From 2735ad0e8434bcda091bf1c70b2abd86a570be46 Mon Sep 17 00:00:00 2001 From: Mikhail Polivakha <68962645+mipo256@users.noreply.github.com> Date: Sun, 21 Apr 2024 23:00:04 +0300 Subject: [PATCH] BAEL-7190 implementation (#16464) --- security-modules/pom.xml | 1 + .../unrecoverablekeyexception/.gitignore | 3 ++ .../unrecoverablekeyexception/pom.xml | 19 ++++++++ .../KeyManagerInitializer.java | 32 +++++++++++++ .../main/resources/multi_entry_keystore.jks | Bin 0 -> 4459 bytes .../main/resources/single_entry_keystore.jks | Bin 0 -> 2241 bytes .../KeyManagerInitializerUnitTest.java | 45 ++++++++++++++++++ 7 files changed, 100 insertions(+) create mode 100644 security-modules/unrecoverablekeyexception/.gitignore create mode 100644 security-modules/unrecoverablekeyexception/pom.xml create mode 100644 security-modules/unrecoverablekeyexception/src/main/java/com/baeldung/unrecoverablekeyexception/KeyManagerInitializer.java create mode 100644 security-modules/unrecoverablekeyexception/src/main/resources/multi_entry_keystore.jks create mode 100644 security-modules/unrecoverablekeyexception/src/main/resources/single_entry_keystore.jks create mode 100644 security-modules/unrecoverablekeyexception/src/test/java/com/baeldung/unrecoverablekeyexception/KeyManagerInitializerUnitTest.java diff --git a/security-modules/pom.xml b/security-modules/pom.xml index 12c1714e6c..5702cfa98f 100644 --- a/security-modules/pom.xml +++ b/security-modules/pom.xml @@ -23,6 +23,7 @@ jwt oauth2-framework-impl sql-injection-samples + unrecoverablekeyexception diff --git a/security-modules/unrecoverablekeyexception/.gitignore b/security-modules/unrecoverablekeyexception/.gitignore new file mode 100644 index 0000000000..f83e8cf07c --- /dev/null +++ b/security-modules/unrecoverablekeyexception/.gitignore @@ -0,0 +1,3 @@ +.idea +target +*.iml diff --git a/security-modules/unrecoverablekeyexception/pom.xml b/security-modules/unrecoverablekeyexception/pom.xml new file mode 100644 index 0000000000..47fcce0f5b --- /dev/null +++ b/security-modules/unrecoverablekeyexception/pom.xml @@ -0,0 +1,19 @@ + + + 4.0.0 + + com.baeldung.unrecoverablekeyexception + unrecoverablekeyexception + + unrecoverablekeyexception + + + com.baeldung + security-modules + 1.0.0-SNAPSHOT + ../pom.xml + + + \ No newline at end of file diff --git a/security-modules/unrecoverablekeyexception/src/main/java/com/baeldung/unrecoverablekeyexception/KeyManagerInitializer.java b/security-modules/unrecoverablekeyexception/src/main/java/com/baeldung/unrecoverablekeyexception/KeyManagerInitializer.java new file mode 100644 index 0000000000..c3434edaa3 --- /dev/null +++ b/security-modules/unrecoverablekeyexception/src/main/java/com/baeldung/unrecoverablekeyexception/KeyManagerInitializer.java @@ -0,0 +1,32 @@ +package com.baeldung.unrecoverablekeyexception; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URISyntaxException; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.X509ExtendedKeyManager; + +public class KeyManagerInitializer { + + public static X509ExtendedKeyManager initializeKeyManager(String privateKeyPassword, String keystoreLocation) + throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException, URISyntaxException { + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + KeyStore instance = KeyStore.getInstance(KeyStore.getDefaultType()); + InputStream resourceAsStream = Files.newInputStream(Paths.get(ClassLoader.getSystemResource(keystoreLocation).toURI())); + instance.load(resourceAsStream, "admin123".toCharArray()); + kmf.init(instance, privateKeyPassword.toCharArray()); + return (X509ExtendedKeyManager) kmf.getKeyManagers()[0]; + } + + public static X509ExtendedKeyManager initializeKeyManager(String privateKeyPassword) + throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException, URISyntaxException { + return initializeKeyManager(privateKeyPassword, "single_entry_keystore.jks"); + } +} diff --git a/security-modules/unrecoverablekeyexception/src/main/resources/multi_entry_keystore.jks b/security-modules/unrecoverablekeyexception/src/main/resources/multi_entry_keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..f75047ab53d3fe1a696de2f4e74e9292cf7608b2 GIT binary patch literal 4459 zcmchZRa6xE+Qz3~=mrOo7LXnqL>Nj?kfFOA5HRQ(kdP82hoJ-{r8^Yql#)_PS{OlU zKw27(XRmYC+3W1HzVB{d{4bv8>Rr!z{_p#{+`8NX005wWJs<#T>*V3)BPap@05L%0 zNeBQy0D=cYF5wh}B>aRx2#^m%4FnPZAi(!D%UHAI>|hJyXA8`q%py!xw3|2ScZEfM*s|C*mEbQ{( z%{y;iUb5I8Fln{`o%e4-i@&x83KBoiGT@uRH=T)~hD11r06%U`?k7%^5;m#0e6l9* z(r&u$wLx3mjBIVfzu^^yHATp=nM4_c5twp}KnH}zkvp?8xld3u`2ys-hV2qLD-6vc z_)0U9BgsQpai+?i@3(I~vYRihurdNo&KJ35nQD7s%kKhG2NKuw7*juRX49^9dVb*z z>9us^G`{F;raCgiGXv-3Xe(`9h2wbB{o1oeUm%&znsH;9lUWEUd6Ot^M(fVaoAogJ zasIfR$FlM1=?>z#_m6lA(yxm%XjqDVZA(ZE+YubbIOx&FHGkJ=x?T1?iEn$Azrxww zE-}^>SqP%nrQ+1z`hi+!jT1!etFt#VSvZ4bZoR&LyeNd%A{n=6sLV*pR3ulQ|0vn@ z+I|#CEUy}PKS+*Moal59W>t8j(Y@+f`yz+MzR|)qAR&b9Fbn%ZFk01PO+5}rFwHwo zqBi0y-DAG&yn0bhH#qOGaH<{U+541W0mA)GrvX^L4RxbR!sL;j

v@E^&Uon5ti! zilkd94(!$AJ0uatc?MgM#a<)iN4~l&tWVu7e%0eL zyqk z)fib-ILI#4zVC>=s$?bbnH&cs*P;a9ey0q~u2;cw&3-StZN=9HccAj59D#8(?JvuH zGk9J^3Rpc^&|V*XXUN#W%T{Iob*^L+mvh1-TYJbQzf2&3CRwVy8wPSU5K5%qdPje3 zbl2{aU&{*O(&qSUw9de-b!yk#M@oI;VM1LN2VWc2-~#sOl_*+}wa{Al==OI?kV2|~ zyiEyB8!u0M+8y|+Zz3@Yp0eSh;Cp2>_!^aORx7A*UJThv{!X1qrkqhCby>%PsV1t z>5m^^F>r-Pv23Y^!vR^$?=Ndn?d=a;+%JrB!xb^7aH?&P^UsW*|qMPPzQ`mYc%mgGN5LHkYAL$%qW%lXQcEre-< zrq6N;wu9@B9l?2|rB0>_5KcAj@~fwkHA{0a=Bu;1Lti%HB6eME!;R*P8J(e6v0m#dyrlY~v)pCXl1>7HN8q4h2YAuzzt=!3L`dPpgkS>*AuY($U4$A=`AB{VVay_aI)x;TSVy&YbMY%+`f|%N(4AvEELeDR0uh;E5Gmy;UF4ng zw3&MIy-56NiCf%-WppT1`Vir9%+OLGFcVrfH58DOx*zX+fQ_duBUF?R`eZX~lJ$_R zeos@Dbm|k;Ud^#acw;Uu#}zi3Z04?lHUTh*Oe;WFw>N!Gd0ix-bypv~{U9t~gviRe zYEy`V8~*r-|AG|JKOn_Kg8Db4fPX{E)&GDL{MWer4_7@RqJ0jhpA~r8YWI}eHt&{m z{HSiPQArnZtK5akmDX(NIF0Rfgk8zI_|=vjMLHg*rR}lK)0n0_r-m$`Zz6=$z3nb} z84W^-)JO#oEY$wZ#%&J4uZbm($b0yvbm?#WvbYwL?`^$A6*-gZ;c&jQ8)3_j67OHJ z5}T*$)e_%yQhn7^(RW_AN+c}7i+jNsU3(vwqLaP;hMF}xYV~^el(J7&xG?z%eaRY9 z$%Unf?Mexfl(k7rqYEwr^=fqMI*9|gC14smh(O@cbe_zid7_CH$pa_z$Vd6~R4F=m ze(;7P^5irqg6oD2(|1->BI-4eCfr)O&+KVzeP(jQd+R9w)S3R7k#U)lx#cpa2=Q0R z;sRbyC4Ch^_v$=U$@7LvQ3XQJ3f6d%1Uve@&S2X_xjc4Ri}$Q5NQ_9y-$T7Sb(w}I zlq6?qMaK_JZ=>IAg+z6VME9AkXE~lQA%@&Tv|*I%l|^|!QjG^D7`0Ynqd^HT+FRTm>#PVPw_-@}Y z-DR;tnQ01XgzUK@LkT65R^NMDw#QB_x9pk1;N&d}!q5HjNJ{gg<8wFSHc>-7nQYp| zfLjx58}u`@a?Nl^xC#RmdIXqUK5tZK900PjT*IV`2p9OB9(gfw3!cbvbiVm4+1WKT z^+LI*<(B+-)yP|ZAeGAVA&tt`NWt9vntUo=mVkk4L;g|d79ta(;Bj;Cg#zLObcp>| z$9Wy_N?HI7hgB6Yw^u#rTntA(l;`I}J%YIi*)szU(X;~o+_?!mF!Wr>?D6s2!RYutembCi#TYc+_}qcY0za0%OQ$N@-}#Rro3^& z{_%%55&GBS6m94RhKF&ED`=XvLnqBXG8K0!-oy2nK8nou$;OytIC}b}O2nNp_VcB> zm{Nt?md);#x@N0pJ44(f>aDpnMLg>&*;4ny=7|ijQZ*~{9t@;qMFEv8`2YaF%Z>EAVlf2=_^7qFH%;P}4(B=dD&%#p4{&PzsB zf*`bB&j%`Lfnl7VpzOoaAK`+Pg-pEnb-+Bn{Rcb%ZV7 zK|oii(JY0!k_WT2E+q-sID$|4MK=?i*}o|#l-~phQS;xD2vsF-bu#?GH3(n5qL8N} z>R_~WjrOLWDDPTdQ0o$SJUuw4{y7bA9mEtX5Rsjz%TT-CuyWMaKsS7-WT0gw=<=kB z#Xzi)#=X_ic|H+n;ro$GP9L$ebCH~I)09!3@0Q%tk+OG&^f(U`DGQAgw^(@%R@3v* zj&JCz?*~Mu8SB9X3r$~U{}-j?_@S80EDd9?-hbFt2-H_GDs6iGU!D4cQfz<&o^2OV z^O6GcCF_Ilv?B|pL?`!kKAGX%^sz!UHS$%!IStt)$I-f7X|Ndzx*7j;X16)h0D^z=}Ofp@5<$$i{|#otW#_G_Bpp_%1n`(U_ PUnzRg>Gj!QX^npXr!Aqi literal 0 HcmV?d00001 diff --git a/security-modules/unrecoverablekeyexception/src/main/resources/single_entry_keystore.jks b/security-modules/unrecoverablekeyexception/src/main/resources/single_entry_keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..253f36f3748f8291fde9d7f1811cde6be7ab57a8 GIT binary patch literal 2241 zcmcgt`8U)J7oW{AV~IuvV~GhNe8;{-L_=B2HqnTlp^P#1#-L>EJ7r%A*%BIii0~BI zl8CY-UXlGFOTD&No%cPbzu^7h-g7>md+t5=eC|E>9;_U!fIuL~k%503hmR}uCdFCK znd<9JKOz&siYb905DOS!!1e(yI8qi4hJj@uJYX;j2*!XdXfF#IS2u7-;zYW2b?Iwq z7F&c!`~zZGTi5f`>@4B45>9o8BE=LqG;wCGM;Y#9x7tpB9)cP9dUjVC?|t#MWBK5F zo)-ZNh39z#`5dC@hXx9eQwW))=9|ubKbE^UVk-mcy&Mf(xbHunSGaboQ##D7XXkd0 zO`DhYPno$b<7s90`kulJ?tCp?-%sAJlNL7hy5eq7kNM|>0TSi zYnQ%OAXE^EpPN`;-dE8;I9@IAR9Km!>F%w!)?fmrZCYC$sbOWpK67jEmrJ)(UVB|{ zVsmG^tC(Y~bzI%Gl#Y!QYTAnN?Ox+JWVLqi(M+2R0ZdT2jZrO=y_HV>PSzfu%cRz< zmKMsiCqC96>#~8TW2qCx;iKjQG7sE|@PzU~y$jng(K)Nx&E492&9P~wta=OeRWS1j zNV_XL>OC`_(x8ZJ_WQEuJj6E-8;)w5MOdKIuCAHZb}NhV&AKm%pKH~+Swp`fzhn66pk;h^Q>H|AuA#fV z*-|#B4ucLi4+yPbqNTJ$2KPgVl~K8X1qp*kKi!FmmtvlftQ6Lx>y9H2S{7cunhRA6}bIE&Gbv&gIf!(|lp+ zd5XR0qP32tIMOx_zsK+yjEjG=+x3J**+A|v2XnD~OX8im0o>6TB&^7IuuW8WYl?kx zjUyL@Uv>6(yofJ^3p}k2H$NjI;k9kt)bf&W7OwQMwy7obqR|U%$P6ysa2PXtm7{Yq zwc(uy7)qH)h{Y{=uvox_?Uc!i4H@Npe?)g=tg<6V`)63EbWlP(L1;jMn7dmD#BbTdRSNF zZu>o6r*1ZzYfqm^C75HcE=vk+j;|z?)!ogAmPBgl`J>pi!d0L89LtLm6`K2;{zlLD zebyU}ZZ?w|Y#%tTKWp)v2fNhL?!aD^>WEdK^y{5qzk!(HDFr-gn zt~=lGH(bC|rE(;|WpA{~+q6;$+fI|Z>IXvS<`Q;nl6Ki`XE(l=%_MdY^$VaMLIb1P z2)4=U4#8%tr>f-!MQz`)#PP>{ebxsPK)ilB6M0X?p?TB#bTUbECo2^@PCQ)HUkl34 z>&{b^w@4RJ--_kA(zZS&+bddMQj6bG%PpT%2fsc#~O1KErR4J7apAdu)@N zyjrSpx#vf9)UwfV+AEZ zv=wqpFT>zlJz!CE*^EDK=@o-D>!+xKvNX&qq`yFoQ=FAeb8rl;AMCm%R3m-gaI`no z5$0hO^me^otUN)U#oa9UTQI4VRGi1?-p-g|!IUD+%S>8iW9XfpxSW*V=aGdVuL5X* zKu{lm0rdbF5ZgQ`1Pp<|fM8iMfD?|8i7<-T;RJ)(SwO%o96Nx3L#<(O6vW!{e}L^b zI1X_Cim;*(o=zSl4=0k38x95V{Nj)(B+bp)i$?k7aL10S9+B)QIEms#qj}-}n+ZiB zoJj7jRC!Nt4?qOXsi+JnE8=h}fEo^GcLY`bfd9u%7+~=~WjJ~gPzLxI2w;Gb5C#|w zsua_5HOMBe73vE>2^HepxTE`sr{)N)YlVDo(tIC zDi+Cx>UX1ux_weG+n{UFEQx9MF2^uks?RPxo+9WSR_VKZ1=GaLzj(b^pE1|qwx=Jk zd1!E+%|G1eX&%iX`UDC&J+_$GCoHGjIcKVl#ttGilWy5+sr5<3Z=eIDcABz`+*s{9 zzwNR8O zECz@I!bf8j=7RCTc%Ljfa0!0<2Z6mH$x4%0GJjsG`{hp&k9O%uL@-EjvROTGL1y!X zTme6%H9)e1{Gk(zh07!h;@oP|n^MRNEweYVe@*Zh3#jO9_g~V_lzwJZ?jRM;JJo(- ztqP4hNBg_9@<9-^0Q<@1O=G@Yj4kDmB8x7L-4jS!)6-HlDQ~g6%t>WY5max=jny&T zHoLzroSC-Pe}|&2(oF=I=XXCeLU@^q-Q44gu#>MgM^xK!N!x_#||>bZfwCAn%w9LZ>)GOVb4gXJ}5#m;((DV7N6PfZLdcy9ii*V>X4M~ zr&3YvW|tok?6t2=qKa%A9KBm|K$?%7{7oq}-?z1u%1?$Gb`)h<`H$_xFPx_;*B7>C K+mqA7uKfq-Ou+a6 literal 0 HcmV?d00001 diff --git a/security-modules/unrecoverablekeyexception/src/test/java/com/baeldung/unrecoverablekeyexception/KeyManagerInitializerUnitTest.java b/security-modules/unrecoverablekeyexception/src/test/java/com/baeldung/unrecoverablekeyexception/KeyManagerInitializerUnitTest.java new file mode 100644 index 0000000000..a8d203edc0 --- /dev/null +++ b/security-modules/unrecoverablekeyexception/src/test/java/com/baeldung/unrecoverablekeyexception/KeyManagerInitializerUnitTest.java @@ -0,0 +1,45 @@ +package com.baeldung.unrecoverablekeyexception; + +import java.security.UnrecoverableKeyException; +import org.assertj.core.api.Assertions; +import org.assertj.core.api.ThrowableAssert.ThrowingCallable; +import org.junit.Test; + +public class KeyManagerInitializerUnitTest { + + @Test + public void givenPasswordIsCorrect_whenInitializingTheKeyManager_thenNoExceptionIsThrown() { + // Given. + String privateKeyPassword = "privateKeyPassword"; + + // When. + ThrowingCallable initializeKeyManager = () -> KeyManagerInitializer.initializeKeyManager(privateKeyPassword); + + // Then. + Assertions.assertThatCode(initializeKeyManager).doesNotThrowAnyException();; + } + + @Test + public void givenPasswordIsWrong_whenInitializingTheKeyManager_thenUnrecoverableKeyExceptionExceptionIsThrown() { + // Given. + String privateKeyPassword = "wrongPassword"; + + // When. + ThrowingCallable initializeKeyManager = () -> KeyManagerInitializer.initializeKeyManager(privateKeyPassword); + + // Then. + Assertions.assertThatThrownBy(initializeKeyManager).isInstanceOf(UnrecoverableKeyException.class); + } + + @Test + public void givenMultipleKeysWithDifferentPasswordsInKeystore_whenInitializingTheKeyManager_thenUnrecoverableKeyExceptionIsThrown() { + // Given. + String firstPrivateKeyPassword = "abc123"; + + // When. + ThrowingCallable initializeKeyManager = () -> KeyManagerInitializer.initializeKeyManager(firstPrivateKeyPassword, "multi_entry_keystore.jks"); + + // Then. + Assertions.assertThatThrownBy(initializeKeyManager).isInstanceOf(UnrecoverableKeyException.class); + } +} \ No newline at end of file