Search in sources :

Example 1 with SecurityKeyException

use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.

the class KeystoreSecurityKeyManager method createAndSaveKeystore.

private void createAndSaveKeystore(char[] key, String catalogName) throws SecurityKeyException {
    Path keystorPath = Paths.get(config.getFileStorePath());
    byte[] keyBytes = Base64.getEncoder().encode(new String(key).getBytes(Charset.forName(UTF_8)));
    SecretKey secretKey = new SecretKeySpec(keyBytes, 0, keyBytes.length, "AES");
    InputStream inputStream = null;
    OutputStream outputStream = null;
    try (HetuFileSystemClient hetuFileSystemClient = fileSystemClientManager.getFileSystemClient(config.getShareFileSystemProfile(), Paths.get("/"))) {
        boolean isStoreFileExists = hetuFileSystemClient.exists(keystorPath);
        KeyStore keyStore = KeyStore.getInstance(PKCS12);
        if (isStoreFileExists) {
            inputStream = hetuFileSystemClient.newInputStream(keystorPath);
            keyStore.load(inputStream, config.getKeystorePassword().toCharArray());
        } else {
            keyStore.load(null, null);
        }
        keyStore.setEntry(catalogName, new KeyStore.SecretKeyEntry(secretKey), new KeyStore.PasswordProtection(config.getKeystorePassword().toCharArray()));
        outputStream = hetuFileSystemClient.newOutputStream(keystorPath);
        keyStore.store(outputStream, config.getKeystorePassword().toCharArray());
        LOG.info("success to save the key for catalog[%s]..", catalogName);
    } catch (KeyStoreException e) {
        LOG.error("something wrong when use KeyStore: %s", e.getMessage());
        throw new SecurityKeyException("something wrong when use KeyStore");
    } catch (NoSuchAlgorithmException e) {
        throw new SecurityKeyException("not exists 'RSA' algorithm");
    } catch (CertificateException e) {
        LOG.error("certification is error: %s", e.getMessage());
        throw new SecurityKeyException("certification is error");
    } catch (IOException e) {
        LOG.error("error in I/O: create file failed,cause by: %s", e.getMessage());
        throw new SecurityKeyException("error in I/O: create file failed.");
    } finally {
        IOUtil.close(inputStream);
        IOUtil.close(outputStream);
    }
}
Also used : Path(java.nio.file.Path) InputStream(java.io.InputStream) OutputStream(java.io.OutputStream) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException) HetuFileSystemClient(io.prestosql.spi.filesystem.HetuFileSystemClient) SecretKey(javax.crypto.SecretKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec)

Example 2 with SecurityKeyException

use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.

the class KeystoreSecurityKeyManager method loadKey.

private synchronized char[] loadKey(String catalogName) throws SecurityKeyException {
    Path keystorePath = Paths.get(config.getFileStorePath());
    char[] keyStr = null;
    try (HetuFileSystemClient hetuFileSystemClient = fileSystemClientManager.getFileSystemClient(config.getShareFileSystemProfile(), Paths.get("/"));
        InputStream inputStream = hetuFileSystemClient.newInputStream(keystorePath)) {
        KeyStore keyStore = KeyStore.getInstance(PKCS12);
        keyStore.load(inputStream, config.getKeystorePassword().toCharArray());
        Key key = keyStore.getKey(catalogName, config.getKeystorePassword().toCharArray());
        if (key != null) {
            if (key instanceof SecretKey) {
                keyStr = new String(Base64.getDecoder().decode(key.getEncoded()), Charset.forName(UTF_8)).toCharArray();
                LOG.info("success to load dynamic catalog key for catalog[%s]...", catalogName);
            } else if (key instanceof RSAPrivateKey) {
                keyStr = new String(Base64.getEncoder().encode(key.getEncoded()), Charset.forName(UTF_8)).toCharArray();
                LOG.info("success to load static catalog key for catalog[%s]...", catalogName);
            }
        }
    } catch (KeyStoreException e) {
        LOG.error("something wrong when use KeyStore: %s", e.getMessage());
        throw new SecurityKeyException("something wrong when use KeyStore");
    } catch (NoSuchAlgorithmException e) {
        throw new SecurityKeyException("not exists 'AES' algorithm");
    } catch (CertificateException e) {
        LOG.error("certification is error: %s", e.getMessage());
        throw new SecurityKeyException("certification is error");
    } catch (UnrecoverableKeyException e) {
        LOG.error("not found the key for catalog[%s]: %s", catalogName, e.getMessage());
        throw new SecurityKeyException(format("not found the key for catalog[%s]", catalogName));
    } catch (IOException e) {
        LOG.error("error happened when load key from keystore  %s", e.getMessage());
        throw new SecurityKeyException("error happened when load key from keystore");
    }
    return keyStr;
}
Also used : Path(java.nio.file.Path) InputStream(java.io.InputStream) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException) HetuFileSystemClient(io.prestosql.spi.filesystem.HetuFileSystemClient) SecretKey(javax.crypto.SecretKey) UnrecoverableKeyException(java.security.UnrecoverableKeyException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Key(java.security.Key) SecretKey(javax.crypto.SecretKey)

Example 3 with SecurityKeyException

use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.

the class DynamicCatalogService method rollbackKey.

private void rollbackKey(String catalogName, char[] key) throws IOException {
    try {
        securityKeyManager.deleteKey(catalogName);
        securityKeyManager.saveKey(key, catalogName);
    } catch (SecurityKeyException e) {
        String message = String.format("Update %s failed and rollback key failed.", catalogName);
        log.error(message);
        throw new IOException(message);
    }
}
Also used : IOException(java.io.IOException) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException)

Example 4 with SecurityKeyException

use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.

the class KeystoreSecurityKeyManager method deleteKey.

@Override
public synchronized void deleteKey(String catalogName) throws SecurityKeyException {
    Path keystorPath = Paths.get(config.getFileStorePath());
    KeyStore keyStore;
    InputStream inputStream = null;
    OutputStream outputStream = null;
    try (HetuFileSystemClient hetuFileSystemClient = fileSystemClientManager.getFileSystemClient(config.getShareFileSystemProfile(), Paths.get("/"))) {
        inputStream = hetuFileSystemClient.newInputStream(keystorPath);
        keyStore = KeyStore.getInstance(PKCS12);
        keyStore.load(inputStream, config.getKeystorePassword().toCharArray());
        keyStore.deleteEntry(catalogName);
        outputStream = hetuFileSystemClient.newOutputStream(keystorPath);
        keyStore.store(outputStream, config.getKeystorePassword().toCharArray());
        LOG.info("success to delete the alias[%s] from keystore file.", catalogName);
    } catch (KeyStoreException e) {
        LOG.error("something wrong when use KeyStore: %s", e.getMessage());
        throw new SecurityKeyException("something wrong when use KeyStore");
    } catch (NoSuchAlgorithmException e) {
        throw new SecurityKeyException("not exists 'AES' algorithm");
    } catch (CertificateException e) {
        LOG.error("certification is error: %s", e.getMessage());
        throw new SecurityKeyException("certification is error");
    } catch (IOException e) {
        LOG.error("error in I/O: create file failed,cause by: %s", e.getMessage());
        throw new SecurityKeyException("error in I/O: fail to delete catalog[%s] from keystore.");
    } finally {
        IOUtil.close(inputStream);
        IOUtil.close(outputStream);
    }
}
Also used : Path(java.nio.file.Path) HetuFileSystemClient(io.prestosql.spi.filesystem.HetuFileSystemClient) InputStream(java.io.InputStream) OutputStream(java.io.OutputStream) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException)

Example 5 with SecurityKeyException

use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.

the class DynamicCatalogService method updateCatalog.

public synchronized Response updateCatalog(CatalogInfo catalogInfo, CatalogFileInputStream configFiles, HttpRequestSessionContext sessionContext) throws IOException {
    String catalogName = catalogInfo.getCatalogName();
    // check the permission.
    try {
        AccessControlUtil.checkCanImpersonateUser(accessControl, sessionContext);
        accessControl.checkCanUpdateCatalog(sessionContext.getIdentity(), catalogName);
    } catch (Exception ex) {
        throw badRequest(UNAUTHORIZED, "No permission");
    }
    Lock lock = tryLock(catalogName);
    try {
        // check this catalog exists.
        if (!isCatalogExist(catalogName)) {
            throw badRequest(NOT_FOUND, "The catalog [" + catalogName + "] does not exist");
        }
        // update security key
        boolean updateKey = (catalogInfo.getSecurityKey() != null);
        char[] preSecurityKey = null;
        if (updateKey) {
            try {
                preSecurityKey = securityKeyManager.getKey(catalogName);
                securityKeyManager.saveKey(catalogInfo.getSecurityKey().toCharArray(), catalogName);
            } catch (SecurityKeyException e) {
                throw badRequest(BAD_REQUEST, "Failed to update catalog. Please check your configuration.");
            }
        }
        // update catalog
        try {
            // update the catalog and update related configuration files in the share file system.
            dynamicCatalogStore.updateCatalogAndShareFiles(catalogInfo, configFiles);
        } catch (PrestoException | IllegalArgumentException ex) {
            if (updateKey) {
                if (preSecurityKey != null) {
                    rollbackKey(catalogName, preSecurityKey);
                } else {
                    deleteSecurityKey(catalogName);
                }
            }
            throw badRequest(BAD_REQUEST, "Failed to update catalog. Please check your configuration.");
        }
    } finally {
        lock.unlock();
    }
    return Response.status(CREATED).build();
}
Also used : PrestoException(io.prestosql.spi.PrestoException) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException) PrestoException(io.prestosql.spi.PrestoException) IOException(java.io.IOException) WebApplicationException(javax.ws.rs.WebApplicationException) Lock(java.util.concurrent.locks.Lock)

Aggregations

SecurityKeyException (io.prestosql.spi.security.SecurityKeyException)6 IOException (java.io.IOException)6 HetuFileSystemClient (io.prestosql.spi.filesystem.HetuFileSystemClient)3 InputStream (java.io.InputStream)3 Path (java.nio.file.Path)3 KeyStore (java.security.KeyStore)3 KeyStoreException (java.security.KeyStoreException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateException (java.security.cert.CertificateException)3 PrestoException (io.prestosql.spi.PrestoException)2 OutputStream (java.io.OutputStream)2 Lock (java.util.concurrent.locks.Lock)2 SecretKey (javax.crypto.SecretKey)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 Key (java.security.Key)1 UnrecoverableKeyException (java.security.UnrecoverableKeyException)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1