/** * Removes the specified {@code Certificate} from this {@code Identity}. * * @param certificate * the {@code Certificate} to be removed. * @throws KeyManagementException * if the certificate is not found. */ public void removeCertificate(Certificate certificate) throws KeyManagementException { if (certificates != null) { if (!certificates.contains(certificate)) { throw new KeyManagementException("Certificate not found"); } certificates.removeElement(certificate); } }
public static X509Certificate[] loadCertificatesFromPemFile(String certFilePath) throws KeyManagementException { X509Certificate[] certificates = null; if (certFilePath == null || certFilePath.isEmpty()) { return certificates; } try (FileInputStream input = new FileInputStream(certFilePath)) { CertificateFactory cf = CertificateFactory.getInstance("X.509"); Collection<X509Certificate> collection = (Collection<X509Certificate>) cf.generateCertificates(input); certificates = collection.toArray(new X509Certificate[collection.size()]); } catch (GeneralSecurityException | IOException e) { throw new KeyManagementException("Certificate loading error", e); } return certificates; }
static String handleLegacyPackages(String implementationClassName) throws KeyManagementException { if (org.apache.nifi.util.StringUtils.isBlank(implementationClassName)) { throw new KeyManagementException("Invalid key provider implementation provided: " + implementationClassName); } if (implementationClassName.equalsIgnoreCase(LEGACY_SKP_FQCN)) { return StaticKeyProvider.class.getName(); } else if (implementationClassName.equalsIgnoreCase(LEGACY_FBKP_FQCN)) { return FileBasedKeyProvider.class.getName(); } else { return implementationClassName; } }
private static SecretKey getMasterKey() throws KeyManagementException { try { // Get the master encryption key from bootstrap.conf String masterKeyHex = NiFiPropertiesLoader.extractKeyFromBootstrapFile(); return new SecretKeySpec(Hex.decodeHex(masterKeyHex.toCharArray()), "AES"); } catch (IOException | DecoderException e) { logger.error("Encountered an error: ", e); throw new KeyManagementException(e); } } }
public static PrivateKey loadPrivateKeyFromPemFile(String keyFilePath) throws KeyManagementException { PrivateKey privateKey = null; if (keyFilePath == null || keyFilePath.isEmpty()) { return privateKey; } try (BufferedReader reader = new BufferedReader(new FileReader(keyFilePath))) { StringBuilder sb = new StringBuilder(); String previousLine = ""; String currentLine = null; // Skip the first line (-----BEGIN RSA PRIVATE KEY-----) reader.readLine(); while ((currentLine = reader.readLine()) != null) { sb.append(previousLine); previousLine = currentLine; } // Skip the last line (-----END RSA PRIVATE KEY-----) KeyFactory kf = KeyFactory.getInstance("RSA"); KeySpec keySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(sb.toString())); privateKey = kf.generatePrivate(keySpec); } catch (GeneralSecurityException | IOException e) { throw new KeyManagementException("Private key loading error", e); } return privateKey; }
/** * Returns a valid key identifier for this encryptor (valid for encryption and decryption) or throws an exception if none are available. * * @return the key ID * @throws KeyManagementException if no available key IDs are valid for both operations */ @Override public String getNextKeyId() throws KeyManagementException { if (keyProvider != null) { List<String> availableKeyIds = keyProvider.getAvailableKeyIds(); if (!availableKeyIds.isEmpty()) { return availableKeyIds.get(0); } } throw new KeyManagementException("No available key IDs"); }
/** * Returns the key identified by this ID or throws an exception if one is not available. * * @param keyId the key identifier * @return the key * @throws KeyManagementException if the key cannot be retrieved */ @Override public SecretKey getKey(String keyId) throws KeyManagementException { logger.debug("Attempting to get key: " + keyId); if (keyExists(keyId)) { return keys.get(keyId); } else { throw new KeyManagementException("No key available for " + keyId); } }
/** * @see java.security.IdentityScope#addIdentity(java.security.Identity) */ public synchronized void addIdentity(Identity identity) throws KeyManagementException { if (identity == null) { throw new NullPointerException("identity == null"); } String name = identity.getName(); if (names.containsKey(name)) { throw new KeyManagementException("name '" + name + "' is already used"); } PublicKey key = identity.getPublicKey(); if (key != null && keys.containsKey(key)) { throw new KeyManagementException("key '" + key + "' is already used"); } names.put(name, identity); if (key != null) { keys.put(key, identity); } }
/** * Sets the specified {@code PublicKey} to this {@code Identity}. * * @param key * the {@code PublicKey} to be set. * @throws KeyManagementException * if another {@code Identity} in the same scope as this {@code * Identity} already has the same {@code PublicKey}. */ public void setPublicKey(PublicKey key) throws KeyManagementException { // this check does not always work if ((scope != null) && (key != null)) { Identity i = scope.getIdentity(key); //System.out.println("###DEBUG## Identity: "+i); if ((i != null) && (i != this)) { throw new KeyManagementException("key already used in scope"); } } this.publicKey = key; certificates = null; }
/** * Returns a {@link SecretKey} formed from the hexadecimal key bytes (validity is checked). * * @param keyHex the key in hex form * @return the SecretKey */ public static SecretKey formKeyFromHex(String keyHex) throws KeyManagementException { if (keyIsValid(keyHex)) { return new SecretKeySpec(Hex.decode(keyHex), "AES"); } else { throw new KeyManagementException("The provided key material is not valid"); } }
/** * The OpenSSL provider does not support the {@link KeyManagerFactory}, so we have to lookup the integration * certificate and key in order to provide it to OpenSSL. * <p> * TODO: SNI is currently not supported, we use only the first found private key. */ private static SslContextBuilder builderWithOpenSSLProvider(KeyStore ks, String keyPassword) throws GeneralSecurityException { for (String alias : Collections.list(ks.aliases())) { if (ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { PrivateKey key = (PrivateKey) ks.getKey(alias, keyPassword.toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); X509Certificate[] certChain = new X509Certificate[chain.length]; System.arraycopy(chain, 0, certChain, 0, chain.length); return SslContextBuilder.forServer(key, certChain); } } throw new KeyManagementException("the SSL key-store does not contain a private key"); }
/** * @see java.security.IdentityScope#removeIdentity(java.security.Identity) */ public synchronized void removeIdentity(Identity identity) throws KeyManagementException { //Exception caught = null; if (identity == null) { throw new NullPointerException("identity == null"); } String name = identity.getName(); if (name == null) { throw new NullPointerException("name == null"); } boolean contains = names.containsKey(name); names.remove(name); PublicKey key = identity.getPublicKey(); if (key != null) { contains = contains || keys.containsKey(key); keys.remove(key); } if (!contains) { throw new KeyManagementException("identity not found"); } }
/** * Adds a {@code Certificate} to this {@code Identity}. * * @param certificate * the {@code Certificate} to be added to this {@code Identity}. * @throws KeyManagementException * if the certificate is not valid. */ public void addCertificate(Certificate certificate) throws KeyManagementException { PublicKey certPK = certificate.getPublicKey(); if (publicKey != null) { if (!checkKeysEqual(publicKey, certPK)) { throw new KeyManagementException("Cert's public key does not match Identity's public key"); } } else { publicKey = certPK; } if (certificates == null) { certificates = new Vector<Certificate>(); } certificates.add(certificate); }
throw new KeyManagementException("The key provider file is not present and readable"); throw new KeyManagementException("The master key must be provided to decrypt the individual keys"); throw new KeyManagementException("The key provider file is not present and readable"); masterCipher = masterCipherProvider.getCipher(EncryptionMethod.AES_GCM, masterKey, ivBytes, false); } catch (Exception e) { throw new KeyManagementException("Error building cipher to decrypt FileBaseKeyProvider definition at " + filepath, e); throw new KeyManagementException("The provided file contained no valid keys"); return keys; } catch (IOException e) { throw new KeyManagementException("Error reading FileBasedKeyProvider definition at " + filepath, e);
final String msg = "The StaticKeyProvider definition is not valid"; logger.error(msg); throw new KeyManagementException(msg); throw new KeyManagementException("The specified key ID " + keyId + " is not in the key definition file"); throw new KeyManagementException("Invalid key provider implementation provided: " + implementationClassName);
private KeyProvider buildKeyProvider(SecretKey masterKey) throws KeyManagementException { RepositoryConfiguration config = super.getConfig(); if (config == null) { throw new KeyManagementException("The repository configuration is missing"); } final String implementationClassName = config.getKeyProviderImplementation(); if (implementationClassName == null) { throw new KeyManagementException("Cannot create Key Provider because the NiFi Properties is missing the following property: " + NiFiProperties.PROVENANCE_REPO_ENCRYPTION_KEY_PROVIDER_IMPLEMENTATION_CLASS); } return KeyProviderFactory.buildKeyProvider(implementationClassName, config.getKeyProviderLocation(), config.getKeyId(), config.getEncryptionKeys(), masterKey); }
@Test public void failOnError() throws Exception { HttpsTrust.Ssl context = mock(HttpsTrust.Ssl.class); KeyManagementException cause = new KeyManagementException("foo"); when(context.newFactory(any(TrustManager.class))).thenThrow(cause); try { new HttpsTrust(context); fail(); } catch (IllegalStateException e) { assertThat(e.getMessage()).isEqualTo("Fail to build SSL factory"); assertThat(e.getCause()).isSameAs(cause); } }
@Override public void engineInit(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException { throw new KeyManagementException("Do not init() the default SSLContext "); } }
private static X509KeyManager findX509KeyManager(KeyManager[] kms) throws KeyManagementException { for (KeyManager km : kms) { if (km instanceof X509KeyManager) { return (X509KeyManager)km; } } throw new KeyManagementException("Failed to find an X509KeyManager in " + Arrays.toString(kms)); }
public void delete(String alias) throws KeyManagementException { try { keystore.deleteEntry(alias); } catch(KeyStoreException e) { throw new KeyManagementException("Cannot delete entry: "+alias, e); } }