use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.
the class SSLCredentialGenerator method getValidJavaSSLProperties.
private Properties getValidJavaSSLProperties() {
final File jks = findTrustedJKS();
try {
final Properties props = new Properties();
props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
props.setProperty("javax.net.ssl.trustStorePassword", "password");
props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
props.setProperty("javax.net.ssl.keyStorePassword", "password");
return props;
} catch (IOException ex) {
throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
}
}
use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.
the class LdapUserAuthenticator method authenticate.
@Override
public Principal authenticate(final Properties credentials, final DistributedMember member) {
final String userName = credentials.getProperty(UserPasswordAuthInit.USER_NAME);
if (userName == null) {
throw new AuthenticationFailedException("LdapUserAuthenticator: user name property [" + UserPasswordAuthInit.USER_NAME + "] not provided");
}
String password = credentials.getProperty(UserPasswordAuthInit.PASSWORD);
if (password == null) {
password = "";
}
final Properties env = new Properties();
env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory.class.getName());
env.put(Context.PROVIDER_URL, this.ldapUrlScheme + this.ldapServer + '/' + this.baseDomainName);
env.put(Context.SECURITY_PRINCIPAL, "uid=" + userName + "," + this.baseDomainName);
env.put(Context.SECURITY_CREDENTIALS, password);
try {
final DirContext ctx = new InitialDirContext(env);
ctx.close();
} catch (Exception e) {
throw new AuthenticationFailedException("LdapUserAuthenticator: Failure with provided username, password combination for user name: " + userName, e);
}
return new UsernamePrincipal(userName);
}
use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.
the class PKCSAuthInit method getCredentials.
@Override
public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
final String keyStorePath = securityProperties.getProperty(KEYSTORE_FILE_PATH);
if (keyStorePath == null) {
throw new AuthenticationFailedException("PKCSAuthInit: key-store file path property [" + KEYSTORE_FILE_PATH + "] not set.");
}
final String alias = securityProperties.getProperty(KEYSTORE_ALIAS);
if (alias == null) {
throw new AuthenticationFailedException("PKCSAuthInit: key alias name property [" + KEYSTORE_ALIAS + "] not set.");
}
final String keyStorePass = securityProperties.getProperty(KEYSTORE_PASSWORD);
try {
final KeyStore ks = KeyStore.getInstance("PKCS12");
final char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() : null);
final FileInputStream certificatefile = new FileInputStream(keyStorePath);
try {
ks.load(certificatefile, passPhrase);
} finally {
certificatefile.close();
}
final Key key = ks.getKey(alias, passPhrase);
if (key instanceof PrivateKey) {
final PrivateKey privKey = (PrivateKey) key;
final X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
final Signature sig = Signature.getInstance(cert.getSigAlgName());
sig.initSign(privKey);
sig.update(alias.getBytes("UTF-8"));
final byte[] signatureBytes = sig.sign();
final Properties newprops = new Properties();
newprops.put(KEYSTORE_ALIAS, alias);
newprops.put(SIGNATURE_DATA, signatureBytes);
return newprops;
} else {
throw new AuthenticationFailedException("PKCSAuthInit: " + "Failed to load private key from the given file: " + keyStorePath);
}
} catch (Exception ex) {
throw new AuthenticationFailedException("PKCSAuthInit: Exception while getting credentials: " + ex, ex);
}
}
use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.
the class PKCSAuthenticator method init.
@Override
public void init(final Properties securityProperties, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
this.systemLogWriter = systemLogWriter;
this.securityLogWriter = securityLogWriter;
this.pubKeyFilePath = securityProperties.getProperty(PUBLIC_KEY_FILE);
if (this.pubKeyFilePath == null) {
throw new AuthenticationFailedException("PKCSAuthenticator: property " + PUBLIC_KEY_FILE + " not specified as the public key file.");
}
this.pubKeyPass = securityProperties.getProperty(PUBLIC_KEYSTORE_PASSWORD);
this.aliasCertificateMap = new HashMap();
populateMap();
}
use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.
the class PKCSAuthenticator method populateMap.
private void populateMap() {
try {
final KeyStore keyStore = KeyStore.getInstance("JKS");
final char[] passPhrase = this.pubKeyPass != null ? this.pubKeyPass.toCharArray() : null;
final FileInputStream keyStoreFile = new FileInputStream(this.pubKeyFilePath);
try {
keyStore.load(keyStoreFile, passPhrase);
} finally {
keyStoreFile.close();
}
for (Enumeration e = keyStore.aliases(); e.hasMoreElements(); ) {
final Object alias = e.nextElement();
final Certificate cert = keyStore.getCertificate((String) alias);
if (cert instanceof X509Certificate) {
this.aliasCertificateMap.put(alias, cert);
}
}
} catch (Exception e) {
throw new AuthenticationFailedException("Exception while getting public keys: " + e.getMessage(), e);
}
}
Aggregations