public X500Principal principal() { try { KeyStore keyStore = agentKeystore(); if (keyStore.containsAlias("agent")) { return ((X509Certificate) keyStore.getCertificate("agent")).getSubjectX500Principal(); } } catch (Exception e) { // ignore } return null; }
@Override public boolean engineContainsAlias(String alias) { try { return getKeyStore().containsAlias(alias); } catch (KeyStoreException e) { throw new IllegalStateException(e); } }
public boolean containsEntry(String alias) throws EsHadoopSecurityException { try { return keyStore.containsAlias(alias); } catch (KeyStoreException e) { throw new EsHadoopSecurityException(String.format("Could not read existence of alias [%s]", alias), e); } }
@Override public boolean containsAlias(String alias) throws IOException { assertActivatedKeyStore(); try { return ks.containsAlias(alias); } catch (KeyStoreException e) { throw new IOException(e); } } /* (non-Javadoc)
@Override public CredentialEntry createCredentialEntry(String alias, char[] credential) throws IOException { writeLock.lock(); try { if (keyStore.containsAlias(alias)) { throw new IOException("Credential " + alias + " already exists in " + this); } return innerSetCredential(alias, credential); } catch (KeyStoreException e) { throw new IOException("Problem looking up credential " + alias + " in " + this, e); } finally { writeLock.unlock(); } }
@Override public void deleteCredentialEntry(String name) throws IOException { writeLock.lock(); try { try { if (keyStore.containsAlias(name)) { keyStore.deleteEntry(name); } else { throw new IOException("Credential " + name + " does not exist in " + this); } } catch (KeyStoreException e) { throw new IOException("Problem removing " + name + " from " + this, e); } changed = true; } finally { writeLock.unlock(); } }
if (!keyStore.containsAlias(name)) { return null;
protected boolean corresponds( String alias, List<X509Certificate> certificates ) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException { if ( !store.containsAlias( alias ) ) { return false; } final Key key = store.getKey( alias, configuration.getPassword() ); if ( key == null ) { return false; } if ( !(key instanceof PrivateKey)) { return false; } final Certificate certificate = store.getCertificate( alias ); if ( certificate == null ) { return false; } if ( !(certificate instanceof X509Certificate) ) { return false; } final X509Certificate x509Certificate = (X509Certificate) certificate; // First certificate in the chain should correspond with the certificate in the store if ( !x509Certificate.getPublicKey().equals(certificates.get(0).getPublicKey()) ) { return false; } return true; }
@Override public KeyVersion getKeyVersion(String versionName) throws IOException { readLock.lock(); try { SecretKeySpec key = null; try { if (!keyStore.containsAlias(versionName)) { return null; } key = (SecretKeySpec) keyStore.getKey(versionName, password); } catch (KeyStoreException e) { throw new IOException("Can't get key " + versionName + " from " + path, e); } catch (NoSuchAlgorithmException e) { throw new IOException("Can't get algorithm for key " + key + " from " + path, e); } catch (UnrecoverableKeyException e) { throw new IOException("Can't recover key " + key + " from " + path, e); } return new KeyVersion(getBaseName(versionName), versionName, key.getEncoded()); } finally { readLock.unlock(); } }
public String getSecureSetting(String alias) throws EsHadoopSecurityException { try { if (!keyStore.containsAlias(alias)) { return null; } KeyStore.Entry entry = keyStore.getEntry(alias, protection); KeyStore.SecretKeyEntry secretKeyEntry = ((KeyStore.SecretKeyEntry) entry); return new String(secretKeyEntry.getSecretKey().getEncoded()); } catch (NoSuchAlgorithmException e) { throw new EsHadoopSecurityException(String.format("Could not read alias [%s] from keystore", alias), e); } catch (UnrecoverableEntryException e) { throw new EsHadoopSecurityException(String.format("Could not read alias [%s] from keystore", alias), e); } catch (KeyStoreException e) { throw new EsHadoopSecurityException(String.format("Could not read alias [%s] from keystore", alias), e); } }
String versionName = buildVersionName(name, v); try { if (keyStore.containsAlias(versionName)) { keyStore.deleteEntry(versionName); if (keyStore.containsAlias(name)) { keyStore.deleteEntry(name);
if ( !store.containsAlias( alias ) )
@Override public CredentialEntry getCredentialEntry(String alias) throws IOException { readLock.lock(); try { SecretKeySpec key = null; try { if (!keyStore.containsAlias(alias)) { return null; } key = (SecretKeySpec) keyStore.getKey(alias, password); } catch (KeyStoreException e) { throw new IOException("Can't get credential " + alias + " from " + getPathAsString(), e); } catch (NoSuchAlgorithmException e) { throw new IOException("Can't get algorithm for credential " + alias + " from " + getPathAsString(), e); } catch (UnrecoverableKeyException e) { throw new IOException("Can't recover credential " + alias + " from " + getPathAsString(), e); } return new CredentialEntry(alias, bytesToChars(key.getEncoded())); } finally { readLock.unlock(); } }
if ( store.containsAlias( alias ) )
@Override public KeyVersion createKey(String name, byte[] material, Options options) throws IOException { Preconditions.checkArgument(name.equals(StringUtils.toLowerCase(name)), "Uppercase key names are unsupported: %s", name); writeLock.lock(); try { try { if (keyStore.containsAlias(name) || cache.containsKey(name)) { throw new IOException("Key " + name + " already exists in " + this); } } catch (KeyStoreException e) { throw new IOException("Problem looking up key " + name + " in " + this, e); } Metadata meta = new Metadata(options.getCipher(), options.getBitLength(), options.getDescription(), options.getAttributes(), new Date(), 1); if (options.getBitLength() != 8 * material.length) { throw new IOException("Wrong key length. Required " + options.getBitLength() + ", but got " + (8 * material.length)); } cache.put(name, meta); String versionName = buildVersionName(name, 0); return innerSetKeyVersion(name, versionName, material, meta.getCipher()); } finally { writeLock.unlock(); } }
if ( !store.containsAlias( alias ) ) { throw new CertificateStoreConfigException( "Cannot generate CSR for alias '"+ alias +"': the alias does not exist in the store." );
@Override public SingleSignOnSessionFactory get() { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; CredentialSource source = this.credentialSource.get(); try { if (!store.containsAlias(alias)) { throw UndertowLogger.ROOT_LOGGER.missingKeyStoreEntry(alias); } if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { throw UndertowLogger.ROOT_LOGGER.keyStoreEntryNotPrivate(alias); } PasswordCredential credential = source.getCredential(PasswordCredential.class); if (credential == null) { throw UndertowLogger.ROOT_LOGGER.missingCredential(source.toString()); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw UndertowLogger.ROOT_LOGGER.credentialNotClearPassword(credential.toString()); } KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); KeyPair keyPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); Optional<SSLContext> context = Optional.ofNullable(this.sslContext).map(dependency -> dependency.get()); return new DefaultSingleSignOnSessionFactory(this.manager.get(), keyPair, connection -> context.ifPresent(ctx -> connection.setSSLSocketFactory(ctx.getSocketFactory()))); } catch (GeneralSecurityException | IOException e) { throw new IllegalArgumentException(e); } } }
@Override public CipherAuthToken apply(String authValue) { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; try { if (!store.containsAlias(alias)) { throw JGroupsLogger.ROOT_LOGGER.keyEntryNotFound(alias); } if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { throw JGroupsLogger.ROOT_LOGGER.unexpectedKeyStoreEntryType(alias, KeyStore.PrivateKeyEntry.class.getSimpleName()); } PasswordCredential credential = this.keyCredentialSource.get().getCredential(PasswordCredential.class); if (credential == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); KeyPair pair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); Cipher cipher = Cipher.getInstance(this.transformation); return new CipherAuthToken(cipher, pair, authValue.getBytes(StandardCharsets.UTF_8)); } catch (GeneralSecurityException | IOException e) { throw new IllegalArgumentException(e); } } }
/** * Generates an alias that is currently unused in this store. * * @return An alias (never null). */ protected synchronized String generateUniqueAlias() throws CertificateStoreConfigException { final String domain = XMPPServer.getInstance().getServerInfo().getXMPPDomain(); int index = 1; String alias = domain + "_" + index; try { while ( store.containsAlias( alias ) ) { index = index + 1; alias = domain + "_" + index; } return alias; } catch ( KeyStoreException e ) { throw new CertificateStoreConfigException( "Unable to generate a unique alias for this identity store.", e ); } }
@Override public void accept(P protocol) { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; try { if (!store.containsAlias(alias)) { throw JGroupsLogger.ROOT_LOGGER.keyEntryNotFound(alias); } PasswordCredential credential = this.credentialSource.get().getCredential(PasswordCredential.class); if (credential == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } if (!store.entryInstanceOf(alias, this.entryClass)) { throw JGroupsLogger.ROOT_LOGGER.unexpectedKeyStoreEntryType(alias, this.entryClass.getSimpleName()); } KeyStore.Entry entry = store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); protocol.setKeyStoreEntry(this.entryClass.cast(entry)); } catch (KeyStoreException | IOException | NoSuchAlgorithmException | UnrecoverableEntryException e) { throw new IllegalArgumentException(e); } } }