use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.
the class KeystoreSecurityKeyManager method createAndSaveKeystore.
private void createAndSaveKeystore(char[] key, String catalogName) throws SecurityKeyException {
Path keystorPath = Paths.get(config.getFileStorePath());
byte[] keyBytes = Base64.getEncoder().encode(new String(key).getBytes(Charset.forName(UTF_8)));
SecretKey secretKey = new SecretKeySpec(keyBytes, 0, keyBytes.length, "AES");
InputStream inputStream = null;
OutputStream outputStream = null;
try (HetuFileSystemClient hetuFileSystemClient = fileSystemClientManager.getFileSystemClient(config.getShareFileSystemProfile(), Paths.get("/"))) {
boolean isStoreFileExists = hetuFileSystemClient.exists(keystorPath);
KeyStore keyStore = KeyStore.getInstance(PKCS12);
if (isStoreFileExists) {
inputStream = hetuFileSystemClient.newInputStream(keystorPath);
keyStore.load(inputStream, config.getKeystorePassword().toCharArray());
} else {
keyStore.load(null, null);
}
keyStore.setEntry(catalogName, new KeyStore.SecretKeyEntry(secretKey), new KeyStore.PasswordProtection(config.getKeystorePassword().toCharArray()));
outputStream = hetuFileSystemClient.newOutputStream(keystorPath);
keyStore.store(outputStream, config.getKeystorePassword().toCharArray());
LOG.info("success to save the key for catalog[%s]..", catalogName);
} catch (KeyStoreException e) {
LOG.error("something wrong when use KeyStore: %s", e.getMessage());
throw new SecurityKeyException("something wrong when use KeyStore");
} catch (NoSuchAlgorithmException e) {
throw new SecurityKeyException("not exists 'RSA' algorithm");
} catch (CertificateException e) {
LOG.error("certification is error: %s", e.getMessage());
throw new SecurityKeyException("certification is error");
} catch (IOException e) {
LOG.error("error in I/O: create file failed,cause by: %s", e.getMessage());
throw new SecurityKeyException("error in I/O: create file failed.");
} finally {
IOUtil.close(inputStream);
IOUtil.close(outputStream);
}
}
use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.
the class KeystoreSecurityKeyManager method loadKey.
private synchronized char[] loadKey(String catalogName) throws SecurityKeyException {
Path keystorePath = Paths.get(config.getFileStorePath());
char[] keyStr = null;
try (HetuFileSystemClient hetuFileSystemClient = fileSystemClientManager.getFileSystemClient(config.getShareFileSystemProfile(), Paths.get("/"));
InputStream inputStream = hetuFileSystemClient.newInputStream(keystorePath)) {
KeyStore keyStore = KeyStore.getInstance(PKCS12);
keyStore.load(inputStream, config.getKeystorePassword().toCharArray());
Key key = keyStore.getKey(catalogName, config.getKeystorePassword().toCharArray());
if (key != null) {
if (key instanceof SecretKey) {
keyStr = new String(Base64.getDecoder().decode(key.getEncoded()), Charset.forName(UTF_8)).toCharArray();
LOG.info("success to load dynamic catalog key for catalog[%s]...", catalogName);
} else if (key instanceof RSAPrivateKey) {
keyStr = new String(Base64.getEncoder().encode(key.getEncoded()), Charset.forName(UTF_8)).toCharArray();
LOG.info("success to load static catalog key for catalog[%s]...", catalogName);
}
}
} catch (KeyStoreException e) {
LOG.error("something wrong when use KeyStore: %s", e.getMessage());
throw new SecurityKeyException("something wrong when use KeyStore");
} catch (NoSuchAlgorithmException e) {
throw new SecurityKeyException("not exists 'AES' algorithm");
} catch (CertificateException e) {
LOG.error("certification is error: %s", e.getMessage());
throw new SecurityKeyException("certification is error");
} catch (UnrecoverableKeyException e) {
LOG.error("not found the key for catalog[%s]: %s", catalogName, e.getMessage());
throw new SecurityKeyException(format("not found the key for catalog[%s]", catalogName));
} catch (IOException e) {
LOG.error("error happened when load key from keystore %s", e.getMessage());
throw new SecurityKeyException("error happened when load key from keystore");
}
return keyStr;
}
use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.
the class DynamicCatalogService method rollbackKey.
private void rollbackKey(String catalogName, char[] key) throws IOException {
try {
securityKeyManager.deleteKey(catalogName);
securityKeyManager.saveKey(key, catalogName);
} catch (SecurityKeyException e) {
String message = String.format("Update %s failed and rollback key failed.", catalogName);
log.error(message);
throw new IOException(message);
}
}
use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.
the class KeystoreSecurityKeyManager method deleteKey.
@Override
public synchronized void deleteKey(String catalogName) throws SecurityKeyException {
Path keystorPath = Paths.get(config.getFileStorePath());
KeyStore keyStore;
InputStream inputStream = null;
OutputStream outputStream = null;
try (HetuFileSystemClient hetuFileSystemClient = fileSystemClientManager.getFileSystemClient(config.getShareFileSystemProfile(), Paths.get("/"))) {
inputStream = hetuFileSystemClient.newInputStream(keystorPath);
keyStore = KeyStore.getInstance(PKCS12);
keyStore.load(inputStream, config.getKeystorePassword().toCharArray());
keyStore.deleteEntry(catalogName);
outputStream = hetuFileSystemClient.newOutputStream(keystorPath);
keyStore.store(outputStream, config.getKeystorePassword().toCharArray());
LOG.info("success to delete the alias[%s] from keystore file.", catalogName);
} catch (KeyStoreException e) {
LOG.error("something wrong when use KeyStore: %s", e.getMessage());
throw new SecurityKeyException("something wrong when use KeyStore");
} catch (NoSuchAlgorithmException e) {
throw new SecurityKeyException("not exists 'AES' algorithm");
} catch (CertificateException e) {
LOG.error("certification is error: %s", e.getMessage());
throw new SecurityKeyException("certification is error");
} catch (IOException e) {
LOG.error("error in I/O: create file failed,cause by: %s", e.getMessage());
throw new SecurityKeyException("error in I/O: fail to delete catalog[%s] from keystore.");
} finally {
IOUtil.close(inputStream);
IOUtil.close(outputStream);
}
}
use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.
the class DynamicCatalogService method updateCatalog.
public synchronized Response updateCatalog(CatalogInfo catalogInfo, CatalogFileInputStream configFiles, HttpRequestSessionContext sessionContext) throws IOException {
String catalogName = catalogInfo.getCatalogName();
// check the permission.
try {
AccessControlUtil.checkCanImpersonateUser(accessControl, sessionContext);
accessControl.checkCanUpdateCatalog(sessionContext.getIdentity(), catalogName);
} catch (Exception ex) {
throw badRequest(UNAUTHORIZED, "No permission");
}
Lock lock = tryLock(catalogName);
try {
// check this catalog exists.
if (!isCatalogExist(catalogName)) {
throw badRequest(NOT_FOUND, "The catalog [" + catalogName + "] does not exist");
}
// update security key
boolean updateKey = (catalogInfo.getSecurityKey() != null);
char[] preSecurityKey = null;
if (updateKey) {
try {
preSecurityKey = securityKeyManager.getKey(catalogName);
securityKeyManager.saveKey(catalogInfo.getSecurityKey().toCharArray(), catalogName);
} catch (SecurityKeyException e) {
throw badRequest(BAD_REQUEST, "Failed to update catalog. Please check your configuration.");
}
}
// update catalog
try {
// update the catalog and update related configuration files in the share file system.
dynamicCatalogStore.updateCatalogAndShareFiles(catalogInfo, configFiles);
} catch (PrestoException | IllegalArgumentException ex) {
if (updateKey) {
if (preSecurityKey != null) {
rollbackKey(catalogName, preSecurityKey);
} else {
deleteSecurityKey(catalogName);
}
}
throw badRequest(BAD_REQUEST, "Failed to update catalog. Please check your configuration.");
}
} finally {
lock.unlock();
}
return Response.status(CREATED).build();
}
Aggregations