Search in sources :

Example 11 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class SSLCredentialGenerator method getValidJavaSSLProperties.

private Properties getValidJavaSSLProperties() {
    final File jks = findTrustedJKS();
    try {
        final Properties props = new Properties();
        props.setProperty("javax.net.ssl.trustStore", jks.getCanonicalPath());
        props.setProperty("javax.net.ssl.trustStorePassword", "password");
        props.setProperty("javax.net.ssl.keyStore", jks.getCanonicalPath());
        props.setProperty("javax.net.ssl.keyStorePassword", "password");
        return props;
    } catch (IOException ex) {
        throw new AuthenticationFailedException("SSL: Exception while opening the key store: " + ex.getMessage(), ex);
    }
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) IOException(java.io.IOException) ConfigurationProperties(org.apache.geode.distributed.ConfigurationProperties) Properties(java.util.Properties) File(java.io.File)

Example 12 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class LdapUserAuthenticator method authenticate.

@Override
public Principal authenticate(final Properties credentials, final DistributedMember member) {
    final String userName = credentials.getProperty(UserPasswordAuthInit.USER_NAME);
    if (userName == null) {
        throw new AuthenticationFailedException("LdapUserAuthenticator: user name property [" + UserPasswordAuthInit.USER_NAME + "] not provided");
    }
    String password = credentials.getProperty(UserPasswordAuthInit.PASSWORD);
    if (password == null) {
        password = "";
    }
    final Properties env = new Properties();
    env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.ldap.LdapCtxFactory.class.getName());
    env.put(Context.PROVIDER_URL, this.ldapUrlScheme + this.ldapServer + '/' + this.baseDomainName);
    env.put(Context.SECURITY_PRINCIPAL, "uid=" + userName + "," + this.baseDomainName);
    env.put(Context.SECURITY_CREDENTIALS, password);
    try {
        final DirContext ctx = new InitialDirContext(env);
        ctx.close();
    } catch (Exception e) {
        throw new AuthenticationFailedException("LdapUserAuthenticator: Failure with provided username, password combination for user name: " + userName, e);
    }
    return new UsernamePrincipal(userName);
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) DirContext(javax.naming.directory.DirContext) InitialDirContext(javax.naming.directory.InitialDirContext) InitialDirContext(javax.naming.directory.InitialDirContext) Properties(java.util.Properties) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException)

Example 13 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class PKCSAuthInit method getCredentials.

@Override
public Properties getCredentials(final Properties securityProperties, final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
    final String keyStorePath = securityProperties.getProperty(KEYSTORE_FILE_PATH);
    if (keyStorePath == null) {
        throw new AuthenticationFailedException("PKCSAuthInit: key-store file path property [" + KEYSTORE_FILE_PATH + "] not set.");
    }
    final String alias = securityProperties.getProperty(KEYSTORE_ALIAS);
    if (alias == null) {
        throw new AuthenticationFailedException("PKCSAuthInit: key alias name property [" + KEYSTORE_ALIAS + "] not set.");
    }
    final String keyStorePass = securityProperties.getProperty(KEYSTORE_PASSWORD);
    try {
        final KeyStore ks = KeyStore.getInstance("PKCS12");
        final char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() : null);
        final FileInputStream certificatefile = new FileInputStream(keyStorePath);
        try {
            ks.load(certificatefile, passPhrase);
        } finally {
            certificatefile.close();
        }
        final Key key = ks.getKey(alias, passPhrase);
        if (key instanceof PrivateKey) {
            final PrivateKey privKey = (PrivateKey) key;
            final X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
            final Signature sig = Signature.getInstance(cert.getSigAlgName());
            sig.initSign(privKey);
            sig.update(alias.getBytes("UTF-8"));
            final byte[] signatureBytes = sig.sign();
            final Properties newprops = new Properties();
            newprops.put(KEYSTORE_ALIAS, alias);
            newprops.put(SIGNATURE_DATA, signatureBytes);
            return newprops;
        } else {
            throw new AuthenticationFailedException("PKCSAuthInit: " + "Failed to load private key from the given file: " + keyStorePath);
        }
    } catch (Exception ex) {
        throw new AuthenticationFailedException("PKCSAuthInit: Exception while getting credentials: " + ex, ex);
    }
}
Also used : PrivateKey(java.security.PrivateKey) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) Signature(java.security.Signature) Properties(java.util.Properties) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) Key(java.security.Key) PrivateKey(java.security.PrivateKey) X509Certificate(java.security.cert.X509Certificate) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException)

Example 14 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class PKCSAuthenticator method init.

@Override
public void init(final Properties securityProperties, final LogWriter systemLogWriter, final LogWriter securityLogWriter) throws AuthenticationFailedException {
    this.systemLogWriter = systemLogWriter;
    this.securityLogWriter = securityLogWriter;
    this.pubKeyFilePath = securityProperties.getProperty(PUBLIC_KEY_FILE);
    if (this.pubKeyFilePath == null) {
        throw new AuthenticationFailedException("PKCSAuthenticator: property " + PUBLIC_KEY_FILE + " not specified as the public key file.");
    }
    this.pubKeyPass = securityProperties.getProperty(PUBLIC_KEYSTORE_PASSWORD);
    this.aliasCertificateMap = new HashMap();
    populateMap();
}
Also used : AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) HashMap(java.util.HashMap)

Example 15 with AuthenticationFailedException

use of org.apache.geode.security.AuthenticationFailedException in project geode by apache.

the class PKCSAuthenticator method populateMap.

private void populateMap() {
    try {
        final KeyStore keyStore = KeyStore.getInstance("JKS");
        final char[] passPhrase = this.pubKeyPass != null ? this.pubKeyPass.toCharArray() : null;
        final FileInputStream keyStoreFile = new FileInputStream(this.pubKeyFilePath);
        try {
            keyStore.load(keyStoreFile, passPhrase);
        } finally {
            keyStoreFile.close();
        }
        for (Enumeration e = keyStore.aliases(); e.hasMoreElements(); ) {
            final Object alias = e.nextElement();
            final Certificate cert = keyStore.getCertificate((String) alias);
            if (cert instanceof X509Certificate) {
                this.aliasCertificateMap.put(alias, cert);
            }
        }
    } catch (Exception e) {
        throw new AuthenticationFailedException("Exception while getting public keys: " + e.getMessage(), e);
    }
}
Also used : Enumeration(java.util.Enumeration) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) X509Certificate(java.security.cert.X509Certificate) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) AuthenticationFailedException(org.apache.geode.security.AuthenticationFailedException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

AuthenticationFailedException (org.apache.geode.security.AuthenticationFailedException)29 IOException (java.io.IOException)14 Properties (java.util.Properties)12 AuthenticationRequiredException (org.apache.geode.security.AuthenticationRequiredException)9 GemFireSecurityException (org.apache.geode.security.GemFireSecurityException)9 InternalLogWriter (org.apache.geode.internal.logging.InternalLogWriter)7 EOFException (java.io.EOFException)6 Signature (java.security.Signature)6 ConfigurationProperties (org.apache.geode.distributed.ConfigurationProperties)6 X509Certificate (java.security.cert.X509Certificate)5 GemFireConfigException (org.apache.geode.GemFireConfigException)5 InternalGemFireException (org.apache.geode.InternalGemFireException)5 GatewayConfigurationException (org.apache.geode.cache.GatewayConfigurationException)5 ServerRefusedConnectionException (org.apache.geode.cache.client.ServerRefusedConnectionException)5 KeyFactory (java.security.KeyFactory)4 X509EncodedKeySpec (java.security.spec.X509EncodedKeySpec)4 Test (org.junit.Test)4 ByteArrayInputStream (java.io.ByteArrayInputStream)3 DataInputStream (java.io.DataInputStream)3 MalformedURLException (java.net.MalformedURLException)3