Example 51 with IllegalConfigurationException
use of org.apache.qpid.server.configuration.IllegalConfigurationException in project qpid-broker-j by apache.
the class FileKeyStoreImpl method validateKeyStoreAttributes.
private void validateKeyStoreAttributes(FileKeyStore<?> fileKeyStore) {
java.security.KeyStore keyStore;
try {
URL url = getUrlFromString(fileKeyStore.getStoreUrl());
String password = fileKeyStore.getPassword();
String keyStoreType = fileKeyStore.getKeyStoreType();
keyStore = SSLUtil.getInitializedKeyStore(url, password, keyStoreType);
} catch (Exception e) {
final String message;
if (e instanceof IOException && e.getCause() != null && e.getCause() instanceof UnrecoverableKeyException) {
message = "Check key store password. Cannot instantiate key store from '" + fileKeyStore.getStoreUrl() + "'.";
} else {
message = "Cannot instantiate key store from '" + fileKeyStore.getStoreUrl() + "'.";
}
throw new IllegalConfigurationException(message, e);
}
try {
final String certAlias = fileKeyStore.getCertificateAlias();
if (certAlias != null) {
Certificate cert = keyStore.getCertificate(certAlias);
if (cert == null) {
throw new IllegalConfigurationException(String.format("Cannot find a certificate with alias '%s' in key store : %s", certAlias, fileKeyStore.getStoreUrl()));
}
if (keyStore.isCertificateEntry(certAlias)) {
throw new IllegalConfigurationException(String.format("Alias '%s' in key store : %s does not identify a key.", certAlias, fileKeyStore.getStoreUrl()));
}
}
if (!containsPrivateKey(keyStore)) {
throw new IllegalConfigurationException("Keystore must contain at least one private key.");
}
} catch (KeyStoreException e) {
// key store should be initialized above
throw new ServerScopedRuntimeException("Key store has not been initialized", e);
}
try {
KeyManagerFactory.getInstance(fileKeyStore.getKeyManagerFactoryAlgorithm());
} catch (NoSuchAlgorithmException e) {
throw new IllegalConfigurationException("Unknown keyManagerFactoryAlgorithm: " + fileKeyStore.getKeyManagerFactoryAlgorithm());
}
if (!fileKeyStore.isDurable()) {
throw new IllegalArgumentException(getClass().getSimpleName() + " must be durable");
}
checkCertificateExpiry();
}
Also used :
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
URL(java.net.URL)
KeyStoreException(java.security.KeyStoreException)
GeneralSecurityException(java.security.GeneralSecurityException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException)
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
ServerScopedRuntimeException(org.apache.qpid.server.util.ServerScopedRuntimeException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
Certificate(java.security.cert.Certificate)
Example 52 with IllegalConfigurationException
use of org.apache.qpid.server.configuration.IllegalConfigurationException in project qpid-broker-j by apache.
the class ManagedPeerCertificateTrustStoreImpl method updateTrustManagers.
@SuppressWarnings("unused")
private void updateTrustManagers() {
try {
java.security.KeyStore inMemoryKeyStore = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
inMemoryKeyStore.load(null, null);
int i = 1;
for (Certificate cert : _storedCertificates) {
inMemoryKeyStore.setCertificateEntry(String.valueOf(i++), cert);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(inMemoryKeyStore);
final Collection<TrustManager> trustManagersCol = new ArrayList<>();
final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
TrustManager[] delegateManagers = tmf.getTrustManagers();
for (TrustManager tm : delegateManagers) {
if (tm instanceof X509TrustManager) {
// truststore is supposed to trust only clients which peers certificates
// are directly in the store. CA signing will not be considered.
mulTrustManager.addTrustManager(new QpidPeersOnlyTrustManager(inMemoryKeyStore, (X509TrustManager) tm));
} else {
trustManagersCol.add(tm);
}
}
if (!mulTrustManager.isEmpty()) {
trustManagersCol.add(mulTrustManager);
}
if (trustManagersCol.isEmpty()) {
_trustManagers = null;
} else {
_trustManagers = trustManagersCol.toArray(new TrustManager[trustManagersCol.size()]);
}
} catch (IOException | GeneralSecurityException e) {
throw new IllegalConfigurationException("Cannot load certificate(s) :" + e, e);
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
IOException(java.io.IOException)
QpidPeersOnlyTrustManager(org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager)
TrustManager(javax.net.ssl.TrustManager)
QpidPeersOnlyTrustManager(org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
QpidMultipleTrustManager(org.apache.qpid.server.transport.network.security.ssl.QpidMultipleTrustManager)
QpidMultipleTrustManager(org.apache.qpid.server.transport.network.security.ssl.QpidMultipleTrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 53 with IllegalConfigurationException
use of org.apache.qpid.server.configuration.IllegalConfigurationException in project qpid-broker-j by apache.
the class NonJavaKeyStoreImpl method updateKeyManagers.
@SuppressWarnings("unused")
private void updateKeyManagers() {
try {
if (_privateKeyUrl != null && _certificateUrl != null) {
PrivateKey privateKey = SSLUtil.readPrivateKey(getUrlFromString(_privateKeyUrl));
X509Certificate[] certs = SSLUtil.readCertificates(getUrlFromString(_certificateUrl));
if (_intermediateCertificateUrl != null) {
List<X509Certificate> allCerts = new ArrayList<>(Arrays.asList(certs));
allCerts.addAll(Arrays.asList(SSLUtil.readCertificates(getUrlFromString(_intermediateCertificateUrl))));
certs = allCerts.toArray(new X509Certificate[allCerts.size()]);
}
checkCertificateExpiry(certs);
java.security.KeyStore inMemoryKeyStore = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
byte[] bytes = new byte[64];
char[] chars = new char[64];
RANDOM.nextBytes(bytes);
StandardCharsets.US_ASCII.decode(ByteBuffer.wrap(bytes)).get(chars);
inMemoryKeyStore.load(null, chars);
inMemoryKeyStore.setKeyEntry("1", privateKey, chars, certs);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(inMemoryKeyStore, chars);
_keyManagers = kmf.getKeyManagers();
_certificate = certs[0];
}
} catch (IOException | GeneralSecurityException e) {
throw new IllegalConfigurationException("Cannot load private key or certificate(s): " + e, e);
}
}
Also used :
PrivateKey(java.security.PrivateKey)
GeneralSecurityException(java.security.GeneralSecurityException)
ArrayList(java.util.ArrayList)
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
IOException(java.io.IOException)
X509Certificate(java.security.cert.X509Certificate)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 54 with IllegalConfigurationException
use of org.apache.qpid.server.configuration.IllegalConfigurationException in project qpid-broker-j by apache.
the class SiteSpecificTrustStoreImpl method decodeCertificate.
private void decodeCertificate() {
byte[] certificateEncoded = Strings.decodeBase64((String) getActualAttributes().get(CERTIFICATE));
try (ByteArrayInputStream input = new ByteArrayInputStream(certificateEncoded)) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
_x509Certificate = (X509Certificate) cf.generateCertificate(input);
} catch (CertificateException | IOException e) {
throw new IllegalConfigurationException("Could not decode certificate", e);
}
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
CertificateFactory(java.security.cert.CertificateFactory)
Example 55 with IllegalConfigurationException
use of org.apache.qpid.server.configuration.IllegalConfigurationException in project qpid-broker-j by apache.
the class SiteSpecificTrustStoreImpl method generateTrustAndSetState.
private void generateTrustAndSetState(final SettableFuture<Void> result) {
State state = State.ERRORED;
try {
generateTrustManagers();
state = State.ACTIVE;
result.set(null);
} catch (IllegalConfigurationException e) {
result.setException(e);
} finally {
setState(state);
result.set(null);
}
}
Also used :
State(org.apache.qpid.server.model.State)
IllegalConfigurationException(org.apache.qpid.server.configuration.IllegalConfigurationException)
Aggregations
IllegalConfigurationException (org.apache.qpid.server.configuration.IllegalConfigurationException)87
HashMap (java.util.HashMap)31
IOException (java.io.IOException)25
ConfiguredObject (org.apache.qpid.server.model.ConfiguredObject)20
File (java.io.File)15
UUID (java.util.UUID)12
ConfiguredObjectRecord (org.apache.qpid.server.store.ConfiguredObjectRecord)12
GeneralSecurityException (java.security.GeneralSecurityException)10
AbstractConfiguredObject (org.apache.qpid.server.model.AbstractConfiguredObject)9
LinkedHashMap (java.util.LinkedHashMap)7
Map (java.util.Map)7
ServerScopedRuntimeException (org.apache.qpid.server.util.ServerScopedRuntimeException)7
AccessControlException (java.security.AccessControlException)6
ArrayList (java.util.ArrayList)6
Protocol (org.apache.qpid.server.model.Protocol)5
UnknownAlternateBindingException (org.apache.qpid.server.virtualhost.UnknownAlternateBindingException)5
MalformedURLException (java.net.MalformedURLException)4
URL (java.net.URL)4
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4
HashSet (java.util.HashSet)4
