Java Code Examples for org.apache.hadoop.security.alias.CredentialProvider#flush()

The following examples show how to use org.apache.hadoop.security.alias.CredentialProvider#flush() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TestSentryStore.java    From incubator-sentry with Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setup() throws Exception {
  conf = new Configuration(false);
  final String ourUrl = UserProvider.SCHEME_NAME + ":///";
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
  CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
  provider.createCredentialEntry(ServerConfig.
      SENTRY_STORE_JDBC_PASS, passwd);
  provider.flush();

  dataDir = new File(Files.createTempDir(), "sentry_policy_db");
  conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false");
  conf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
      "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true");
  conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy");
  conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups);
  conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING,
      ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING);
  policyFilePath = new File(dataDir, "local_policy_file.ini");
  conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE,
      policyFilePath.getPath());
  sentryStore = new SentryStore(conf);
}
 
Example 2
Source File: BaseSSLAndKerberosTest.java    From atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 3
Source File: ReportLineageToAtlas.java    From nifi with Apache License 2.0 5 votes vote down vote up
private void setAtlasSSLConfig(Properties atlasProperties, ConfigurationContext context, List<String> urls, File confDir) throws Exception {
    boolean isAtlasApiSecure = urls.stream().anyMatch(url -> url.toLowerCase().startsWith("https"));
    atlasProperties.put(ATLAS_PROPERTY_ENABLE_TLS, String.valueOf(isAtlasApiSecure));

    // ssl-client.xml must be deleted, Atlas will not regenerate it otherwise
    Path credStorePath = new File(confDir, CRED_STORE_FILENAME).toPath();
    Files.deleteIfExists(credStorePath);
    Path sslClientXmlPath = new File(confDir, SSL_CLIENT_XML_FILENAME).toPath();
    Files.deleteIfExists(sslClientXmlPath);

    if (isAtlasApiSecure) {
        SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        if (sslContextService == null) {
            getLogger().warn("No SSLContextService configured, the system default truststore will be used.");
        } else if (!sslContextService.isTrustStoreConfigured()) {
            getLogger().warn("No truststore configured on SSLContextService, the system default truststore will be used.");
        } else if (!KEYSTORE_TYPE_JKS.equalsIgnoreCase(sslContextService.getTrustStoreType())) {
            getLogger().warn("The configured truststore type is not supported by Atlas (not JKS), the system default truststore will be used.");
        } else {
            atlasProperties.put(ATLAS_PROPERTY_TRUSTSTORE_FILE, sslContextService.getTrustStoreFile());

            String password = sslContextService.getTrustStorePassword();
            // Hadoop Credential Provider JCEKS URI format: localjceks://file/PATH/TO/JCEKS
            String credStoreUri = credStorePath.toUri().toString().replaceFirst("^file://", "localjceks://file");

            CredentialProvider credentialProvider = new LocalJavaKeyStoreProvider.Factory().createProvider(new URI(credStoreUri), new Configuration());
            credentialProvider.createCredentialEntry(TRUSTSTORE_PASSWORD_ALIAS, password.toCharArray());
            credentialProvider.flush();

            atlasProperties.put(ATLAS_PROPERTY_CRED_STORE_PATH, credStoreUri);
        }
    }
}
 
Example 4
Source File: SecureEmbeddedServerTestBase.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 5
Source File: BaseSSLAndKerberosTest.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 6
Source File: SSLTest.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 7
Source File: CredentialProviderUtility.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
public static void main(String[] args) throws IOException {
    // prompt for the provider name
    CredentialProvider provider = getCredentialProvider(textDevice);

    if(provider != null) {
        char[] cred;
        for (String key : KEYS) {
            cred = getPassword(textDevice, key);
            // create a credential entry and store it
            boolean overwrite = true;
            if (provider.getCredentialEntry(key) != null) {
                String choice = textDevice.readLine("Entry for %s already exists.  Overwrite? (y/n) [y]:", key);
                overwrite = StringUtils.isEmpty(choice) || choice.equalsIgnoreCase("y");
                if (overwrite) {
                    provider.deleteCredentialEntry(key);
                    provider.flush();
                    provider.createCredentialEntry(key, cred);
                    provider.flush();
                    textDevice.printf("Entry for %s was overwritten with the new value.\n", key);
                } else {
                    textDevice.printf("Entry for %s was not overwritten.\n", key);
                }
            } else {
                provider.createCredentialEntry(key, cred);
                provider.flush();
            }
        }
    }
}
 
Example 8
Source File: KeyStoreTestUtil.java    From big-c with Apache License 2.0 5 votes vote down vote up
public static void provisionPasswordsToCredentialProvider() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));

  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
  JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};

  // create new aliases
  try {
    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY),
            storepass);

    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
            keypass);

    // write out so that it can be found in checks
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
}
 
Example 9
Source File: KeyStoreTestUtil.java    From hadoop with Apache License 2.0 5 votes vote down vote up
public static void provisionPasswordsToCredentialProvider() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));

  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
  JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};

  // create new aliases
  try {
    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY),
            storepass);

    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
            keypass);

    // write out so that it can be found in checks
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
}
 
Example 10
Source File: SecureEmbeddedServerTestBase.java    From atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 11
Source File: SSLTest.java    From atlas with Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 12
Source File: TestDFSUtil.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Test
public void testGetPassword() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));

  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
  JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};
  char[] trustpass = {'t', 'r', 'u', 's', 't', 'p', 'a', 's', 's'};

  // ensure that we get nulls when the key isn't there
  assertEquals(null, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_KEYPASSWORD_KEY));
  assertEquals(null, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY));
  assertEquals(null, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY));

  // create new aliases
  try {
    provider.createCredentialEntry(
        DFS_SERVER_HTTPS_KEYPASSWORD_KEY, keypass);

    provider.createCredentialEntry(
        DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY, storepass);

    provider.createCredentialEntry(
        DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY, trustpass);

    // write out so that it can be found in checks
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
  // make sure we get back the right key directly from api
  assertArrayEquals(keypass, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_KEYPASSWORD_KEY).getCredential());
  assertArrayEquals(storepass, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY).getCredential());
  assertArrayEquals(trustpass, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY).getCredential());

  // use WebAppUtils as would be used by loadSslConfiguration
  Assert.assertEquals("keypass",
      DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_KEYPASSWORD_KEY));
  Assert.assertEquals("storepass",
      DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY));
  Assert.assertEquals("trustpass",
      DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY));

  // let's make sure that a password that doesn't exist returns null
  Assert.assertEquals(null, DFSUtil.getPassword(conf,"invalid-alias"));
}
 
Example 13
Source File: TestWebAppUtils.java    From big-c with Apache License 2.0 4 votes vote down vote up
protected Configuration provisionCredentialsForSSL() throws IOException,
    Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));

  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
  JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};
  char[] trustpass = {'t', 'r', 'u', 's', 't', 'p', 'a', 's', 's'};

  // ensure that we get nulls when the key isn't there
  assertEquals(null, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_KEY_PASSWORD_KEY));
  assertEquals(null, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY));
  assertEquals(null, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY));

  // create new aliases
  try {
    provider.createCredentialEntry(
        WebAppUtils.WEB_APP_KEY_PASSWORD_KEY, keypass);

    provider.createCredentialEntry(
        WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY, storepass);

    provider.createCredentialEntry(
        WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY, trustpass);

    // write out so that it can be found in checks
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
  // make sure we get back the right key directly from api
  assertArrayEquals(keypass, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_KEY_PASSWORD_KEY).getCredential());
  assertArrayEquals(storepass, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY).getCredential());
  assertArrayEquals(trustpass, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY).getCredential());
  return conf;
}
 
Example 14
Source File: TestLdapGroupsMapping.java    From big-c with Apache License 2.0 4 votes vote down vote up
@Test
public void testConfGetPassword() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
                                             "target/test-dir"));
  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
      JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] bindpass = {'b', 'i', 'n', 'd', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};

  // ensure that we get nulls when the key isn't there
  assertEquals(null, provider.getCredentialEntry(
      LdapGroupsMapping.BIND_PASSWORD_KEY));
  assertEquals(null, provider.getCredentialEntry
      (LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY));

  // create new aliases
  try {
    provider.createCredentialEntry(
        LdapGroupsMapping.BIND_PASSWORD_KEY, bindpass);

    provider.createCredentialEntry(
        LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, storepass);
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
  // make sure we get back the right key
  assertArrayEquals(bindpass, provider.getCredentialEntry(
      LdapGroupsMapping.BIND_PASSWORD_KEY).getCredential());
  assertArrayEquals(storepass, provider.getCredentialEntry(
      LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY).getCredential());

  LdapGroupsMapping mapping = new LdapGroupsMapping();
  Assert.assertEquals("bindpass",
      mapping.getPassword(conf, LdapGroupsMapping.BIND_PASSWORD_KEY, ""));
  Assert.assertEquals("storepass",
      mapping.getPassword(conf, LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY,
         ""));
  // let's make sure that a password that doesn't exist returns an
  // empty string as currently expected and used to trigger a call to
  // extract password
  Assert.assertEquals("", mapping.getPassword(conf,"invalid-alias", ""));
}
 
Example 15
Source File: TestLdapGroupsMapping.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testConfGetPassword() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
                                             "target/test-dir"));
  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
      JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] bindpass = {'b', 'i', 'n', 'd', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};

  // ensure that we get nulls when the key isn't there
  assertEquals(null, provider.getCredentialEntry(
      LdapGroupsMapping.BIND_PASSWORD_KEY));
  assertEquals(null, provider.getCredentialEntry
      (LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY));

  // create new aliases
  try {
    provider.createCredentialEntry(
        LdapGroupsMapping.BIND_PASSWORD_KEY, bindpass);

    provider.createCredentialEntry(
        LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, storepass);
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
  // make sure we get back the right key
  assertArrayEquals(bindpass, provider.getCredentialEntry(
      LdapGroupsMapping.BIND_PASSWORD_KEY).getCredential());
  assertArrayEquals(storepass, provider.getCredentialEntry(
      LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY).getCredential());

  LdapGroupsMapping mapping = new LdapGroupsMapping();
  Assert.assertEquals("bindpass",
      mapping.getPassword(conf, LdapGroupsMapping.BIND_PASSWORD_KEY, ""));
  Assert.assertEquals("storepass",
      mapping.getPassword(conf, LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY,
         ""));
  // let's make sure that a password that doesn't exist returns an
  // empty string as currently expected and used to trigger a call to
  // extract password
  Assert.assertEquals("", mapping.getPassword(conf,"invalid-alias", ""));
}
 
Example 16
Source File: TestDFSUtil.java    From hadoop with Apache License 2.0 4 votes vote down vote up
@Test
public void testGetPassword() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));

  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
  JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};
  char[] trustpass = {'t', 'r', 'u', 's', 't', 'p', 'a', 's', 's'};

  // ensure that we get nulls when the key isn't there
  assertEquals(null, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_KEYPASSWORD_KEY));
  assertEquals(null, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY));
  assertEquals(null, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY));

  // create new aliases
  try {
    provider.createCredentialEntry(
        DFS_SERVER_HTTPS_KEYPASSWORD_KEY, keypass);

    provider.createCredentialEntry(
        DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY, storepass);

    provider.createCredentialEntry(
        DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY, trustpass);

    // write out so that it can be found in checks
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
  // make sure we get back the right key directly from api
  assertArrayEquals(keypass, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_KEYPASSWORD_KEY).getCredential());
  assertArrayEquals(storepass, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY).getCredential());
  assertArrayEquals(trustpass, provider.getCredentialEntry(
      DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY).getCredential());

  // use WebAppUtils as would be used by loadSslConfiguration
  Assert.assertEquals("keypass",
      DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_KEYPASSWORD_KEY));
  Assert.assertEquals("storepass",
      DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY));
  Assert.assertEquals("trustpass",
      DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY));

  // let's make sure that a password that doesn't exist returns null
  Assert.assertEquals(null, DFSUtil.getPassword(conf,"invalid-alias"));
}
 
Example 17
Source File: TestWebAppUtils.java    From hadoop with Apache License 2.0 4 votes vote down vote up
protected Configuration provisionCredentialsForSSL() throws IOException,
    Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));

  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
  JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};
  char[] trustpass = {'t', 'r', 'u', 's', 't', 'p', 'a', 's', 's'};

  // ensure that we get nulls when the key isn't there
  assertEquals(null, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_KEY_PASSWORD_KEY));
  assertEquals(null, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY));
  assertEquals(null, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY));

  // create new aliases
  try {
    provider.createCredentialEntry(
        WebAppUtils.WEB_APP_KEY_PASSWORD_KEY, keypass);

    provider.createCredentialEntry(
        WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY, storepass);

    provider.createCredentialEntry(
        WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY, trustpass);

    // write out so that it can be found in checks
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
  // make sure we get back the right key directly from api
  assertArrayEquals(keypass, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_KEY_PASSWORD_KEY).getCredential());
  assertArrayEquals(storepass, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY).getCredential());
  assertArrayEquals(trustpass, provider.getCredentialEntry(
      WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY).getCredential());
  return conf;
}