org.apache.hadoop.security.alias.CredentialProvider Java Examples
The following examples show how to use
org.apache.hadoop.security.alias.CredentialProvider.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SecurityUtil.java From atlas with Apache License 2.0 | 7 votes |
|
/**
* Retrieves a password from a configured credential provider or prompts for the password and stores it in the
* configured credential provider.
* @param config application configuration
* @param key the key/alias for the password.
* @return the password.
* @throws IOException
*/
public static String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {
String password;
String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
if (provider != null) {
LOG.info("Attempting to retrieve password for key {} from configured credential provider path {}", key, provider);
Configuration c = new Configuration();
c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0);
CredentialProvider.CredentialEntry entry = credentialProvider.getCredentialEntry(key);
if (entry == null) {
throw new IOException(String.format("No credential entry found for %s. "
+ "Please create an entry in the configured credential provider", key));
} else {
password = String.valueOf(entry.getCredential());
}
} else {
throw new IOException("No credential provider path configured for storage of certificate store passwords");
}
return password;
}
Example #2
| Source File: TestSentryStore.java From incubator-sentry with Apache License 2.0 | 6 votes |
|
@BeforeClass
public static void setup() throws Exception {
conf = new Configuration(false);
final String ourUrl = UserProvider.SCHEME_NAME + ":///";
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
provider.createCredentialEntry(ServerConfig.
SENTRY_STORE_JDBC_PASS, passwd);
provider.flush();
dataDir = new File(Files.createTempDir(), "sentry_policy_db");
conf.set(ServerConfig.SENTRY_VERIFY_SCHEM_VERSION, "false");
conf.set(ServerConfig.SENTRY_STORE_JDBC_URL,
"jdbc:derby:;databaseName=" + dataDir.getPath() + ";create=true");
conf.set(ServerConfig.SENTRY_STORE_JDBC_PASS, "dummy");
conf.setStrings(ServerConfig.ADMIN_GROUPS, adminGroups);
conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING,
ServerConfig.SENTRY_STORE_LOCAL_GROUP_MAPPING);
policyFilePath = new File(dataDir, "local_policy_file.ini");
conf.set(ServerConfig.SENTRY_STORE_GROUP_MAPPING_RESOURCE,
policyFilePath.getPath());
sentryStore = new SentryStore(conf);
}
Example #3
| Source File: SecureEmbeddedServer.java From incubator-atlas with Apache License 2.0 | 6 votes |
|
/**
* Retrieves a password from a configured credential provider or prompts for the password and stores it in the
* configured credential provider.
* @param config application configuration
* @param key the key/alias for the password.
* @return the password.
* @throws IOException
*/
private String getPassword(org.apache.commons.configuration.Configuration config, String key) throws IOException {
String password;
String provider = config.getString(CERT_STORES_CREDENTIAL_PROVIDER_PATH);
if (provider != null) {
LOG.info("Attempting to retrieve password from configured credential provider path");
Configuration c = new Configuration();
c.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, provider);
CredentialProvider credentialProvider = CredentialProviderFactory.getProviders(c).get(0);
CredentialProvider.CredentialEntry entry = credentialProvider.getCredentialEntry(key);
if (entry == null) {
throw new IOException(String.format("No credential entry found for %s. "
+ "Please create an entry in the configured credential provider", key));
} else {
password = String.valueOf(entry.getCredential());
}
} else {
throw new IOException("No credential provider path configured for storage of certificate store passwords");
}
return password;
}
Example #4
| Source File: RangerCredentialProvider.java From ranger with Apache License 2.0 | 6 votes |
|
public String getCredentialString(String url, String alias) {
if (url != null && alias != null) {
List<CredentialProvider> providers = getCredentialProviders(url);
if (providers != null) {
for (CredentialProvider provider : providers) {
try {
CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(alias);
if (credEntry != null && credEntry.getCredential() != null) {
return new String(credEntry.getCredential());
}
} catch (Exception ie) {
LOG.error("Unable to get the Credential Provider from the Configuration", ie);
}
}
}
}
return null;
}
Example #5
| Source File: LdapRealm.java From zeppelin with Apache License 2.0 | 6 votes |
|
static String getSystemPassword(String hadoopSecurityCredentialPath,
String keystorePass) {
String password = "";
try {
Configuration configuration = new Configuration();
configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
hadoopSecurityCredentialPath);
CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0);
CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(keystorePass);
if (credEntry != null) {
password = new String(credEntry.getCredential());
}
} catch (IOException e) {
throw new ShiroException("Error from getting credential entry from keystore", e);
}
if (org.apache.commons.lang3.StringUtils.isEmpty(password)) {
throw new ShiroException("Error getting SystemPassword from the provided keystore:"
+ keystorePass + ", in path:" + hadoopSecurityCredentialPath);
}
return password;
}
Example #6
| Source File: Configuration.java From big-c with Apache License 2.0 | 5 votes |
|
/**
* Fallback to clear text passwords in configuration.
* @param name
* @return clear text password or null
*/
protected char[] getPasswordFromConfig(String name) {
char[] pass = null;
if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
String passStr = get(name);
if (passStr != null) {
pass = passStr.toCharArray();
}
}
return pass;
}
Example #7
| Source File: KeyStoreTestUtil.java From big-c with Apache License 2.0 | 5 votes |
|
public static void provisionPasswordsToCredentialProvider() throws Exception {
File testDir = new File(System.getProperty("test.build.data",
"target/test-dir"));
Configuration conf = new Configuration();
final Path jksPath = new Path(testDir.toString(), "test.jks");
final String ourUrl =
JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
File file = new File(testDir, "test.jks");
file.delete();
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
CredentialProvider provider =
CredentialProviderFactory.getProviders(conf).get(0);
char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};
// create new aliases
try {
provider.createCredentialEntry(
FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY),
storepass);
provider.createCredentialEntry(
FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
keypass);
// write out so that it can be found in checks
provider.flush();
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
Example #8
| Source File: Configuration.java From Flink-CEPplus with Apache License 2.0 | 5 votes |
|
/**
* Fallback to clear text passwords in configuration.
* @param name
* @return clear text password or null
*/
protected char[] getPasswordFromConfig(String name) {
char[] pass = null;
if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
String passStr = get(name);
if (passStr != null) {
pass = passStr.toCharArray();
}
}
return pass;
}
Example #9
| Source File: CredentialProviderUtility.java From incubator-atlas with Apache License 2.0 | 5 votes |
|
public static void main(String[] args) throws IOException {
// prompt for the provider name
CredentialProvider provider = getCredentialProvider(textDevice);
if(provider != null) {
char[] cred;
for (String key : KEYS) {
cred = getPassword(textDevice, key);
// create a credential entry and store it
boolean overwrite = true;
if (provider.getCredentialEntry(key) != null) {
String choice = textDevice.readLine("Entry for %s already exists. Overwrite? (y/n) [y]:", key);
overwrite = StringUtils.isEmpty(choice) || choice.equalsIgnoreCase("y");
if (overwrite) {
provider.deleteCredentialEntry(key);
provider.flush();
provider.createCredentialEntry(key, cred);
provider.flush();
textDevice.printf("Entry for %s was overwritten with the new value.\n", key);
} else {
textDevice.printf("Entry for %s was not overwritten.\n", key);
}
} else {
provider.createCredentialEntry(key, cred);
provider.flush();
}
}
}
}
Example #10
| Source File: CredentialProviderUtility.java From incubator-atlas with Apache License 2.0 | 5 votes |
|
/**\
* Returns a credential provider for the entered JKS path.
* @param textDevice the system console.
* @return the Credential provider
* @throws IOException
*/
private static CredentialProvider getCredentialProvider(TextDevice textDevice) throws IOException {
String providerPath = textDevice.readLine("Please enter the full path to the credential provider:");
if (providerPath != null) {
Configuration conf = new Configuration(false);
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath);
return CredentialProviderFactory.getProviders(conf).get(0);
}
return null;
}
Example #11
| Source File: SSLTest.java From incubator-atlas with Apache License 2.0 | 5 votes |
|
protected void setupCredentials() throws Exception {
Configuration conf = new Configuration(false);
File file = new File(jksPath.toUri().getPath());
file.delete();
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
// create new aliases
try {
char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);
char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);
char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);
// write out so that it can be found in checks
provider.flush();
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
Example #12
| Source File: BaseSSLAndKerberosTest.java From incubator-atlas with Apache License 2.0 | 5 votes |
|
protected void setupCredentials() throws Exception {
Configuration conf = new Configuration(false);
File file = new File(jksPath.toUri().getPath());
file.delete();
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
// create new aliases
try {
char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass);
char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass);
char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass);
// write out so that it can be found in checks
provider.flush();
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
Example #13
| Source File: SecureEmbeddedServerTestBase.java From incubator-atlas with Apache License 2.0 | 5 votes |
|
protected void setupCredentials() throws Exception {
Configuration conf = new Configuration(false);
File file = new File(jksPath.toUri().getPath());
file.delete();
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
// create new aliases
try {
char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);
char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);
char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);
// write out so that it can be found in checks
provider.flush();
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
Example #14
| Source File: JDBCInterpreter.java From zeppelin with Apache License 2.0 | 5 votes |
|
private String getPassword(Properties properties) throws IOException, InterpreterException {
if (isNotEmpty(properties.getProperty(PASSWORD_KEY))) {
return properties.getProperty(PASSWORD_KEY);
} else if (isNotEmpty(properties.getProperty(JDBC_JCEKS_FILE))
&& isNotEmpty(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY))) {
try {
Configuration configuration = new Configuration();
configuration.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH,
properties.getProperty(JDBC_JCEKS_FILE));
CredentialProvider provider = CredentialProviderFactory.getProviders(configuration).get(0);
CredentialProvider.CredentialEntry credEntry =
provider.getCredentialEntry(properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY));
if (credEntry != null) {
return new String(credEntry.getCredential());
} else {
throw new InterpreterException("Failed to retrieve password from JCEKS from key: "
+ properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY));
}
} catch (Exception e) {
LOGGER.error("Failed to retrieve password from JCEKS \n" +
"For file: {} \nFor key: {}", properties.getProperty(JDBC_JCEKS_FILE),
properties.getProperty(JDBC_JCEKS_CREDENTIAL_KEY), e);
throw e;
}
}
return null;
}
Example #15
| Source File: RangerCredentialProvider.java From ranger with Apache License 2.0 | 5 votes |
|
List<CredentialProvider> getCredentialProviders(String url) {
if (url != null) {
try {
Configuration conf = new Configuration();
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, url);
return CredentialProviderFactory.getProviders(conf);
} catch (Exception ie) {
LOG.error("Unable to get the Credential Provider from the Configuration", ie);
}
}
return null;
}
Example #16
| Source File: Configuration.java From flink with Apache License 2.0 | 5 votes |
|
/**
* Fallback to clear text passwords in configuration.
* @param name
* @return clear text password or null
*/
protected char[] getPasswordFromConfig(String name) {
char[] pass = null;
if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
String passStr = get(name);
if (passStr != null) {
pass = passStr.toCharArray();
}
}
return pass;
}
Example #17
| Source File: Configuration.java From flink with Apache License 2.0 | 5 votes |
|
/**
* Get the credential entry by name from a credential provider.
*
* Handle key deprecation.
*
* @param provider a credential provider
* @param name alias of the credential
* @return the credential entry or null if not found
*/
private CredentialEntry getCredentialEntry(CredentialProvider provider,
String name) throws IOException {
CredentialEntry entry = provider.getCredentialEntry(name);
if (entry != null) {
return entry;
}
// The old name is stored in the credential provider.
String oldName = getDeprecatedKey(name);
if (oldName != null) {
entry = provider.getCredentialEntry(oldName);
if (entry != null) {
logDeprecationOnce(oldName, provider.toString());
return entry;
}
}
// The name is deprecated.
DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
if (keyInfo != null && keyInfo.newKeys != null) {
for (String newName : keyInfo.newKeys) {
entry = provider.getCredentialEntry(newName);
if (entry != null) {
logDeprecationOnce(name, null);
return entry;
}
}
}
return null;
}
Example #18
| Source File: Configuration.java From flink with Apache License 2.0 | 5 votes |
|
/**
* Fallback to clear text passwords in configuration.
* @param name
* @return clear text password or null
*/
protected char[] getPasswordFromConfig(String name) {
char[] pass = null;
if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK,
CommonConfigurationKeysPublic.
HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK_DEFAULT)) {
String passStr = get(name);
if (passStr != null) {
pass = passStr.toCharArray();
}
}
return pass;
}
Example #19
| Source File: ReportLineageToAtlas.java From nifi with Apache License 2.0 | 5 votes |
|
private void setAtlasSSLConfig(Properties atlasProperties, ConfigurationContext context, List<String> urls, File confDir) throws Exception {
boolean isAtlasApiSecure = urls.stream().anyMatch(url -> url.toLowerCase().startsWith("https"));
atlasProperties.put(ATLAS_PROPERTY_ENABLE_TLS, String.valueOf(isAtlasApiSecure));
// ssl-client.xml must be deleted, Atlas will not regenerate it otherwise
Path credStorePath = new File(confDir, CRED_STORE_FILENAME).toPath();
Files.deleteIfExists(credStorePath);
Path sslClientXmlPath = new File(confDir, SSL_CLIENT_XML_FILENAME).toPath();
Files.deleteIfExists(sslClientXmlPath);
if (isAtlasApiSecure) {
SSLContextService sslContextService = context.getProperty(SSL_CONTEXT_SERVICE).asControllerService(SSLContextService.class);
if (sslContextService == null) {
getLogger().warn("No SSLContextService configured, the system default truststore will be used.");
} else if (!sslContextService.isTrustStoreConfigured()) {
getLogger().warn("No truststore configured on SSLContextService, the system default truststore will be used.");
} else if (!KEYSTORE_TYPE_JKS.equalsIgnoreCase(sslContextService.getTrustStoreType())) {
getLogger().warn("The configured truststore type is not supported by Atlas (not JKS), the system default truststore will be used.");
} else {
atlasProperties.put(ATLAS_PROPERTY_TRUSTSTORE_FILE, sslContextService.getTrustStoreFile());
String password = sslContextService.getTrustStorePassword();
// Hadoop Credential Provider JCEKS URI format: localjceks://file/PATH/TO/JCEKS
String credStoreUri = credStorePath.toUri().toString().replaceFirst("^file://", "localjceks://file");
CredentialProvider credentialProvider = new LocalJavaKeyStoreProvider.Factory().createProvider(new URI(credStoreUri), new Configuration());
credentialProvider.createCredentialEntry(TRUSTSTORE_PASSWORD_ALIAS, password.toCharArray());
credentialProvider.flush();
atlasProperties.put(ATLAS_PROPERTY_CRED_STORE_PATH, credStoreUri);
}
}
}
Example #20
| Source File: Configuration.java From Flink-CEPplus with Apache License 2.0 | 5 votes |
|
/**
* Get the credential entry by name from a credential provider.
*
* Handle key deprecation.
*
* @param provider a credential provider
* @param name alias of the credential
* @return the credential entry or null if not found
*/
private CredentialEntry getCredentialEntry(CredentialProvider provider,
String name) throws IOException {
CredentialEntry entry = provider.getCredentialEntry(name);
if (entry != null) {
return entry;
}
// The old name is stored in the credential provider.
String oldName = getDeprecatedKey(name);
if (oldName != null) {
entry = provider.getCredentialEntry(oldName);
if (entry != null) {
logDeprecationOnce(oldName, provider.toString());
return entry;
}
}
// The name is deprecated.
DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
if (keyInfo != null && keyInfo.newKeys != null) {
for (String newName : keyInfo.newKeys) {
entry = provider.getCredentialEntry(newName);
if (entry != null) {
logDeprecationOnce(name, null);
return entry;
}
}
}
return null;
}
Example #21
| Source File: Configuration.java From Flink-CEPplus with Apache License 2.0 | 5 votes |
|
/**
* Fallback to clear text passwords in configuration.
* @param name
* @return clear text password or null
*/
protected char[] getPasswordFromConfig(String name) {
char[] pass = null;
if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK,
CommonConfigurationKeysPublic.
HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK_DEFAULT)) {
String passStr = get(name);
if (passStr != null) {
pass = passStr.toCharArray();
}
}
return pass;
}
Example #22
| Source File: Configuration.java From flink with Apache License 2.0 | 5 votes |
|
/**
* Fallback to clear text passwords in configuration.
* @param name
* @return clear text password or null
*/
protected char[] getPasswordFromConfig(String name) {
char[] pass = null;
if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
String passStr = get(name);
if (passStr != null) {
pass = passStr.toCharArray();
}
}
return pass;
}
Example #23
| Source File: KeyStoreTestUtil.java From hadoop with Apache License 2.0 | 5 votes |
|
public static void provisionPasswordsToCredentialProvider() throws Exception {
File testDir = new File(System.getProperty("test.build.data",
"target/test-dir"));
Configuration conf = new Configuration();
final Path jksPath = new Path(testDir.toString(), "test.jks");
final String ourUrl =
JavaKeyStoreProvider.SCHEME_NAME + "://file" + jksPath.toUri();
File file = new File(testDir, "test.jks");
file.delete();
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, ourUrl);
CredentialProvider provider =
CredentialProviderFactory.getProviders(conf).get(0);
char[] keypass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
char[] storepass = {'s', 't', 'o', 'r', 'e', 'p', 'a', 's', 's'};
// create new aliases
try {
provider.createCredentialEntry(
FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
FileBasedKeyStoresFactory.SSL_KEYSTORE_PASSWORD_TPL_KEY),
storepass);
provider.createCredentialEntry(
FileBasedKeyStoresFactory.resolvePropertyName(SSLFactory.Mode.SERVER,
FileBasedKeyStoresFactory.SSL_KEYSTORE_KEYPASSWORD_TPL_KEY),
keypass);
// write out so that it can be found in checks
provider.flush();
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
Example #24
| Source File: Configuration.java From hadoop with Apache License 2.0 | 5 votes |
|
/**
* Fallback to clear text passwords in configuration.
* @param name
* @return clear text password or null
*/
protected char[] getPasswordFromConfig(String name) {
char[] pass = null;
if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK, true)) {
String passStr = get(name);
if (passStr != null) {
pass = passStr.toCharArray();
}
}
return pass;
}
Example #25
| Source File: Configuration.java From flink with Apache License 2.0 | 5 votes |
|
/**
* Get the credential entry by name from a credential provider.
*
* Handle key deprecation.
*
* @param provider a credential provider
* @param name alias of the credential
* @return the credential entry or null if not found
*/
private CredentialEntry getCredentialEntry(CredentialProvider provider,
String name) throws IOException {
CredentialEntry entry = provider.getCredentialEntry(name);
if (entry != null) {
return entry;
}
// The old name is stored in the credential provider.
String oldName = getDeprecatedKey(name);
if (oldName != null) {
entry = provider.getCredentialEntry(oldName);
if (entry != null) {
logDeprecationOnce(oldName, provider.toString());
return entry;
}
}
// The name is deprecated.
DeprecatedKeyInfo keyInfo = getDeprecatedKeyInfo(name);
if (keyInfo != null && keyInfo.newKeys != null) {
for (String newName : keyInfo.newKeys) {
entry = provider.getCredentialEntry(newName);
if (entry != null) {
logDeprecationOnce(name, null);
return entry;
}
}
}
return null;
}
Example #26
| Source File: Configuration.java From flink with Apache License 2.0 | 5 votes |
|
/**
* Fallback to clear text passwords in configuration.
* @param name
* @return clear text password or null
*/
protected char[] getPasswordFromConfig(String name) {
char[] pass = null;
if (getBoolean(CredentialProvider.CLEAR_TEXT_FALLBACK,
CommonConfigurationKeysPublic.
HADOOP_SECURITY_CREDENTIAL_CLEAR_TEXT_FALLBACK_DEFAULT)) {
String passStr = get(name);
if (passStr != null) {
pass = passStr.toCharArray();
}
}
return pass;
}
Example #27
| Source File: CredentialProviderUtility.java From atlas with Apache License 2.0 | 5 votes |
|
/**\
* Returns a credential provider for the entered JKS path.
* @param textDevice the system console.
* @return the Credential provider
* @throws IOException
*/
private static CredentialProvider getCredentialProvider(TextDevice textDevice) throws IOException {
String providerPath = textDevice.readLine("Please enter the full path to the credential provider:");
if (providerPath != null) {
Configuration conf = new Configuration(false);
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerPath);
return CredentialProviderFactory.getProviders(conf).get(0);
}
return null;
}
Example #28
| Source File: SSLTest.java From atlas with Apache License 2.0 | 5 votes |
|
protected void setupCredentials() throws Exception {
Configuration conf = new Configuration(false);
File file = new File(jksPath.toUri().getPath());
file.delete();
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
// create new aliases
try {
char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);
char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);
char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);
// write out so that it can be found in checks
provider.flush();
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
Example #29
| Source File: SecureEmbeddedServerTestBase.java From atlas with Apache License 2.0 | 5 votes |
|
protected void setupCredentials() throws Exception {
Configuration conf = new Configuration(false);
File file = new File(jksPath.toUri().getPath());
file.delete();
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
// create new aliases
try {
char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(KEYSTORE_PASSWORD_KEY, storepass);
char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(TRUSTSTORE_PASSWORD_KEY, trustpass);
char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(SERVER_CERT_PASSWORD_KEY, certpass);
// write out so that it can be found in checks
provider.flush();
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
Example #30
| Source File: BaseSSLAndKerberosTest.java From atlas with Apache License 2.0 | 5 votes |
|
protected void setupCredentials() throws Exception {
Configuration conf = new Configuration(false);
File file = new File(jksPath.toUri().getPath());
file.delete();
conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, providerUrl);
CredentialProvider provider = CredentialProviderFactory.getProviders(conf).get(0);
// create new aliases
try {
char[] storepass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(SecurityProperties.KEYSTORE_PASSWORD_KEY, storepass);
char[] trustpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(SecurityProperties.TRUSTSTORE_PASSWORD_KEY, trustpass);
char[] trustpass2 = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry("ssl.client.truststore.password", trustpass2);
char[] certpass = {'k', 'e', 'y', 'p', 'a', 's', 's'};
provider.createCredentialEntry(SecurityProperties.SERVER_CERT_PASSWORD_KEY, certpass);
// write out so that it can be found in checks
provider.flush();
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
