Examples with SecurityKeyException io.prestosql.spi.security.SecurityKeyException used on opensource projects

Search in sources :

Example 1 with SecurityKeyException

use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.

the class KeystoreSecurityKeyManager method createAndSaveKeystore.

private void createAndSaveKeystore(char[] key, String catalogName) throws SecurityKeyException {
    Path keystorPath = Paths.get(config.getFileStorePath());
    byte[] keyBytes = Base64.getEncoder().encode(new String(key).getBytes(Charset.forName(UTF_8)));
    SecretKey secretKey = new SecretKeySpec(keyBytes, 0, keyBytes.length, "AES");
    InputStream inputStream = null;
    OutputStream outputStream = null;
    try (HetuFileSystemClient hetuFileSystemClient = fileSystemClientManager.getFileSystemClient(config.getShareFileSystemProfile(), Paths.get("/"))) {
        boolean isStoreFileExists = hetuFileSystemClient.exists(keystorPath);
        KeyStore keyStore = KeyStore.getInstance(PKCS12);
        if (isStoreFileExists) {
            inputStream = hetuFileSystemClient.newInputStream(keystorPath);
            keyStore.load(inputStream, config.getKeystorePassword().toCharArray());
        } else {
            keyStore.load(null, null);
        }
        keyStore.setEntry(catalogName, new KeyStore.SecretKeyEntry(secretKey), new KeyStore.PasswordProtection(config.getKeystorePassword().toCharArray()));
        outputStream = hetuFileSystemClient.newOutputStream(keystorPath);
        keyStore.store(outputStream, config.getKeystorePassword().toCharArray());
        LOG.info("success to save the key for catalog[%s]..", catalogName);
    } catch (KeyStoreException e) {
        LOG.error("something wrong when use KeyStore: %s", e.getMessage());
        throw new SecurityKeyException("something wrong when use KeyStore");
    } catch (NoSuchAlgorithmException e) {
        throw new SecurityKeyException("not exists 'RSA' algorithm");
    } catch (CertificateException e) {
        LOG.error("certification is error: %s", e.getMessage());
        throw new SecurityKeyException("certification is error");
    } catch (IOException e) {
        LOG.error("error in I/O: create file failed,cause by: %s", e.getMessage());
        throw new SecurityKeyException("error in I/O: create file failed.");
    } finally {
        IOUtil.close(inputStream);
        IOUtil.close(outputStream);
    }
}
Also used : Path(java.nio.file.Path) InputStream(java.io.InputStream) OutputStream(java.io.OutputStream) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException) HetuFileSystemClient(io.prestosql.spi.filesystem.HetuFileSystemClient) SecretKey(javax.crypto.SecretKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec)

Example 2 with SecurityKeyException

use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.

the class KeystoreSecurityKeyManager method loadKey.

private synchronized char[] loadKey(String catalogName) throws SecurityKeyException {
    Path keystorePath = Paths.get(config.getFileStorePath());
    char[] keyStr = null;
    try (HetuFileSystemClient hetuFileSystemClient = fileSystemClientManager.getFileSystemClient(config.getShareFileSystemProfile(), Paths.get("/"));
        InputStream inputStream = hetuFileSystemClient.newInputStream(keystorePath)) {
        KeyStore keyStore = KeyStore.getInstance(PKCS12);
        keyStore.load(inputStream, config.getKeystorePassword().toCharArray());
        Key key = keyStore.getKey(catalogName, config.getKeystorePassword().toCharArray());
        if (key != null) {
            if (key instanceof SecretKey) {
                keyStr = new String(Base64.getDecoder().decode(key.getEncoded()), Charset.forName(UTF_8)).toCharArray();
                LOG.info("success to load dynamic catalog key for catalog[%s]...", catalogName);
            } else if (key instanceof RSAPrivateKey) {
                keyStr = new String(Base64.getEncoder().encode(key.getEncoded()), Charset.forName(UTF_8)).toCharArray();
                LOG.info("success to load static catalog key for catalog[%s]...", catalogName);
            }
        }
    } catch (KeyStoreException e) {
        LOG.error("something wrong when use KeyStore: %s", e.getMessage());
        throw new SecurityKeyException("something wrong when use KeyStore");
    } catch (NoSuchAlgorithmException e) {
        throw new SecurityKeyException("not exists 'AES' algorithm");
    } catch (CertificateException e) {
        LOG.error("certification is error: %s", e.getMessage());
        throw new SecurityKeyException("certification is error");
    } catch (UnrecoverableKeyException e) {
        LOG.error("not found the key for catalog[%s]: %s", catalogName, e.getMessage());
        throw new SecurityKeyException(format("not found the key for catalog[%s]", catalogName));
    } catch (IOException e) {
        LOG.error("error happened when load key from keystore  %s", e.getMessage());
        throw new SecurityKeyException("error happened when load key from keystore");
    }
    return keyStr;
}
Also used : Path(java.nio.file.Path) InputStream(java.io.InputStream) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException) HetuFileSystemClient(io.prestosql.spi.filesystem.HetuFileSystemClient) SecretKey(javax.crypto.SecretKey) UnrecoverableKeyException(java.security.UnrecoverableKeyException) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) RSAPrivateKey(java.security.interfaces.RSAPrivateKey) Key(java.security.Key) SecretKey(javax.crypto.SecretKey)

Example 3 with SecurityKeyException

use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.

the class DynamicCatalogService method rollbackKey.

private void rollbackKey(String catalogName, char[] key) throws IOException {
    try {
        securityKeyManager.deleteKey(catalogName);
        securityKeyManager.saveKey(key, catalogName);
    } catch (SecurityKeyException e) {
        String message = String.format("Update %s failed and rollback key failed.", catalogName);
        log.error(message);
        throw new IOException(message);
    }
}
Also used : IOException(java.io.IOException) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException)

Example 4 with SecurityKeyException

use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.

the class KeystoreSecurityKeyManager method deleteKey.

@Override
public synchronized void deleteKey(String catalogName) throws SecurityKeyException {
    Path keystorPath = Paths.get(config.getFileStorePath());
    KeyStore keyStore;
    InputStream inputStream = null;
    OutputStream outputStream = null;
    try (HetuFileSystemClient hetuFileSystemClient = fileSystemClientManager.getFileSystemClient(config.getShareFileSystemProfile(), Paths.get("/"))) {
        inputStream = hetuFileSystemClient.newInputStream(keystorPath);
        keyStore = KeyStore.getInstance(PKCS12);
        keyStore.load(inputStream, config.getKeystorePassword().toCharArray());
        keyStore.deleteEntry(catalogName);
        outputStream = hetuFileSystemClient.newOutputStream(keystorPath);
        keyStore.store(outputStream, config.getKeystorePassword().toCharArray());
        LOG.info("success to delete the alias[%s] from keystore file.", catalogName);
    } catch (KeyStoreException e) {
        LOG.error("something wrong when use KeyStore: %s", e.getMessage());
        throw new SecurityKeyException("something wrong when use KeyStore");
    } catch (NoSuchAlgorithmException e) {
        throw new SecurityKeyException("not exists 'AES' algorithm");
    } catch (CertificateException e) {
        LOG.error("certification is error: %s", e.getMessage());
        throw new SecurityKeyException("certification is error");
    } catch (IOException e) {
        LOG.error("error in I/O: create file failed,cause by: %s", e.getMessage());
        throw new SecurityKeyException("error in I/O: fail to delete catalog[%s] from keystore.");
    } finally {
        IOUtil.close(inputStream);
        IOUtil.close(outputStream);
    }
}
Also used : Path(java.nio.file.Path) HetuFileSystemClient(io.prestosql.spi.filesystem.HetuFileSystemClient) InputStream(java.io.InputStream) OutputStream(java.io.OutputStream) CertificateException(java.security.cert.CertificateException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyStore(java.security.KeyStore) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException)

Example 5 with SecurityKeyException

use of io.prestosql.spi.security.SecurityKeyException in project hetu-core by openlookeng.

the class DynamicCatalogService method updateCatalog.

public synchronized Response updateCatalog(CatalogInfo catalogInfo, CatalogFileInputStream configFiles, HttpRequestSessionContext sessionContext) throws IOException {
    String catalogName = catalogInfo.getCatalogName();
    // check the permission.
    try {
        AccessControlUtil.checkCanImpersonateUser(accessControl, sessionContext);
        accessControl.checkCanUpdateCatalog(sessionContext.getIdentity(), catalogName);
    } catch (Exception ex) {
        throw badRequest(UNAUTHORIZED, "No permission");
    }
    Lock lock = tryLock(catalogName);
    try {
        // check this catalog exists.
        if (!isCatalogExist(catalogName)) {
            throw badRequest(NOT_FOUND, "The catalog [" + catalogName + "] does not exist");
        }
        // update security key
        boolean updateKey = (catalogInfo.getSecurityKey() != null);
        char[] preSecurityKey = null;
        if (updateKey) {
            try {
                preSecurityKey = securityKeyManager.getKey(catalogName);
                securityKeyManager.saveKey(catalogInfo.getSecurityKey().toCharArray(), catalogName);
            } catch (SecurityKeyException e) {
                throw badRequest(BAD_REQUEST, "Failed to update catalog. Please check your configuration.");
            }
        }
        // update catalog
        try {
            // update the catalog and update related configuration files in the share file system.
            dynamicCatalogStore.updateCatalogAndShareFiles(catalogInfo, configFiles);
        } catch (PrestoException | IllegalArgumentException ex) {
            if (updateKey) {
                if (preSecurityKey != null) {
                    rollbackKey(catalogName, preSecurityKey);
                } else {
                    deleteSecurityKey(catalogName);
                }
            }
            throw badRequest(BAD_REQUEST, "Failed to update catalog. Please check your configuration.");
        }
    } finally {
        lock.unlock();
    }
    return Response.status(CREATED).build();
}
Also used : PrestoException(io.prestosql.spi.PrestoException) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException) SecurityKeyException(io.prestosql.spi.security.SecurityKeyException) PrestoException(io.prestosql.spi.PrestoException) IOException(java.io.IOException) WebApplicationException(javax.ws.rs.WebApplicationException) Lock(java.util.concurrent.locks.Lock)

Aggregations

SecurityKeyException (io.prestosql.spi.security.SecurityKeyException)6 IOException (java.io.IOException)6 HetuFileSystemClient (io.prestosql.spi.filesystem.HetuFileSystemClient)3 InputStream (java.io.InputStream)3 Path (java.nio.file.Path)3 KeyStore (java.security.KeyStore)3 KeyStoreException (java.security.KeyStoreException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateException (java.security.cert.CertificateException)3 PrestoException (io.prestosql.spi.PrestoException)2 OutputStream (java.io.OutputStream)2 Lock (java.util.concurrent.locks.Lock)2 SecretKey (javax.crypto.SecretKey)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 Key (java.security.Key)1 UnrecoverableKeyException (java.security.UnrecoverableKeyException)1 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial