Search in sources :

Example 1 with SecureVaultException

use of org.wso2.carbon.secvault.exception.SecureVaultException in project carbon-apimgt by wso2.

the class FileEncryptionUtility method getAESKey.

/**
 * Decrypts the AES key using secure vault and returns it as a byte array
 *
 * @return AES key as a byte array
 * @throws APIManagementException if an error occurs while reading or decrypting the AES key file
 */
private byte[] getAESKey() throws APIManagementException {
    byte[] encryptedAesKeyB;
    byte[] aesKey;
    try {
        String encryptedAesKeyStr = APIFileUtils.readFileContentAsText(getAesKeyFileLocation());
        encryptedAesKeyB = SecureVaultUtils.base64Decode(SecureVaultUtils.toBytes(encryptedAesKeyStr));
        aesKey = getSecureVault().decrypt(encryptedAesKeyB);
    } catch (APIMgtDAOException e) {
        String msg = "Error while retrieving stored AES key";
        throw new APIManagementException(msg, e);
    } catch (SecureVaultException e) {
        String msg = "Error while decrypting AES key";
        throw new APIManagementException(msg, e);
    }
    return aesKey;
}
Also used : APIMgtDAOException(org.wso2.carbon.apimgt.core.exception.APIMgtDAOException) APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException) SecureVaultException(org.wso2.carbon.secvault.exception.SecureVaultException)

Example 2 with SecureVaultException

use of org.wso2.carbon.secvault.exception.SecureVaultException in project carbon-apimgt by wso2.

the class FileEncryptionUtility method createAndStoreAESKey.

/**
 * Creates and stores an AES key
 *
 * @throws APIManagementException if an error occurs while creating or storing AES key
 */
void createAndStoreAESKey() throws APIManagementException {
    try {
        // create a new AES key
        KeyGenerator keyGenerator = KeyGenerator.getInstance(EncryptionConstants.AES);
        keyGenerator.init(AES_Key_Size);
        byte[] aesKey = keyGenerator.generateKey().getEncoded();
        // store key => encrypt -> encode -> chars -> string
        byte[] encryptedKeyBytes = SecureVaultUtils.base64Encode(getSecureVault().encrypt(aesKey));
        String encryptedKeyString = new String(SecureVaultUtils.toChars(encryptedKeyBytes));
        Files.deleteIfExists(Paths.get(getAesKeyFileLocation()));
        APIFileUtils.createFile(getAesKeyFileLocation());
        APIFileUtils.writeToFile(getAesKeyFileLocation(), encryptedKeyString);
        log.debug("AES key successfully created and stored");
    } catch (NoSuchAlgorithmException | SecureVaultException | APIMgtDAOException | IOException e) {
        String msg = "Error while creating or storing created AES key";
        throw new APIManagementException(msg, e);
    }
}
Also used : APIMgtDAOException(org.wso2.carbon.apimgt.core.exception.APIMgtDAOException) SecureVaultException(org.wso2.carbon.secvault.exception.SecureVaultException) APIManagementException(org.wso2.carbon.apimgt.core.exception.APIManagementException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) KeyGenerator(javax.crypto.KeyGenerator)

Example 3 with SecureVaultException

use of org.wso2.carbon.secvault.exception.SecureVaultException in project wso2-synapse by wso2.

the class VFSTransportListener method generateSecureVaultProperties.

/**
 * Helper method to generate securevault properties from given transport configuration.
 *
 * @param inDescription
 * @return properties
 */
private Properties generateSecureVaultProperties(TransportInDescription inDescription) {
    Properties properties = new Properties();
    SecretResolver secretResolver = getConfigurationContext().getAxisConfiguration().getSecretResolver();
    for (Parameter parameter : inDescription.getParameters()) {
        String propertyValue = parameter.getValue().toString();
        OMElement paramElement = parameter.getParameterElement();
        if (paramElement != null) {
            OMAttribute attribute = paramElement.getAttribute(new QName(CryptoConstants.SECUREVAULT_NAMESPACE, CryptoConstants.SECUREVAULT_ALIAS_ATTRIBUTE));
            if (attribute != null && attribute.getAttributeValue() != null && !attribute.getAttributeValue().isEmpty()) {
                if (secretResolver == null) {
                    throw new SecureVaultException("Cannot resolve secret password because axis2 secret resolver " + "is null");
                }
                if (secretResolver.isTokenProtected(attribute.getAttributeValue())) {
                    propertyValue = secretResolver.resolve(attribute.getAttributeValue());
                }
            }
        }
        properties.setProperty(parameter.getName().toString(), propertyValue);
    }
    return properties;
}
Also used : SecretResolver(org.wso2.securevault.SecretResolver) SecureVaultException(org.wso2.securevault.SecureVaultException) QName(javax.xml.namespace.QName) Parameter(org.apache.axis2.description.Parameter) OMElement(org.apache.axiom.om.OMElement) Properties(java.util.Properties) OMAttribute(org.apache.axiom.om.OMAttribute)

Example 4 with SecureVaultException

use of org.wso2.carbon.secvault.exception.SecureVaultException in project wso2-axis2-transports by wso2.

the class RabbitMQUtils method resolveTransportDescription.

/**
 * Resolve transport parameters
 *
 * @param trpDesc                   axis2 transport parameters
 * @param secretResolver            secure vault encryption resolver
 * @param rabbitMQConnectionFactory a rabbitmq connection factory
 * @return pool size for connection and channel pooling
 */
public static int resolveTransportDescription(ParameterInclude trpDesc, SecretResolver secretResolver, RabbitMQConnectionFactory rabbitMQConnectionFactory) throws AxisRabbitMQException {
    int poolSize = RabbitMQConstants.DEFAULT_POOL_SIZE;
    for (Parameter parameter : trpDesc.getParameters()) {
        String name = parameter.getName();
        if (StringUtils.equals(name, RabbitMQConstants.PARAM_POOL_SIZE)) {
            try {
                poolSize = Integer.parseInt((String) parameter.getValue());
            } catch (NumberFormatException e) {
                throw new AxisRabbitMQException("Pool size must be an integer value.");
            }
        } else {
            Map<String, String> parameters = new HashMap<>();
            ParameterIncludeImpl pi = new ParameterIncludeImpl();
            try {
                pi.deserializeParameters((OMElement) parameter.getValue());
            } catch (AxisFault axisFault) {
                throw new AxisRabbitMQException("Error reading parameters for RabbitMQ connection factory " + name, axisFault);
            }
            for (Parameter p : pi.getParameters()) {
                OMElement paramElement = p.getParameterElement();
                String propertyValue = p.getValue().toString();
                if (paramElement != null) {
                    OMAttribute attribute = paramElement.getAttribute(new QName(RabbitMQConstants.SECURE_VAULT_NAMESPACE, RabbitMQConstants.SECRET_ALIAS_ATTRIBUTE));
                    if (attribute != null && attribute.getAttributeValue() != null && !attribute.getAttributeValue().isEmpty()) {
                        if (secretResolver == null) {
                            throw new SecureVaultException("Axis2 Secret Resolver is null. Cannot resolve " + "encrypted entry for " + p.getName());
                        }
                        if (secretResolver.isTokenProtected(attribute.getAttributeValue())) {
                            propertyValue = secretResolver.resolve(attribute.getAttributeValue());
                        }
                    }
                }
                parameters.put(p.getName(), propertyValue);
            }
            rabbitMQConnectionFactory.addConnectionFactoryConfiguration(name, parameters);
        }
    }
    return poolSize;
}
Also used : AxisFault(org.apache.axis2.AxisFault) HashMap(java.util.HashMap) ParameterIncludeImpl(org.apache.axis2.description.ParameterIncludeImpl) QName(javax.xml.namespace.QName) OMElement(org.apache.axiom.om.OMElement) SecureVaultException(org.wso2.securevault.SecureVaultException) Parameter(org.apache.axis2.description.Parameter) OMAttribute(org.apache.axiom.om.OMAttribute)

Aggregations

QName (javax.xml.namespace.QName)2 OMAttribute (org.apache.axiom.om.OMAttribute)2 OMElement (org.apache.axiom.om.OMElement)2 Parameter (org.apache.axis2.description.Parameter)2 APIManagementException (org.wso2.carbon.apimgt.core.exception.APIManagementException)2 APIMgtDAOException (org.wso2.carbon.apimgt.core.exception.APIMgtDAOException)2 SecureVaultException (org.wso2.carbon.secvault.exception.SecureVaultException)2 SecureVaultException (org.wso2.securevault.SecureVaultException)2 IOException (java.io.IOException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 HashMap (java.util.HashMap)1 Properties (java.util.Properties)1 KeyGenerator (javax.crypto.KeyGenerator)1 AxisFault (org.apache.axis2.AxisFault)1 ParameterIncludeImpl (org.apache.axis2.description.ParameterIncludeImpl)1 SecretResolver (org.wso2.securevault.SecretResolver)1