Example 41 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project cdap by caskdata.
the class FileSecureStore method deleteSecureData.
/**
* Deletes the element with the given name. Flushes the keystore after deleting the key from the in memory keystore.
* If the flush fails, we attempt to insert to key back to the in memory store and notify the user that delete failed.
* If the insertion in the key store fails after a flush failure then there would be a discrepancy between the
* in memory store and the file on the disk. This will be remedied the next time a flush happens.
* If another flush does not happen and the system is restarted, the only time that file is read,
* then we will have an extra key in the keystore.
* @param namespace The namespace this key belongs to.
* @param name Name of the element to be deleted.
* @throws NamespaceNotFoundException If the specified namespace does not exist.
* @throws NotFoundException If the key to be deleted is not found.
* @throws IOException If their was a problem during deleting the key from the in memory store
* or if there was a problem persisting the keystore after deleting the element.
*/
@Override
public void deleteSecureData(String namespace, String name) throws Exception {
checkNamespaceExists(namespace);
String keyName = getKeyName(namespace, name);
Key key = null;
writeLock.lock();
try {
if (!keyStore.containsAlias(keyName)) {
throw new NotFoundException(new SecureKeyId(namespace, name));
}
key = deleteFromStore(keyName, password);
flush();
LOG.debug(String.format("Successfully deleted key %s from namespace %s", name, namespace));
} catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
throw new IOException("Failed to delete the key. ", e);
} catch (IOException ioe) {
try {
keyStore.setKeyEntry(keyName, key, password, null);
} catch (KeyStoreException e) {
ioe.addSuppressed(e);
}
throw ioe;
} finally {
writeLock.unlock();
}
}
Also used :
SecureKeyId(co.cask.cdap.proto.id.SecureKeyId)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
NamespaceNotFoundException(co.cask.cdap.common.NamespaceNotFoundException)
NotFoundException(co.cask.cdap.common.NotFoundException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
Key(java.security.Key)
Example 42 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project ddf by codice.
the class SolrHttpWrapper method getSslContext.
private SSLContext getSslContext() {
String keystorePath = System.getProperty(SecurityConstants.KEYSTORE_PATH);
String keystorePassword = System.getProperty(SecurityConstants.KEYSTORE_PASSWORD);
String truststorePath = System.getProperty(SecurityConstants.TRUSTSTORE_PATH);
String truststorePassword = System.getProperty(SecurityConstants.TRUSTSTORE_PASSWORD);
if (keystorePath == null || keystorePassword == null || truststorePath == null || truststorePassword == null) {
throw new IllegalArgumentException("KeyStore and TrustStore system properties must be set.");
}
KeyStore trustStore = getKeyStore(truststorePath, truststorePassword);
KeyStore keyStore = getKeyStore(keystorePath, keystorePassword);
SSLContext sslContext;
try {
sslContext = SSLContexts.custom().loadKeyMaterial(keyStore, keystorePassword.toCharArray()).loadTrustMaterial(trustStore).useTLS().build();
} catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
LOGGER.error("Unable to create secure HttpClient for Solr. The server should not be used in this state.", e);
return null;
}
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
sslContext.getDefaultSSLParameters().setWantClientAuth(true);
return sslContext;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
KeyManagementException(java.security.KeyManagementException)
Example 43 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project ddf by codice.
the class ClaimsHandlerManager method createKeyManagerFactory.
public static KeyManagerFactory createKeyManagerFactory(String keyStoreLoc, String keyStorePass) throws IOException {
KeyManagerFactory kmf;
try {
// keystore stuff
KeyStore keyStore = KeyStore.getInstance(System.getProperty("javax.net.ssl.keyStoreType"));
LOGGER.debug("keyStoreLoc = {}", keyStoreLoc);
FileInputStream keyFIS = new FileInputStream(keyStoreLoc);
try {
LOGGER.debug("Loading keyStore");
keyStore.load(keyFIS, keyStorePass.toCharArray());
} catch (CertificateException e) {
throw new IOException("Unable to load certificates from keystore. " + keyStoreLoc, e);
} finally {
IOUtils.closeQuietly(keyFIS);
}
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, keyStorePass.toCharArray());
LOGGER.debug("key manager factory initialized");
} catch (NoSuchAlgorithmException e) {
throw new IOException("Problems creating SSL socket. Usually this is " + "referring to the certificate sent by the server not being trusted by the client.", e);
} catch (UnrecoverableKeyException e) {
throw new IOException("Unable to load keystore. " + keyStoreLoc, e);
} catch (KeyStoreException e) {
throw new IOException("Unable to read keystore. " + keyStoreLoc, e);
}
return kmf;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 44 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project android_frameworks_base by crdroidandroid.
the class AndroidKeyStoreProvider method loadAndroidKeyStorePublicKeyFromKeystore.
@NonNull
public static AndroidKeyStorePublicKey loadAndroidKeyStorePublicKeyFromKeystore(@NonNull KeyStore keyStore, @NonNull String privateKeyAlias, int uid) throws UnrecoverableKeyException {
KeyCharacteristics keyCharacteristics = new KeyCharacteristics();
int errorCode = keyStore.getKeyCharacteristics(privateKeyAlias, null, null, uid, keyCharacteristics);
if (errorCode != KeyStore.NO_ERROR) {
throw (UnrecoverableKeyException) new UnrecoverableKeyException("Failed to obtain information about private key").initCause(KeyStore.getKeyStoreException(errorCode));
}
ExportResult exportResult = keyStore.exportKey(privateKeyAlias, KeymasterDefs.KM_KEY_FORMAT_X509, null, null, uid);
if (exportResult.resultCode != KeyStore.NO_ERROR) {
throw (UnrecoverableKeyException) new UnrecoverableKeyException("Failed to obtain X.509 form of public key").initCause(KeyStore.getKeyStoreException(exportResult.resultCode));
}
final byte[] x509EncodedPublicKey = exportResult.exportData;
Integer keymasterAlgorithm = keyCharacteristics.getEnum(KeymasterDefs.KM_TAG_ALGORITHM);
if (keymasterAlgorithm == null) {
throw new UnrecoverableKeyException("Key algorithm unknown");
}
String jcaKeyAlgorithm;
try {
jcaKeyAlgorithm = KeyProperties.KeyAlgorithm.fromKeymasterAsymmetricKeyAlgorithm(keymasterAlgorithm);
} catch (IllegalArgumentException e) {
throw (UnrecoverableKeyException) new UnrecoverableKeyException("Failed to load private key").initCause(e);
}
return AndroidKeyStoreProvider.getAndroidKeyStorePublicKey(privateKeyAlias, uid, jcaKeyAlgorithm, x509EncodedPublicKey);
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
KeyCharacteristics(android.security.keymaster.KeyCharacteristics)
ExportResult(android.security.keymaster.ExportResult)
NonNull(android.annotation.NonNull)
Example 45 with UnrecoverableKeyException
use of java.security.UnrecoverableKeyException in project ddf by codice.
the class HttpSolrClientFactory method getSslContext.
private static SSLContext getSslContext() {
if (//
System.getProperty("javax.net.ssl.keyStore") == null || //
System.getProperty("javax.net.ssl.keyStorePassword") == null || //
System.getProperty("javax.net.ssl.trustStore") == null || System.getProperty("javax.net.ssl.trustStorePassword") == null) {
throw new IllegalArgumentException("KeyStore and TrustStore system properties must be set.");
}
KeyStore trustStore = getKeyStore(System.getProperty("javax.net.ssl.trustStore"), System.getProperty("javax.net.ssl.trustStorePassword"));
KeyStore keyStore = getKeyStore(System.getProperty("javax.net.ssl.keyStore"), System.getProperty("javax.net.ssl.keyStorePassword"));
SSLContext sslContext = null;
try {
sslContext = SSLContexts.custom().loadKeyMaterial(keyStore, System.getProperty("javax.net.ssl.keyStorePassword").toCharArray()).loadTrustMaterial(trustStore).useTLS().build();
} catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
throw new IllegalArgumentException("Unable to use javax.net.ssl.keyStorePassword to load key material to create SSL context for Solr client.");
}
sslContext.getDefaultSSLParameters().setNeedClientAuth(true);
sslContext.getDefaultSSLParameters().setWantClientAuth(true);
return sslContext;
}
Also used :
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
KeyManagementException(java.security.KeyManagementException)
Aggregations
UnrecoverableKeyException (java.security.UnrecoverableKeyException)99
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)77
KeyStoreException (java.security.KeyStoreException)76
IOException (java.io.IOException)60
CertificateException (java.security.cert.CertificateException)49
InvalidKeyException (java.security.InvalidKeyException)28
NoSuchPaddingException (javax.crypto.NoSuchPaddingException)27
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)26
BadPaddingException (javax.crypto.BadPaddingException)26
IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)26
KeyStore (java.security.KeyStore)24
KeyManagementException (java.security.KeyManagementException)19
RemoteException (android.os.RemoteException)15
SecretKey (javax.crypto.SecretKey)15
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)15
SSLContext (javax.net.ssl.SSLContext)14
FileNotFoundException (java.io.FileNotFoundException)13
Key (java.security.Key)12
NoSuchProviderException (java.security.NoSuchProviderException)11
PrivateKey (java.security.PrivateKey)11
