public static DeferredResult<Void> handlePatchPostPut(Service service, Operation op) { AuthCredentialsServiceState body = op.getBody(AuthCredentialsServiceState.class); // Credentials with SYSTEM scope need the password in plain text or they can't be used to // login into Admiral! boolean isSystemScope = (body.customProperties != null) && AuthConfigProvider.CredentialsScope.SYSTEM.toString().equals( body.customProperties.get(AuthConfigProvider.PROPERTY_SCOPE)); if (!isSystemScope) { body.privateKey = EncryptionUtils.encrypt(body.privateKey); op.setBodyNoCloning(body); } return null; }
@Test public void testPlainTextSystemCredentials() throws Throwable { // init EncryptionUtils File keyFile = Paths.get(folder.newFolder().getPath(), "encryption.key").toFile(); System.setProperty(EncryptionUtils.ENCRYPTION_KEY, keyFile.getPath()); System.setProperty(EncryptionUtils.INIT_KEY_IF_MISSING, "true"); EncryptionUtils.initEncryptionService(); AuthCredentialsServiceState credentials = createCredentials("username", "password", true); assertEquals("username", credentials.userEmail); assertNotNull(credentials.privateKey); assertFalse(credentials.privateKey.startsWith(EncryptionUtils.ENCRYPTION_PREFIX)); assertEquals("password", credentials.privateKey); credentials = createCredentials("username2", "password2", false); assertEquals("username2", credentials.userEmail); assertNotNull(credentials.privateKey); assertTrue(credentials.privateKey.startsWith(EncryptionUtils.ENCRYPTION_PREFIX)); // like AuthBootstrapService does AuthCredentialsServiceState credentialsPatch = new AuthCredentialsServiceState(); credentialsPatch.privateKey = "password2"; credentialsPatch.customProperties = new HashMap<>(); credentialsPatch.customProperties.put(AuthConfigProvider.PROPERTY_SCOPE, AuthConfigProvider.CredentialsScope.SYSTEM.toString()); credentials = doPatch(credentialsPatch, credentials.documentSelfLink); assertEquals("username2", credentials.userEmail); assertNotNull(credentials.privateKey); assertFalse(credentials.privateKey.startsWith(EncryptionUtils.ENCRYPTION_PREFIX)); assertEquals("password2", credentials.privateKey); }
private void createUserCredentials(LocalPrincipalState state, Operation op) { try { state.password = EncryptionUtils.decrypt(state.password); } catch (Exception e) { log(Level.SEVERE, "Could not initialize user '%s': %s", state.email, Utils.toString(e)); op.fail(e); return; } AuthCredentialsServiceState auth = new AuthCredentialsServiceState(); auth.userEmail = state.email; auth.privateKey = state.password; auth.customProperties = new HashMap<>(); auth.customProperties.put(PROPERTY_SCOPE, CredentialsScope.SYSTEM.toString()); auth.documentSelfLink = encode(state.email); URI credentialFactoryUri = UriUtils.buildUri(getHost(), ServiceUriPaths.CORE_CREDENTIALS); Operation postCreds = Operation.createPost(credentialFactoryUri) .setBody(auth) .setReferer(op.getUri()) .setCompletion((o, ex) -> { if (ex != null) { logWarning("Unable to create user credentials: %s", Utils.toString(ex)); op.fail(ex); return; } createUserSpecificRole(state, op); }); addReplicationFactor(postCreds); sendRequest(postCreds); }
protected AuthCredentialsServiceState createCredentials(String username, String password, boolean isSystem) throws Throwable { AuthCredentialsServiceState credentials = new AuthCredentialsServiceState(); credentials.userEmail = username; credentials.privateKey = password; credentials.type = AuthCredentialsType.Password.toString(); if (isSystem) { credentials.customProperties = new HashMap<>(); credentials.customProperties.put(AuthConfigProvider.PROPERTY_SCOPE, AuthConfigProvider.CredentialsScope.SYSTEM.toString()); } return getOrCreateDocument(credentials, AuthCredentialsService.FACTORY_LINK); }