Java Code Examples for org.apache.hadoop.security.alias.CredentialProvider

The following examples show how to use org.apache.hadoop.security.alias.CredentialProvider. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: atlas   Source File: SecurityUtil.java    License: Apache License 2.0 7 votes vote down vote up
/**
 * Retrieves a password from a configured credential provider or prompts for the password and stores it in the
 * configured credential provider.
 * @param config application configuration
 * @param key the key/alias for the password.
 * @return the password.
 * @throws IOException
 */
public static String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {

    String password;

    String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
    if (provider != null) {
        LOG.info("Attempting to retrieve password for key {} from configured credential provider path {}", key, provider);
        Configuration c = new Configuration();
        c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0);
        CredentialProvider.CredentialEntry entry = credentialProvider.getCredentialEntry(key);
        if (entry == null) {
            throw new IOException(String.format("No credential entry found for %s. "
                    + "Please create an entry in the configured credential provider", key));
        } else {
            password = String.valueOf(entry.getCredential());
        }

    } else {
        throw new IOException("No credential provider path configured for storage of certificate store passwords");
    }

    return password;
}
 
Example 2
Source Project: incubator-atlas   Source File: SecureEmbeddedServer.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Retrieves a password from a configured credential provider or prompts for the password and stores it in the
 * configured credential provider.
 * @param config application configuration
 * @param key the key/alias for the password.
 * @return the password.
 * @throws IOException
 */
private String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {

    String password;

    String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
    if (provider != null) {
        LOG.info("Attempting to retrieve password from configured credential provider path");
        Configuration c = new Configuration();
        c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
        CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0);
        CredentialProvider.CredentialEntry entry = credentialProvider.getCredentialEntry(key);
        if (entry == null) {
            throw new IOException(String.format("No credential entry found for %s. "
                    + "Please create an entry in the configured credential provider", key));
        } else {
            password = String.valueOf(entry.getCredential());
        }

    } else {
        throw new IOException("No credential provider path configured for storage of certificate store passwords");
    }

    return password;
}
 
Example 3
Source Project: zeppelin   Source File: LdapRealm.java    License: Apache License 2.0 6 votes vote down vote up
static String getSystemPassword(String hadoopSecurityCredentialPath,
    String keystorePass) {
  String password = "";
  try {
    Configuration configuration = new Configuration();
    configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
        hadoopSecurityCredentialPath);
    CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0);
    CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(keystorePass);
    if (credEntry != null) {
      password = new String(credEntry.getCredential());
    }
  } catch (IOException e) {
    throw new ShiroException("Error from getting credential entry from keystore", e);
  }
  if (org.apache.commons.lang3.StringUtils.isEmpty(password)) {
    throw new ShiroException("Error getting SystemPassword from the provided keystore:"
        + keystorePass + ", in path:" + hadoopSecurityCredentialPath);
  }
  return password;
}
 
Example 4
Source Project: ranger   Source File: RangerCredentialProvider.java    License: Apache License 2.0 6 votes vote down vote up
public String getCredentialString(String url, String alias) {
	if (url != null && alias != null) {
		List<CredentialProvider> providers = getCredentialProviders(url);
		if (providers != null) {
			for (CredentialProvider provider : providers) {
				try {
					CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(alias);
					if (credEntry != null && credEntry.getCredential() != null) {
						return new String(credEntry.getCredential());
					}
				} catch (Exception ie) {
					LOG.error("Unable to get the Credential Provider from the Configuration", ie);
				}
			}
		}
	}
	return null;
}
 
Example 5
Source Project: incubator-sentry   Source File: TestSentryStore.java    License: Apache License 2.0 6 votes vote down vote up
@BeforeClass
public static void setup() throws Exception {
  conf = new Configuration(false);
  final String ourUrl = UserProvider.SCHEME_NAME + ":///";
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
  CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
  provider.createCredentialEntry(ServerConfig.
      SENTRY_STORE_JDBC_PASS, passwd);
  provider.flush();

  dataDir = new File(Files.createTempDir(), "sentry_policy_db");
  conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false");
  conf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
      "jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true");
  conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy");
  conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups);
  conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING,
      ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING);
  policyFilePath = new File(dataDir, "local_policy_file.ini");
  conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE,
      policyFilePath.getPath());
  sentryStore = new SentryStore(conf);
}
 
Example 6
Source Project: Flink-CEPplus   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
  char[] pass = null;
  if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
    String passStr = get(name);
    if (passStr != null) {
      pass = passStr.toCharArray();
    }
  }
  return pass;
}
 
Example 7
Source Project: Flink-CEPplus   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Get the credential entry by name from a credential provider.
 *
 * Handle key deprecation.
 *
 * @param provider a credential provider
 * @param name alias of the credential
 * @return the credential entry or null if not found
 */
private CredentialEntry getCredentialEntry(CredentialProvider provider,
                                           String name) throws IOException {
	CredentialEntry entry = provider.getCredentialEntry(name);
	if (entry != null) {
		return entry;
	}

	// The old name is stored in the credential provider.
	String oldName = getDeprecatedKey(name);
	if (oldName != null) {
		entry = provider.getCredentialEntry(oldName);
		if (entry != null) {
			logDeprecationOnce(oldName, provider.toString());
			return entry;
		}
	}

	// The name is deprecated.
	DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
	if (keyInfo != null && keyInfo.newKeys != null) {
		for (String newName : keyInfo.newKeys) {
			entry = provider.getCredentialEntry(newName);
			if (entry != null) {
				logDeprecationOnce(name, null);
				return entry;
			}
		}
	}

	return null;
}
 
Example 8
Source Project: Flink-CEPplus   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
	char[] pass = null;
	if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK,
			CommonConfigurationKeysPublic.
					HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK_DEFAULT)) {
		String passStr = get(name);
		if (passStr != null) {
			pass = passStr.toCharArray();
		}
	}
	return pass;
}
 
Example 9
Source Project: flink   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
  char[] pass = null;
  if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
    String passStr = get(name);
    if (passStr != null) {
      pass = passStr.toCharArray();
    }
  }
  return pass;
}
 
Example 10
Source Project: flink   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Get the credential entry by name from a credential provider.
 *
 * Handle key deprecation.
 *
 * @param provider a credential provider
 * @param name alias of the credential
 * @return the credential entry or null if not found
 */
private CredentialEntry getCredentialEntry(CredentialProvider provider,
                                           String name) throws IOException {
	CredentialEntry entry = provider.getCredentialEntry(name);
	if (entry != null) {
		return entry;
	}

	// The old name is stored in the credential provider.
	String oldName = getDeprecatedKey(name);
	if (oldName != null) {
		entry = provider.getCredentialEntry(oldName);
		if (entry != null) {
			logDeprecationOnce(oldName, provider.toString());
			return entry;
		}
	}

	// The name is deprecated.
	DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
	if (keyInfo != null && keyInfo.newKeys != null) {
		for (String newName : keyInfo.newKeys) {
			entry = provider.getCredentialEntry(newName);
			if (entry != null) {
				logDeprecationOnce(name, null);
				return entry;
			}
		}
	}

	return null;
}
 
Example 11
Source Project: flink   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
	char[] pass = null;
	if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK,
			CommonConfigurationKeysPublic.
					HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK_DEFAULT)) {
		String passStr = get(name);
		if (passStr != null) {
			pass = passStr.toCharArray();
		}
	}
	return pass;
}
 
Example 12
Source Project: atlas   Source File: CredentialProviderUtility.java    License: Apache License 2.0 5 votes vote down vote up
/**\
 * Returns a credential provider for the entered JKS path.
 * @param textDevice the system console.
 * @return the Credential provider
 * @throws IOException
 */
private static CredentialProvider getCredentialProvider(TextDevice textDevice) throws IOException {
    String providerPath = textDevice.readLine("Please enter the full path to the credential provider:");

    if (providerPath != null) {
        Configuration conf = new Configuration(false);

        conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath);

        return CredentialProviderFactory.getProviders(conf).get(0);
    }

    return null;
}
 
Example 13
Source Project: atlas   Source File: SSLTest.java    License: Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 14
Source Project: atlas   Source File: BaseSSLAndKerberosTest.java    License: Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 15
Source Project: atlas   Source File: SecureEmbeddedServerTestBase.java    License: Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 16
Source Project: hadoop   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
  char[] pass = null;
  if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
    String passStr = get(name);
    if (passStr != null) {
      pass = passStr.toCharArray();
    }
  }
  return pass;
}
 
Example 17
Source Project: hadoop   Source File: KeyStoreTestUtil.java    License: Apache License 2.0 5 votes vote down vote up
public static void provisionPasswordsToCredentialProvider() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));

  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
  JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};

  // create new aliases
  try {
    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY),
            storepass);

    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
            keypass);

    // write out so that it can be found in checks
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
}
 
Example 18
Source Project: big-c   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
  char[] pass = null;
  if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
    String passStr = get(name);
    if (passStr != null) {
      pass = passStr.toCharArray();
    }
  }
  return pass;
}
 
Example 19
Source Project: big-c   Source File: KeyStoreTestUtil.java    License: Apache License 2.0 5 votes vote down vote up
public static void provisionPasswordsToCredentialProvider() throws Exception {
  File testDir = new File(System.getProperty("test.build.data",
      "target/test-dir"));

  Configuration conf = new Configuration();
  final Path jksPath = new Path(testDir.toString(), "test.jks");
  final String ourUrl =
  JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();

  File file = new File(testDir, "test.jks");
  file.delete();
  conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);

  CredentialProvider provider =
      CredentialProviderFactory.getProviders(conf).get(0);
  char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
  char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};

  // create new aliases
  try {
    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY),
            storepass);

    provider.createCredentialEntry(
        FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
            FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
            keypass);

    // write out so that it can be found in checks
    provider.flush();
  } catch (Exception e) {
    e.printStackTrace();
    throw e;
  }
}
 
Example 20
Source Project: incubator-atlas   Source File: CredentialProviderUtility.java    License: Apache License 2.0 5 votes vote down vote up
public static void main(String[] args) throws IOException {
    // prompt for the provider name
    CredentialProvider provider = getCredentialProvider(textDevice);

    if(provider != null) {
        char[] cred;
        for (String key : KEYS) {
            cred = getPassword(textDevice, key);
            // create a credential entry and store it
            boolean overwrite = true;
            if (provider.getCredentialEntry(key) != null) {
                String choice = textDevice.readLine("Entry for %s already exists.  Overwrite? (y/n) [y]:", key);
                overwrite = StringUtils.isEmpty(choice) || choice.equalsIgnoreCase("y");
                if (overwrite) {
                    provider.deleteCredentialEntry(key);
                    provider.flush();
                    provider.createCredentialEntry(key, cred);
                    provider.flush();
                    textDevice.printf("Entry for %s was overwritten with the new value.\n", key);
                } else {
                    textDevice.printf("Entry for %s was not overwritten.\n", key);
                }
            } else {
                provider.createCredentialEntry(key, cred);
                provider.flush();
            }
        }
    }
}
 
Example 21
Source Project: incubator-atlas   Source File: CredentialProviderUtility.java    License: Apache License 2.0 5 votes vote down vote up
/**\
 * Returns a credential provider for the entered JKS path.
 * @param textDevice the system console.
 * @return the Credential provider
 * @throws IOException
 */
private static CredentialProvider getCredentialProvider(TextDevice textDevice) throws IOException {
    String providerPath = textDevice.readLine("Please enter the full path to the credential provider:");

    if (providerPath != null) {
        Configuration conf = new Configuration(false);
        conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath);
        return CredentialProviderFactory.getProviders(conf).get(0);
    }

    return null;
}
 
Example 22
Source Project: incubator-atlas   Source File: SSLTest.java    License: Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 23
Source Project: incubator-atlas   Source File: BaseSSLAndKerberosTest.java    License: Apache License 2.0 5 votes vote down vote up
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 24
protected void setupCredentials() throws Exception {
    Configuration conf = new Configuration(false);

    File file = new File(jksPath.toUri().getPath());
    file.delete();
    conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);

    CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);

    // create new aliases
    try {

        char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);

        char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);

        char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
        provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);

        // write out so that it can be found in checks
        provider.flush();
    } catch (Exception e) {
        e.printStackTrace();
        throw e;
    }
}
 
Example 25
Source Project: zeppelin   Source File: JDBCInterpreter.java    License: Apache License 2.0 5 votes vote down vote up
private String getPassword(Properties properties) throws IOException, InterpreterException {
  if (isNotEmpty(properties.getProperty(PASSWORD_KEY))) {
    return properties.getProperty(PASSWORD_KEY);
  } else if (isNotEmpty(properties.getProperty(JDBC_JCEKS_FILE))
      && isNotEmpty(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY))) {
    try {
      Configuration configuration = new Configuration();
      configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
          properties.getProperty(JDBC_JCEKS_FILE));
      CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0);
      CredentialProvider.CredentialEntry credEntry =
          provider.getCredentialEntry(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY));
      if (credEntry != null) {
        return new String(credEntry.getCredential());
      } else {
        throw new InterpreterException("Failed to retrieve password from JCEKS from key: "
            + properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY));
      }
    } catch (Exception e) {
      LOGGER.error("Failed to retrieve password from JCEKS \n" +
          "For file: {} \nFor key: {}", properties.getProperty(JDBC_JCEKS_FILE),
              properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY), e);
      throw e;
    }
  }
  return null;
}
 
Example 26
Source Project: ranger   Source File: RangerCredentialProvider.java    License: Apache License 2.0 5 votes vote down vote up
List<CredentialProvider> getCredentialProviders(String url) {
	if (url != null) {
		try {
			Configuration conf = new Configuration();
			conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, url);
			return CredentialProviderFactory.getProviders(conf);
		} catch (Exception ie) {
			LOG.error("Unable to get the Credential Provider from the Configuration", ie);
		}
	}
	return null;
}
 
Example 27
Source Project: flink   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
  char[] pass = null;
  if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
    String passStr = get(name);
    if (passStr != null) {
      pass = passStr.toCharArray();
    }
  }
  return pass;
}
 
Example 28
Source Project: flink   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Get the credential entry by name from a credential provider.
 *
 * Handle key deprecation.
 *
 * @param provider a credential provider
 * @param name alias of the credential
 * @return the credential entry or null if not found
 */
private CredentialEntry getCredentialEntry(CredentialProvider provider,
                                           String name) throws IOException {
	CredentialEntry entry = provider.getCredentialEntry(name);
	if (entry != null) {
		return entry;
	}

	// The old name is stored in the credential provider.
	String oldName = getDeprecatedKey(name);
	if (oldName != null) {
		entry = provider.getCredentialEntry(oldName);
		if (entry != null) {
			logDeprecationOnce(oldName, provider.toString());
			return entry;
		}
	}

	// The name is deprecated.
	DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
	if (keyInfo != null && keyInfo.newKeys != null) {
		for (String newName : keyInfo.newKeys) {
			entry = provider.getCredentialEntry(newName);
			if (entry != null) {
				logDeprecationOnce(name, null);
				return entry;
			}
		}
	}

	return null;
}
 
Example 29
Source Project: flink   Source File: Configuration.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Fallback to clear text passwords in configuration.
 * @param name
 * @return clear text password or null
 */
protected char[] getPasswordFromConfig(String name) {
	char[] pass = null;
	if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK,
			CommonConfigurationKeysPublic.
					HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK_DEFAULT)) {
		String passStr = get(name);
		if (passStr != null) {
			pass = passStr.toCharArray();
		}
	}
	return pass;
}
 
Example 30
Source Project: nifi   Source File: ReportLineageToAtlas.java    License: Apache License 2.0 5 votes vote down vote up
private void setAtlasSSLConfig(Properties atlasProperties, ConfigurationContext context, List<String> urls, File confDir) throws Exception {
    boolean isAtlasApiSecure = urls.stream().anyMatch(url -> url.toLowerCase().startsWith("https"));
    atlasProperties.put(ATLAS_PROPERTY_ENABLE_TLS, String.valueOf(isAtlasApiSecure));

    // ssl-client.xml must be deleted, Atlas will not regenerate it otherwise
    Path credStorePath = new File(confDir, CRED_STORE_FILENAME).toPath();
    Files.deleteIfExists(credStorePath);
    Path sslClientXmlPath = new File(confDir, SSL_CLIENT_XML_FILENAME).toPath();
    Files.deleteIfExists(sslClientXmlPath);

    if (isAtlasApiSecure) {
        SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
        if (sslContextService == null) {
            getLogger().warn("No SSLContextService configured, the system default truststore will be used.");
        } else if (!sslContextService.isTrustStoreConfigured()) {
            getLogger().warn("No truststore configured on SSLContextService, the system default truststore will be used.");
        } else if (!KEYSTORE_TYPE_JKS.equalsIgnoreCase(sslContextService.getTrustStoreType())) {
            getLogger().warn("The configured truststore type is not supported by Atlas (not JKS), the system default truststore will be used.");
        } else {
            atlasProperties.put(ATLAS_PROPERTY_TRUSTSTORE_FILE, sslContextService.getTrustStoreFile());

            String password = sslContextService.getTrustStorePassword();
            // Hadoop Credential Provider JCEKS URI format: localjceks://file/PATH/TO/JCEKS
            String credStoreUri = credStorePath.toUri().toString().replaceFirst("^file://", "localjceks://file");

            CredentialProvider credentialProvider = new LocalJavaKeyStoreProvider.Factory().createProvider(new URI(credStoreUri), new Configuration());
            credentialProvider.createCredentialEntry(TRUSTSTORE_PASSWORD_ALIAS, password.toCharArray());
            credentialProvider.flush();

            atlasProperties.put(ATLAS_PROPERTY_CRED_STORE_PATH, credStoreUri);
        }
    }
}