use of org.drools.core.util.KeyStoreHelper in project drools by kiegroup.
the class PersisterHelper method checkSignature.
private static void checkSignature(Header _header, byte[] sessionbuff) {
KeyStoreHelper helper = new KeyStoreHelper();
boolean signed = _header.hasSignature();
if (helper.isSigned() != signed) {
throw new RuntimeException("This environment is configured to work with " + (helper.isSigned() ? "signed" : "unsigned") + " serialized objects, but the given object is " + (signed ? "signed" : "unsigned") + ". Deserialization aborted.");
}
if (signed) {
if (helper.getPubKeyStore() == null) {
throw new RuntimeException("The session was serialized with a signature. Please configure a public keystore with the public key to check the signature. Deserialization aborted.");
}
try {
if (!helper.checkDataWithPublicKey(_header.getSignature().getKeyAlias(), sessionbuff, _header.getSignature().getSignature().toByteArray())) {
throw new RuntimeException("Signature does not match serialized package. This is a security violation. Deserialisation aborted.");
}
} catch (InvalidKeyException e) {
throw new RuntimeException("Invalid key checking signature: " + e.getMessage(), e);
} catch (KeyStoreException e) {
throw new RuntimeException("Error accessing Key Store: " + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("No algorithm available: " + e.getMessage(), e);
} catch (SignatureException e) {
throw new RuntimeException("Signature Exception: " + e.getMessage(), e);
}
}
}
use of org.drools.core.util.KeyStoreHelper in project drools by kiegroup.
the class JavaDialectRuntimeData method readExternal.
/**
* Handles the read serialization of the PackageCompilationData. Patterns in Rules may reference generated data which cannot be serialized by
* default methods. The PackageCompilationData holds a reference to the generated bytecode; which must be restored before any Rules.
* A custom ObjectInputStream, able to resolve classes against the bytecode, is used to restore the Rules.
*/
public void readExternal(ObjectInput stream) throws IOException, ClassNotFoundException {
KeyStoreHelper helper = new KeyStoreHelper();
boolean signed = stream.readBoolean();
if (helper.isSigned() != signed) {
throw new RuntimeException("This environment is configured to work with " + (helper.isSigned() ? "signed" : "unsigned") + " serialized objects, but the given object is " + (signed ? "signed" : "unsigned") + ". Deserialization aborted.");
}
String pubKeyAlias = null;
if (signed) {
pubKeyAlias = (String) stream.readObject();
if (helper.getPubKeyStore() == null) {
throw new RuntimeException("The package was serialized with a signature. Please configure a public keystore with the public key to check the signature. Deserialization aborted.");
}
}
// Return the object stored as a byte[]
byte[] bytes = (byte[]) stream.readObject();
if (signed) {
checkSignature(stream, helper, bytes, pubKeyAlias);
}
ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(bytes));
for (int i = 0, length = in.readInt(); i < length; i++) {
this.store.put((String) in.readObject(), (byte[]) in.readObject());
}
in.close();
for (int i = 0, length = stream.readInt(); i < length; i++) {
this.invokerLookups.put((String) stream.readObject(), (Wireable) stream.readObject());
}
for (int i = 0, length = stream.readInt(); i < length; i++) {
this.classLookups.put((String) stream.readObject(), (byte[]) stream.readObject());
}
// mark it as dirty, so that it reloads everything.
this.dirty = true;
}
use of org.drools.core.util.KeyStoreHelper in project drools by kiegroup.
the class KieModuleCacheHelper method checkSignature.
private static void checkSignature(Header _header, byte[] sessionbuff) {
KeyStoreHelper helper = new KeyStoreHelper();
boolean signed = _header.hasSignature();
if (helper.isSigned() != signed) {
throw new RuntimeException("This environment is configured to work with " + (helper.isSigned() ? "signed" : "unsigned") + " serialized objects, but the given object is " + (signed ? "signed" : "unsigned") + ". Deserialization aborted.");
}
if (signed) {
if (helper.getPubKeyStore() == null) {
throw new RuntimeException("The session was serialized with a signature. Please configure a public keystore with the public key to check the signature. Deserialization aborted.");
}
try {
if (!helper.checkDataWithPublicKey(_header.getSignature().getKeyAlias(), sessionbuff, _header.getSignature().getSignature().toByteArray())) {
throw new RuntimeException("Signature does not match serialized package. This is a security violation. Deserialisation aborted.");
}
} catch (InvalidKeyException e) {
throw new RuntimeException("Invalid key checking signature: " + e.getMessage(), e);
} catch (KeyStoreException e) {
throw new RuntimeException("Error accessing Key Store: " + e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("No algorithm available: " + e.getMessage(), e);
} catch (SignatureException e) {
throw new RuntimeException("Signature Exception: " + e.getMessage(), e);
}
}
}
use of org.drools.core.util.KeyStoreHelper in project drools by kiegroup.
the class JavaDialectRuntimeData method writeExternal.
/**
* Handles the write serialization of the PackageCompilationData. Patterns in Rules may reference generated data which cannot be serialized by
* default methods. The PackageCompilationData holds a reference to the generated bytecode. The generated bytecode must be restored before any Rules.
*/
public void writeExternal(ObjectOutput stream) throws IOException {
KeyStoreHelper helper = new KeyStoreHelper();
stream.writeBoolean(helper.isSigned());
if (helper.isSigned()) {
stream.writeObject(helper.getPvtKeyAlias());
}
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutput out = new ObjectOutputStream(bos);
out.writeInt(this.store.size());
for (Entry<String, byte[]> entry : this.store.entrySet()) {
out.writeObject(entry.getKey());
out.writeObject(entry.getValue());
}
out.flush();
out.close();
byte[] buff = bos.toByteArray();
stream.writeObject(buff);
if (helper.isSigned()) {
sign(stream, helper, buff);
}
stream.writeInt(this.invokerLookups.size());
for (Entry<String, Wireable> entry : this.invokerLookups.entrySet()) {
stream.writeObject(entry.getKey());
stream.writeObject(entry.getValue());
}
stream.writeInt(this.classLookups.size());
for (Entry<String, byte[]> entry : this.classLookups.entrySet()) {
stream.writeObject(entry.getKey());
stream.writeObject(entry.getValue());
}
}
Aggregations