :

Example 16 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OMetadataDefault method init.

private void init(final boolean iLoad) {
    final ODatabaseDocumentInternal database = getDatabase();
    schemaClusterId = database.getClusterIdByName(CLUSTER_INTERNAL_NAME);
    final AtomicBoolean schemaLoaded = new AtomicBoolean(false);
    schema = new OSchemaProxy(database.getStorage().getResource(OSchema.class.getSimpleName(), new Callable<OSchemaShared>() {

        public OSchemaShared call() {
            ODatabaseDocumentInternal database = getDatabase();
            final OSchemaShared instance = new OSchemaShared(database.getStorageVersions().classesAreDetectedByClusterId());
            if (iLoad)
                instance.load();
            schemaLoaded.set(true);
            return instance;
        }
    }), database);
    indexManager = new OIndexManagerProxy(database.getStorage().getResource(OIndexManager.class.getSimpleName(), new Callable<OIndexManager>() {

        public OIndexManager call() {
            OIndexManager instance;
            if (database.getStorage() instanceof OStorageProxy)
                instance = new OIndexManagerRemote(database);
            else
                instance = new OIndexManagerShared(database);
            if (iLoad)
                try {
                    instance.load();
                } catch (Exception e) {
                    OLogManager.instance().error(this, "[OMetadata] Error on loading index manager, reset index configuration", e);
                    instance.create();
                }
            return instance;
        }
    }), database);
    security = new OSecurityProxy(database.getStorage().getResource(OSecurity.class.getSimpleName(), new Callable<OSecurity>() {

        public OSecurity call() {
            final OSecurity instance = OSecurityManager.instance().newSecurity();
            if (iLoad) {
                security = instance;
                instance.load();
            }
            return instance;
        }
    }), database);
    commandCache = database.getStorage().getResource(OCommandCache.class.getSimpleName(), new Callable<OCommandCache>() {

        public OCommandCache call() {
            return new OCommandCacheSoftRefs(database.getName());
        }
    });
    final Class<? extends OSecurity> securityClass = (Class<? extends OSecurity>) database.getProperty(ODatabase.OPTIONS.SECURITY.toString());
    if (securityClass != null)
        // INSTALL CUSTOM WRAPPED SECURITY
        try {
            final OSecurity wrapped = security;
            security = securityClass.getDeclaredConstructor(OSecurity.class, ODatabaseDocumentInternal.class).newInstance(wrapped, database);
        } catch (Exception e) {
            throw OException.wrapException(new OSecurityException("Cannot install custom security implementation (" + securityClass + ")"), e);
        }
    functionLibrary = new OFunctionLibraryProxy(database.getStorage().getResource(OFunctionLibrary.class.getSimpleName(), new Callable<OFunctionLibrary>() {

        public OFunctionLibrary call() {
            final OFunctionLibraryImpl instance = new OFunctionLibraryImpl();
            if (iLoad && !(database.getStorage() instanceof OStorageProxy))
                instance.load();
            return instance;
        }
    }), database);
    sequenceLibrary = new OSequenceLibraryProxy(database.getStorage().getResource(OSequenceLibrary.class.getSimpleName(), new Callable<OSequenceLibrary>() {

        @Override
        public OSequenceLibrary call() throws Exception {
            final OSequenceLibraryImpl instance = new OSequenceLibraryImpl();
            if (iLoad) {
                instance.load();
            }
            return instance;
        }
    }), database);
    scheduler = new OSchedulerProxy(database.getStorage().getResource(OScheduler.class.getSimpleName(), new Callable<OScheduler>() {

        public OScheduler call() {
            final OSchedulerImpl instance = new OSchedulerImpl();
            if (iLoad && !(database.getStorage() instanceof OStorageProxy))
                instance.load();
            return instance;
        }
    }), database);
    if (schemaLoaded.get())
        schema.onPostIndexManagement();
}
Also used : OSchema(com.orientechnologies.orient.core.metadata.schema.OSchema) OIndexManagerShared(com.orientechnologies.orient.core.index.OIndexManagerShared) OIndexManagerRemote(com.orientechnologies.orient.core.index.OIndexManagerRemote) OFunctionLibraryImpl(com.orientechnologies.orient.core.metadata.function.OFunctionLibraryImpl) OSequenceLibraryProxy(com.orientechnologies.orient.core.metadata.sequence.OSequenceLibraryProxy) OStorageProxy(com.orientechnologies.orient.core.storage.OStorageProxy) OFunctionLibraryProxy(com.orientechnologies.orient.core.metadata.function.OFunctionLibraryProxy) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) OCommandCacheSoftRefs(com.orientechnologies.orient.core.cache.OCommandCacheSoftRefs) ODatabaseDocumentInternal(com.orientechnologies.orient.core.db.ODatabaseDocumentInternal) OIndexManagerProxy(com.orientechnologies.orient.core.index.OIndexManagerProxy) Callable(java.util.concurrent.Callable) OSequenceLibrary(com.orientechnologies.orient.core.metadata.sequence.OSequenceLibrary) OSchemaProxy(com.orientechnologies.orient.core.metadata.schema.OSchemaProxy) OFunctionLibrary(com.orientechnologies.orient.core.metadata.function.OFunctionLibrary) OSchemaShared(com.orientechnologies.orient.core.metadata.schema.OSchemaShared) OSecurity(com.orientechnologies.orient.core.metadata.security.OSecurity) OSequenceLibraryImpl(com.orientechnologies.orient.core.metadata.sequence.OSequenceLibraryImpl) OSchedulerImpl(com.orientechnologies.orient.core.schedule.OSchedulerImpl) OScheduler(com.orientechnologies.orient.core.schedule.OScheduler) OException(com.orientechnologies.common.exception.OException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) IOException(java.io.IOException) OIndexManager(com.orientechnologies.orient.core.index.OIndexManager) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) OSecurityProxy(com.orientechnologies.orient.core.metadata.security.OSecurityProxy) OSchedulerProxy(com.orientechnologies.orient.core.schedule.OSchedulerProxy)

Example 17 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OSymmetricKey method create.

protected void create() {
    try {
        SecureRandom secureRandom = new SecureRandom();
        byte[] salt = secureRandom.generateSeed(saltLength);
        KeySpec keySpec = new PBEKeySpec(seedPhrase.toCharArray(), salt, iteration, keySize);
        SecretKeyFactory factory = SecretKeyFactory.getInstance(seedAlgorithm);
        SecretKey tempKey = factory.generateSecret(keySpec);
        secretKey = new SecretKeySpec(tempKey.getEncoded(), secretKeyAlgorithm);
    } catch (Exception ex) {
        throw new OSecurityException("OSymmetricKey.create() Exception: " + ex);
    }
}
Also used : PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecretKey(javax.crypto.SecretKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) SecretKeySpec(javax.crypto.spec.SecretKeySpec) KeySpec(java.security.spec.KeySpec) PBEKeySpec(javax.crypto.spec.PBEKeySpec) SecureRandom(java.security.SecureRandom) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) SecretKeyFactory(javax.crypto.SecretKeyFactory) OException(com.orientechnologies.common.exception.OException) KeyStoreException(java.security.KeyStoreException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 18 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OSymmetricKey method decrypt.

/**
   * This method decrypts the Base64-encoded JSON document using the specified algorithm and cipher transformation.
   *
   * @param encodedJSON The Base64-encoded JSON document.
   *
   * @return The decrypted array of bytes or null if unsuccessful.
   *
   */
public byte[] decrypt(final String encodedJSON) {
    byte[] result = null;
    if (encodedJSON == null)
        throw new OSecurityException("OSymmetricKey.decrypt(String) encodedJSON is null");
    try {
        byte[] decoded = convertFromBase64(encodedJSON);
        if (decoded == null)
            throw new OSecurityException("OSymmetricKey.decrypt(String) encodedJSON could not be decoded");
        String json = new String(decoded, "UTF8");
        // Convert the JSON content to an ODocument to make parsing it easier.
        final ODocument doc = new ODocument().fromJSON(json, "noMap");
        // Set a default in case the JSON document does not contain an "algorithm" property.
        String algorithm = secretKeyAlgorithm;
        if (doc.containsField("algorithm"))
            algorithm = doc.field("algorithm");
        // Set a default in case the JSON document does not contain a "transform" property.
        String transform = defaultCipherTransformation;
        if (doc.containsField("transform"))
            transform = doc.field("transform");
        String payloadBase64 = doc.field("payload");
        String ivBase64 = doc.field("iv");
        byte[] payload = null;
        byte[] iv = null;
        if (payloadBase64 != null)
            payload = convertFromBase64(payloadBase64);
        if (ivBase64 != null)
            iv = convertFromBase64(ivBase64);
        // Throws NoSuchAlgorithmException and NoSuchPaddingException.
        Cipher cipher = Cipher.getInstance(transform);
        if (iv != null)
            cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
        else
            cipher.init(Cipher.DECRYPT_MODE, secretKey);
        result = cipher.doFinal(payload);
    } catch (Exception ex) {
        throw new OSecurityException("OSymmetricKey.decrypt(String) Exception: " + ex.getMessage());
    }
    return result;
}
Also used : OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) OException(com.orientechnologies.common.exception.OException) KeyStoreException(java.security.KeyStoreException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ODocument(com.orientechnologies.orient.core.record.impl.ODocument)

Example 19 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OSymmetricKey method saveToKeystore.

/**
   * Saves the internal SecretKey as a KeyStore.
   */
public void saveToKeystore(final OutputStream os, final String ksPasswd, final String keyAlias, final String keyPasswd) {
    if (os == null)
        throw new OSecurityException("OSymmetricKey.saveToKeystore() OutputStream is null");
    if (ksPasswd == null)
        throw new OSecurityException("OSymmetricKey.saveToKeystore() Keystore Password is required");
    if (keyAlias == null)
        throw new OSecurityException("OSymmetricKey.saveToKeystore() Key Alias is required");
    if (keyPasswd == null)
        throw new OSecurityException("OSymmetricKey.saveToKeystore() Key Password is required");
    try {
        KeyStore ks = KeyStore.getInstance("JCEKS");
        char[] ksPasswdCA = ksPasswd.toCharArray();
        char[] keyPasswdCA = keyPasswd.toCharArray();
        // Create a new KeyStore by passing null.
        ks.load(null, ksPasswdCA);
        KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(keyPasswdCA);
        KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(secretKey);
        ks.setEntry(keyAlias, skEntry, protParam);
        // Save the KeyStore
        ks.store(os, ksPasswdCA);
    } catch (Exception ex) {
        throw new OSecurityException("OSymmetricKey.saveToKeystore() Exception: " + ex.getMessage());
    }
}
Also used : OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) KeyStore(java.security.KeyStore) OException(com.orientechnologies.common.exception.OException) KeyStoreException(java.security.KeyStoreException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) BadPaddingException(javax.crypto.BadPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 20 with OSecurityException

use of com.orientechnologies.orient.core.exception.OSecurityException in project orientdb by orientechnologies.

the class OAESEncryptionTest method testCreatedAESEncryptedCluster.

public void testCreatedAESEncryptedCluster() {
    final String buildDirectory = System.getProperty("buildDirectory", ".");
    final String dbPath = buildDirectory + File.separator + DBNAME_CLUSTERTEST;
    OFileUtils.deleteRecursively(new File(dbPath));
    final ODatabase db = new ODatabaseDocumentTx("plocal:" + dbPath);
    db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA==");
    db.create();
    try {
        db.command(new OCommandSQL("create class TestEncryption")).execute();
        db.command(new OCommandSQL("alter class TestEncryption encryption aes")).execute();
        db.command(new OCommandSQL("insert into TestEncryption set name = 'Jay'")).execute();
        List result = db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
        Assert.assertEquals(result.size(), 1);
        db.close();
        db.open("admin", "admin");
        OStorage storage = ((ODatabaseDocumentInternal) db).getStorage();
        db.close();
        storage.close(true, false);
        db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA==");
        db.open("admin", "admin");
        result = db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
        Assert.assertEquals(result.size(), 1);
        storage = ((ODatabaseDocumentInternal) db).getStorage();
        db.close();
        storage.close(true, false);
        db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "invalidPassword");
        try {
            db.open("admin", "admin");
            storage = ((ODatabaseDocumentInternal) db).getStorage();
            db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
            result = db.query(new OSQLSynchQuery<ODocument>("select from OUser"));
            Assert.assertFalse(result.isEmpty());
            Assert.fail();
        } catch (OSecurityException e) {
            Assert.assertTrue(true);
        } finally {
            db.close();
            storage.close(true, false);
        }
        db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA=-");
        try {
            db.open("admin", "admin");
            storage = ((ODatabaseDocumentInternal) db).getStorage();
            db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
            Assert.fail();
        } catch (OSecurityException e) {
            Assert.assertTrue(true);
        } finally {
            db.activateOnCurrentThread();
            db.close();
            storage.close(true, false);
        }
        db.setProperty(OGlobalConfiguration.STORAGE_ENCRYPTION_KEY.getKey(), "T1JJRU5UREJfSVNfQ09PTA==");
        db.open("admin", "admin");
        result = db.query(new OSQLSynchQuery<ODocument>("select from TestEncryption"));
        Assert.assertEquals(result.size(), 1);
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        db.activateOnCurrentThread();
        if (db.isClosed())
            db.open("admin", "admin");
        db.drop();
    }
}
Also used : OSQLSynchQuery(com.orientechnologies.orient.core.sql.query.OSQLSynchQuery) ODatabaseDocumentTx(com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx) OStorage(com.orientechnologies.orient.core.storage.OStorage) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) ODatabase(com.orientechnologies.orient.core.db.ODatabase) ODatabaseDocumentInternal(com.orientechnologies.orient.core.db.ODatabaseDocumentInternal) OSecurityException(com.orientechnologies.orient.core.exception.OSecurityException) OCommandSQL(com.orientechnologies.orient.core.sql.OCommandSQL) List(java.util.List) File(java.io.File) ODocument(com.orientechnologies.orient.core.record.impl.ODocument)

Aggregations

OSecurityException (com.orientechnologies.orient.core.exception.OSecurityException)24 OException (com.orientechnologies.common.exception.OException)13 ODocument (com.orientechnologies.orient.core.record.impl.ODocument)8 IOException (java.io.IOException)8 ODatabaseDocumentTx (com.orientechnologies.orient.core.db.document.ODatabaseDocumentTx)7 UnsupportedEncodingException (java.io.UnsupportedEncodingException)7 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7 OCommandSQL (com.orientechnologies.orient.core.sql.OCommandSQL)6 OSQLSynchQuery (com.orientechnologies.orient.core.sql.query.OSQLSynchQuery)6 FileNotFoundException (java.io.FileNotFoundException)6 KeyStoreException (java.security.KeyStoreException)6 List (java.util.List)6 BadPaddingException (javax.crypto.BadPaddingException)6 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)6 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)6 ODatabase (com.orientechnologies.orient.core.db.ODatabase)5 File (java.io.File)5 ODatabaseDocumentInternal (com.orientechnologies.orient.core.db.ODatabaseDocumentInternal)4 OStorage (com.orientechnologies.orient.core.storage.OStorage)3 OConfigurationException (com.orientechnologies.orient.core.exception.OConfigurationException)2