public ConfigModule(CConfiguration cConf, Configuration hConf) { this(cConf, hConf, SConfiguration.create()); }
/** * Creates an instance of {@link SConfiguration}. * * @return an instance of SConfiguration. */ public static SConfiguration create() { // Create a new configuration instance, but do NOT initialize with // the Hadoop default properties. SConfiguration conf = new SConfiguration(); conf.addResource("cdap-security.xml"); return conf; } }
/** * Create a Java key store with a stored self-signed certificate. * @return Java keystore which has a self signed X.509 certificate */ public static KeyStore generatedCertKeyStore(SConfiguration sConf, String password) { return generatedCertKeyStore(sConf.getInt(Constants.Security.SSL.CERT_VALIDITY, VALIDITY), password); }
SConfiguration sConf = SConfiguration.create(); cConf.set(Constants.Security.AUTH_SERVER_BIND_ADDRESS, InetAddress.getLoopbackAddress().getHostName()); sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH, serverKeystoreURL.getPath()); sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD, "secret"); sConf.set(Constants.Security.AuthenticationServer.SSL_KEYPASSWORD, "secret"); sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_TYPE, "JKS");
@BeforeClass public static void beforeClass() throws Exception { URL certUrl = ExternalLDAPAuthenticationServerSSLTest.class.getClassLoader().getResource("cert.jks"); Assert.assertNotNull(certUrl); String authHandlerConfigBase = Constants.Security.AUTH_HANDLER_CONFIG_BASE; CConfiguration cConf = CConfiguration.create(); SConfiguration sConf = SConfiguration.create(); cConf.set(Constants.Security.AUTH_SERVER_BIND_ADDRESS, InetAddress.getLoopbackAddress().getHostName()); cConf.set(Constants.Security.SSL.EXTERNAL_ENABLED, "true"); cConf.setInt(Constants.Security.AuthenticationServer.SSL_PORT, 0); cConf.set(authHandlerConfigBase.concat("useLdaps"), "true"); cConf.set(authHandlerConfigBase.concat("ldapsVerifyCertificate"), "false"); sConf.set(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH, certUrl.getPath()); configuration = cConf; sConfiguration = sConf; String keystorePassword = sConf.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD); KeyStoreKeyManager keyManager = new KeyStoreKeyManager(certUrl.getFile(), keystorePassword.toCharArray()); SSLUtil sslUtil = new SSLUtil(keyManager, new TrustAllTrustManager()); ldapListenerConfig = InMemoryListenerConfig.createLDAPSConfig("LDAP", InetAddress.getLoopbackAddress(), ldapPort, sslUtil.createSSLServerSocketFactory(), sslUtil.createSSLSocketFactory()); testServer = new ExternalLDAPAuthenticationServerSSLTest(); testServer.setup(); }
@Inject public FileSecureStoreService(CConfiguration cConf, SConfiguration sConf, NamespaceQueryAdmin namespaceQueryAdmin) throws IOException { // Get the path to the keystore file String pathString = cConf.get(Constants.Security.Store.FILE_PATH); Path dir = Paths.get(pathString); path = dir.resolve(cConf.get(Constants.Security.Store.FILE_NAME)); // Get the keystore password password = sConf.get(Constants.Security.Store.FILE_PASSWORD).toCharArray(); this.namespaceQueryAdmin = namespaceQueryAdmin; keyStore = locateKeystore(path, password); ReadWriteLock lock = new ReentrantReadWriteLock(true); readLock = lock.readLock(); writeLock = lock.writeLock(); }
@Test public void testGetSSLKeyStore() throws Exception { SConfiguration sConf = SConfiguration.create(); sConf.set(Constants.Security.SSL.KEYSTORE_PASSWORD, SSL_PASSWORD); KeyStore ks = KeyStores.generatedCertKeyStore(sConf, SSL_PASSWORD); Assert.assertEquals(KeyStores.SSL_KEYSTORE_TYPE, ks.getType()); Assert.assertEquals(KeyStores.CERT_ALIAS, ks.aliases().nextElement()); Assert.assertEquals(1, ks.size()); Assert.assertTrue(ks.getCertificate(KeyStores.CERT_ALIAS) instanceof X509Certificate); X509Certificate cert = (X509Certificate) ks.getCertificate(KeyStores.CERT_ALIAS); cert.checkValidity(); // throws an exception on failure Assert.assertEquals(CERTIFICATE_TYPE, cert.getType()); Assert.assertEquals(KeyStores.SIGNATURE_ALGORITHM, cert.getSigAlgName()); Assert.assertEquals(KeyStores.DISTINGUISHED_NAME, cert.getIssuerDN().getName()); Assert.assertEquals(3, cert.getVersion()); }
@Override @SuppressWarnings("unchecked") public SecureStoreService get() { if (SecureStoreUtils.isFileBacked(cConf)) { if (Strings.isNullOrEmpty(sConf.get(Constants.Security.Store.FILE_PASSWORD))) { throw new IllegalArgumentException("File secure store password is not set. Please set the " + "\"security.store.file.password\" property in cdap-security.xml."); } return injector.getInstance(FileSecureStoreService.class); } if (SecureStoreUtils.isKMSBacked(cConf)) { if (!SecureStoreUtils.isKMSCapable()) { throw new IllegalArgumentException("Could not find classes such as " + "org.apache.hadoop.crypto.key.kms.KMSClientProvider. KMS based secure " + "store is only supported in Apache Hadoop 2.6.0 and above."); } return injector.getInstance(SecureStoreUtils.getKMSSecureStore()); } if (SecureStoreUtils.isNone(cConf)) { return injector.getInstance(DummySecureStoreService.class); } return injector.getInstance(SecretManagerSecureStoreService.class); } }
@BeforeClass public static void beforeClass() throws Exception { CConfiguration cConf = CConfiguration.create(); cConf.set(Constants.CFG_LOCAL_DATA_DIR, TEMP_FOLDER.newFolder().getAbsolutePath()); cConf.set(Constants.Security.Store.PROVIDER, "file"); SConfiguration sConf = SConfiguration.create(); sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret"); Injector injector = Guice.createInjector( new ConfigModule(cConf, new Configuration(), sConf), new SecureStoreServerModule(), new AuthorizationTestModule(), new AuthenticationContextModules().getNoOpModule(), new AbstractModule() { @Override protected void configure() { bind(AuthorizationEnforcer.class).to(NoOpAuthorizer.class); bind(NamespaceAdmin.class).to(InMemoryNamespaceAdmin.class).in(Scopes.SINGLETON); bind(NamespaceQueryAdmin.class).to(NamespaceAdmin.class); } } ); injector.getInstance(NamespaceAdmin.class).create(NamespaceMeta.DEFAULT); httpServer = new CommonNettyHttpServiceBuilder(injector.getInstance(CConfiguration.class), "SecureStore") .setHttpHandlers(Collections.singleton(injector.getInstance(SecureStoreHandler.class))) .build(); httpServer.start(); }
public ConfigModule(CConfiguration cConf, Configuration hConf) { this(cConf, hConf, SConfiguration.create()); }
File keystore; try { keystore = new File(sConf.get(Constants.Security.Router.SSL_KEYSTORE_PATH)); } catch (Throwable e) { throw new RuntimeException("SSL is enabled but the keystore file could not be read. Please verify that the " + "keystore file exists and the path is set correctly : " + sConf.get(Constants.Security.Router.SSL_KEYSTORE_PATH)); SSLConfig sslConfig = SSLConfig.builder(keystore, sConf.get(Constants.Security.Router.SSL_KEYSTORE_PASSWORD)) .setCertificatePassword(sConf.get(Constants.Security.Router.SSL_KEYPASSWORD)) .build();
/** * Creates an instance of {@link SConfiguration}. * * @return an instance of SConfiguration. */ public static SConfiguration create() { // Create a new configuration instance, but do NOT initialize with // the Hadoop default properties. SConfiguration conf = new SConfiguration(); conf.addResource("cdap-security.xml"); return conf; } }
@BeforeClass public static void setup() throws Exception { SConfiguration sConf = SConfiguration.create(); sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret"); CConfiguration cConf = createCConf(); final Injector injector = AppFabricTestHelper.getInjector(cConf, sConf, new AbstractModule() {
public ConfigModule(CConfiguration cConf) { this(cConf, new Configuration(), SConfiguration.create()); }
String keyStorePath = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH); String keyStorePassword = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD); String keyStoreType = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_TYPE, Constants.Security.AuthenticationServer.DEFAULT_SSL_KEYSTORE_TYPE); String keyPassword = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYPASSWORD);
@Before public void setUp() throws Exception { CConfiguration conf = CConfiguration.create(); conf.set(Constants.Security.Store.FILE_PATH, TEMP_FOLDER.newFolder().getAbsolutePath()); SConfiguration sConf = SConfiguration.create(); sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret"); InMemoryNamespaceAdmin namespaceClient = new InMemoryNamespaceAdmin(); NamespaceMeta namespaceMeta = new NamespaceMeta.Builder() .setName(NAMESPACE1) .build(); namespaceClient.create(namespaceMeta); namespaceMeta = new NamespaceMeta.Builder() .setName(NAMESPACE2) .build(); namespaceClient.create(namespaceMeta); FileSecureStoreService fileSecureStoreService = new FileSecureStoreService(conf, sConf, namespaceClient); secureStoreManager = fileSecureStoreService; secureStore = fileSecureStoreService; }
public ConfigModule(CConfiguration cConf) { this(cConf, new Configuration(), SConfiguration.create()); }
@BeforeClass public static void setUp() throws Exception { CConfiguration conf = CConfiguration.create(); conf.set(Constants.Security.Store.FILE_PATH, TEMP_FOLDER.newFolder().getAbsolutePath()); SConfiguration sConf = SConfiguration.create(); sConf.set(Constants.Security.Store.FILE_PASSWORD, "secret"); InMemoryNamespaceAdmin namespaceClient = new InMemoryNamespaceAdmin(); NamespaceMeta namespaceMeta = new NamespaceMeta.Builder() .setName(NAMESPACE1) .build(); namespaceClient.create(namespaceMeta); FileSecureStoreService fileSecureStoreService = new FileSecureStoreService(conf, sConf, namespaceClient); // Starts a mock server to handle remote secure store requests httpService = NettyHttpService.builder("remoteSecureStoreTest") .setHttpHandlers(new SecureStoreHandler(fileSecureStoreService, fileSecureStoreService)) .setExceptionHandler(new HttpExceptionHandler()) .build(); httpService.start(); InMemoryDiscoveryService discoveryService = new InMemoryDiscoveryService(); discoveryService.register(new Discoverable(Constants.Service.SECURE_STORE_SERVICE, httpService.getBindAddress())); remoteSecureStore = new RemoteSecureStore(discoveryService); }
public ConfigModule() { this(CConfiguration.create(), new Configuration(), SConfiguration.create()); }
public ConfigModule(Configuration hConf) { this(CConfiguration.create(), hConf, SConfiguration.create()); }