Example 6 with DestroyFailedException
use of javax.security.auth.DestroyFailedException in project qpid-broker-j by apache.
the class KerberosUtilities method getKeyTab.
private KeyTab getKeyTab(final KerberosPrincipal principal, final File keyTabFile) {
if (!keyTabFile.exists() || !keyTabFile.canRead()) {
throw new IllegalArgumentException("Specified file does not exist or is not readable.");
}
final KeyTab keytab = KeyTab.getInstance(principal, keyTabFile);
if (!keytab.exists()) {
throw new IllegalArgumentException("Specified file is not a keyTab file.");
}
final KerberosKey[] keys = keytab.getKeys(principal);
if (keys.length == 0) {
throw new IllegalArgumentException("Specified file does not contain at least one key for this principal.");
}
for (final KerberosKey key : keys) {
try {
key.destroy();
} catch (DestroyFailedException e) {
LOGGER.debug("Unable to destroy key", e);
}
}
return keytab;
}
Also used :
KerberosKey(javax.security.auth.kerberos.KerberosKey)
DestroyFailedException(javax.security.auth.DestroyFailedException)
KeyTab(javax.security.auth.kerberos.KeyTab)
Example 7 with DestroyFailedException
use of javax.security.auth.DestroyFailedException in project cxf by apache.
the class AbstractJweEncryption method encryptInternal.
protected byte[] encryptInternal(JweEncryptionInternal state, byte[] content) {
try {
SecretKey createCekSecretKey = createCekSecretKey(state);
byte[] encryptedBytes = CryptoUtils.encryptBytes(content, createCekSecretKey, state.keyProps);
// Here we're finished with the SecretKey we created, so we can destroy it
try {
createCekSecretKey.destroy();
} catch (DestroyFailedException e) {
// ignore
}
return encryptedBytes;
} catch (SecurityException ex) {
LOG.fine(ex.getMessage());
if (ex.getCause() instanceof NoSuchAlgorithmException) {
LOG.warning("Unsupported algorithm: " + state.keyProps.getKeyAlgo());
throw new JweException(JweException.Error.INVALID_CONTENT_ALGORITHM);
}
throw new JweException(JweException.Error.CONTENT_ENCRYPTION_FAILURE, ex);
}
}
Also used :
SecretKey(javax.crypto.SecretKey)
DestroyFailedException(javax.security.auth.DestroyFailedException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Example 8 with DestroyFailedException
use of javax.security.auth.DestroyFailedException in project cxf by apache.
the class HmacUtils method generateKey.
public static String generateKey(String algo) {
try {
KeyGenerator keyGen = KeyGenerator.getInstance(algo);
SecretKey secretKey = keyGen.generateKey();
byte[] encodedSecretKey = secretKey.getEncoded();
String encodedKey = Base64Utility.encode(encodedSecretKey);
// Clean the key after we're done with it
Arrays.fill(encodedSecretKey, (byte) 0);
try {
secretKey.destroy();
} catch (DestroyFailedException e) {
// ignore
}
return encodedKey;
} catch (NoSuchAlgorithmException e) {
throw new SecurityException(e);
}
}
Also used :
SecretKey(javax.crypto.SecretKey)
DestroyFailedException(javax.security.auth.DestroyFailedException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyGenerator(javax.crypto.KeyGenerator)
Example 9 with DestroyFailedException
use of javax.security.auth.DestroyFailedException in project cxf by apache.
the class SamlRedirectBindingFilter method signRequest.
/**
* Sign a request according to the redirect binding spec for Web SSO
*/
private void signRequest(String authnRequest, String relayState, UriBuilder ub) throws Exception {
Crypto crypto = getSignatureCrypto();
if (crypto == null) {
LOG.warning("No crypto instance of properties file configured for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
String signatureUser = getSignatureUsername();
if (signatureUser == null) {
LOG.warning("No user configured for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
CallbackHandler callbackHandler = getCallbackHandler();
if (callbackHandler == null) {
LOG.warning("No CallbackHandler configured to supply a password for signature");
throw ExceptionUtils.toInternalServerErrorException(null, null);
}
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(signatureUser);
X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
if (issuerCerts == null) {
throw new Exception("No issuer certs were found to sign the request using name: " + signatureUser);
}
String sigAlgo = getSignatureAlgorithm();
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
LOG.fine("automatic sig algo detection: " + pubKeyAlgo);
if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
sigAlgo = SSOConstants.DSA_SHA1;
}
LOG.fine("Using Signature algorithm " + sigAlgo);
ub.queryParam(SSOConstants.SIG_ALG, URLEncoder.encode(sigAlgo, StandardCharsets.UTF_8.name()));
// Get the password
WSPasswordCallback[] cb = { new WSPasswordCallback(signatureUser, WSPasswordCallback.SIGNATURE) };
callbackHandler.handle(cb);
String password = cb[0].getPassword();
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey(signatureUser, password);
// Sign the request
String jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo);
Signature signature = Signature.getInstance(jceSigAlgo);
signature.initSign(privateKey);
String requestToSign = SSOConstants.SAML_REQUEST + "=" + authnRequest + "&" + SSOConstants.RELAY_STATE + "=" + relayState + "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(sigAlgo, StandardCharsets.UTF_8.name());
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
String encodedSignature = Base64.getEncoder().encodeToString(signBytes);
// Clean the private key from memory when we're done
try {
privateKey.destroy();
} catch (DestroyFailedException ex) {
// ignore
}
ub.queryParam(SSOConstants.SIGNATURE, URLEncoder.encode(encodedSignature, StandardCharsets.UTF_8.name()));
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
DestroyFailedException(javax.security.auth.DestroyFailedException)
PrivateKey(java.security.PrivateKey)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
X509Certificate(java.security.cert.X509Certificate)
DestroyFailedException(javax.security.auth.DestroyFailedException)
IOException(java.io.IOException)
Crypto(org.apache.wss4j.common.crypto.Crypto)
Signature(java.security.Signature)
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
Example 10 with DestroyFailedException
use of javax.security.auth.DestroyFailedException in project robovm by robovm.
the class DestroyFailedExceptionTest method testDestroyFailedException03.
/**
* javax.security.auth.DestroyFailedException#DestroyFailedException(String msg)
* Assertion: constructs with null parameter.
*/
public void testDestroyFailedException03() {
String msg = null;
DestroyFailedException dfE = new DestroyFailedException(msg);
assertNull("getMessage() must return null.", dfE.getMessage());
assertNull("getCause() must return null", dfE.getCause());
}
Also used :
DestroyFailedException(javax.security.auth.DestroyFailedException)
Aggregations
DestroyFailedException (javax.security.auth.DestroyFailedException)30
SecretKey (javax.crypto.SecretKey)9
PrivateKey (java.security.PrivateKey)5
X509Certificate (java.security.cert.X509Certificate)4
CallbackHandler (javax.security.auth.callback.CallbackHandler)4
Crypto (org.apache.wss4j.common.crypto.Crypto)4
SecretKeySpec (javax.crypto.spec.SecretKeySpec)3
KerberosTicket (javax.security.auth.kerberos.KerberosTicket)3
CryptoType (org.apache.wss4j.common.crypto.CryptoType)3
WSPasswordCallback (org.apache.wss4j.common.ext.WSPasswordCallback)3
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)3
IOException (java.io.IOException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
XMLCipher (org.apache.xml.security.encryption.XMLCipher)2
XMLEncryptionException (org.apache.xml.security.encryption.XMLEncryptionException)2
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
java.io (java.io)1
Signature (java.security.Signature)1
AlgorithmParameterSpec (java.security.spec.AlgorithmParameterSpec)1
Cipher (javax.crypto.Cipher)1
