use of org.wso2.carbon.secvault.exception.SecureVaultException in project carbon-apimgt by wso2.
the class FileEncryptionUtility method getAESKey.
/**
* Decrypts the AES key using secure vault and returns it as a byte array
*
* @return AES key as a byte array
* @throws APIManagementException if an error occurs while reading or decrypting the AES key file
*/
private byte[] getAESKey() throws APIManagementException {
byte[] encryptedAesKeyB;
byte[] aesKey;
try {
String encryptedAesKeyStr = APIFileUtils.readFileContentAsText(getAesKeyFileLocation());
encryptedAesKeyB = SecureVaultUtils.base64Decode(SecureVaultUtils.toBytes(encryptedAesKeyStr));
aesKey = getSecureVault().decrypt(encryptedAesKeyB);
} catch (APIMgtDAOException e) {
String msg = "Error while retrieving stored AES key";
throw new APIManagementException(msg, e);
} catch (SecureVaultException e) {
String msg = "Error while decrypting AES key";
throw new APIManagementException(msg, e);
}
return aesKey;
}
use of org.wso2.carbon.secvault.exception.SecureVaultException in project carbon-apimgt by wso2.
the class FileEncryptionUtility method createAndStoreAESKey.
/**
* Creates and stores an AES key
*
* @throws APIManagementException if an error occurs while creating or storing AES key
*/
void createAndStoreAESKey() throws APIManagementException {
try {
// create a new AES key
KeyGenerator keyGenerator = KeyGenerator.getInstance(EncryptionConstants.AES);
keyGenerator.init(AES_Key_Size);
byte[] aesKey = keyGenerator.generateKey().getEncoded();
// store key => encrypt -> encode -> chars -> string
byte[] encryptedKeyBytes = SecureVaultUtils.base64Encode(getSecureVault().encrypt(aesKey));
String encryptedKeyString = new String(SecureVaultUtils.toChars(encryptedKeyBytes));
Files.deleteIfExists(Paths.get(getAesKeyFileLocation()));
APIFileUtils.createFile(getAesKeyFileLocation());
APIFileUtils.writeToFile(getAesKeyFileLocation(), encryptedKeyString);
log.debug("AES key successfully created and stored");
} catch (NoSuchAlgorithmException | SecureVaultException | APIMgtDAOException | IOException e) {
String msg = "Error while creating or storing created AES key";
throw new APIManagementException(msg, e);
}
}
use of org.wso2.carbon.secvault.exception.SecureVaultException in project wso2-synapse by wso2.
the class VFSTransportListener method generateSecureVaultProperties.
/**
* Helper method to generate securevault properties from given transport configuration.
*
* @param inDescription
* @return properties
*/
private Properties generateSecureVaultProperties(TransportInDescription inDescription) {
Properties properties = new Properties();
SecretResolver secretResolver = getConfigurationContext().getAxisConfiguration().getSecretResolver();
for (Parameter parameter : inDescription.getParameters()) {
String propertyValue = parameter.getValue().toString();
OMElement paramElement = parameter.getParameterElement();
if (paramElement != null) {
OMAttribute attribute = paramElement.getAttribute(new QName(CryptoConstants.SECUREVAULT_NAMESPACE, CryptoConstants.SECUREVAULT_ALIAS_ATTRIBUTE));
if (attribute != null && attribute.getAttributeValue() != null && !attribute.getAttributeValue().isEmpty()) {
if (secretResolver == null) {
throw new SecureVaultException("Cannot resolve secret password because axis2 secret resolver " + "is null");
}
if (secretResolver.isTokenProtected(attribute.getAttributeValue())) {
propertyValue = secretResolver.resolve(attribute.getAttributeValue());
}
}
}
properties.setProperty(parameter.getName().toString(), propertyValue);
}
return properties;
}
use of org.wso2.carbon.secvault.exception.SecureVaultException in project wso2-axis2-transports by wso2.
the class RabbitMQUtils method resolveTransportDescription.
/**
* Resolve transport parameters
*
* @param trpDesc axis2 transport parameters
* @param secretResolver secure vault encryption resolver
* @param rabbitMQConnectionFactory a rabbitmq connection factory
* @return pool size for connection and channel pooling
*/
public static int resolveTransportDescription(ParameterInclude trpDesc, SecretResolver secretResolver, RabbitMQConnectionFactory rabbitMQConnectionFactory) throws AxisRabbitMQException {
int poolSize = RabbitMQConstants.DEFAULT_POOL_SIZE;
for (Parameter parameter : trpDesc.getParameters()) {
String name = parameter.getName();
if (StringUtils.equals(name, RabbitMQConstants.PARAM_POOL_SIZE)) {
try {
poolSize = Integer.parseInt((String) parameter.getValue());
} catch (NumberFormatException e) {
throw new AxisRabbitMQException("Pool size must be an integer value.");
}
} else {
Map<String, String> parameters = new HashMap<>();
ParameterIncludeImpl pi = new ParameterIncludeImpl();
try {
pi.deserializeParameters((OMElement) parameter.getValue());
} catch (AxisFault axisFault) {
throw new AxisRabbitMQException("Error reading parameters for RabbitMQ connection factory " + name, axisFault);
}
for (Parameter p : pi.getParameters()) {
OMElement paramElement = p.getParameterElement();
String propertyValue = p.getValue().toString();
if (paramElement != null) {
OMAttribute attribute = paramElement.getAttribute(new QName(RabbitMQConstants.SECURE_VAULT_NAMESPACE, RabbitMQConstants.SECRET_ALIAS_ATTRIBUTE));
if (attribute != null && attribute.getAttributeValue() != null && !attribute.getAttributeValue().isEmpty()) {
if (secretResolver == null) {
throw new SecureVaultException("Axis2 Secret Resolver is null. Cannot resolve " + "encrypted entry for " + p.getName());
}
if (secretResolver.isTokenProtected(attribute.getAttributeValue())) {
propertyValue = secretResolver.resolve(attribute.getAttributeValue());
}
}
}
parameters.put(p.getName(), propertyValue);
}
rabbitMQConnectionFactory.addConnectionFactoryConfiguration(name, parameters);
}
}
return poolSize;
}
Aggregations