Java Code Examples for org.apache.hadoop.security.alias.JavaKeyStoreProvider#SCHEME_NAME
The following examples show how to use
org.apache.hadoop.security.alias.JavaKeyStoreProvider#SCHEME_NAME .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SSLTest.java From incubator-atlas with Apache License 2.0 | 6 votes |
@BeforeClass public void setUp() throws Exception { jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri(); setupCredentials(); final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl); String persistDir = writeConfiguration(configuration); persistSSLClientConfiguration(configuration); originalConf = System.getProperty("atlas.conf"); System.setProperty("atlas.conf", persistDir); originalHomeDir = System.getProperty("atlas.home"); System.setProperty("atlas.home", TestUtils.getTargetDirectory()); atlasClient = new AtlasClient(configuration, new String[]{DGI_URL},new String[]{"admin","admin"}); secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) { @Override public org.apache.commons.configuration.Configuration getConfiguration() { return configuration; } }; secureEmbeddedServer.getServer().start(); }
Example 2
Source File: SSLTest.java From atlas with Apache License 2.0 | 6 votes |
public void setUp() throws Exception { jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri(); setupCredentials(); final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl); String persistDir = writeConfiguration(configuration); persistSSLClientConfiguration(configuration); originalConf = System.getProperty("atlas.conf"); System.setProperty("atlas.conf", persistDir); originalHomeDir = System.getProperty("atlas.home"); System.setProperty("atlas.home", TestUtils.getTargetDirectory()); atlasClient = new AtlasClient(configuration, new String[]{DGI_URL},new String[]{"admin","admin"}); secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) { @Override public org.apache.commons.configuration.Configuration getConfiguration() { return configuration; } }; secureEmbeddedServer.getServer().start(); }
Example 3
Source File: SecureEmbeddedServerTestBase.java From atlas with Apache License 2.0 | 5 votes |
@BeforeMethod public void setup() throws Exception { jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri(); String baseUrl = String.format("https://localhost:%d/", securePort); DefaultClientConfig config = new DefaultClientConfig(); Client client = Client.create(config); client.resource(UriBuilder.fromUri(baseUrl).build()); service = client.resource(UriBuilder.fromUri(baseUrl).build()); }
Example 4
Source File: SecureEmbeddedServerTestBase.java From incubator-atlas with Apache License 2.0 | 5 votes |
@BeforeMethod public void setup() throws Exception { jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri(); String baseUrl = String.format("https://localhost:%d/", securePort); DefaultClientConfig config = new DefaultClientConfig(); Client client = Client.create(config); client.resource(UriBuilder.fromUri(baseUrl).build()); service = client.resource(UriBuilder.fromUri(baseUrl).build()); }
Example 5
Source File: KeyStoreTestUtil.java From hadoop with Apache License 2.0 | 5 votes |
public static void provisionPasswordsToCredentialProvider() throws Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; // create new aliases try { provider.createCredentialEntry( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), storepass); provider.createCredentialEntry( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY), keypass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } }
Example 6
Source File: KeyStoreTestUtil.java From big-c with Apache License 2.0 | 5 votes |
public static void provisionPasswordsToCredentialProvider() throws Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; // create new aliases try { provider.createCredentialEntry( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY), storepass); provider.createCredentialEntry( FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER, FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY), keypass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } }
Example 7
Source File: TestDFSUtil.java From big-c with Apache License 2.0 | 4 votes |
@Test public void testGetPassword() throws Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; char[] trustpass = {'t', 'r', 'u', 's', 't', 'p', 'a', 's', 's'}; // ensure that we get nulls when the key isn't there assertEquals(null, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYPASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY)); // create new aliases try { provider.createCredentialEntry( DFS_SERVER_HTTPS_KEYPASSWORD_KEY, keypass); provider.createCredentialEntry( DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY, storepass); provider.createCredentialEntry( DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY, trustpass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } // make sure we get back the right key directly from api assertArrayEquals(keypass, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYPASSWORD_KEY).getCredential()); assertArrayEquals(storepass, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY).getCredential()); assertArrayEquals(trustpass, provider.getCredentialEntry( DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY).getCredential()); // use WebAppUtils as would be used by loadSslConfiguration Assert.assertEquals("keypass", DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_KEYPASSWORD_KEY)); Assert.assertEquals("storepass", DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY)); Assert.assertEquals("trustpass", DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY)); // let's make sure that a password that doesn't exist returns null Assert.assertEquals(null, DFSUtil.getPassword(conf,"invalid-alias")); }
Example 8
Source File: CredentialReader.java From ranger with Apache License 2.0 | 4 votes |
public static String getDecryptedString(String CrendentialProviderPath,String alias) { String credential=null; try{ if(CrendentialProviderPath==null || alias==null||CrendentialProviderPath.trim().isEmpty()||alias.trim().isEmpty()){ return null; } char[] pass = null; Configuration conf = new Configuration(); String crendentialProviderPrefixJceks=JavaKeyStoreProvider.SCHEME_NAME + "://file"; String crendentialProviderPrefixLocalJceks="localjceks://file"; crendentialProviderPrefixJceks=crendentialProviderPrefixJceks.toLowerCase(); CrendentialProviderPath=CrendentialProviderPath.trim(); alias=alias.trim(); if(CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixJceks) || CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixLocalJceks)){ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + CrendentialProviderPath); }else{ if(CrendentialProviderPath.startsWith("/")){ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + JavaKeyStoreProvider.SCHEME_NAME + "://file" + CrendentialProviderPath); }else{ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + JavaKeyStoreProvider.SCHEME_NAME + "://file/" + CrendentialProviderPath); } } List<CredentialProvider> providers = CredentialProviderFactory.getProviders(conf); List<String> aliasesList=new ArrayList<String>(); CredentialProvider.CredentialEntry credEntry=null; for(CredentialProvider provider: providers) { //System.out.println("Credential Provider :" + provider); aliasesList=provider.getAliases(); if(aliasesList!=null && aliasesList.contains(alias.toLowerCase())){ credEntry=null; credEntry= provider.getCredentialEntry(alias); pass = credEntry.getCredential(); if(pass!=null && pass.length>0){ credential=String.valueOf(pass); break; } } } }catch(Exception ex){ ex.printStackTrace(); credential=null; } return credential; }
Example 9
Source File: CredentialReader.java From ranger with Apache License 2.0 | 4 votes |
public static String getDecryptedString(String CrendentialProviderPath,String alias) { String credential=null; try{ if(CrendentialProviderPath==null || alias==null){ return null; } char[] pass = null; Configuration conf = new Configuration(); String crendentialProviderPrefixJceks=JavaKeyStoreProvider.SCHEME_NAME + "://file"; String crendentialProviderPrefixLocalJceks="localjceks://file"; crendentialProviderPrefixJceks=crendentialProviderPrefixJceks.toLowerCase(); CrendentialProviderPath=CrendentialProviderPath.trim(); alias=alias.trim(); if(CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixJceks) || CrendentialProviderPath.toLowerCase().startsWith(crendentialProviderPrefixLocalJceks)){ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + CrendentialProviderPath); }else{ if(CrendentialProviderPath.startsWith("/")){ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + JavaKeyStoreProvider.SCHEME_NAME + "://file" + CrendentialProviderPath); }else{ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, //UserProvider.SCHEME_NAME + ":///," + JavaKeyStoreProvider.SCHEME_NAME + "://file/" + CrendentialProviderPath); } } List<CredentialProvider> providers = CredentialProviderFactory.getProviders(conf); List<String> aliasesList=new ArrayList<String>(); CredentialProvider.CredentialEntry credEntry=null; for(CredentialProvider provider: providers) { //System.out.println("Credential Provider :" + provider); aliasesList=provider.getAliases(); if(aliasesList!=null && aliasesList.contains(alias.toLowerCase())){ credEntry=null; credEntry= provider.getCredentialEntry(alias); pass = credEntry.getCredential(); if(pass!=null && pass.length>0){ credential=String.valueOf(pass); break; } } } }catch(Exception ex){ ex.printStackTrace(); credential=null; } return credential; }
Example 10
Source File: SSLAndKerberosTest.java From incubator-atlas with Apache License 2.0 | 4 votes |
@BeforeClass public void setUp() throws Exception { jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri(); String persistDir = TestUtils.getTempDirectory(); setupKDCAndPrincipals(); setupCredentials(); // client will actually only leverage subset of these properties final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl); persistSSLClientConfiguration(configuration); TestUtils.writeConfiguration(configuration, persistDir + File.separator + ApplicationProperties.APPLICATION_PROPERTIES); String confLocation = System.getProperty("atlas.conf"); URL url; if (confLocation == null) { url = SSLAndKerberosTest.class.getResource("/" + ApplicationProperties.APPLICATION_PROPERTIES); } else { url = new File(confLocation, ApplicationProperties.APPLICATION_PROPERTIES).toURI().toURL(); } configuration.load(url); configuration.setProperty(TLS_ENABLED, true); configuration.setProperty("atlas.authentication.method.kerberos", "true"); configuration.setProperty("atlas.authentication.keytab",userKeytabFile.getAbsolutePath()); configuration.setProperty("atlas.authentication.principal","dgi/localhost@"+kdc.getRealm()); configuration.setProperty("atlas.authentication.method.file", "false"); configuration.setProperty("atlas.authentication.method.kerberos", "true"); configuration.setProperty("atlas.authentication.method.kerberos.principal", "HTTP/localhost@" + kdc.getRealm()); configuration.setProperty("atlas.authentication.method.kerberos.keytab", httpKeytabFile.getAbsolutePath()); configuration.setProperty("atlas.authentication.method.kerberos.name.rules", "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT"); configuration.setProperty("atlas.authentication.method.file", "true"); configuration.setProperty("atlas.authentication.method.file.filename", persistDir + "/users-credentials"); configuration.setProperty("atlas.auth.policy.file",persistDir + "/policy-store.txt" ); TestUtils.writeConfiguration(configuration, persistDir + File.separator + "atlas-application.properties"); setupUserCredential(persistDir); setUpPolicyStore(persistDir); subject = loginTestUser(); UserGroupInformation.loginUserFromSubject(subject); UserGroupInformation proxyUser = UserGroupInformation.createProxyUser( "testUser", UserGroupInformation.getLoginUser()); // save original setting originalConf = System.getProperty("atlas.conf"); System.setProperty("atlas.conf", persistDir); originalHomeDir = System.getProperty("atlas.home"); System.setProperty("atlas.home", TestUtils.getTargetDirectory()); dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() { @Override public AtlasClient run() throws Exception { return new AtlasClient(configuration, DGI_URL); } }); secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) { @Override public PropertiesConfiguration getConfiguration() { return configuration; } }; secureEmbeddedServer.getServer().start(); }
Example 11
Source File: NegativeSSLAndKerberosTest.java From incubator-atlas with Apache License 2.0 | 4 votes |
@BeforeClass public void setUp() throws Exception { jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri(); String persistDir = TestUtils.getTempDirectory(); setupKDCAndPrincipals(); setupCredentials(); // client will actually only leverage subset of these properties final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl); persistSSLClientConfiguration(configuration); TestUtils.writeConfiguration(configuration, persistDir + File.separator + ApplicationProperties.APPLICATION_PROPERTIES); String confLocation = System.getProperty("atlas.conf"); URL url; if (confLocation == null) { url = NegativeSSLAndKerberosTest.class.getResource("/" + ApplicationProperties.APPLICATION_PROPERTIES); } else { url = new File(confLocation, ApplicationProperties.APPLICATION_PROPERTIES).toURI().toURL(); } configuration.load(url); configuration.setProperty(TLS_ENABLED, true); configuration.setProperty("atlas.authentication.method.kerberos", "true"); configuration.setProperty("atlas.authentication.keytab",userKeytabFile.getAbsolutePath()); configuration.setProperty("atlas.authentication.principal","dgi/localhost@"+kdc.getRealm()); configuration.setProperty("atlas.authentication.method.file", "false"); configuration.setProperty("atlas.authentication.method.kerberos", "true"); configuration.setProperty("atlas.authentication.method.kerberos.principal", "HTTP/localhost@" + kdc.getRealm()); configuration.setProperty("atlas.authentication.method.kerberos.keytab", httpKeytabFile.getAbsolutePath()); configuration.setProperty("atlas.authentication.method.kerberos.name.rules", "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT"); configuration.setProperty("atlas.authentication.method.file", "true"); configuration.setProperty("atlas.authentication.method.file.filename", persistDir + "/users-credentials"); configuration.setProperty("atlas.auth.policy.file",persistDir + "/policy-store.txt" ); TestUtils.writeConfiguration(configuration, persistDir + File.separator + ApplicationProperties.APPLICATION_PROPERTIES); setupUserCredential(persistDir); setUpPolicyStore(persistDir); // save original setting originalConf = System.getProperty("atlas.conf"); System.setProperty("atlas.conf", persistDir); dgiClient = new AtlasClient(configuration, DGI_URL); secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) { @Override public Configuration getConfiguration() { return configuration; } }; secureEmbeddedServer.getServer().start(); }
Example 12
Source File: TestLdapGroupsMapping.java From big-c with Apache License 2.0 | 4 votes |
@Test public void testConfGetPassword() throws Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] bindpass = {'b', 'i', 'n', 'd', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; // ensure that we get nulls when the key isn't there assertEquals(null, provider.getCredentialEntry( LdapGroupsMapping.BIND_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry (LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY)); // create new aliases try { provider.createCredentialEntry( LdapGroupsMapping.BIND_PASSWORD_KEY, bindpass); provider.createCredentialEntry( LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, storepass); provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } // make sure we get back the right key assertArrayEquals(bindpass, provider.getCredentialEntry( LdapGroupsMapping.BIND_PASSWORD_KEY).getCredential()); assertArrayEquals(storepass, provider.getCredentialEntry( LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY).getCredential()); LdapGroupsMapping mapping = new LdapGroupsMapping(); Assert.assertEquals("bindpass", mapping.getPassword(conf, LdapGroupsMapping.BIND_PASSWORD_KEY, "")); Assert.assertEquals("storepass", mapping.getPassword(conf, LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, "")); // let's make sure that a password that doesn't exist returns an // empty string as currently expected and used to trigger a call to // extract password Assert.assertEquals("", mapping.getPassword(conf,"invalid-alias", "")); }
Example 13
Source File: TestSSLFactory.java From big-c with Apache License 2.0 | 4 votes |
/** * Checks that SSLFactory initialization is successful with the given * arguments. This is a helper method for writing test cases that cover * different combinations of settings for the store password and key password. * It takes care of bootstrapping a keystore, a truststore, and SSL client or * server configuration. Then, it initializes an SSLFactory. If no exception * is thrown, then initialization was successful. * * @param mode SSLFactory.Mode mode to test * @param password String store password to set on keystore * @param keyPassword String key password to set on keystore * @param confPassword String store password to set in SSL config file, or null * to avoid setting in SSL config file * @param confKeyPassword String key password to set in SSL config file, or * null to avoid setting in SSL config file * @param useCredProvider boolean to indicate whether passwords should be set * into the config or not. When set to true nulls are set and aliases are * expected to be resolved through credential provider API through the * Configuration.getPassword method * @throws Exception for any error */ private void checkSSLFactoryInitWithPasswords(SSLFactory.Mode mode, String password, String keyPassword, String confPassword, String confKeyPassword, boolean useCredProvider) throws Exception { String keystore = new File(KEYSTORES_DIR, "keystore.jks").getAbsolutePath(); String truststore = new File(KEYSTORES_DIR, "truststore.jks") .getAbsolutePath(); String trustPassword = "trustP"; // Create keys, certs, keystore, and truststore. KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA"); X509Certificate cert = KeyStoreTestUtil.generateCertificate("CN=Test", keyPair, 30, "SHA1withRSA"); KeyStoreTestUtil.createKeyStore(keystore, password, keyPassword, "Test", keyPair.getPrivate(), cert); Map<String, X509Certificate> certs = Collections.singletonMap("server", cert); KeyStoreTestUtil.createTrustStore(truststore, trustPassword, certs); // Create SSL configuration file, for either server or client. final String sslConfFileName; final Configuration sslConf; // if the passwords are provisioned in a cred provider then don't set them // in the configuration properly - expect them to be resolved through the // provider if (useCredProvider) { confPassword = null; confKeyPassword = null; } if (mode == SSLFactory.Mode.SERVER) { sslConfFileName = "ssl-server.xml"; sslConf = KeyStoreTestUtil.createServerSSLConfig(keystore, confPassword, confKeyPassword, truststore); if (useCredProvider) { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); sslConf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); } } else { sslConfFileName = "ssl-client.xml"; sslConf = KeyStoreTestUtil.createClientSSLConfig(keystore, confPassword, confKeyPassword, truststore); } KeyStoreTestUtil.saveConfig(new File(sslConfsDir, sslConfFileName), sslConf); // Create the master configuration for use by the SSLFactory, which by // default refers to the ssl-server.xml or ssl-client.xml created above. Configuration conf = new Configuration(); conf.setBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, true); // Try initializing an SSLFactory. SSLFactory sslFactory = new SSLFactory(mode, conf); try { sslFactory.init(); } finally { sslFactory.destroy(); } }
Example 14
Source File: TestWebAppUtils.java From big-c with Apache License 2.0 | 4 votes |
protected Configuration provisionCredentialsForSSL() throws IOException, Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; char[] trustpass = {'t', 'r', 'u', 's', 't', 'p', 'a', 's', 's'}; // ensure that we get nulls when the key isn't there assertEquals(null, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEY_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY)); // create new aliases try { provider.createCredentialEntry( WebAppUtils.WEB_APP_KEY_PASSWORD_KEY, keypass); provider.createCredentialEntry( WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY, storepass); provider.createCredentialEntry( WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY, trustpass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } // make sure we get back the right key directly from api assertArrayEquals(keypass, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEY_PASSWORD_KEY).getCredential()); assertArrayEquals(storepass, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY).getCredential()); assertArrayEquals(trustpass, provider.getCredentialEntry( WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY).getCredential()); return conf; }
Example 15
Source File: TestLdapGroupsMapping.java From hadoop with Apache License 2.0 | 4 votes |
@Test public void testConfGetPassword() throws Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] bindpass = {'b', 'i', 'n', 'd', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; // ensure that we get nulls when the key isn't there assertEquals(null, provider.getCredentialEntry( LdapGroupsMapping.BIND_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry (LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY)); // create new aliases try { provider.createCredentialEntry( LdapGroupsMapping.BIND_PASSWORD_KEY, bindpass); provider.createCredentialEntry( LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, storepass); provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } // make sure we get back the right key assertArrayEquals(bindpass, provider.getCredentialEntry( LdapGroupsMapping.BIND_PASSWORD_KEY).getCredential()); assertArrayEquals(storepass, provider.getCredentialEntry( LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY).getCredential()); LdapGroupsMapping mapping = new LdapGroupsMapping(); Assert.assertEquals("bindpass", mapping.getPassword(conf, LdapGroupsMapping.BIND_PASSWORD_KEY, "")); Assert.assertEquals("storepass", mapping.getPassword(conf, LdapGroupsMapping.LDAP_KEYSTORE_PASSWORD_KEY, "")); // let's make sure that a password that doesn't exist returns an // empty string as currently expected and used to trigger a call to // extract password Assert.assertEquals("", mapping.getPassword(conf,"invalid-alias", "")); }
Example 16
Source File: TestSSLFactory.java From hadoop with Apache License 2.0 | 4 votes |
/** * Checks that SSLFactory initialization is successful with the given * arguments. This is a helper method for writing test cases that cover * different combinations of settings for the store password and key password. * It takes care of bootstrapping a keystore, a truststore, and SSL client or * server configuration. Then, it initializes an SSLFactory. If no exception * is thrown, then initialization was successful. * * @param mode SSLFactory.Mode mode to test * @param password String store password to set on keystore * @param keyPassword String key password to set on keystore * @param confPassword String store password to set in SSL config file, or null * to avoid setting in SSL config file * @param confKeyPassword String key password to set in SSL config file, or * null to avoid setting in SSL config file * @param useCredProvider boolean to indicate whether passwords should be set * into the config or not. When set to true nulls are set and aliases are * expected to be resolved through credential provider API through the * Configuration.getPassword method * @throws Exception for any error */ private void checkSSLFactoryInitWithPasswords(SSLFactory.Mode mode, String password, String keyPassword, String confPassword, String confKeyPassword, boolean useCredProvider) throws Exception { String keystore = new File(KEYSTORES_DIR, "keystore.jks").getAbsolutePath(); String truststore = new File(KEYSTORES_DIR, "truststore.jks") .getAbsolutePath(); String trustPassword = "trustP"; // Create keys, certs, keystore, and truststore. KeyPair keyPair = KeyStoreTestUtil.generateKeyPair("RSA"); X509Certificate cert = KeyStoreTestUtil.generateCertificate("CN=Test", keyPair, 30, "SHA1withRSA"); KeyStoreTestUtil.createKeyStore(keystore, password, keyPassword, "Test", keyPair.getPrivate(), cert); Map<String, X509Certificate> certs = Collections.singletonMap("server", cert); KeyStoreTestUtil.createTrustStore(truststore, trustPassword, certs); // Create SSL configuration file, for either server or client. final String sslConfFileName; final Configuration sslConf; // if the passwords are provisioned in a cred provider then don't set them // in the configuration properly - expect them to be resolved through the // provider if (useCredProvider) { confPassword = null; confKeyPassword = null; } if (mode == SSLFactory.Mode.SERVER) { sslConfFileName = "ssl-server.xml"; sslConf = KeyStoreTestUtil.createServerSSLConfig(keystore, confPassword, confKeyPassword, truststore); if (useCredProvider) { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); sslConf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); } } else { sslConfFileName = "ssl-client.xml"; sslConf = KeyStoreTestUtil.createClientSSLConfig(keystore, confPassword, confKeyPassword, truststore); } KeyStoreTestUtil.saveConfig(new File(sslConfsDir, sslConfFileName), sslConf); // Create the master configuration for use by the SSLFactory, which by // default refers to the ssl-server.xml or ssl-client.xml created above. Configuration conf = new Configuration(); conf.setBoolean(SSLFactory.SSL_REQUIRE_CLIENT_CERT_KEY, true); // Try initializing an SSLFactory. SSLFactory sslFactory = new SSLFactory(mode, conf); try { sslFactory.init(); } finally { sslFactory.destroy(); } }
Example 17
Source File: TestDFSUtil.java From hadoop with Apache License 2.0 | 4 votes |
@Test public void testGetPassword() throws Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; char[] trustpass = {'t', 'r', 'u', 's', 't', 'p', 'a', 's', 's'}; // ensure that we get nulls when the key isn't there assertEquals(null, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYPASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY)); // create new aliases try { provider.createCredentialEntry( DFS_SERVER_HTTPS_KEYPASSWORD_KEY, keypass); provider.createCredentialEntry( DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY, storepass); provider.createCredentialEntry( DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY, trustpass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } // make sure we get back the right key directly from api assertArrayEquals(keypass, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYPASSWORD_KEY).getCredential()); assertArrayEquals(storepass, provider.getCredentialEntry( DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY).getCredential()); assertArrayEquals(trustpass, provider.getCredentialEntry( DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY).getCredential()); // use WebAppUtils as would be used by loadSslConfiguration Assert.assertEquals("keypass", DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_KEYPASSWORD_KEY)); Assert.assertEquals("storepass", DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_KEYSTORE_PASSWORD_KEY)); Assert.assertEquals("trustpass", DFSUtil.getPassword(conf, DFS_SERVER_HTTPS_TRUSTSTORE_PASSWORD_KEY)); // let's make sure that a password that doesn't exist returns null Assert.assertEquals(null, DFSUtil.getPassword(conf,"invalid-alias")); }
Example 18
Source File: TestWebAppUtils.java From hadoop with Apache License 2.0 | 4 votes |
protected Configuration provisionCredentialsForSSL() throws IOException, Exception { File testDir = new File(System.getProperty("test.build.data", "target/test-dir")); Configuration conf = new Configuration(); final Path jksPath = new Path(testDir.toString(), "test.jks"); final String ourUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri(); File file = new File(testDir, "test.jks"); file.delete(); conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl); CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0); char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'}; char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'}; char[] trustpass = {'t', 'r', 'u', 's', 't', 'p', 'a', 's', 's'}; // ensure that we get nulls when the key isn't there assertEquals(null, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEY_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY)); assertEquals(null, provider.getCredentialEntry( WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY)); // create new aliases try { provider.createCredentialEntry( WebAppUtils.WEB_APP_KEY_PASSWORD_KEY, keypass); provider.createCredentialEntry( WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY, storepass); provider.createCredentialEntry( WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY, trustpass); // write out so that it can be found in checks provider.flush(); } catch (Exception e) { e.printStackTrace(); throw e; } // make sure we get back the right key directly from api assertArrayEquals(keypass, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEY_PASSWORD_KEY).getCredential()); assertArrayEquals(storepass, provider.getCredentialEntry( WebAppUtils.WEB_APP_KEYSTORE_PASSWORD_KEY).getCredential()); assertArrayEquals(trustpass, provider.getCredentialEntry( WebAppUtils.WEB_APP_TRUSTSTORE_PASSWORD_KEY).getCredential()); return conf; }
Example 19
Source File: SSLAndKerberosTest.java From atlas with Apache License 2.0 | 4 votes |
public void setUp() throws Exception { jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri(); String persistDir = TestUtils.getTempDirectory(); setupKDCAndPrincipals(); setupCredentials(); // client will actually only leverage subset of these properties final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl); persistSSLClientConfiguration(configuration); TestUtils.writeConfiguration(configuration, persistDir + File.separator + ApplicationProperties.APPLICATION_PROPERTIES); String confLocation = System.getProperty("atlas.conf"); URL url; if (confLocation == null) { url = SSLAndKerberosTest.class.getResource("/" + ApplicationProperties.APPLICATION_PROPERTIES); } else { url = new File(confLocation, ApplicationProperties.APPLICATION_PROPERTIES).toURI().toURL(); } configuration.load(url); configuration.setProperty(TLS_ENABLED, true); configuration.setProperty("atlas.authentication.method.kerberos", "true"); configuration.setProperty("atlas.authentication.keytab",userKeytabFile.getAbsolutePath()); configuration.setProperty("atlas.authentication.principal","dgi/localhost@"+kdc.getRealm()); configuration.setProperty("atlas.authentication.method.file", "false"); configuration.setProperty("atlas.authentication.method.trustedproxy", "false"); configuration.setProperty("atlas.authentication.method.kerberos", "true"); configuration.setProperty("atlas.authentication.method.kerberos.principal", "HTTP/localhost@" + kdc.getRealm()); configuration.setProperty("atlas.authentication.method.kerberos.keytab", httpKeytabFile.getAbsolutePath()); configuration.setProperty("atlas.authentication.method.kerberos.name.rules", "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT"); configuration.setProperty("atlas.authentication.method.file", "true"); configuration.setProperty("atlas.authentication.method.file.filename", persistDir + "/users-credentials"); configuration.setProperty("atlas.auth.policy.file",persistDir + "/policy-store.txt" ); TestUtils.writeConfiguration(configuration, persistDir + File.separator + "atlas-application.properties"); setupUserCredential(persistDir); setUpPolicyStore(persistDir); subject = loginTestUser(); UserGroupInformation.loginUserFromSubject(subject); UserGroupInformation proxyUser = UserGroupInformation.createProxyUser( "testUser", UserGroupInformation.getLoginUser()); // save original setting originalConf = System.getProperty("atlas.conf"); System.setProperty("atlas.conf", persistDir); originalHomeDir = System.getProperty("atlas.home"); System.setProperty("atlas.home", TestUtils.getTargetDirectory()); dgiCLient = proxyUser.doAs(new PrivilegedExceptionAction<AtlasClient>() { @Override public AtlasClient run() throws Exception { return new AtlasClient(configuration, DGI_URL); } }); secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) { @Override public PropertiesConfiguration getConfiguration() { return configuration; } }; secureEmbeddedServer.getServer().start(); }
Example 20
Source File: NegativeSSLAndKerberosTest.java From atlas with Apache License 2.0 | 4 votes |
public void setUp() throws Exception { jksPath = new Path(Files.createTempDirectory("tempproviders").toString(), "test.jks"); providerUrl = JavaKeyStoreProvider.SCHEME_NAME + "://file/" + jksPath.toUri(); String persistDir = TestUtils.getTempDirectory(); setupKDCAndPrincipals(); setupCredentials(); // client will actually only leverage subset of these properties final PropertiesConfiguration configuration = getSSLConfiguration(providerUrl); persistSSLClientConfiguration(configuration); TestUtils.writeConfiguration(configuration, persistDir + File.separator + ApplicationProperties.APPLICATION_PROPERTIES); String confLocation = System.getProperty("atlas.conf"); URL url; if (confLocation == null) { url = NegativeSSLAndKerberosTest.class.getResource("/" + ApplicationProperties.APPLICATION_PROPERTIES); } else { url = new File(confLocation, ApplicationProperties.APPLICATION_PROPERTIES).toURI().toURL(); } configuration.load(url); configuration.setProperty(TLS_ENABLED, true); configuration.setProperty("atlas.authentication.method.kerberos", "true"); configuration.setProperty("atlas.authentication.keytab",userKeytabFile.getAbsolutePath()); configuration.setProperty("atlas.authentication.principal","dgi/localhost@"+kdc.getRealm()); configuration.setProperty("atlas.authentication.method.file", "false"); configuration.setProperty("atlas.authentication.method.kerberos", "true"); configuration.setProperty("atlas.authentication.method.kerberos.principal", "HTTP/localhost@" + kdc.getRealm()); configuration.setProperty("atlas.authentication.method.kerberos.keytab", httpKeytabFile.getAbsolutePath()); configuration.setProperty("atlas.authentication.method.kerberos.name.rules", "RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*//\nDEFAULT"); configuration.setProperty("atlas.authentication.method.file", "true"); configuration.setProperty("atlas.authentication.method.file.filename", persistDir + "/users-credentials"); configuration.setProperty("atlas.auth.policy.file",persistDir + "/policy-store.txt" ); configuration.setProperty("atlas.authentication.method.trustedproxy", "false"); TestUtils.writeConfiguration(configuration, persistDir + File.separator + ApplicationProperties.APPLICATION_PROPERTIES); setupUserCredential(persistDir); setUpPolicyStore(persistDir); // save original setting originalConf = System.getProperty("atlas.conf"); System.setProperty("atlas.conf", persistDir); dgiClient = new AtlasClient(configuration, DGI_URL); secureEmbeddedServer = new TestSecureEmbeddedServer(21443, getWarPath()) { @Override public Configuration getConfiguration() { return configuration; } }; secureEmbeddedServer.getServer().start(); }