protected String getPasswordHistoryHumanReadable(List<PasswordHistoryEntryType> historyEntriesType) { return historyEntriesType.stream() .map(historyEntry -> { try { return getHumanReadablePassword(historyEntry.getValue()); } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e); } }) .collect(Collectors.joining(", ")); }
private static void encryptProtectedStringType(Protector protector, ProtectedStringType ps, String propName) throws EncryptionException { if (ps == null) { return; } if (ps.isHashed()) { return; } if (ps.getClearValue() != null) { try { protector.encrypt(ps); } catch (EncryptionException e) { throw new EncryptionException("Failed to encrypt value for field " + propName + ": " + e.getMessage(), e); } } }
private SecretKey getSecretKeyByDigest(String digest) throws EncryptionException { if (digest == null || digest.isEmpty()) { throw new EncryptionException("Key digest must be specified and cannot be blank."); } if (digestToSecretKeyHashMap.containsKey(digest)) { return digestToSecretKeyHashMap.get(digest); } throw new EncryptionException("No key mapped to key digest " + digest + " could be found in the keystore. Keys digests must be recomputed during initialization"); }
private SecretKey getSecretKeyByAlias(String alias) throws EncryptionException { if (alias == null || alias.isEmpty()) { throw new EncryptionException("Key alias must be specified and cannot be blank."); } if (aliasToSecretKeyHashMap.containsKey(alias)) { return aliasToSecretKeyHashMap.get(alias); } throw new EncryptionException("No key mapped to alias " + alias + " could be found in the keystore. Keys by aliases must be recomputed during initialization"); }
private boolean passwordEquals(ProtectedStringType newPasswordPs, ProtectedStringType currentPassword) throws SchemaException { if (currentPassword == null) { return newPasswordPs == null; } try { return protector.compare(newPasswordPs, currentPassword); } catch (EncryptionException e) { throw new SystemException("Failed to compare " + shortDesc + ": " + e.getMessage(), e); } } }
private static void reencryptProtectedStringType(ProtectedStringType ps, String propName, Holder<Integer> modCountHolder, Protector protector) { if (ps == null) { // nothing to do here } else if (ps.isHashed()) { // nothing to do here } else if (ps.getClearValue() != null) { try { protector.encrypt(ps); increment(modCountHolder); } catch (EncryptionException e) { throw new TunnelException(new EncryptionException("Failed to encrypt value for field " + propName + ": " + e.getMessage(), e)); } } else if (ps.getEncryptedDataType() != null) { try { if (!protector.isEncryptedByCurrentKey(ps.getEncryptedDataType())) { ProtectedStringType reencrypted = protector.encryptString(protector.decryptString(ps)); ps.setEncryptedData(reencrypted.getEncryptedDataType()); increment(modCountHolder); } } catch (EncryptionException e) { throw new TunnelException(new EncryptionException("Failed to check/reencrypt value for field " + propName + ": " + e.getMessage(), e)); } } else { // no clear nor encrypted value } }
/** * TODO remove, used only in midpoint ninja cmd tool, not part of API */ @Deprecated @Override public String getSecretKeyDigest(SecretKey key) throws EncryptionException { for (Map.Entry<String, SecretKey> entry : digestToSecretKeyHashMap.entrySet()) { if (entry.getValue().equals(key)) { return entry.getKey(); } } throw new EncryptionException("Could not find hash for secret key algorithm " + key.getAlgorithm() + ". Hash values for keys must be recomputed during initialization"); }
public ProtectedStringType encrypt(String string) { try { return protector.encryptString(string); } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e); } }
protected List<PrismObject> repoAddObjectsFromFile(File file, OperationResult parentResult) throws SchemaException, ObjectAlreadyExistsException, IOException { OperationResult result = parentResult.createSubresult(AbstractIntegrationTest.class.getName() + ".addObjectsFromFile"); result.addParam("file", file.getPath()); LOGGER.trace("addObjectsFromFile: {}", file); List<PrismObject> objects = (List) prismContext.parserFor(file).parseObjects(); for (PrismObject object: objects) { try { repoAddObject(object, result); } catch (ObjectAlreadyExistsException e) { throw new ObjectAlreadyExistsException(e.getMessage()+" while adding "+object+" from file "+file, e); } catch (SchemaException e) { new SchemaException(e.getMessage()+" while adding "+object+" from file "+file, e); } catch (EncryptionException e) { new EncryptionException(e.getMessage()+" while adding "+object+" from file "+file, e); } } result.recordSuccess(); return objects; }
private boolean compareHashedPbkd(HashedDataType hashedDataType, String algorithmName, char[] clearChars) throws EncryptionException { DigestMethodType digestMethodType = hashedDataType.getDigestMethod(); byte[] salt = digestMethodType.getSalt(); Integer workFactor = digestMethodType.getWorkFactor(); byte[] digestValue = hashedDataType.getDigestValue(); int keyLen = digestValue.length * 8; SecretKeyFactory secretKeyFactory; try { secretKeyFactory = SecretKeyFactory.getInstance(algorithmName); } catch (NoSuchAlgorithmException e) { throw new EncryptionException(e.getMessage(), e); } PBEKeySpec keySpec = new PBEKeySpec(clearChars, salt, workFactor, keyLen); SecretKey key; try { key = secretKeyFactory.generateSecret(keySpec); } catch (InvalidKeySpecException e) { throw new EncryptionException(e.getMessage(), e); } byte[] hashBytes = key.getEncoded(); return Arrays.equals(digestValue, hashBytes); }
public String decrypt(ProtectedStringType protectedString) { try { return protector.decryptString(protectedString); } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e); } }
protected <T extends ObjectType> List<PrismObject<T>> repoAddObjectsFromFile(File file, Class<T> type, OperationResult parentResult) throws SchemaException, ObjectAlreadyExistsException, IOException { OperationResult result = parentResult.createSubresult(AbstractIntegrationTest.class.getName() + ".addObjectsFromFile"); result.addParam("file", file.getPath()); LOGGER.trace("addObjectsFromFile: {}", file); List<PrismObject<T>> objects = (List) prismContext.parserFor(file).parseObjects(); for (PrismObject<T> object: objects) { try { repoAddObject(object, result); } catch (ObjectAlreadyExistsException e) { throw new ObjectAlreadyExistsException(e.getMessage()+" while adding "+object+" from file "+file, e); } catch (SchemaException e) { new SchemaException(e.getMessage()+" while adding "+object+" from file "+file, e); } catch (EncryptionException e) { new EncryptionException(e.getMessage()+" while adding "+object+" from file "+file, e); } } result.recordSuccess(); return objects; }
@Override public String decryptString(ProtectedData<String> protectedString) throws EncryptionException { try { if (!protectedString.isEncrypted()) { return protectedString.getClearValue(); } else { byte[] clearBytes = decryptBytes(protectedString); return ProtectedStringType.bytesToString(clearBytes); } } catch (SchemaException ex){ throw new EncryptionException(ex); } }
private String getClearValue(ProtectedStringType protectedString) { if (protectedString == null) { return null; } String passwordStr = protectedString.getClearValue(); if (passwordStr == null && protectedString.isEncrypted()) { try { passwordStr = protector.decryptString(protectedString); } catch (EncryptionException e) { throw new SystemException("Failed to decrypt " + shortDesc + ": " + e.getMessage(), e); } } return passwordStr; }
private HashedDataType hashPbkd(ProtectedData<String> protectedData, String algorithmUri, String algorithmName) throws EncryptionException { char[] clearChars = getClearChars(protectedData); byte[] salt = generatePbkdSalt(); int iterations = getPbkdIterations(); SecretKeyFactory secretKeyFactory; try { secretKeyFactory = SecretKeyFactory.getInstance(algorithmName); } catch (NoSuchAlgorithmException e) { throw new EncryptionException(e.getMessage(), e); } PBEKeySpec keySpec = new PBEKeySpec(clearChars, salt, iterations, getPbkdKeyLength()); SecretKey key; try { key = secretKeyFactory.generateSecret(keySpec); } catch (InvalidKeySpecException e) { throw new EncryptionException(e.getMessage(), e); } byte[] hashBytes = key.getEncoded(); HashedDataType hashedDataType = new HashedDataType(); DigestMethodType digestMethod = new DigestMethodType(); digestMethod.setAlgorithm(algorithmUri); digestMethod.setSalt(salt); digestMethod.setWorkFactor(iterations); hashedDataType.setDigestMethod(digestMethod); hashedDataType.setDigestValue(hashBytes); return hashedDataType; }
public static void encrypt(Collection<ObjectDelta<? extends ObjectType>> deltas, Protector protector, ModelExecuteOptions options, OperationResult result) { // Encrypt values even before we log anything. We want to avoid showing unencrypted values in the logfiles if (!ModelExecuteOptions.isNoCrypt(options)) { for(ObjectDelta<? extends ObjectType> delta: deltas) { try { CryptoUtil.encryptValues(protector, delta); } catch (EncryptionException e) { result.recordFatalError(e); throw new SystemException(e.getMessage(), e); } } } }
if (!f.canRead()) { LOGGER.error("Provided keystore file {} is unreadable.", getKeyStorePath()); throw new EncryptionException("Provided keystore file " + getKeyStorePath() + " is unreadable."); throw new EncryptionException("Couldn't load keystore as resource '" + getKeyStorePath() + "'"); sha1 = MessageDigest.getInstance(KEY_DIGEST_TYPE); } catch (NoSuchAlgorithmException ex) { throw new EncryptionException(ex.getMessage(), ex);
@Override public void refreshShadow(PrismObject<ShadowType> shadow, ProvisioningOperationOptions options, Task task, OperationResult parentResult) throws SchemaException, ObjectNotFoundException, CommunicationException, ConfigurationException, ObjectAlreadyExistsException, SecurityViolationException, ExpressionEvaluationException { Validate.notNull(shadow, "Shadow for refresh must not be null."); OperationResult result = parentResult.createSubresult(OPERATION_REFRESH_SHADOW); LOGGER.debug("Refreshing shadow {}", shadow); try { shadowCache.refreshShadow(shadow, task, result); } catch (CommunicationException | SchemaException | ObjectNotFoundException | ConfigurationException | ExpressionEvaluationException | RuntimeException | Error e) { ProvisioningUtil.recordFatalError(LOGGER, result, "Couldn't refresh shadow: " + e.getClass().getSimpleName() + ": "+ e.getMessage(), e); throw e; } catch (EncryptionException e) { ProvisioningUtil.recordFatalError(LOGGER, result, null, e); throw new SystemException(e.getMessage(), e); } result.computeStatus(); result.cleanupResult(); LOGGER.debug("Finished refreshing shadow {}: {}", shadow, result); }
| NoSuchProviderException | IllegalBlockSizeException | BadPaddingException | InvalidAlgorithmParameterException e) { throw new EncryptionException(e.getMessage(), e);
intermediateVal = protector.encryptString(valueToEncrypt); } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e); intermediateVal = protector.decryptString((ProtectedStringType) inputVal); } catch (EncryptionException e) { throw new SystemException(e.getMessage(), e);