Example 91 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project lucene-solr by apache.
the class SSLTestConfig method buildClientSSLConnectionSocketFactory.
/**
* Constructs a new SSLConnectionSocketFactory for HTTP <b>clients</b> to use when communicating
* with servers which have been configured based on the settings of this object. Will return null
* unless {@link #isSSLMode} is true.
*/
public SSLConnectionSocketFactory buildClientSSLConnectionSocketFactory() {
if (!isSSLMode()) {
return null;
}
SSLConnectionSocketFactory sslConnectionFactory;
try {
boolean sslCheckPeerName = toBooleanDefaultIfNull(toBooleanObject(System.getProperty(HttpClientUtil.SYS_PROP_CHECK_PEER_NAME)), true);
SSLContext sslContext = buildClientSSLContext();
if (sslCheckPeerName == false) {
sslConnectionFactory = new SSLConnectionSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
} else {
sslConnectionFactory = new SSLConnectionSocketFactory(sslContext);
}
} catch (KeyManagementException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
throw new IllegalStateException("Unable to setup https scheme for HTTPClient to test SSL.", e);
}
return sslConnectionFactory;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory)
KeyManagementException(java.security.KeyManagementException)
Example 92 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project sic by belluccifranco.
the class AfipWebServiceSOAPClient method crearCMS.
public byte[] crearCMS(byte[] p12file, String p12pass, String signer, String service, long ticketTime) {
PrivateKey pKey = null;
X509Certificate pCertificate = null;
byte[] asn1_cms = null;
CertStore cstore = null;
try {
KeyStore ks = KeyStore.getInstance("pkcs12");
InputStream is;
is = Utilidades.convertirByteArrayToInputStream(p12file);
ks.load(is, p12pass.toCharArray());
is.close();
pKey = (PrivateKey) ks.getKey(signer, p12pass.toCharArray());
pCertificate = (X509Certificate) ks.getCertificate(signer);
ArrayList<X509Certificate> certList = new ArrayList<>();
certList.add(pCertificate);
if (Security.getProvider("BC") == null) {
Security.addProvider(new BouncyCastleProvider());
}
cstore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certList), "BC");
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | InvalidAlgorithmParameterException | NoSuchProviderException ex) {
LOGGER.error(ex.getMessage());
throw new BusinessServiceException(ResourceBundle.getBundle("Mensajes").getString("mensaje_certificado_error"));
}
String loginTicketRequest_xml = this.crearTicketRequerimientoAcceso(service, ticketTime);
try {
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
generator.addSigner(pKey, pCertificate, CMSSignedDataGenerator.DIGEST_SHA1);
generator.addCertificatesAndCRLs(cstore);
CMSProcessable data = new CMSProcessableByteArray(loginTicketRequest_xml.getBytes());
CMSSignedData signed = generator.generate(data, true, "BC");
asn1_cms = signed.getEncoded();
} catch (IllegalArgumentException | CertStoreException | CMSException | NoSuchAlgorithmException | NoSuchProviderException | IOException ex) {
LOGGER.error(ex.getMessage());
throw new BusinessServiceException(ResourceBundle.getBundle("Mensajes").getString("mensaje_firmando_certificado_error"));
}
return asn1_cms;
}
Also used :
CMSSignedDataGenerator(org.bouncycastle.cms.CMSSignedDataGenerator)
PrivateKey(java.security.PrivateKey)
ArrayList(java.util.ArrayList)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CollectionCertStoreParameters(java.security.cert.CollectionCertStoreParameters)
BusinessServiceException(sic.service.BusinessServiceException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider)
CMSProcessableByteArray(org.bouncycastle.cms.CMSProcessableByteArray)
InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException)
InputStream(java.io.InputStream)
CertStoreException(java.security.cert.CertStoreException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
CMSSignedData(org.bouncycastle.cms.CMSSignedData)
X509Certificate(java.security.cert.X509Certificate)
CMSProcessable(org.bouncycastle.cms.CMSProcessable)
NoSuchProviderException(java.security.NoSuchProviderException)
CertStore(java.security.cert.CertStore)
CMSException(org.bouncycastle.cms.CMSException)
Example 93 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project cdap by caskdata.
the class FileSecureStore method getSecureData.
/**
* Returns the data stored in the secure store.
* @param namespace The namespace this key belongs to.
* @param name Name of the data element.
* @return An object representing the securely stored data associated with the name.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws NotFoundException If the key is not found in the store.
* @throws IOException If there was a problem reading from the store.
*/
@Override
public SecureStoreData getSecureData(String namespace, String name) throws Exception {
checkNamespaceExists(namespace);
String keyName = getKeyName(namespace, name);
readLock.lock();
try {
if (!keyStore.containsAlias(keyName)) {
throw new NotFoundException(name + " not found in the secure store.");
}
Key key = keyStore.getKey(keyName, password);
return ((KeyStoreEntry) key).getData();
} catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e) {
throw new IOException("Unable to retrieve the key " + name, e);
} finally {
readLock.unlock();
}
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
NamespaceNotFoundException(co.cask.cdap.common.NamespaceNotFoundException)
NotFoundException(co.cask.cdap.common.NotFoundException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
Key(java.security.Key)
Example 94 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project cdap by caskdata.
the class FileSecureStore method getSecureStoreMetadata.
/**
* Returns the metadata for the element identified by the given name.
* The name must be of the format namespace + NAME_SEPARATOR + key name.
* @param keyName Name of the element
* @return An object representing the metadata associated with the element
* @throws NotFoundException If the key was not found in the store.
* @throws IOException If there was a problem in getting the key from the store
*/
private SecureStoreMetadata getSecureStoreMetadata(String keyName) throws Exception {
String[] namespaceAndName = keyName.split(NAME_SEPARATOR);
Preconditions.checkArgument(namespaceAndName.length == 2);
String namespace = namespaceAndName[0];
String name = namespaceAndName[1];
readLock.lock();
try {
if (!keyStore.containsAlias(keyName)) {
throw new NotFoundException(new SecureKeyId(namespace, name));
}
Key key = keyStore.getKey(keyName, password);
return ((KeyStoreEntry) key).getMetadata();
} catch (NoSuchAlgorithmException | UnrecoverableKeyException | KeyStoreException e) {
throw new IOException("Unable to retrieve the metadata for " + name + " in namespace " + namespace, e);
} finally {
readLock.unlock();
}
}
Also used :
SecureKeyId(co.cask.cdap.proto.id.SecureKeyId)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
NamespaceNotFoundException(co.cask.cdap.common.NamespaceNotFoundException)
NotFoundException(co.cask.cdap.common.NotFoundException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
Key(java.security.Key)
Example 95 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project ddf by codice.
the class SecureCxfClientFactory method configureConduit.
private void configureConduit(ClientConfiguration clientConfig) {
HTTPConduit httpConduit = clientConfig.getHttpConduit();
if (httpConduit == null) {
LOGGER.info("HTTPConduit was null for {}. Unable to configure security.", this);
return;
}
if (allowRedirects) {
HTTPClientPolicy clientPolicy = httpConduit.getClient();
if (clientPolicy != null) {
clientPolicy.setAutoRedirect(true);
Bus bus = clientConfig.getBus();
if (bus != null) {
bus.getProperties().put("http.redirect.relative.uri", true);
}
}
}
TLSClientParameters tlsParams = httpConduit.getTlsClientParameters();
if (tlsParams == null) {
tlsParams = new TLSClientParameters();
}
tlsParams.setDisableCNCheck(disableCnCheck);
tlsParams.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
tlsParams.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
String cipherSuites = System.getProperty("https.cipherSuites");
if (cipherSuites != null) {
tlsParams.setCipherSuites(Arrays.asList(cipherSuites.split(",")));
}
KeyStore keyStore = null;
KeyStore trustStore = null;
try {
keyStore = SecurityConstants.newKeystore();
trustStore = SecurityConstants.newTruststore();
} catch (KeyStoreException e) {
LOGGER.debug("Unable to create keystore instance of type {}", System.getProperty(SecurityConstants.KEYSTORE_TYPE), e);
}
Path keyStoreFile = Paths.get(SecurityConstants.getKeystorePath());
Path trustStoreFile = Paths.get(SecurityConstants.getTruststorePath());
String ddfHome = System.getProperty("ddf.home");
if (ddfHome != null) {
Path ddfHomePath = Paths.get(ddfHome);
if (!keyStoreFile.isAbsolute()) {
keyStoreFile = Paths.get(ddfHomePath.toString(), keyStoreFile.toString());
}
if (!trustStoreFile.isAbsolute()) {
trustStoreFile = Paths.get(ddfHomePath.toString(), trustStoreFile.toString());
}
}
String keyStorePassword = SecurityConstants.getKeystorePassword();
String trustStorePassword = SecurityConstants.getTruststorePassword();
if (!Files.isReadable(keyStoreFile) || !Files.isReadable(trustStoreFile)) {
LOGGER.debug("Unable to read system key/trust store files: [ {} ] [ {} ]", keyStoreFile, trustStoreFile);
return;
}
try (InputStream kfis = Files.newInputStream(keyStoreFile)) {
if (keyStore != null) {
keyStore.load(kfis, keyStorePassword.toCharArray());
}
} catch (NoSuchAlgorithmException | CertificateException | IOException e) {
LOGGER.debug("Unable to load system key file.", e);
}
try (InputStream tfis = Files.newInputStream(trustStoreFile)) {
if (trustStore != null) {
trustStore.load(tfis, trustStorePassword.toCharArray());
}
} catch (NoSuchAlgorithmException | CertificateException | IOException e) {
LOGGER.debug("Unable to load system trust file.", e);
}
try {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
tlsParams.setKeyManagers(keyManagerFactory.getKeyManagers());
} catch (NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) {
LOGGER.debug("Unable to initialize KeyManagerFactory.", e);
}
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
tlsParams.setTrustManagers(trustManagerFactory.getTrustManagers());
} catch (NoSuchAlgorithmException | KeyStoreException e) {
LOGGER.debug("Unable to initialize TrustManagerFactory.", e);
}
tlsParams.setCertAlias(SystemBaseUrl.getHost());
httpConduit.setTlsClientParameters(tlsParams);
}
Also used :
Path(java.nio.file.Path)
Bus(org.apache.cxf.Bus)
TLSClientParameters(org.apache.cxf.configuration.jsse.TLSClientParameters)
InputStream(java.io.InputStream)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
HTTPConduit(org.apache.cxf.transport.http.HTTPConduit)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
HTTPClientPolicy(org.apache.cxf.transports.http.configuration.HTTPClientPolicy)
Aggregations
UnrecoverableKeyException (java.security.UnrecoverableKeyException)99
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)77
KeyStoreException (java.security.KeyStoreException)76
IOException (java.io.IOException)60
CertificateException (java.security.cert.CertificateException)49
InvalidKeyException (java.security.InvalidKeyException)28
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)27
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)26
BadPaddingException (javax.crypto.BadPaddingException)26
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)26
KeyStore (java.security.KeyStore)24
KeyManagementException (java.security.KeyManagementException)19
RemoteException (android.os.RemoteException)15
SecretKey (javax.crypto.SecretKey)15
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)15
SSLContext (javax.net.ssl.SSLContext)14
FileNotFoundException (java.io.FileNotFoundException)13
Key (java.security.Key)12
NoSuchProviderException (java.security.NoSuchProviderException)11
PrivateKey (java.security.PrivateKey)11
