Example 96 with CertificateException
use of java.security.cert.CertificateException in project spring-security-oauth by spring-projects.
the class ConsumerDetailsFactoryBean method getObject.
public ConsumerDetails getObject() throws Exception {
if ("rsa-cert".equals(typeOfSecret)) {
try {
Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(resourceLoader.getResource(secret).getInputStream());
consumer.setSignatureSecret(new RSAKeySecret(cert.getPublicKey()));
} catch (IOException e) {
throw new BeanCreationException("RSA certificate not found at " + secret + ".", e);
} catch (CertificateException e) {
throw new BeanCreationException("Invalid RSA certificate at " + secret + ".", e);
} catch (NullPointerException e) {
throw new BeanCreationException("Could not load RSA certificate at " + secret + ".", e);
}
} else {
consumer.setSignatureSecret(new SharedConsumerSecretImpl(secret));
}
return consumer;
}
Also used :
BeanCreationException(org.springframework.beans.factory.BeanCreationException)
SharedConsumerSecretImpl(org.springframework.security.oauth.common.signature.SharedConsumerSecretImpl)
RSAKeySecret(org.springframework.security.oauth.common.signature.RSAKeySecret)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
Certificate(java.security.cert.Certificate)
Example 97 with CertificateException
use of java.security.cert.CertificateException in project torodb by torodb.
the class MongoClientConfigurationFactory method getMongoAuthenticationConfiguration.
private static MongoAuthenticationConfiguration getMongoAuthenticationConfiguration(Auth auth, Ssl ssl) {
AuthMode authMode = auth.getMode();
MongoAuthenticationConfiguration.Builder mongoAuthenticationConfigurationBuilder = new MongoAuthenticationConfiguration.Builder(mongoAuthenticationMechanismConverter.get(authMode).apply(authMode));
mongoAuthenticationConfigurationBuilder.setUser(auth.getUser());
mongoAuthenticationConfigurationBuilder.setSource(auth.getSource());
mongoAuthenticationConfigurationBuilder.setPassword(auth.getPassword());
if (authMode == AuthMode.x509 && auth.getUser() == null) {
try {
KeyStore ks = getKeyStore(ssl);
X509Certificate certificate = (X509Certificate) ks.getCertificate(ks.aliases().nextElement());
mongoAuthenticationConfigurationBuilder.setUser(Arrays.asList(certificate.getSubjectDN().getName().split(",")).stream().map(dn -> dn.trim()).collect(Collectors.joining(",")));
} catch (CertificateException | KeyStoreException | NoSuchAlgorithmException | IOException exception) {
throw new SystemException(exception);
}
}
return mongoAuthenticationConfigurationBuilder.build();
}
Also used :
MongoAuthenticationConfiguration(com.eightkdata.mongowp.client.wrapper.MongoAuthenticationConfiguration)
SystemException(com.torodb.core.exceptions.SystemException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
AuthMode(com.torodb.packaging.config.model.protocol.mongo.AuthMode)
X509Certificate(java.security.cert.X509Certificate)
Example 98 with CertificateException
use of java.security.cert.CertificateException in project torodb by torodb.
the class MongoClientConfigurationFactory method getMongoClientConfiguration.
public static MongoClientConfiguration getMongoClientConfiguration(AbstractReplication replication) {
HostAndPort syncSource = HostAndPort.fromString(replication.getSyncSource()).withDefaultPort(27017);
MongoClientConfiguration.Builder mongoClientConfigurationBuilder = new MongoClientConfiguration.Builder(syncSource);
Ssl ssl = replication.getSsl();
mongoClientConfigurationBuilder.setSslEnabled(ssl.getEnabled());
if (ssl.getEnabled()) {
try {
mongoClientConfigurationBuilder.setSslAllowInvalidHostnames(ssl.getAllowInvalidHostnames());
TrustManager[] tms = getTrustManagers(ssl);
KeyManager[] kms = getKeyManagers(ssl);
SSLContext sslContext;
if (ssl.getFipsMode()) {
sslContext = SSLContext.getInstance("TLS", "SunPKCS11-NSS");
} else {
sslContext = SSLContext.getInstance("TLS");
}
sslContext.init(kms, tms, null);
mongoClientConfigurationBuilder.setSocketFactory(sslContext.getSocketFactory());
} catch (CertificateException | KeyManagementException | KeyStoreException | UnrecoverableKeyException | NoSuchProviderException | NoSuchAlgorithmException | IOException exception) {
throw new SystemException(exception);
}
}
Auth auth = replication.getAuth();
if (auth.getMode().isEnabled()) {
MongoAuthenticationConfiguration mongoAuthenticationConfiguration = getMongoAuthenticationConfiguration(auth, ssl);
mongoClientConfigurationBuilder.addAuthenticationConfiguration(mongoAuthenticationConfiguration);
}
return mongoClientConfigurationBuilder.build();
}
Also used :
MongoAuthenticationConfiguration(com.eightkdata.mongowp.client.wrapper.MongoAuthenticationConfiguration)
CertificateException(java.security.cert.CertificateException)
SSLContext(javax.net.ssl.SSLContext)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
MongoClientConfiguration(com.eightkdata.mongowp.client.wrapper.MongoClientConfiguration)
Ssl(com.torodb.packaging.config.model.protocol.mongo.Ssl)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
HostAndPort(com.google.common.net.HostAndPort)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
SystemException(com.torodb.core.exceptions.SystemException)
Auth(com.torodb.packaging.config.model.protocol.mongo.Auth)
NoSuchProviderException(java.security.NoSuchProviderException)
KeyManager(javax.net.ssl.KeyManager)
Example 99 with CertificateException
use of java.security.cert.CertificateException in project bazel by bazelbuild.
the class KeystoreHelper method createNewStore.
/**
* Creates a new store
* @param osKeyStorePath the location of the store
* @param storeType an optional keystore type, or <code>null</code> if the default is to
* be used.
* @param output an optional {@link IKeyGenOutput} object to get the stdout and stderr
* of the keytool process call.
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws CertificateException
* @throws UnrecoverableEntryException
* @throws IOException
* @throws KeytoolException
*/
public static boolean createNewStore(String osKeyStorePath, String storeType, String storePassword, String alias, String keyPassword, String description, int validityYears, final IKeyGenOutput output) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableEntryException, IOException, KeytoolException {
// get the executable name of keytool depending on the platform.
String os = System.getProperty("os.name");
String keytoolCommand;
if (os.startsWith("Windows")) {
keytoolCommand = "keytool.exe";
} else {
keytoolCommand = "keytool";
}
String javaHome = System.getProperty("java.home");
if (javaHome != null && !javaHome.isEmpty()) {
keytoolCommand = javaHome + File.separator + "bin" + File.separator + keytoolCommand;
}
// create the command line to call key tool to build the key with no user input.
ArrayList<String> commandList = new ArrayList<String>();
commandList.add(keytoolCommand);
commandList.add("-genkey");
commandList.add("-alias");
commandList.add(alias);
commandList.add("-keyalg");
commandList.add("RSA");
commandList.add("-dname");
commandList.add(description);
commandList.add("-validity");
commandList.add(Integer.toString(validityYears * 365));
commandList.add("-keypass");
commandList.add(keyPassword);
commandList.add("-keystore");
commandList.add(osKeyStorePath);
commandList.add("-storepass");
commandList.add(storePassword);
if (storeType != null) {
commandList.add("-storetype");
commandList.add(storeType);
}
String[] commandArray = commandList.toArray(new String[commandList.size()]);
// launch the command line process
int result = 0;
try {
Process process = Runtime.getRuntime().exec(commandArray);
result = GrabProcessOutput.grabProcessOutput(process, Wait.WAIT_FOR_READERS, new IProcessOutput() {
@Override
public void out(@Nullable String line) {
if (line != null) {
if (output != null) {
output.out(line);
} else {
System.out.println(line);
}
}
}
@Override
public void err(@Nullable String line) {
if (line != null) {
if (output != null) {
output.err(line);
} else {
System.err.println(line);
}
}
}
});
} catch (Exception e) {
// create the command line as one string for debugging purposes
StringBuilder builder = new StringBuilder();
boolean firstArg = true;
for (String arg : commandArray) {
boolean hasSpace = arg.indexOf(' ') != -1;
if (firstArg == true) {
firstArg = false;
} else {
builder.append(' ');
}
if (hasSpace) {
builder.append('"');
}
builder.append(arg);
if (hasSpace) {
builder.append('"');
}
}
throw new KeytoolException("Failed to create key: " + e.getMessage(), javaHome, builder.toString());
}
if (result != 0) {
return false;
}
return true;
}
Also used :
IProcessOutput(com.android.utils.GrabProcessOutput.IProcessOutput)
KeytoolException(com.android.sdklib.internal.build.DebugKeyProvider.KeytoolException)
ArrayList(java.util.ArrayList)
Nullable(com.android.annotations.Nullable)
KeytoolException(com.android.sdklib.internal.build.DebugKeyProvider.KeytoolException)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
Example 100 with CertificateException
use of java.security.cert.CertificateException in project cas by apereo.
the class LdaptiveResourceCRLFetcher method fetchCRLFromLdap.
/**
* Downloads a CRL from given LDAP url.
*
* @param r the resource that is the ldap url.
* @return the x 509 cRL
* @throws IOException the exception thrown if resources cant be fetched
* @throws CRLException the exception thrown if resources cant be fetched
* @throws CertificateException if connection to ldap fails, or attribute to get the revocation list is unavailable
*/
protected X509CRL fetchCRLFromLdap(final Object r) throws CertificateException, IOException, CRLException {
try {
final String ldapURL = r.toString();
LOGGER.debug("Fetching CRL from ldap [{}]", ldapURL);
final Response<SearchResult> result = performLdapSearch(ldapURL);
if (result.getResultCode() == ResultCode.SUCCESS) {
final LdapEntry entry = result.getResult().getEntry();
final LdapAttribute attribute = entry.getAttribute(this.certificateAttribute);
if (attribute.isBinary()) {
LOGGER.debug("Located entry [{}]. Retrieving first attribute [{}]", entry, attribute);
return fetchX509CRLFromAttribute(attribute);
} else {
LOGGER.warn("Found certificate attribute [{}] but it is not marked as a binary attribute", this.certificateAttribute);
}
}
LOGGER.debug("Failed to execute the search [{}]", result);
throw new CertificateException("Failed to establish a connection ldap and search.");
} catch (final LdapException e) {
LOGGER.error(e.getMessage(), e);
throw new CertificateException(e.getMessage());
}
}
Also used :
LdapAttribute(org.ldaptive.LdapAttribute)
SearchResult(org.ldaptive.SearchResult)
LdapEntry(org.ldaptive.LdapEntry)
CertificateException(java.security.cert.CertificateException)
LdapException(org.ldaptive.LdapException)
Aggregations
CertificateException (java.security.cert.CertificateException)456
IOException (java.io.IOException)221
X509Certificate (java.security.cert.X509Certificate)215
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)141
KeyStoreException (java.security.KeyStoreException)123
CertificateFactory (java.security.cert.CertificateFactory)103
ByteArrayInputStream (java.io.ByteArrayInputStream)97
Certificate (java.security.cert.Certificate)75
KeyStore (java.security.KeyStore)58
InputStream (java.io.InputStream)55
UnrecoverableKeyException (java.security.UnrecoverableKeyException)53
ArrayList (java.util.ArrayList)49
InvalidKeyException (java.security.InvalidKeyException)44
X509TrustManager (javax.net.ssl.X509TrustManager)41
SSLContext (javax.net.ssl.SSLContext)36
FileInputStream (java.io.FileInputStream)34
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)34
RemoteException (android.os.RemoteException)33
FileNotFoundException (java.io.FileNotFoundException)30
KeyManagementException (java.security.KeyManagementException)30
