use of org.apache.knox.gateway.services.security.KeystoreServiceException in project knox by apache.
the class DefaultTokenAuthorityService method signTokenWithRSA.
private void signTokenWithRSA(final JWT token, String signingKeystoreName, String signingKeystoreAlias, char[] signingKeystorePassphrase) throws TokenServiceException {
try {
final RSAPrivateKey key = getSigningKey(signingKeystoreName, signingKeystoreAlias, signingKeystorePassphrase);
// allowWeakKey to not break existing 1024 bit certificates
final JWSSigner signer = new RSASSASigner(key, true);
token.sign(signer);
} catch (KeystoreServiceException e) {
throw new TokenServiceException(e);
}
}
use of org.apache.knox.gateway.services.security.KeystoreServiceException in project knox by apache.
the class DefaultKeystoreService method getCredentialForCluster.
@Override
public char[] getCredentialForCluster(String clusterName, String alias, KeyStore ks) throws KeystoreServiceException {
try {
char[] credential = null;
Key credentialKey = ks.getKey(alias, masterService.getMasterSecret());
if (credentialKey == null) {
credentialKey = ks.getKey(alias.toLowerCase(Locale.ROOT), masterService.getMasterSecret());
}
if (credentialKey != null) {
final String credentialString = new String(credentialKey.getEncoded(), StandardCharsets.UTF_8);
credential = credentialString.toCharArray();
addToCache(clusterName, alias, credentialString);
}
return credential;
} catch (UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException e) {
throw new KeystoreServiceException(e);
}
}
use of org.apache.knox.gateway.services.security.KeystoreServiceException in project knox by apache.
the class DefaultAliasService method getPasswordFromAliasForCluster.
@Override
public char[] getPasswordFromAliasForCluster(String clusterName, String alias, boolean generate) throws AliasServiceException {
char[] credential;
try {
credential = keystoreService.getCredentialForCluster(clusterName, alias);
if (credential == null && generate) {
generateAliasForCluster(clusterName, alias);
credential = keystoreService.getCredentialForCluster(clusterName, alias);
}
} catch (KeystoreServiceException e) {
LOG.failedToGetCredentialForCluster(clusterName, e);
throw new AliasServiceException(e);
}
return credential;
}
use of org.apache.knox.gateway.services.security.KeystoreServiceException in project knox by apache.
the class DefaultAliasService method generateAliasForCluster.
@Override
public void generateAliasForCluster(String clusterName, String alias) throws AliasServiceException {
try {
keystoreService.getCredentialStoreForCluster(clusterName);
} catch (KeystoreServiceException e) {
LOG.failedToGenerateAliasForCluster(clusterName, e);
throw new AliasServiceException(e);
}
String passwordString = PasswordUtils.generatePassword(16);
addAliasForCluster(clusterName, alias, passwordString);
}
use of org.apache.knox.gateway.services.security.KeystoreServiceException in project knox by apache.
the class DefaultAliasService method getPasswordsForGateway.
// Overriding the default behavior as we want to avoid loading the keystore N-times from the file system
@Override
public Map<String, char[]> getPasswordsForGateway() throws AliasServiceException {
final Map<String, char[]> passwordAliasMap = new HashMap<>();
try {
final KeyStore gatewayCredentialStore = keystoreService.getCredentialStoreForCluster(NO_CLUSTER_NAME);
final Enumeration<String> aliases = gatewayCredentialStore.aliases();
String alias;
while (aliases.hasMoreElements()) {
alias = aliases.nextElement();
passwordAliasMap.put(alias, keystoreService.getCredentialForCluster(NO_CLUSTER_NAME, alias, gatewayCredentialStore));
}
} catch (KeystoreServiceException | KeyStoreException e) {
e.printStackTrace();
}
return passwordAliasMap;
}
Aggregations