List of usage examples for javax.ejb LockType WRITE
LockType WRITE
To view the source code for javax.ejb LockType WRITE.
Click Source Link
From source file:be.fedict.hsm.model.KeyStoreSingletonBean.java
@Lock(LockType.WRITE) public Certificate[] getCertificateChain(long keyStoreId, String keyStoreAlias) { Map<String, PrivateKeyEntry> keyStorePrivateKeys = this.privateKeyEntries.get(keyStoreId); if (null == keyStorePrivateKeys) { LOG.error("key store not found: " + keyStoreId); return null; }//from ww w . ja v a 2s . c o m PrivateKeyEntry privateKeyEntry = keyStorePrivateKeys.get(keyStoreAlias); if (null == privateKeyEntry) { LOG.error("no key entry found for alias: " + keyStoreAlias); return null; } return privateKeyEntry.getCertificateChain(); }
From source file:io.hops.hopsworks.common.security.OpensslOperations.java
@Lock(LockType.WRITE) public String signCertificateRequest(String csr, CertificateType certType) throws IOException { File csrFile = File.createTempFile(System.getProperty("java.io.tmpdir"), ".csr"); try {//from www .j ava 2 s .c o m FileUtils.writeStringToFile(csrFile, csr); if (verifyCSR(csrFile)) { return signCSR(csrFile, csr, certType); } return null; } finally { csrFile.delete(); } }
From source file:io.hops.hopsworks.common.security.OpensslOperations.java
@Lock(LockType.WRITE) public void revokeCertificate(String certificateIdentifier, CertificateType certType, boolean createCRL, boolean deleteCert) throws IOException, CAException { revokeCertificate(certificateIdentifier, CERTIFICATE_SUFFIX, certType, createCRL, deleteCert); }
From source file:io.hops.hopsworks.common.security.OpensslOperations.java
@Lock(LockType.WRITE) public void revokeCertificate(String certificateIdentifier, String fileSuffix, CertificateType certType, boolean createCRL, boolean deleteCert) throws IOException, CAException { LOG.log(Level.FINE, "Revoking certificate " + certificateIdentifier + fileSuffix); PKI.CAType caType = pki.getResponsibileCA(certType); String openSslConfig = pki.getCAConfPath(caType).toString(); String certsDir = pki.getCACertsDir(caType).toString(); Path certificatePath = Paths.get(certsDir, certificateIdentifier + fileSuffix); File certificateFile = certificatePath.toFile(); if (!certificateFile.exists()) { throw new CAException(RESTCodes.CAErrorCode.CERTNOTFOUND, Level.WARNING, certType); }/*from w w w . jav a2s . c om*/ List<String> commands = new ArrayList<>(); commands.add(OPENSSL); commands.add("ca"); commands.add("-batch"); commands.add("-config"); commands.add(openSslConfig); commands.add("-passin"); commands.add("pass:" + pki.getCAKeyPassword(caType)); commands.add("-revoke"); commands.add(certificatePath.toString()); executeCommand(commands, false); if (createCRL) { createCRL(caType); } if (deleteCert) { certificateFile.delete(); } }
From source file:io.hops.hopsworks.common.security.OpensslOperations.java
@Lock(LockType.WRITE) public void pruneDatabase(PKI.CAType caType) throws IOException { LOG.log(Level.FINE, "Pruning OpenSSL database"); String openSslConf = pki.getCAConfPath(caType).toString(); List<String> commands = new ArrayList<>(); commands.add(OPENSSL);// w w w . ja v a2 s . co m commands.add("ca"); commands.add("-batch"); commands.add("-config"); commands.add(openSslConf); commands.add("-updatedb"); commands.add("-passin"); commands.add("pass:" + pki.getCAKeyPassword(caType)); executeCommand(commands, false); }
From source file:io.hops.hopsworks.common.security.OpensslOperations.java
@Lock(LockType.WRITE) public String createAndReadCRL(PKI.CAType caType) throws IOException { createCRL(caType);/*w w w.ja va 2 s. c om*/ File crl = pki.getCACRLPath(caType).toFile(); return FileUtils.readFileToString(crl); }
From source file:io.hops.hopsworks.common.security.OpensslOperations.java
@Lock(LockType.WRITE) public void createCRL(PKI.CAType caType) throws IOException { pruneDatabase(caType);/* w w w. ja v a2 s .c om*/ LOG.log(Level.FINE, "Creating Certificate Revocation List"); String openSslConfig = pki.getCAConfPath(caType).toString(); String crlFile = pki.getCACRLPath(caType).toString(); List<String> commands = new ArrayList<>(10); commands.add(OPENSSL); commands.add("ca"); commands.add("-batch"); commands.add("-config"); commands.add(openSslConfig); commands.add("-gencrl"); commands.add("-passin"); commands.add("pass:" + pki.getCAKeyPassword(caType)); commands.add("-out"); commands.add(crlFile); executeCommand(commands, false); LOG.log(Level.FINE, "Created CRL"); }
From source file:io.hops.hopsworks.common.security.CertificatesMgmService.java
/** * Decrypt secrets using the old master password and encrypt them with the new * Both for project specific and project generic certificates * @param newMasterPasswd new master encryption password * @param userRequested User requested password change *///from w w w .j av a 2 s . c o m @SuppressWarnings("unchecked") @Asynchronous @Lock(LockType.WRITE) @AccessTimeout(value = 500) public void resetMasterEncryptionPassword(String newMasterPasswd, String userRequested) { try { String newDigest = DigestUtils.sha256Hex(newMasterPasswd); List<String> updatedCertificates = callUpdateHandlers(newDigest); updateMasterEncryptionPassword(newDigest); sendSuccessfulMessage(updatedCertificates, userRequested); LOG.log(Level.INFO, "Master encryption password changed!"); } catch (EncryptionMasterPasswordException ex) { String errorMsg = "*** Master encryption password update failed!!! Rolling back..."; LOG.log(Level.SEVERE, errorMsg, ex); callRollbackHandlers(); sendUnsuccessfulMessage(errorMsg + "\n" + ex.getMessage(), userRequested); } catch (IOException ex) { String errorMsg = "*** Failed to write new encryption password to file: " + masterPasswordFile.getAbsolutePath() + ". Rolling back..."; LOG.log(Level.SEVERE, errorMsg, ex); callRollbackHandlers(); sendUnsuccessfulMessage(errorMsg + "\n" + ex.getMessage(), userRequested); } }
From source file:io.hops.hopsworks.common.security.OpensslOperations.java
@Lock(LockType.WRITE) public void validateCertificate(X509Certificate certificate, PKI.CAType caType) throws IOException { File tmpCertFile = File.createTempFile("cert-", ".pem"); try (FileWriter fw = new FileWriter(tmpCertFile, false)) { fw.write(X509Factory.BEGIN_CERT); fw.write("\n"); fw.write(b64encoder.encodeToString(certificate.getEncoded())); fw.write("\n"); fw.write(X509Factory.END_CERT);//from w w w . java2 s. co m fw.flush(); List<String> commands = new ArrayList<>(); commands.add(OPENSSL); commands.add("verify"); commands.add("-CAfile"); commands.add(pki.getChainOfTrustFilePath(caType).toString()); commands.add("-crl_check"); commands.add("-CRLfile"); commands.add(pki.getCACRLPath(caType).toString()); commands.add(tmpCertFile.getAbsolutePath()); executeCommand(commands, false); } catch (GeneralSecurityException ex) { throw new IOException(ex); } finally { tmpCertFile.delete(); } }
From source file:io.hops.hopsworks.common.security.OpensslOperations.java
@Lock(LockType.WRITE) public String getSerialNumberFromCert(String cert) throws IOException { File csrFile = File.createTempFile(System.getProperty("java.io.tmpdir"), ".pem"); FileUtils.writeStringToFile(csrFile, cert); List<String> cmds = new ArrayList<>(); //openssl x509 -in certs-dir/hops-site-certs/pub.pem -noout -serial cmds.add(OPENSSL);/*w ww .ja v a2 s .c o m*/ cmds.add("x509"); cmds.add("-in"); cmds.add(csrFile.getAbsolutePath()); cmds.add("-noout"); cmds.add("-serial"); return executeCommand(cmds, true); }