Example 11 with KeystoreServiceException
use of org.apache.knox.gateway.services.security.KeystoreServiceException in project knox by apache.
the class DefaultAliasService method getAliasesForCluster.
@Override
public List<String> getAliasesForCluster(String clusterName) {
ArrayList<String> list = new ArrayList<>();
KeyStore keyStore;
try {
keyStore = keystoreService.getCredentialStoreForCluster(clusterName);
if (keyStore != null) {
String alias;
try {
Enumeration<String> e = keyStore.aliases();
while (e.hasMoreElements()) {
alias = e.nextElement();
// only include the metadata key names in the list of names
if (!alias.contains("@")) {
list.add(alias);
}
}
} catch (KeyStoreException e) {
LOG.failedToGetCredentialForCluster(clusterName, e);
}
}
} catch (KeystoreServiceException kse) {
LOG.failedToGetCredentialForCluster(clusterName, kse);
}
return list;
}
Also used :
ArrayList(java.util.ArrayList)
KeyStoreException(java.security.KeyStoreException)
KeystoreServiceException(org.apache.knox.gateway.services.security.KeystoreServiceException)
KeyStore(java.security.KeyStore)
Example 12 with KeystoreServiceException
use of org.apache.knox.gateway.services.security.KeystoreServiceException in project knox by apache.
the class DefaultGatewayServices method initializeContribution.
@Override
public void initializeContribution(DeploymentContext context) {
// setup credential store as appropriate
String clusterName = context.getTopology().getName();
try {
KeystoreService ks = getService(ServiceType.KEYSTORE_SERVICE);
if (!ks.isCredentialStoreForClusterAvailable(clusterName)) {
log.creatingCredentialStoreForCluster(clusterName);
ks.createCredentialStoreForCluster(clusterName);
} else {
log.credentialStoreForClusterFoundNotCreating(clusterName);
}
} catch (KeystoreServiceException e) {
throw new RuntimeException("Credential store was found but was unable to be loaded - the provided (or persisted) master secret may not match the password for the credential store.", e);
}
}
Also used :
KeystoreService(org.apache.knox.gateway.services.security.KeystoreService)
KeystoreServiceException(org.apache.knox.gateway.services.security.KeystoreServiceException)
Example 13 with KeystoreServiceException
use of org.apache.knox.gateway.services.security.KeystoreServiceException in project knox by apache.
the class BaseKeystoreService method createKeystore.
protected void createKeystore(String filename, String keystoreType) throws KeystoreServiceException {
try {
FileOutputStream out = createKeyStoreFile(filename);
KeyStore ks = KeyStore.getInstance(keystoreType);
ks.load(null, null);
ks.store(out, masterService.getMasterSecret());
out.close();
} catch (KeyStoreException e) {
LOG.failedToCreateKeystore(filename, keystoreType, e);
throw new KeystoreServiceException(e);
} catch (NoSuchAlgorithmException e) {
LOG.failedToCreateKeystore(filename, keystoreType, e);
throw new KeystoreServiceException(e);
} catch (CertificateException e) {
LOG.failedToCreateKeystore(filename, keystoreType, e);
throw new KeystoreServiceException(e);
} catch (FileNotFoundException e) {
LOG.failedToCreateKeystore(filename, keystoreType, e);
throw new KeystoreServiceException(e);
} catch (IOException e) {
LOG.failedToCreateKeystore(filename, keystoreType, e);
throw new KeystoreServiceException(e);
}
}
Also used :
FileOutputStream(java.io.FileOutputStream)
FileNotFoundException(java.io.FileNotFoundException)
CertificateException(java.security.cert.CertificateException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeystoreServiceException(org.apache.knox.gateway.services.security.KeystoreServiceException)
KeyStore(java.security.KeyStore)
Example 14 with KeystoreServiceException
use of org.apache.knox.gateway.services.security.KeystoreServiceException in project knox by apache.
the class DefaultKeystoreService method isCredentialStoreForClusterAvailable.
@Override
public boolean isCredentialStoreForClusterAvailable(String clusterName) throws KeystoreServiceException {
boolean rc = false;
final File keyStoreFile = new File(keyStoreDir + clusterName + CREDENTIALS_SUFFIX);
readLock.lock();
try {
try {
rc = isKeystoreAvailable(keyStoreFile, "JCEKS");
} catch (KeyStoreException e) {
throw new KeystoreServiceException(e);
} catch (IOException e) {
throw new KeystoreServiceException(e);
}
return rc;
} finally {
readLock.unlock();
}
}
Also used :
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
KeystoreServiceException(org.apache.knox.gateway.services.security.KeystoreServiceException)
File(java.io.File)
Example 15 with KeystoreServiceException
use of org.apache.knox.gateway.services.security.KeystoreServiceException in project knox by apache.
the class DefaultKeystoreService method addSelfSignedCertForGateway.
@Override
public void addSelfSignedCertForGateway(String alias, char[] passphrase, String hostname) throws KeystoreServiceException {
writeLock.lock();
try {
KeyPairGenerator keyPairGenerator;
try {
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair KPair = keyPairGenerator.generateKeyPair();
if (hostname == null) {
hostname = System.getProperty(CERT_GEN_MODE, CERT_GEN_MODE_LOCALHOST);
}
X509Certificate cert = null;
if (hostname.equals(CERT_GEN_MODE_HOSTNAME)) {
String dn = buildDistinguishedName(InetAddress.getLocalHost().getHostName());
cert = X509CertificateUtil.generateCertificate(dn, KPair, 365, "SHA1withRSA");
} else {
String dn = buildDistinguishedName(hostname);
cert = X509CertificateUtil.generateCertificate(dn, KPair, 365, "SHA1withRSA");
}
KeyStore privateKS = getKeystoreForGateway();
privateKS.setKeyEntry(alias, KPair.getPrivate(), passphrase, new java.security.cert.Certificate[] { cert });
writeKeystoreToFile(privateKS, new File(keyStoreDir + GATEWAY_KEYSTORE));
// writeCertificateToFile( cert, new File( keyStoreDir + alias + ".pem" ) );
} catch (NoSuchAlgorithmException e) {
LOG.failedToAddSeflSignedCertForGateway(alias, e);
throw new KeystoreServiceException(e);
} catch (GeneralSecurityException e) {
LOG.failedToAddSeflSignedCertForGateway(alias, e);
throw new KeystoreServiceException(e);
} catch (IOException e) {
LOG.failedToAddSeflSignedCertForGateway(alias, e);
throw new KeystoreServiceException(e);
}
} finally {
writeLock.unlock();
}
}
Also used :
KeyPair(java.security.KeyPair)
GeneralSecurityException(java.security.GeneralSecurityException)
KeyPairGenerator(java.security.KeyPairGenerator)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
IOException(java.io.IOException)
KeystoreServiceException(org.apache.knox.gateway.services.security.KeystoreServiceException)
KeyStore(java.security.KeyStore)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
KeystoreServiceException (org.apache.knox.gateway.services.security.KeystoreServiceException)25
KeyStoreException (java.security.KeyStoreException)14
KeyStore (java.security.KeyStore)8
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)8
AliasServiceException (org.apache.knox.gateway.services.security.AliasServiceException)7
IOException (java.io.IOException)6
TokenServiceException (org.apache.knox.gateway.services.security.token.TokenServiceException)5
File (java.io.File)4
RSAPrivateKey (java.security.interfaces.RSAPrivateKey)4
RSAPublicKey (java.security.interfaces.RSAPublicKey)4
PublicKey (java.security.PublicKey)3
X509Certificate (java.security.cert.X509Certificate)3
ServiceLifecycleException (org.apache.knox.gateway.services.ServiceLifecycleException)3
JOSEException (com.nimbusds.jose.JOSEException)2
JWSSigner (com.nimbusds.jose.JWSSigner)2
JWSVerifier (com.nimbusds.jose.JWSVerifier)2
RSASSASigner (com.nimbusds.jose.crypto.RSASSASigner)2
RSASSAVerifier (com.nimbusds.jose.crypto.RSASSAVerifier)2
GeneralSecurityException (java.security.GeneralSecurityException)2
InvalidKeyException (java.security.InvalidKeyException)2
