Examples with XXRangerKeyStore org.apache.ranger.entity.XXRangerKeyStore used on opensource projects
Example 1 with XXRangerKeyStore
use of org.apache.ranger.entity.XXRangerKeyStore in project ranger by apache.
the class RangerKeyStore method mapObjectToEntity.
private XXRangerKeyStore mapObjectToEntity(String alias, Long creationDate, byte[] byteArray, String cipher_field, int bit_length, String description, int version, String attributes) {
XXRangerKeyStore xxRangerKeyStore = new XXRangerKeyStore();
xxRangerKeyStore.setAlias(alias);
xxRangerKeyStore.setCreatedDate(creationDate);
xxRangerKeyStore.setEncoded(DatatypeConverter.printBase64Binary(byteArray));
xxRangerKeyStore.setCipher(cipher_field);
xxRangerKeyStore.setBitLength(bit_length);
xxRangerKeyStore.setDescription(description);
xxRangerKeyStore.setVersion(version);
xxRangerKeyStore.setAttributes(attributes);
return xxRangerKeyStore;
}
Also used :
XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore)
Example 2 with XXRangerKeyStore
use of org.apache.ranger.entity.XXRangerKeyStore in project ranger by apache.
the class RangerKeyStore method engineLoad.
@Override
public void engineLoad(InputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerKeyStore.engineLoad()");
}
synchronized (keyEntries) {
List<XXRangerKeyStore> rangerKeyDetails = dbOperationLoad();
if (rangerKeyDetails == null || rangerKeyDetails.size() < 1) {
if (logger.isDebugEnabled()) {
logger.debug("RangerKeyStore might be null or key is not present in the database.");
}
return;
}
keyEntries.clear();
if (keyVaultEnabled) {
for (XXRangerKeyStore rangerKey : rangerKeyDetails) {
String encodedStr = rangerKey.getEncoded();
byte[] encodedByte = DatatypeConverter.parseBase64Binary(encodedStr);
String alias;
SecretKeyByteEntry entry = new SecretKeyByteEntry();
alias = rangerKey.getAlias();
entry.date = new Date(rangerKey.getCreatedDate());
entry.cipher_field = rangerKey.getCipher();
entry.bit_length = rangerKey.getBitLength();
entry.description = rangerKey.getDescription();
entry.version = rangerKey.getVersion();
entry.attributes = rangerKey.getAttributes();
entry.key = encodedByte;
keyEntries.put(alias, entry);
}
} else {
DataInputStream dis;
MessageDigest md = null;
if (password != null) {
md = getKeyedMessageDigest(password);
}
byte[] computed = {};
if (md != null) {
computed = md.digest();
}
for (XXRangerKeyStore rangerKey : rangerKeyDetails) {
String encoded = rangerKey.getEncoded();
byte[] data = DatatypeConverter.parseBase64Binary(encoded);
if (data != null && data.length > 0) {
stream = new ByteArrayInputStream(data);
} else {
logger.error("No Key found for alias " + rangerKey.getAlias());
}
if (computed != null) {
int counter = 0;
for (int i = computed.length - 1; i >= 0; i--) {
if (computed[i] != data[data.length - (1 + counter)]) {
Throwable t = new UnrecoverableKeyException("Password verification failed");
logger.error("Keystore was tampered with, or password was incorrect.", t);
throw (IOException) new IOException("Keystore was tampered with, or " + "password was incorrect").initCause(t);
} else {
counter++;
}
}
}
if (password != null) {
dis = new DataInputStream(new DigestInputStream(stream, md));
} else {
dis = new DataInputStream(stream);
}
ObjectInputStream ois = null;
try {
String alias;
SecretKeyEntry entry = new SecretKeyEntry();
// read the alias
alias = rangerKey.getAlias();
// read the (entry creation) date
entry.date = new Date(rangerKey.getCreatedDate());
entry.cipher_field = rangerKey.getCipher();
entry.bit_length = rangerKey.getBitLength();
entry.description = rangerKey.getDescription();
entry.version = rangerKey.getVersion();
entry.attributes = rangerKey.getAttributes();
// read the sealed key
try {
ois = new ObjectInputStream(dis);
entry.sealedKey = (SealedObject) ois.readObject();
} catch (ClassNotFoundException cnfe) {
throw new IOException(cnfe.getMessage());
}
// Add the entry to the list
keyEntries.put(alias, entry);
} finally {
if (ois != null) {
ois.close();
} else {
dis.close();
}
}
}
}
}
}
Also used :
DigestInputStream(java.security.DigestInputStream)
XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore)
IOException(java.io.IOException)
DataInputStream(java.io.DataInputStream)
Date(java.util.Date)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
MessageDigest(java.security.MessageDigest)
ObjectInputStream(java.io.ObjectInputStream)
Example 3 with XXRangerKeyStore
use of org.apache.ranger.entity.XXRangerKeyStore in project ranger by apache.
the class RangerKeyStore method convertKeysBetweenRangerKMSAndHSM.
private XXRangerKeyStore convertKeysBetweenRangerKMSAndHSM(String alias, Key key, RangerKMSMKI rangerMKeyProvider) {
try {
XXRangerKeyStore xxRangerKeyStore;
SecretKeyEntry secretKey = (SecretKeyEntry) getKeyEntry(alias);
if (key instanceof KeyMetadata) {
Metadata meta = ((KeyMetadata) key).metadata;
KeyGenerator keyGenerator = KeyGenerator.getInstance(getAlgorithm(meta.getCipher()));
keyGenerator.init(meta.getBitLength());
byte[] keyByte = keyGenerator.generateKey().getEncoded();
Key ezkey = new SecretKeySpec(keyByte, getAlgorithm(meta.getCipher()));
byte[] encryptedKey = rangerMKeyProvider.encryptZoneKey(ezkey);
Long creationDate = new Date().getTime();
String attributes = secretKey.attributes;
xxRangerKeyStore = mapObjectToEntity(alias, creationDate, encryptedKey, meta.getCipher(), meta.getBitLength(), meta.getDescription(), meta.getVersions(), attributes);
} else {
byte[] encryptedKey = rangerMKeyProvider.encryptZoneKey(key);
Long creationDate = secretKey.date.getTime();
int version = secretKey.version;
if ((alias.split("@").length == 2) && (((Integer.parseInt(alias.split("@")[1])) + 1) != secretKey.version)) {
version++;
}
xxRangerKeyStore = mapObjectToEntity(alias, creationDate, encryptedKey, secretKey.cipher_field, secretKey.bit_length, secretKey.description, version, secretKey.attributes);
}
return xxRangerKeyStore;
} catch (Throwable t) {
throw new RuntimeException("Migration failed between key secure and Ranger DB : ", t);
}
}
Also used :
Metadata(org.apache.hadoop.crypto.key.KeyProvider.Metadata)
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore)
Date(java.util.Date)
KeyMetadata(org.apache.hadoop.crypto.key.RangerKeyStoreProvider.KeyMetadata)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyGenerator(javax.crypto.KeyGenerator)
Key(java.security.Key)
SecretKey(javax.crypto.SecretKey)
Example 4 with XXRangerKeyStore
use of org.apache.ranger.entity.XXRangerKeyStore in project ranger by apache.
the class RangerKeyStore method engineStore.
@Override
public void engineStore(OutputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerKeyStore.engineStore()");
}
synchronized (deltaEntries) {
if (keyVaultEnabled) {
for (Entry<String, Object> entry : deltaEntries.entrySet()) {
Long creationDate = ((SecretKeyByteEntry) entry.getValue()).date.getTime();
SecretKeyByteEntry secretSecureKey = (SecretKeyByteEntry) entry.getValue();
XXRangerKeyStore xxRangerKeyStore = mapObjectToEntity(entry.getKey(), creationDate, secretSecureKey.key, secretSecureKey.cipher_field, secretSecureKey.bit_length, secretSecureKey.description, secretSecureKey.version, secretSecureKey.attributes);
dbOperationStore(xxRangerKeyStore);
}
} else {
// password is mandatory when storing
if (password == null) {
throw new IllegalArgumentException("Ranger Master Key can't be null");
}
MessageDigest md = getKeyedMessageDigest(password);
byte[] digest = md.digest();
for (Entry<String, Object> entry : deltaEntries.entrySet()) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(new DigestOutputStream(baos, md));
ObjectOutputStream oos = null;
try {
oos = new ObjectOutputStream(dos);
oos.writeObject(((SecretKeyEntry) entry.getValue()).sealedKey);
dos.write(digest);
dos.flush();
Long creationDate = ((SecretKeyEntry) entry.getValue()).date.getTime();
SecretKeyEntry secretKey = (SecretKeyEntry) entry.getValue();
XXRangerKeyStore xxRangerKeyStore = mapObjectToEntity(entry.getKey(), creationDate, baos.toByteArray(), secretKey.cipher_field, secretKey.bit_length, secretKey.description, secretKey.version, secretKey.attributes);
dbOperationStore(xxRangerKeyStore);
} finally {
if (oos != null) {
oos.close();
} else {
dos.close();
}
}
}
}
clearDeltaEntires();
}
}
Also used :
DataOutputStream(java.io.DataOutputStream)
XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
ObjectOutputStream(java.io.ObjectOutputStream)
DigestOutputStream(java.security.DigestOutputStream)
SealedObject(javax.crypto.SealedObject)
MessageDigest(java.security.MessageDigest)
Example 5 with XXRangerKeyStore
use of org.apache.ranger.entity.XXRangerKeyStore in project ranger by apache.
the class RangerKeyStore method dbOperationStore.
public void dbOperationStore(XXRangerKeyStore rangerKeyStore) {
if (logger.isDebugEnabled()) {
logger.debug("==> RangerKeyStore.dbOperationStore()");
}
try {
if (daoManager != null) {
RangerKMSDao rangerKMSDao = new RangerKMSDao(daoManager);
XXRangerKeyStore xxRangerKeyStore = rangerKMSDao.findByAlias(rangerKeyStore.getAlias());
boolean keyStoreExists = true;
if (xxRangerKeyStore == null) {
xxRangerKeyStore = new XXRangerKeyStore();
keyStoreExists = false;
}
xxRangerKeyStore = mapToEntityBean(rangerKeyStore, xxRangerKeyStore);
if (keyStoreExists) {
xxRangerKeyStore = rangerKMSDao.update(xxRangerKeyStore);
} else {
xxRangerKeyStore = rangerKMSDao.create(xxRangerKeyStore);
}
}
} catch (Exception e) {
logger.error("==> RangerKeyStore.dbOperationStore() error : ", e);
}
}
Also used :
RangerKMSDao(org.apache.ranger.kms.dao.RangerKMSDao)
XXRangerKeyStore(org.apache.ranger.entity.XXRangerKeyStore)
KeyStoreException(java.security.KeyStoreException)
IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException)
InvocationTargetException(java.lang.reflect.InvocationTargetException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
JsonMappingException(org.codehaus.jackson.map.JsonMappingException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
JsonParseException(org.codehaus.jackson.JsonParseException)
Aggregations
XXRangerKeyStore (org.apache.ranger.entity.XXRangerKeyStore)7
IOException (java.io.IOException)4
Key (java.security.Key)3
MessageDigest (java.security.MessageDigest)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
ArrayList (java.util.ArrayList)2
Date (java.util.Date)2
DaoManager (org.apache.ranger.kms.dao.DaoManager)2
KeyVaultClient (com.microsoft.azure.keyvault.KeyVaultClient)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
ByteArrayOutputStream (java.io.ByteArrayOutputStream)1
DataInputStream (java.io.DataInputStream)1
DataOutputStream (java.io.DataOutputStream)1
ObjectInputStream (java.io.ObjectInputStream)1
ObjectOutputStream (java.io.ObjectOutputStream)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
InvocationTargetException (java.lang.reflect.InvocationTargetException)1
DigestInputStream (java.security.DigestInputStream)1
DigestOutputStream (java.security.DigestOutputStream)1
KeyStoreException (java.security.KeyStoreException)1
