Search in sources :

Example 1 with KeyStoreHelper

use of org.drools.core.util.KeyStoreHelper in project drools by kiegroup.

the class PersisterHelper method checkSignature.

private static void checkSignature(Header _header, byte[] sessionbuff) {
    KeyStoreHelper helper = new KeyStoreHelper();
    boolean signed = _header.hasSignature();
    if (helper.isSigned() != signed) {
        throw new RuntimeException("This environment is configured to work with " + (helper.isSigned() ? "signed" : "unsigned") + " serialized objects, but the given object is " + (signed ? "signed" : "unsigned") + ". Deserialization aborted.");
    }
    if (signed) {
        if (helper.getPubKeyStore() == null) {
            throw new RuntimeException("The session was serialized with a signature. Please configure a public keystore with the public key to check the signature. Deserialization aborted.");
        }
        try {
            if (!helper.checkDataWithPublicKey(_header.getSignature().getKeyAlias(), sessionbuff, _header.getSignature().getSignature().toByteArray())) {
                throw new RuntimeException("Signature does not match serialized package. This is a security violation. Deserialisation aborted.");
            }
        } catch (InvalidKeyException e) {
            throw new RuntimeException("Invalid key checking signature: " + e.getMessage(), e);
        } catch (KeyStoreException e) {
            throw new RuntimeException("Error accessing Key Store: " + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("No algorithm available: " + e.getMessage(), e);
        } catch (SignatureException e) {
            throw new RuntimeException("Signature Exception: " + e.getMessage(), e);
        }
    }
}
Also used : KeyStoreHelper(org.drools.core.util.KeyStoreHelper) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SignatureException(java.security.SignatureException) InvalidKeyException(java.security.InvalidKeyException)

Example 2 with KeyStoreHelper

use of org.drools.core.util.KeyStoreHelper in project drools by kiegroup.

the class JavaDialectRuntimeData method readExternal.

/**
 * Handles the read serialization of the PackageCompilationData. Patterns in Rules may reference generated data which cannot be serialized by
 * default methods. The PackageCompilationData holds a reference to the generated bytecode; which must be restored before any Rules.
 * A custom ObjectInputStream, able to resolve classes against the bytecode, is used to restore the Rules.
 */
public void readExternal(ObjectInput stream) throws IOException, ClassNotFoundException {
    KeyStoreHelper helper = new KeyStoreHelper();
    boolean signed = stream.readBoolean();
    if (helper.isSigned() != signed) {
        throw new RuntimeException("This environment is configured to work with " + (helper.isSigned() ? "signed" : "unsigned") + " serialized objects, but the given object is " + (signed ? "signed" : "unsigned") + ". Deserialization aborted.");
    }
    String pubKeyAlias = null;
    if (signed) {
        pubKeyAlias = (String) stream.readObject();
        if (helper.getPubKeyStore() == null) {
            throw new RuntimeException("The package was serialized with a signature. Please configure a public keystore with the public key to check the signature. Deserialization aborted.");
        }
    }
    // Return the object stored as a byte[]
    byte[] bytes = (byte[]) stream.readObject();
    if (signed) {
        checkSignature(stream, helper, bytes, pubKeyAlias);
    }
    ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(bytes));
    for (int i = 0, length = in.readInt(); i < length; i++) {
        this.store.put((String) in.readObject(), (byte[]) in.readObject());
    }
    in.close();
    for (int i = 0, length = stream.readInt(); i < length; i++) {
        this.invokerLookups.put((String) stream.readObject(), (Wireable) stream.readObject());
    }
    for (int i = 0, length = stream.readInt(); i < length; i++) {
        this.classLookups.put((String) stream.readObject(), (byte[]) stream.readObject());
    }
    // mark it as dirty, so that it reloads everything.
    this.dirty = true;
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) KeyStoreHelper(org.drools.core.util.KeyStoreHelper) Constraint(org.drools.core.spi.Constraint) ObjectInputStream(java.io.ObjectInputStream)

Example 3 with KeyStoreHelper

use of org.drools.core.util.KeyStoreHelper in project drools by kiegroup.

the class KieModuleCacheHelper method checkSignature.

private static void checkSignature(Header _header, byte[] sessionbuff) {
    KeyStoreHelper helper = new KeyStoreHelper();
    boolean signed = _header.hasSignature();
    if (helper.isSigned() != signed) {
        throw new RuntimeException("This environment is configured to work with " + (helper.isSigned() ? "signed" : "unsigned") + " serialized objects, but the given object is " + (signed ? "signed" : "unsigned") + ". Deserialization aborted.");
    }
    if (signed) {
        if (helper.getPubKeyStore() == null) {
            throw new RuntimeException("The session was serialized with a signature. Please configure a public keystore with the public key to check the signature. Deserialization aborted.");
        }
        try {
            if (!helper.checkDataWithPublicKey(_header.getSignature().getKeyAlias(), sessionbuff, _header.getSignature().getSignature().toByteArray())) {
                throw new RuntimeException("Signature does not match serialized package. This is a security violation. Deserialisation aborted.");
            }
        } catch (InvalidKeyException e) {
            throw new RuntimeException("Invalid key checking signature: " + e.getMessage(), e);
        } catch (KeyStoreException e) {
            throw new RuntimeException("Error accessing Key Store: " + e.getMessage(), e);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("No algorithm available: " + e.getMessage(), e);
        } catch (SignatureException e) {
            throw new RuntimeException("Signature Exception: " + e.getMessage(), e);
        }
    }
}
Also used : KeyStoreHelper(org.drools.core.util.KeyStoreHelper) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SignatureException(java.security.SignatureException) InvalidKeyException(java.security.InvalidKeyException)

Example 4 with KeyStoreHelper

use of org.drools.core.util.KeyStoreHelper in project drools by kiegroup.

the class JavaDialectRuntimeData method writeExternal.

/**
 * Handles the write serialization of the PackageCompilationData. Patterns in Rules may reference generated data which cannot be serialized by
 * default methods. The PackageCompilationData holds a reference to the generated bytecode. The generated bytecode must be restored before any Rules.
 */
public void writeExternal(ObjectOutput stream) throws IOException {
    KeyStoreHelper helper = new KeyStoreHelper();
    stream.writeBoolean(helper.isSigned());
    if (helper.isSigned()) {
        stream.writeObject(helper.getPvtKeyAlias());
    }
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    ObjectOutput out = new ObjectOutputStream(bos);
    out.writeInt(this.store.size());
    for (Entry<String, byte[]> entry : this.store.entrySet()) {
        out.writeObject(entry.getKey());
        out.writeObject(entry.getValue());
    }
    out.flush();
    out.close();
    byte[] buff = bos.toByteArray();
    stream.writeObject(buff);
    if (helper.isSigned()) {
        sign(stream, helper, buff);
    }
    stream.writeInt(this.invokerLookups.size());
    for (Entry<String, Wireable> entry : this.invokerLookups.entrySet()) {
        stream.writeObject(entry.getKey());
        stream.writeObject(entry.getValue());
    }
    stream.writeInt(this.classLookups.size());
    for (Entry<String, byte[]> entry : this.classLookups.entrySet()) {
        stream.writeObject(entry.getKey());
        stream.writeObject(entry.getValue());
    }
}
Also used : ObjectOutput(java.io.ObjectOutput) KeyStoreHelper(org.drools.core.util.KeyStoreHelper) Wireable(org.drools.core.spi.Wireable) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ObjectOutputStream(java.io.ObjectOutputStream)

Aggregations

KeyStoreHelper (org.drools.core.util.KeyStoreHelper)4 InvalidKeyException (java.security.InvalidKeyException)2 KeyStoreException (java.security.KeyStoreException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 SignatureException (java.security.SignatureException)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 ObjectInputStream (java.io.ObjectInputStream)1 ObjectOutput (java.io.ObjectOutput)1 ObjectOutputStream (java.io.ObjectOutputStream)1 Constraint (org.drools.core.spi.Constraint)1 Wireable (org.drools.core.spi.Wireable)1