Java Code Examples for org.apache.hadoop.security.alias.CredentialProvider#getCredentialEntry()

The following examples show how to use org.apache.hadoop.security.alias.CredentialProvider#getCredentialEntry() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SecurityUtil.java    From atlas with Apache License 2.0 7 votes vote down vote up
/**
 * Retrieves a password from a configured credential provider or prompts for the password and stores it in the
 * configured credential provider.
 * @param config application configuration
 * @param key the key/alias for the password.
 * @return the password.
 * @throws IOException
 */
public static String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {

    String password;

    String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
    if (provider != null) {
        LOG.info("Attempting to retrieve password for key {} from configured credential provider path {}", key, provider);
        Configuration c = new Configuration();
        c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0);
        CredentialProvider.CredentialEntry entry = credentialProvider.getCredentialEntry(key);
        if (entry == null) {
            throw new IOException(String.format("No credential entry found for %s. "
                    + "Please create an entry in the configured credential provider", key));
        } else {
            password = String.valueOf(entry.getCredential());
        }

    } else {
        throw new IOException("No credential provider path configured for storage of certificate store passwords");
    }

    return password;
}
 
Example 2
Source File: SecureEmbeddedServer.java    From incubator-atlas with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieves a password from a configured credential provider or prompts for the password and stores it in the
 * configured credential provider.
 * @param config application configuration
 * @param key the key/alias for the password.
 * @return the password.
 * @throws IOException
 */
private String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {

    String password;

    String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
    if (provider != null) {
        LOG.info("Attempting to retrieve password from configured credential provider path");
        Configuration c = new Configuration();
        c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0);
        CredentialProvider.CredentialEntry entry = credentialProvider.getCredentialEntry(key);
        if (entry == null) {
            throw new IOException(String.format("No credential entry found for %s. "
                    + "Please create an entry in the configured credential provider", key));
        } else {
            password = String.valueOf(entry.getCredential());
        }

    } else {
        throw new IOException("No credential provider path configured for storage of certificate store passwords");
    }

    return password;
}
 
Example 3
Source File: LdapRealm.java    From zeppelin with Apache License 2.0 6 votes vote down vote up
static String getSystemPassword(String hadoopSecurityCredentialPath,
    String keystorePass) {
  String password = "";
  try {
    Configuration configuration = new Configuration();
    configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
        hadoopSecurityCredentialPath);
    CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0);
    CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(keystorePass);
    if (credEntry != null) {
      password = new String(credEntry.getCredential());
    }
  } catch (IOException e) {
    throw new ShiroException("Error from getting credential entry from keystore", e);
  }
  if (org.apache.commons.lang3.StringUtils.isEmpty(password)) {
    throw new ShiroException("Error getting SystemPassword from the provided keystore:"
        + keystorePass + ", in path:" + hadoopSecurityCredentialPath);
  }
  return password;
}
 
Example 4
Source File: RangerCredentialProvider.java    From ranger with Apache License 2.0 6 votes vote down vote up
public String getCredentialString(String url, String alias) {
	if (url != null && alias != null) {
		List<CredentialProvider> providers = getCredentialProviders(url);
		if (providers != null) {
			for (CredentialProvider provider : providers) {
				try {
					CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(alias);
					if (credEntry != null && credEntry.getCredential() != null) {
						return new String(credEntry.getCredential());
					}
				} catch (Exception ie) {
					LOG.error("Unable to get the Credential Provider from the Configuration", ie);
				}
			}
		}
	}
	return null;
}
 
Example 5
Source File: Configuration.java    From Flink-CEPplus with Apache License 2.0 5 votes vote down vote up
/**
 * Get the credential entry by name from a credential provider.
 *
 * Handle key deprecation.
 *
 * @param provider a credential provider
 * @param name alias of the credential
 * @return the credential entry or null if not found
 */
private CredentialEntry getCredentialEntry(CredentialProvider provider,
                                           String name) throws IOException {
	CredentialEntry entry = provider.getCredentialEntry(name);
	if (entry != null) {
		return entry;
	}

	// The old name is stored in the credential provider.
	String oldName = getDeprecatedKey(name);
	if (oldName != null) {
		entry = provider.getCredentialEntry(oldName);
		if (entry != null) {
			logDeprecationOnce(oldName, provider.toString());
			return entry;
		}
	}

	// The name is deprecated.
	DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
	if (keyInfo != null && keyInfo.newKeys != null) {
		for (String newName : keyInfo.newKeys) {
			entry = provider.getCredentialEntry(newName);
			if (entry != null) {
				logDeprecationOnce(name, null);
				return entry;
			}
		}
	}

	return null;
}
 
Example 6
Source File: Configuration.java    From flink with Apache License 2.0 5 votes vote down vote up
/**
 * Get the credential entry by name from a credential provider.
 *
 * Handle key deprecation.
 *
 * @param provider a credential provider
 * @param name alias of the credential
 * @return the credential entry or null if not found
 */
private CredentialEntry getCredentialEntry(CredentialProvider provider,
                                           String name) throws IOException {
	CredentialEntry entry = provider.getCredentialEntry(name);
	if (entry != null) {
		return entry;
	}

	// The old name is stored in the credential provider.
	String oldName = getDeprecatedKey(name);
	if (oldName != null) {
		entry = provider.getCredentialEntry(oldName);
		if (entry != null) {
			logDeprecationOnce(oldName, provider.toString());
			return entry;
		}
	}

	// The name is deprecated.
	DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
	if (keyInfo != null && keyInfo.newKeys != null) {
		for (String newName : keyInfo.newKeys) {
			entry = provider.getCredentialEntry(newName);
			if (entry != null) {
				logDeprecationOnce(name, null);
				return entry;
			}
		}
	}

	return null;
}
 
Example 7
Source File: CredentialProviderUtility.java    From incubator-atlas with Apache License 2.0 5 votes vote down vote up
public static void main(String[] args) throws IOException {
    // prompt for the provider name
    CredentialProvider provider = getCredentialProvider(textDevice);

    if(provider != null) {
        char[] cred;
        for (String key : KEYS) {
            cred = getPassword(textDevice, key);
            // create a credential entry and store it
            boolean overwrite = true;
            if (provider.getCredentialEntry(key) != null) {
                String choice = textDevice.readLine("Entry for %s already exists.  Overwrite? (y/n) [y]:", key);
                overwrite = StringUtils.isEmpty(choice) || choice.equalsIgnoreCase("y");
                if (overwrite) {
                    provider.deleteCredentialEntry(key);
                    provider.flush();
                    provider.createCredentialEntry(key, cred);
                    provider.flush();
                    textDevice.printf("Entry for %s was overwritten with the new value.\n", key);
                } else {
                    textDevice.printf("Entry for %s was not overwritten.\n", key);
                }
            } else {
                provider.createCredentialEntry(key, cred);
                provider.flush();
            }
        }
    }
}
 
Example 8
Source File: JDBCInterpreter.java    From zeppelin with Apache License 2.0 5 votes vote down vote up
private String getPassword(Properties properties) throws IOException, InterpreterException {
  if (isNotEmpty(properties.getProperty(PASSWORD_KEY))) {
    return properties.getProperty(PASSWORD_KEY);
  } else if (isNotEmpty(properties.getProperty(JDBC_JCEKS_FILE))
      && isNotEmpty(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY))) {
    try {
      Configuration configuration = new Configuration();
      configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
          properties.getProperty(JDBC_JCEKS_FILE));
      CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0);
      CredentialProvider.CredentialEntry credEntry =
          provider.getCredentialEntry(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY));
      if (credEntry != null) {
        return new String(credEntry.getCredential());
      } else {
        throw new InterpreterException("Failed to retrieve password from JCEKS from key: "
            + properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY));
      }
    } catch (Exception e) {
      LOGGER.error("Failed to retrieve password from JCEKS \n" +
          "For file: {} \nFor key: {}", properties.getProperty(JDBC_JCEKS_FILE),
              properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY), e);
      throw e;
    }
  }
  return null;
}
 
Example 9
Source File: Configuration.java    From flink with Apache License 2.0 5 votes vote down vote up
/**
 * Get the credential entry by name from a credential provider.
 *
 * Handle key deprecation.
 *
 * @param provider a credential provider
 * @param name alias of the credential
 * @return the credential entry or null if not found
 */
private CredentialEntry getCredentialEntry(CredentialProvider provider,
                                           String name) throws IOException {
	CredentialEntry entry = provider.getCredentialEntry(name);
	if (entry != null) {
		return entry;
	}

	// The old name is stored in the credential provider.
	String oldName = getDeprecatedKey(name);
	if (oldName != null) {
		entry = provider.getCredentialEntry(oldName);
		if (entry != null) {
			logDeprecationOnce(oldName, provider.toString());
			return entry;
		}
	}

	// The name is deprecated.
	DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
	if (keyInfo != null && keyInfo.newKeys != null) {
		for (String newName : keyInfo.newKeys) {
			entry = provider.getCredentialEntry(newName);
			if (entry != null) {
				logDeprecationOnce(name, null);
				return entry;
			}
		}
	}

	return null;
}
 
Example 10
Source File: CredentialReader.java    From ranger with Apache License 2.0 4 votes vote down vote up
public static String getDecryptedString(String CrendentialProviderPath,String alias) {
 String credential=null;
 try{
  if(CrendentialProviderPath==null || alias==null){
	  return null;
  }		  		
  char[] pass = null;
  Configuration conf = new Configuration();
  String crendentialProviderPrefixJceks=JavaKeyStoreProvider.SCHEME_NAME + "://file";
  String crendentialProviderPrefixLocalJceks="localjceks://file";
  crendentialProviderPrefixJceks=crendentialProviderPrefixJceks.toLowerCase();
  CrendentialProviderPath=CrendentialProviderPath.trim();
  alias=alias.trim();
  if(CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixJceks) || CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixLocalJceks)){
	  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
			   //UserProvider.SCHEME_NAME + ":///," +
	  CrendentialProviderPath);
  }else{
	  if(CrendentialProviderPath.startsWith("/")){
		  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
				   //UserProvider.SCHEME_NAME + ":///," +
		  JavaKeyStoreProvider.SCHEME_NAME + "://file" + CrendentialProviderPath);
	  }else{
		  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
				   //UserProvider.SCHEME_NAME + ":///," +
				  JavaKeyStoreProvider.SCHEME_NAME + "://file/" + CrendentialProviderPath);
	  }
  }
  List<CredentialProvider> providers = CredentialProviderFactory.getProviders(conf);
  List<String> aliasesList=new ArrayList<String>();
  CredentialProvider.CredentialEntry credEntry=null;
  for(CredentialProvider provider: providers) {
            //System.out.println("Credential Provider :" + provider);
	  aliasesList=provider.getAliases();
	  if(aliasesList!=null && aliasesList.contains(alias.toLowerCase())){
		  credEntry=null;
		  credEntry= provider.getCredentialEntry(alias);
		  pass = credEntry.getCredential();
		  if(pass!=null && pass.length>0){
			  credential=String.valueOf(pass);
			  break;
		  }				
	  }
  }
 }catch(Exception ex){
  ex.printStackTrace();
  credential=null;
 }
 return credential;
}
 
Example 11
Source File: CredentialReader.java    From ranger with Apache License 2.0 4 votes vote down vote up
public static String getDecryptedString(String CrendentialProviderPath,String alias) {
 String credential=null;
 try{
  if(CrendentialProviderPath==null || alias==null||CrendentialProviderPath.trim().isEmpty()||alias.trim().isEmpty()){
	  return null;
  }		  		
  char[] pass = null;
  Configuration conf = new Configuration();
  String crendentialProviderPrefixJceks=JavaKeyStoreProvider.SCHEME_NAME + "://file";
  String crendentialProviderPrefixLocalJceks="localjceks://file";
  crendentialProviderPrefixJceks=crendentialProviderPrefixJceks.toLowerCase();
  CrendentialProviderPath=CrendentialProviderPath.trim();
  alias=alias.trim();
  if(CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixJceks) ||  CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixLocalJceks)){
	  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
			   //UserProvider.SCHEME_NAME + ":///," +
	  CrendentialProviderPath);
  }else{
	  if(CrendentialProviderPath.startsWith("/")){
		  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
				   //UserProvider.SCHEME_NAME + ":///," +
		  JavaKeyStoreProvider.SCHEME_NAME + "://file" + CrendentialProviderPath);
	  }else{
		  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
				   //UserProvider.SCHEME_NAME + ":///," +
		  JavaKeyStoreProvider.SCHEME_NAME + "://file/" + CrendentialProviderPath);
	  }
  }	 	
  List<CredentialProvider> providers = CredentialProviderFactory.getProviders(conf);
  List<String> aliasesList=new ArrayList<String>();
  CredentialProvider.CredentialEntry credEntry=null;
  for(CredentialProvider provider: providers) {
            //System.out.println("Credential Provider :" + provider);
	  aliasesList=provider.getAliases();
	  if(aliasesList!=null && aliasesList.contains(alias.toLowerCase())){
		  credEntry=null;
		  credEntry= provider.getCredentialEntry(alias);
		  pass = credEntry.getCredential();
		  if(pass!=null && pass.length>0){
			  credential=String.valueOf(pass);
			  break;
		  }				
	  }
  }
 }catch(Exception ex){
  ex.printStackTrace();
  credential=null;
 }
 return credential;
}